SEC Division of Examinations 2022 Examination Priorities

Author

Ian Rivera

Publish Date

Type

Compliance Alert

Topics

  • Compliance

On March 30, 2022, the U.S. Securities and Exchange Commission’s (“SEC”) Division of Examinations (“the Division” and/or “EXAMS”) released its 2022 Examination Priorities (“Priorities”).

The SEC set the tone at the beginning of their report by emphasizing the impact the Division had throughout 2021 which included a 3% increase in exams over FY20.

Division of Examination FY21 Results

SEC FY2021 Exam Results

The continued increase in examinations show the SEC is as active as ever. The Division also emphasized the value of a resilient compliance program, noting that “A well-designed and resilient compliance program and compliance staff should be able to adjust, pivot, and address a range of conditions and scenarios.”

During their exams, the Division found that the key characteristics of a resilient program included:

  • Inclusivity - The involvement and collaboration between compliance and staff across the firm
  • Change Management - A thoughtful and well-designed program that can adapt and change over time and quickly be adjusted when needed
  • Reviews and Testing - Periodic review and testing of policies and procedures to ensure the on-going adequacy and effectiveness of a compliance program

The Priorities are, in many respects, similar to the 2021 priorities, grounded in the four pillars of: promoting compliance, preventing fraud, identifying and monitoring risk, and informing policy. However, with this year’s Priorities report, along with the proposed amendments to Private Fund reporting, and the February 9, 2022 proposed private fund reforms, the Division is continuing its significant focus on the private fund industry with the Division highlighting the “70% increase of assets being managed by advisers to private funds” and the “significance of private fund examination findings over the past several years.” Additionally, the January 27, 2022 Risk Alert highlighting deficiencies uncovered in the examination of private fund advisers underscores the SEC’s increasingly intensifying approach to examining private markets fund managers under SEC Chair Gary Gensler's administration. This focus in 2022 puts private fund advisers in the crosshairs of the examination program.

However, private funds are not the only ones receiving attention in 2022, the Division also reminded the industry that it will continue its focus on environmental, social and governance (ESG) investing, retail investor protections, information security and operational resilience, emerging technologies, and crypto assets.  

We advise firms to review their compliance programs in light of the priorities listed below and consider taking action prior to an examination.    

2022 Priorities

Below are the Division’s five Significant Focus Areas:

Private Funds

As noted above, EXAMS will focus on registered investment advisers (RIAs) who manage private funds. Field examinations will review an adviser’s fiduciary duty, and will assess risks with a focus on:

  • Compliance programs (appropriately tailored versus off-the-shelf)
  • Fees and expenses (fee calculations, breakpoints, and any allocation(s) between the RIA and its private fund vehicles or portfolio companies)
  • Custody (surprise examination “audit exceptions” and Form ADV updating)
  • Fund audits (auditor opinions and evidence of annual delivery)
  • Valuations (documentation of valuation factor changes/updates and final signoffs)
  • Conflicts of interest
  • Disclosures of investment risks
  • Controls to safeguard material nonpublic information (MNPI)

The Division stated that it will also review private fund advisers’ portfolio strategies, risk management, and investment recommendations and allocations, focusing on conflicts and disclosures around these areas. In addition, the Division will review the practices, controls, and investor reporting around risk management and trading for private funds. As we have seen in the past, examination staff will continue to request additional documentation and painstakingly go through every version of policy, review, and approval (if and when required), and all documentation related to the substantiation of decisions.

ESG

EXAMS will continue to focus on how firms represent their approaches to integrating ESG into advisory services and investment products (including mutual funds, exchange-traded funds, and private fund offerings). Field examinations will typically focus on whether fund managers are accurately disclosing their ESG approaches and have adopted and implemented tailored policies, procedures, and practices in connection with their ESG disclosures. Examinations will also review the stated policies and procedures related to proxy voting (to identify whether voting aligns with ESG disclosures and mandates) and portfolio selection (to highlight any misrepresentations or overstatements, such as in their performance advertising and marketing).

While most of this language is aligned with how ESG exams have been described previously, in practice we are seeing ESG focused exams across strategies (not solely on managers of ESG-labeled products) and reaching far into the technical aspects how managers are implementing ESG integration, with renewed focus on carbon and climate practices.

Learn more about the ESG focus area here.

Standards of Conduct: Regulation Best Interest (Reg BI), Fiduciary Duty, and Form CRS

As in years past, EXAMS will continue to review and address standards of conduct issues for RIAs and broker-dealers to ensure that retail investors and working families are receiving recommendations and advice in their best interests. Specifically, these examinations will focus on how registrants are satisfying their obligations under Reg BI and the Advisers Act fiduciary standard (via Form CRS) when acting in the best interests of retail investors. Field examinations will continue to include assessments of practices regarding the consideration of investment alternatives, management of conflicts of interest, trading, disclosures, account selection, and account conversions and rollovers. This focus will typically fall into the separately managed account (SMA) RIA landscape; however, inadvertent and/or inconsistent responses to Form ADV, Part 1A Item 5.D. could trigger further questioning from EXAMS on the applicability of filing a Form CRS.

Information Security and Operational Resilience

The Division will continue to review broker-dealers and RIA procedures for preventing interruptions to critical services and protecting investor information. Field examinations will continue to review and test whether firms have taken appropriate measures to:

  • Safeguard customer accounts
  • Oversee vendors and third-party service providers
  • Address malicious email activities such as phishing
  • Respond to incidents (including those related to ransomware and identity theft)
  • Manage operational risk due to a remote workforce

The Division will also review RIAs’ business continuity and disaster recovery plans, with particular focus on the impact of substantial disruptions to “normal” business operations. Advisers should continue to review/test their operational resilience including an annual test of their disaster recovery and business continuity efforts, as required under Rule 206(4)-7.  

Learn more about the cybersecurity focus area here.

While cybersecurity exam priorities have not changed materially this year, the SEC voted on February 9, 2022, to propose Rule 206(4)-9 that requires firms to implement, document, and report their security controls and procedures. The rule comes with new expectations of the reasonableness and board oversight of cybersecurity programs, and a tight, 48-hour reporting requirement after a breach.

Learn more about how the proposed rules may impact firms by listening to our recent on demand webcast, Unpacking the SEC's Proposed Cyber Rules. Watch here.

Emerging Technologies and Crypto-Assets

The Division will continue to conduct examinations of RIAs and broker-dealers that are (or claim to be) offering new robo and/or crypto products and services to identify whether these activities present additional risk and how such risk(s) is being considered when developing compliance programs. These examinations will likely focus on whether RIA operations and controls are consistent with disclosures and that advice is consistent with investment strategies. Field examinations of these market participants engaged with crypto assets will also likely include the review and assessment of the offer, sale, trading, and respective custody arrangements for such crypto assets.

AML

The Priorities once again included anti-money laundering (AML), noting that the Division will continue to prioritize examinations of broker-dealers and registered investment companies for compliance with their AML obligations in order to assess, among other things, whether firms have established appropriate customer identification programs and whether they are satisfying their suspicious activity reporting (SAR) filing obligations, conducting customer due diligence on customers, complying with beneficial ownership requirements, and conducting robust and timely independent tests of their AML programs.

Additional Considerations

Lastly, while we expect the Priorities to drive 2022 field examinations, the Significant Focus Areas highlighted above are not an exhaustive list. EXAMS will conduct their own risk-based analysis of an RIA or broker-dealer’s business, which could include their respective history with the SEC, registration tenure, business operations, advertisements in the public domain, ancillary services provided, product offerings, and any other business risk factors that could create a conflict of interest.

How we help

We bring together the best people, technology, and services to deliver holistic GRC solutions to our clients worldwide. Our team helps you navigate the evolving regulatory landscape while considering the complexity of your firm’s unique compliance requirements.

We help our clients manage regulatory compliancecybersecurity and risk, and performance verification through our consulting, outsourcing, and technology solutions.

Learn more about a few of our services below:

  • AML and financial crimes
    Our ComplianceAlpha® AML KYC Solution can assist firms with their sanctions, know your customer (KYC), and due diligence efforts. Our regulatory technology combined with our managed services help firms meet their customers’ data screening, ongoing monitoring, remediation, look back reviews, and reporting needs.
  • Compliance program reviews and mock SEC examinations
    We can assist with testing the areas highlighted within the priorities as well as other key areas we frequently see included in SEC exams. We maintain a repository of real-time SEC initial document request lists providing clients with unique insight into what and how EXAMS is requesting when testing such areas.
  • Cybersecurity solutions
    If and when Rule 206(4)-9 is implemented, ACA can help firms prepare for examinations that could focus on the details of the firm's cybersecurity policies and procedures, as well as potentially 5 years of books and records around cybersecurity.
  • ESG advisory services 
    The ESG landscape is evolving at a rapid pace and requires additional resources to meet investor and regulatory expectations. Our dedicated advisory practice helps firms of all sizes develop and monitor ESG programs to mitigate risk, make informed choices, grow profitably and sustainably, and combat greenwashing in the process.
  • Focused performance reviews
    Regulators continue to focus on investment performance, both from an advertising perspective as well as for completeness and accuracy of data used to support reported investment returns. We provide an in-depth forensic review of a firm’s compliance structure for calculating and substantiating investment performance. Our review also assists with the execution of the firm’s compliance program by assessing risks and gaps in internal performance processes.
  • Operational resilience
    Additionally, we can help organizations establish operational resilience or help them along in their journeys. A good place to start is with a business impact analysis to identify gaps in current programs, predict and prepare for the most detrimental disruptions, and begin protection and mitigation planning.

Want to learn more?

  • Join us April 26 - 28 for ACA's Virtual Annual Conference - Navigating Uncertainty: Risk Management and the Regulatory Agenda where we’ll explore what regulatory priorities, emerging risks, and industry trends await compliance and risk professionals and how to navigate the changes ahead while moving forward with confidence. Register here
  • Regulatory Headwinds Webcast Series
    ACA will be hosting a series of fireside chats and webcasts surrounding the SEC's Priorities and recent rule proposals. See what's coming up next on our webcast calendar here.

For more information

To learn more about how ACA can help enhance or strengthen your compliance program in each of the respective areas above and beyond, please contact your ACA consultant or contact us here.

Contact us