2021: The Year in Review


ACA Group

Publish Date


Compliance Alert

  • Compliance

Amidst a continuing global pandemic, new political administrations, and increased regulatory scrutiny, firms have had to learn to transform how they conduct business, oversee their compliance programs, and maintain operational resilience. Growing trends like environmental, social, and governance (ESG) and digital assets have taken center stage while mainstay risk areas like cybersecurity have demanded constant vigilance.

As you look ahead to 2022, here are a few of 2021’s key regulatory and industry highlights that may impact how you prioritize year-end compliance tasks, allocate resources, and plan future initiatives.

Marketing Rule

Just before the start of 2021, the U.S. Securities and Exchange Commission (SEC) officially Adopted the New Marketing Rule for Investment Advisers. The long-awaited overhaul of the Advertising Rule (Rule 206(4)-1 under the Investment Advisers Act of 1940 (Advisers Act)) will have material impact on SEC-registered investment advisers based around the world. The new rule, which is referred to as the “Marketing Rule,” is intended to modernize the framework for investment adviser advertising and replace the patchwork of cases, no-action letters and SEC staff guidance that has developed in this area since the rule was first adopted in 1961. 

In March, the SEC confirmed that firms would need to take an all or none early adoption approach to the new Marketing Rule. At our Fall 2021 Virtual Conference, we asked attendees about their priorities and approach to implementing the SEC's New Marketing Rule and heard that marketing and advertising would be their #1 priority in 2022.

Are you ready to comply? Check out our Marketing Rule Insights library for in-depth articles, FAQs, and on demand webcasts to help you prepare.


A flurry of activity from the SEC at the beginning of 2021 made it crystal clear that ESG would be a top priority in the near and long term. This has proved true for other global regulators, including the Financial Conduct Authority (FCA), and the United Nations Principles for Responsible Investing (UNPRI) and other industry leaders looking to ensure firms are providing investors with greater transparency and consistency in ESG-related disclosures for investment products. 

Cybersecurity & Risk

Cybersecurity risk is constantly mutating and growing, posing a particular threat to financial services firms, which are 300% more likely to suffer a cyber-attack than other sectors. As a result, it remains a top priority for regulators, as seen this summer when the SEC announced that it sanctioned eight firms in three separate actions for failure to establish and implement cybersecurity policies and procedures


2021 began in the shadow of the SolarWinds attack. With both government and the financial industry being affected, regulators were keen to gain as much insight as possible and quickly assess and report any impacts. However, the focus on phishing attacks and ransomware didn’t stop there.

Early in the year, both the U.S. National Futures Association (NFA) and Financial Industry Regulatory Authority (FINRA) issued warnings of fake emails, shortly followed by the attack that led to the shutdown of the Colonial Pipeline.

Read our Ransomware 101 series for more insights on how your firm can prevent and detect a ransomware attack, to engaging with law enforcement if there is one.


GDPR celebrated it’s third-year anniversary in 2021, and data privacy legislation continues to be pursued by various countries and states, including New York, Florida, Oklahoma, Washington, and Minnesota. Earlier this year, the Virginia Senate passed the Consumer Data Protection Act and the government of China passed a data privacy law in August.

Whether data privacy legislation will ultimately be enacted on a national level in the United States remains to be seen. It would be wise for firms to prepare well in advance of proposed enactments.


In 2021, AML continued to be a priority for the SEC’s examinations of broker-dealers and registered investment companies. The Financial Crimes Enforcement Network (FinCEN) published its first government-wide priorities for AML (the “Priorities”) and more recently proposed rulemaking to implement reporting requirements of beneficial ownership information for legal entities, both mandates established by the AML Act of 2020 passed by U.S. Congress earlier this year. Additionally, FINRA urged firms to incorporate the government-wide Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) Priorities into their AML programs.

Holistic Surveillance & Technology

The complexity of trading risk is evolving as remote and hybrid workplaces become the norm. An increased reliance on eComms platforms alongside the ability to potentially evade traditional surveillance mechanisms have made it more difficult to spot risks related to MNPI and insider trading. The SEC’s “Shadow Trading” case shows that regulators have taken notice and are looking deeper and beyond the traditional definition of insider trading.

Fortunately for compliance leaders, artificial intelligence (AI) technologies like machine learning, natural language processing (NLP), and robotic process automation (RPA) are continuing to mature and see increased adoption, bringing us closer than ever to having a truly integrated surveillance system at our disposal.

U.S. Regulatory Rulings, Changes, and Enforcement Actions

Despite the ongoing pandemic and a changing administration, regulators have continued to stay active throughout the year to uphold their mandate to protect investors, maintain fair, orderly, and efficient markets, and facilitate capital formation.


In addition to the increased focus on ESG, the SEC’s 2021 Priorities also included an increased focus on private fund risk disclosures and conflicts of interest, alternative data, digital assets, cybersecurity, technology, advanced analytics, anti-money laundering (AML), and Broker-Dealer and Registered Investment Company risks. With the issuance of nine Risk Alerts this year, the SEC’s Division of Examinations continued its trend of increased transparency in communicating expectations on various risks.

For firms based in the U.S., there is a clear sense that as the new SEC administration, led by Chair Gary Gensler, finds its footing, we are likely to see a more aggressive SEC in the year ahead.

In November, the SEC’s Division of Enforcement published their annual report. By the numbers, FY 2021 was a busy year for Enforcement. They announced that they filed 434 new enforcement actions in fiscal year 2021, representing a 7 percent increase over the prior year. The new actions were wide ranging, including emerging threats in the digital asset/cryptocurrency and special purpose acquisition companies (SPAC) spaces. 

In response to the 2021 Division of Enforcement Annual Report, Chair Gary Gensler is noted as saying "The SEC’s Enforcement Division is the cop on the beat for America’s securities laws…As these results show, we go after misconduct wherever we find it in the financial system, holding individuals and companies accountable, without fear or favor, across the $100-plus trillion capital markets we oversee."

Commodity Futures Trading Commission (CFTC) registrants and National Futures Association (NFA)

The NFA continued its efforts to update and revise its regulations in response to current events. Requirements were implemented for CPOs to notify the NFA in the event of significant liquidity issues in response to industry participant “blow-ups” from the past year. The NFA also updated the definition of branch offices in response to the increased trend in the “remote-work environment” due to the COVID-19 pandemic. ACA expects this trend to continue into 2022.


A notable development in 2021, was FINRA’s focus on retail communications. Broker-dealers continue to face scrutiny with respect to retail communications, specifically as they relate to private placements, the use of internal rates of return (IRR), and compliance with the Global Investment Performance (GIPS®) standards. In addition, FINRA continues to monitor broker-dealers engaged in digital assets, a trend that ACA anticipates will continue into 2022 and beyond.

European Regulatory Rulings, Changes, and Updates

Financial services firms operating in the UK and Europe faced a challenging 2021, thanks to regulatory change, geopolitical pressures, alongside continuing fallout from the COVID-19 pandemic.

The year saw firms embedding the Senior Manager & Certification Regime (SM&CR) obligations and getting to grips with ESG regulatory frameworks and standards, including the EU’s SFDR and the UK’s Financial Reporting Council’s approach. The looming Investment Firm’s Prudential Regime (IFPR), which comes into force on 1 January 2022, has also created a raft of work for firms that will need to hold more capital and liquidity to meet new disclosure requirements.

What’s more, firms have had to prepare for the deadline for the LIBOR transition, which we wave goodbye to at the end of 2021. Add to this, the ongoing post-Brexit effect and the impact of the SEC’s new marketing rules, there’s no doubt that it’s been an eventful and demanding year.

Here we capture some of our related insights from 2021.



Investment Firm Prudential Regime (IFPR)

Transaction reporting and market abuse

Compliance Officer 2022 Checklist

With the above and other upcoming developments in mind, it’s time to make your year-end checklist as you wrap-up your compliance obligations for 2021 and build your compliance program’s roadmap for 2022. Download our checklist below to use as a guide to end the year strong.

Download U.S. Checklist           

Download European Checklist

Tune in to Our Upcoming Webcast

The Year in Review: What’s Happened in Regulatory Compliance, Cybersecurity, ESG, and Performance in 2021

December 21, 2021 | 11:00 AM EST / 4:00 PM GMT

Tune in as ACA's Carlo di Florio, Chief Services Officer, Jessica Bonsall, Director - ESG, Erika Roess, Director - Performance, Jeffrey Gorton, Senior Principal Consultant - Cyber, and Neha Pasricha, Principal Consultant – U.S. Regulatory Compliance, will share trends, insights, and developments in the areas of regulatory compliance, ESG, cybersecurity and risk, and performance from 2021 and discuss what to expect in 2022. Register here


If you have questions about these updates or would like more information about how ACA can help enhance or strengthen your compliance program in 2022, please reach out to your ACA consultant or contact us here.