SEC Strategic Plan: More Enforcement, More Rules, and More Technology

The SEC issued its four-year strategic plan (as required under the Government Performance and Results Modernization Act of 2010), including goals that are virtually identical to its Strategic Plan for 2018-2022 Plan.  Those goals include:

• Protecting the investing public against fraud, manipulation and misconduct 
• Developing and implementing a robust regulatory framework that keeps pace with evolving markets, business models, and technologies 
• Supporting a skilled workforce that is diverse, equitable, and inclusive and is fully equipped to advance agency objectives 

Like other strategic plans, the focus is on mission, vision, values, and goals, with little detail or specifics. Nonetheless, the plan emphasizes recent themes from SEC statements and enforcement actions. For example, under Goal 1, protecting the investment public, the SEC Strategic Plan Fiscal Years 2022-2026 (the Plan) states that “[t]he SEC will continue to pursue misconduct wherever its staff find it and will use all of the tools in its toolkit to deter those who might choose to violate the securities laws, including by holding bad actors—including responsible individuals—accountable.” This seems to reinforce the SEC’s expansive enforcement agenda.

As part of its goal to protect the investing public, the SEC emphasized that it will be using “cutting-edge data analysis” to “prevent, detect and enforce against improper behavior,” including machine learning and artificial intelligence. The SEC also plans to modernize disclosure rules to reflect investor demand, including information about “issuers’ climate risks, cybersecurity hygiene policies, and their most important asset: their people.”

The second goal of keeping pace with innovation and new technologies will require updating “existing SEC rules and approaches.” This includes enhancing “transparency in privacy markets and modify[ing] rules to ensure that core regulatory principles apply in all appropriate contexts.” The Plan also touches on cryptocurrencies, stating that the SEC plans to “engage more proactively on digitization initiatives.” To address these emerging issues, the Plan provides that the SEC will continue to gain expertise and devote resources to “crypto assets, derivatives and fixed income.” The SEC will also be looking at systemic and infrastructure risks, such as those created by the pandemic.

The Plan’s final goal is to support a diverse, skilled workforce, and enhance the agency’s internal control and risk management capabilities.

Implications of the Plan

The Plan reinforces the SEC’s continued focus on risk and highlights key technological initiatives that the SEC will monitor for potential rulemaking in the future. The strategic plan has a few implications compliance professionals should be aware of:

1. The SEC continues to view cybersecurity as a key risk to mitigate.
   The increased use of and reliance on technology introduced new capital market risks for investors. Threats to the market are growing in scale and sophistication and SEC examinations will continue to focus on key risks to investors and markets as part of the SEC’s four-year strategy. Advisers should consider frequent updates to their cybersecurity tools and processes to address potential threats.
2. The SEC will require more disclosures.
   Additionally, in response to frequent investor requests for more information on policies, the SEC is working to modernize their disclosure systems to provide more relevant information to investors to allow for better informed investor decisions. The SEC has already started making these changes by proposing draft climate disclosure rules, provoking significant public response both for and against.
3. The SEC will continue to update its regulatory framework to remain up to date with changes in technology.
   Building a robust regulatory and technological framework is paramount to the security of the market system. The SEC will consider updating existing rules and regulations to accommodate for shifts in the technological space as well as encourage businesses to optimize their resiliency frameworks to be proactive when potential future regulatory requirements go into effect. 

Firms should in turn look to incorporate technology into their processes to keep pace with the SEC, confirm they are in compliance with regulatory requirements, and provide the necessary information to the regulator to prove their compliance.

How we help

Compliance teams need continuous support and knowledge sharing to stay on top of regulatory initiatives. Our team helps you navigate the evolving regulatory landscape while considering the complexity of your firm’s unique compliance requirements.

We help our clients manage regulatory compliance, cybersecurity and risk, and performance verification through our consulting, outsourcing, and technology solutions. Our services and solutions include standard and customized compliance packages, cybersecurity and technology risk assessments, Global Investment Performance Standards (GIPS^®) compliance and other performance services, and a variety of business advisory, technology, and training solutions for financial services firms. 

ACA’s ComplianceAlpha^® software platform helps you automate manual tasks, identify risk through enhanced surveillance capabilities, derive deeper insights through connected data, simplify the submission of requests and disclosures for employees, and free up valuable time for more strategic, higher-value tasks. Our award-winning regulatory technology platform transforms risk and compliance management for over 1,000 leading financial services firms worldwide. By bringing together risk and compliance activities, surveillance, testing, and analytics in one platform, ComplianceAlpha provides a unified view of risks and behavior across your firm.

Contact us to learn more about these priorities or how ACA can help your firm meet the SEC’s obligations, or schedule a demo to see how our regulatory technology solution can help your organization digitize and transform its compliance program.