On February 7, 2023, the U.S. Securities and Exchange Commission (“SEC”) Division of Examinations (the “Division”) released its annual Priorities Report1 for upcoming examinations of registered investment advisers (“Advisers”) and broker-dealers (“BDs” and, together with Advisers, “Firms”). To help ensure compliance with federal securities laws, the Division uses a risk-based approach that accounts for market growth, technological advancements, and new forms of risk to investors. By identifying these priorities, the Division strives to achieve its four goals of promoting compliance, preventing fraud, monitoring risk, and informing policy. The Division identified the following specific areas of focus for Advisers and BDs.
Mutual Areas of Focus for Advisers and BDs
Standards of Conduct
The Division is continuing to prioritize the examination of Firms for compliance with applicable standards of conduct, including fiduciary duties for Advisers and Regulation Best Interest2 for BDs. Both standards of conduct obligate Firms to put the interests of investors ahead of their own personal, financial, and professional interests. In relation, the Division will be focusing on investment advice and recommendations in connection with specific products, investment strategies, and account types. The Division is concerned with products that are complex, high cost, illiquid, proprietary, or unconventional. Such products may include derivatives, leveraged exchange-traded funds, exchange-traded notes, variable annuities, non-traded real estate investment trusts, and microcap securities. The Division may also focus on recommendations and advice provided to certain investors, such as senior investors and those saving for retirement. Moreover, the Division noted it may prioritize review of specific account recommendations, including retirement account rollovers and 529 college savings plans.
The Division will also be reviewing the disclosures made to investors associated with advice and recommendations and will determine whether all material facts relating to any conflicts of interest were relayed. Furthermore, the Division will assess a Firm’s processes for making best-interest evaluations, including those for
- reviewing reasonably available alternatives;
- evaluating costs and risks; and
- identifying and addressing conflicts of interest.
When reviewing advice and recommendations, the Division will consider investor profiles, including the investment goals and account characteristics of individual investors. Specifically for Advisers, the Division will consider whether disclosures are sufficient to enable clients to provide informed consent to any conflicts, whether expressed or implied. The Division is also concerned with customer agreements that inappropriately waive or limit applicable standards of conduct.
Conflicts of Interest
According to the Division, all Firms have at least some conflicts of interest with retail investors. The nature and extent of such conflicts depend on various factors, including a Firm’s business model. Accordingly, the Division is concerned with identifying and understanding the economic incentives of Firms and their financial professionals based on the source and structure of compensation, revenue, and other benefits associated with recommending certain products, services, and account types. Such incentives may include revenue sharing, markdown commissions, markup commissions, and other incentivizing revenue arrangements, such as using the services of an affiliate or investing in the products of an affiliate, particularly when doing so results in additional or higher fees. The Division will inquire into whether Firms have written policies and procedures to identify conflicts of interest, which should be periodically reviewed and updated. Moreover, the Division will assess whether compliance policies and procedures are tailored to the Firm’s particular business, compensation structure, products, and customers. The Division will be reviewing how Firms manage conflicts of interest, including efforts to mitigate or eliminate such conflicts. Furthermore, the Division will be assessing compliance with Form CRS3 during examinations, including whether Firms are delivering their relationship summaries to prospective, new, and existing retail investors. Firms are required to file their relationship summaries with the SEC and post their most current summary on their public website if applicable.
Crypto Assets and Emerging Financial Technology
The Division continues to focus on crypto assets and their associated products and services, along with emerging financial technology, including BD mobile applications and automated digital investment advice. To address these developments, the Division will examine offerings that include such products, services, or practices. The Division is also focused on new practices that include technological and online solutions for compliance, marketing, and investor services, including:
- Online brokerage services
- Internet Advisers
- Automated investment tools
- Automated trading platforms
- So-called robo-Advisers
Furthermore, the Division will place an emphasis on reviewing digital engagement practices, which include behavioral prompts, differential marketing, gamification, and other elements and features designed to drive engagement with retail investors on digital platforms. In relation to digital engagement practices, the Division will assess whether recommendations or advice were given using social media marketing and social trading platforms. Furthermore, the Division will consider whether related representations were fair and accurate and whether the operations and controls in place were consistent with those disclosed to investors. Moreover, the Division will assess whether advice and recommendations were in the best interest of investors given their individual financial situations and investment objectives. Additionally, the Division will focus on the risk associated with digital engagement practices, including the impact on certain investors, such as seniors.
Although few BDs themselves are actively involved in crypto assets, many have affiliates, related businesses, and shared clients that are receiving crypto-related services. The Division will continue to monitor crypto assets and will conduct examinations of Firms that have been impacted by recent financial distress in the market. As part of these examinations, the Division will assess whether Firms have met their required standards of care when providing recommendations, referrals, and investment advice. Moreover, the Division will check whether Firms have routinely reviewed and updated their compliance practices, disclosures, and risk-management activities for crypto assets.
Information Security
The Division will review Firm practices used to prevent interruptions to critical services and those used to protect the information, records, and assets of investors. Due to larger market events, geopolitical concerns, and increasing ransomware attacks, the Division identifies cybersecurity as a heightened risk area. Therefore, the Division will assess the policies, procedures, and governance practices of Firms in relation to cybersecurity along with Firm responses to cyber-related events. Notably, the Division will focus on compliance with Regulation S-P,4 which requires the adoption of written policies and procedures to safeguard customer records and information, and Regulation S-ID,5 which requires written programs for the detection, prevention, and mitigation of identity theft. The Division will assess whether policies and procedures are reasonably designed to safeguard customer records and information, whether stored in the Firm’s systems or by third-party service providers. A focus of examinations will continue to be the practices that Firms use to prevent account intrusions and to safeguard customer records and information, including personally identifiable information. The Division is concerned with the cybersecurity risks associated with using third-party vendors, including Firm visibility into the security and integrity of third-party products and services. Accordingly, the Division will consider whether there have been any unauthorized uses of third-party providers, particularly for transition assistance when Advisers attempt to migrate client information to another Firm. The Division will also be reviewing the operational resiliency planning of Firms, such as their effectors to consider and address climate risks.
Specific Priorities for Investment Advisers
Compliance Practices
Consistent with its actions in prior years, the Division prioritizes the examination of Advisers that have never been examined, including newly registered Firms, and Advisers that have not been examined recently. The Division continues to focus on the compliance practices of Advisers, including whether such Firms have appropriately adopted and considered current market factors. Such factors include those that may impact valuations and the accuracy of regulatory filings. Typically, the Division will review adviser compliance programs and related disclosures across one or more key areas, including:
- Custody and safeguarding of client assets
- Valuation and portfolio management
- Brokerage and execution
Examinations will also include a review for conflicts of interest and compliance issues. For example, the Division will focus on the oversight and approval process related to adviser fees and expenses, including the calculation of fees, whether fees are excessive, and the alternative ways that Advisers attempt to generate revenue, including bank deposit sweep programs. Moreover, the Division will review policies and procedures for retaining and monitoring electronic communications and the use of third-party service providers.
New Marketing Rule
The SEC has recently adopted several new rules, including the new Marketing Rule.6 Particular to the new Marketing Rule, the Division will assess whether Advisers have adopted and implemented written policies and procedures reasonably designed to prevent violations by Advisers and their supervised persons. Additionally, the Division will consider whether Advisers have complied with the substantive requirements of the Marketing Rule, including the reasonable basis requirement for substantive material statements of fact and requirements for performance advertising, paid testimonials and endorsements, and third-party ratings.
Advisers to Private Funds
More than 35 percent of all Advisers manage private funds, a number that has continued to grow in recent years. Accordingly, the Division has placed an emphasis on examining Advisers to private funds. The Division will consider conflicts of interest, calculations and allocations of fees and expenses, and compliance with the new Marketing Rule, including performance advertising and solicitations. Moreover, the Division will consider policies and practices regarding the use of alternative data and compliance with the Custody Rule,7 including timely delivery of audited financials and selection of permissible auditors. The Division will also account for private funds with specific risk characteristics, including private funds that
- are highly leveraged;
- are managed side by side with business development companies;
- use affiliates to provide services to clients and underlying portfolio companies;
- invest in or sponsor special purpose acquisition companies;
- are involved in adviser-led restructurings; or
- hold certain hard-to-value investments, including crypto assets and commercial real estate.
Environmental, Social, and Governance (“ESG”) Investing
Given the rising demand for ESG-related investments and strategies, Firms are increasingly offering and evaluating such opportunities. Accordingly, the Division will continue to focus on ESG-related advisory services and fund offerings, including whether funds are operating in a consistent manner as set forth in their disclosures to investors. Furthermore, the Division will consider whether ESG products are appropriately labeled and whether recommendations of such investments are in the best interest of retail investors.
Specific Priorities for BDs
Compliance Programs
The Division continues to focus on the importance of robust BD compliance and supervisory programs to help ensure compliance with federal securities laws. For 2023, the Division will focus on compliance and supervisory programs related to using electronic communications for Firm business and the recordkeeping of such correspondences. In particular, the Division will continue to prioritize the examination of BDs to ensure customer cash, securities, and other assets are safeguarded in accordance with the requirements of the Customer Protection Rule and the Net Capital Rule. To assess compliance with these rules, the Division will consider the adequacy of internal processes, procedures, and controls. Moreover, the Division will consider BD credit, market, and liquidity risk-management controls to determine whether Firms have sufficient liquidity to manage stress events.
Trading Practices
Like in prior years, the Division will continue to examine the trading practices of BDs in both equity and fixed-income securities. Specifically, the Division will assess conflicts of interest in order routing and execution that may negatively affect retail investors. A focus of the Division is compliance with Regulation SHO8 for short sales, including rules pertaining to aggregation units and locate requirements. The Division will also focus on the operations of alternative systems for compliance with Regulation ATS9 and the disclosures required in Form ATS-N.
Types of Securities
The Division will focus on specific types of securities, including municipal securities and other fixed-income securities. Specifically, the Division is concerned with the fairness of pricing, compliance with confirmation disclosure requirements, and issuer disclosure obligations for municipal securities dealers and underwriters. Additionally, the Division will focus on issues specific to over-the-counter securities and microcap securities, such as BD requirements to refrain from publishing quotations for an issuer’s security when such information is not publicly disclosed. As expected, the Division will seek out Firms engaging in the illegal distribution of unregistered securities.
Anti-Money Laundering (“AML”)
The Bank Secrecy Act requires BDs to establish AML programs designed to address the risks associated with the location, size, activities, customers, products, and services of individual Firms. Such programs must include:
- Policies and procedures reasonably designed to identify and verify the identity of customers
- Customer due diligence as required under the Customer Due Diligence Rule
- Monitoring for suspicious activity
- Suspicious Activity Reports to be filed with the Financial Crimes Enforcement Network
These reports are used to detect and prevent terrorist financing, public corruption, market manipulation, and other fraudulent activity. Due to the geopolitical environment and increased international sanctions, the Division has noted the importance of examining AML programs of BDs. During such examinations, the Division will assess whether Firms have established appropriate customer identification programs and whether they satisfy Suspicious Activity Report filing obligations. The Division will also consider whether BDs are conducting ongoing customer due diligence, complying with beneficial ownership requirements, and conducting independent tests of their AML programs. The purpose of such examinations is to evaluate whether BDs have sufficient policies and procedures reasonably designed to detect suspicious activity, including those related to money laundering.
Our Thoughts
The Division has identified various priorities for 2023 examinations, including those related to standards of conduct, conflicts of interest, and information security. Moreover, the Division has accounted for recent trends and developments by establishing priorities pertaining to crypto assets, emerging financial technologies, and ESG investing. Additionally, the Division has identified specific rules and regulations of interest, including the new Marketing Rule, the Custody Rule, the Customer Protection Rule, the Net Capital Rule, the Customer Due Diligence Rule, Regulation Best Interest, Regulation S-P, Regulation S-ID, Regulation SHO, and Regulation ATS. Given these heightened areas of interest, Firms should act quickly to implement, assess, review, and update policies and procedures as needed to help ensure compliance in these areas.
Both new Firms and Firms that have not been examined recently are priorities for the Division. Therefore, Firms that fit in either category should appreciate the increased likelihood of being examined and revise their compliance programs for these priorities as needed as part of annual or other periodic reviews. While updating compliance programs, Firms should tailor policies and procedures specifically for their business model, products, services, customers, and risks. Since examinations can cover a wide range of review, Firms should not merely focus on the priorities identified by the Division. The Priorities Report is not an exhaustive list of items but merely points of interest for the upcoming year. Examinations include an entity’s history, operations, services, products, and other risk factors. Although these priorities are heightened areas of focus, Firms should continue to monitor compliance with all applicable rules and regulations.
Specifically, BDs should be mindful that recent business trends–including crypto assets, gamification activities, and cash sweep programs–implicate many of the Division’s 2023 priorities. Such priorities include compliance programs, customer protection, custody, digital engagement activities, and crypto recommendations, referrals, and investment advice. Accordingly, BDs engaged in these activities should be aware of the potential for future examination.
Aside from traditional compliance matters, the Division is also concerned with risk-management practices and trading functions, including those related to cybersecurity, digital engagement, suitability, derivatives, liquidity, and credit. Accordingly, Firms should expect the Division’s examination to extend beyond the role of the chief compliance officer and expand into the roles of the chief risk officer and the chief investment officer. Accordingly, Firms should also periodically review, monitor, and update practices related to risk management and trading.
Next Steps
Lowenstein Sandler will monitor future publications from the Division and provide further updates and analysis in subsequent Client Alerts so Advisers and BDs can determine whether changes to their policies and procedures are required. Please contact one of the listed authors of this Client Alert or your regular Lowenstein Sandler contact if you have any questions regarding the 2023 Priorities Report.
1 The 2023 Priorities Report can be found here: https://www.sec.gov/files/2023-exam-priorities.pdf.
2 See 17 CFR § 240.15l-1.
3 See 17 CFR 240.17a-14.
4 See 17 CFR § 248.1.
5 See 17 CFR § 248.201.
6 See 17 CFR § 275.206(4)-1.
7 See 17 CFR § 275.206(4)-2.
8 See 17 CFR § 242.200.
9 See 17 CFR § 242.301.