The turn of the calendar year marks many things for the securities industry, among them are the regulators offering their guidance for the coming year. Last month the industry saw FINRA publish its priorities. Shortly afterwards, the Securities and Exchange Commission’s Division of Examinations (the “Division”) posted its 2022 Examination Priorities. Much like we did with the FINRA letter, we offer our thoughts below.
From where we sit, the Division’s most notable comments are found in its general observations, not in its examination priorities, although we will address certain of those below. Specifically, the Division noted that in 2021 it examined about 1 in 6 registered investment advisers, but “we will likely soon have to lower our annual coverage target as the growth in the number of RIAs continues to grow at a rate that far outpaces staffing increases” (emphasis ours). Coupled with the Division’s comments about the significance of a firm’s compliance culture – which echo certain themes FINRA stated in Regulatory Notice 22-10 – we believe that the Division will continue to focus on the role of registered investment advisers’ (RIAs) supervisory policies and procedures. Indeed, the Division’s observations about policies and procedures, both good and bad, has been a key component of many Risk Alerts in the past, which we highlight below. These remain a valuable resource for compliance officers and industry practitioners alike.
Significant Focus Areas
The Division will prioritize in its 2022 examinations the following significant focus areas that pose unique or emerging risks to investors or the markets, as well as examinations of core and perennial risk areas. These include:
Examinations of RIAs who manage private funds will focus on its compliance programs, fees and expenses, custody, fund audits, valuation, conflicts of interest, disclosures of investment risks, and controls around material nonpublic information. The Division will also review these advisers’ portfolio strategies, risk management, and investment recommendations and allocations, focusing on conflicts and disclosures around these areas. In addition, the Division will review the practices, controls, and investor reporting around risk management and trading for private funds with indicia or signs of systemic importance. The Division published a Risk Alert discussing its findings from its private fund examinations initiatives, which we believe firms should review to ensure that their practices are consistent with the Division’s expectations.
Environmental, Social, And Governance
The Division will continue its focus on Environmental, Social, and Governance (ESG) related advisory services and investment products, including mutual funds, exchange-traded funds, and private fund offerings. Examinations will typically focus on whether they are accurately disclosing their ESG investing practices and have implemented policies, procedures, and practices designed to prevent violations of the federal securities laws in connection with those practices. The Division will also review whether these entities’ votes and portfolio section align with their ESG-related disclosures. The Division published a Risk Alert discussing its findings in connection with its ESG examinations initiatives. Given the focus on this area, we encourage firms to review this document to ensure that their practices are consistent with the Division’s expectations.
Retail Investors and Working Families
The Division will examine how broker-dealers and RIAs are satisfying their obligations under Regulation Best Interest and the Advisers Act fiduciary standard to act in the best interests of their retail investors and not to place their own interests ahead of them. Examinations will assess practices regarding consideration of investment alternatives, management of conflicts of interest, trading, disclosures, account selection, and account conversions and rollovers.
Information Security and Operational Resiliency
The Division will review registrants’ practices to prevent interruptions to mission-critical services and to protect investor information, records, and assets. As one might expect, examinations in this area will get be very granular in a number of areas, including managing operational risk as a result of a dispersed workforce. In addition, the Division will again be reviewing registrants’ business continuity and disaster recovery plans, with particular focus on the impact of climate risk and substantial disruptions to normal business operations.
This comes on the heels of proposed new cybersecurity requirements for investment advisers, investment companies and business development companies that would require such firms to adopt and implement written cybersecurity policies and procedures designed to address risks that could harm advisory clients and fund investors. The proposal would also require advisers to report significant cybersecurity incidents to the SEC on a new confidential form. It will be important to monitor this rulemaking as cybersecurity has been an important focus area of the Division for many years.
Emerging Technologies and Crypto-Assets
The Division will conduct examinations of broker-dealers and RIAs that are using emerging financial technologies to review whether these firms considered the unique risks these activities presented when designing their compliance programs. In addition, examinations will focus on whether these firms’ operations and controls are consistent with their disclosures and meet their regulatory obligations. Examinations of market participants engaged with crypto-assets will continue to review the custody arrangements for such assets and will assess the offer, sale, recommendation, advice, and trading of crypto-assets.
Registered Investment Advisers (RIAs)
The Division will continue to examine the “core areas” of RIAs’ compliance programs: marketing practices, custody and safety of client assets, valuation, portfolio management, brokerage and execution, conflicts of interest, and related disclosures. Echoing its general comments above, the Division will also address the extent to which an RIA devotes sufficient resources to discharge its compliance duties.
The Division will also concentrate on advisory fee calculation errors, including the failure to adjust fees in accordance with investor agreements, provide breakpoints and aggregate household accounts, or refund prepaid fees for terminated accounts. The Division discussed these issues extensively in a recent Risk Alert. We highly encourage RIAs to review their billing practices to ensure that it is calculating fees accurately in accordance with their agreements, and generally meeting its fiduciary obligations to its clients.
The Division will also examine, among other items, whether RIAs that are operating from multiple branch offices have appropriately adapted their compliance programs to oversee the activities in their branches. Like what we saw in Information Security and Operational Resiliency above, the Division will also focus on whether RIAs have implemented appropriate controls around the creation, receipt, and use of potentially material non-public information (MNPI). Supervision of branch offices have come under heightened scrutiny in light of employees working from home due to the COVID pandemic and now permanently as some firms adopt more flexible working arrangements. The Division published a Risk Alert on its observations from exams focused on branch offices and operations that are remote from the adviser’s principal or main office.
Registered Investment Companies, Including Mutual Funds and Exchange-Traded Funds (ETFs)
The Division will continue to review what it calls “perennial focus areas” for mutual funds and ETFs. These focus areas include disclosures to investors, accuracy of reporting to the SEC, and compliance with new rules and exemptive orders. The Division specifically stated that it would focus on compliance with the new ETF rule and exemptive orders for non-transparent, actively managed ETFs, and custom baskets. In addition, the Division will examine how funds assess and manage their liquidity risk, including how firms have implemented liquidity classifications as prescribed in the new liquidity risk management rule (Investment Company Act Rule 22e-4), and how they oversee third party service providers. Rule 22e-4 became effective in 2019 so it is no surprise that this would be an examination focus area so that the staff can better understand the industry’s approach to comply with these requirements.
The Division added that it will prioritize its review of certain fund practices by money market funds (e.g., stress-testing) and business development companies (e.g., valuation practices).
The Division identified two areas of focus for broker-dealer operations. The first is compliance with the key rules concerning the safeguarding of customer assets – the Customer Protection Rule (SEC Rule 15c3-3) and the Net Capital Rule (SEC Rule 15c3-1). The second concerns trading practices, and in particular, the possible effect of any conflicts of interest may have on order routing decisions and best execution obligations as well as any disclosure obligations. Neither comes as a surprise, especially as the custodial space has consolidated in the recent past.
The Division also highlighted a couple of areas that are not typically associated with “traditional” broker-dealer operations – the operations of alternative trading systems for compliance with Regulation ATS and entities that may be involved in the illegal distribution of unregistered securities. We suspect that this will continue to garner attention as digital assets become increasingly popular on Wall Street as well as Main Street.
Some may find it surprising that the Division also examines FINRA. The Division not only reviews FINRA’s various programs, but also conducts oversight examinations of FINRA’s examinations of broker-dealers and municipal advisors. The review is to ensure that FINRA consistently applies its rules and other applicable standards to these communities. Unlike other sections of the Report, the Division did not offer areas of focus for FINRA, but this should not have any impact on the broker-dealer community.
The Division will continue to prioritize its examinations of broker-dealers and registered investment companies for compliance with their AML obligations to assess, among other things, whether firms have established appropriate customer identification programs and whether they are satisfying their SAR filing obligations, conducting due diligence on customers, complying with beneficial ownership requirements, and conducting robust and timely independent tests of their AML programs. The Division published a Risk Alert discussing its findings in connection with its AML examinations initiatives. Firms should review these observations to ensure that their practices are consistent with the Division’s expectations.
There is little question that the 2022 Examination Priorities covers a broad swath of ground. Practus’s Financial Services practice group has experienced lawyers from all walks of the securities industry that can help you navigate these requirements. Please contact Karen Aspinall, Robert Moreiro or Ryan Smith if you wish to discuss this further.