SEC Announces 2021 Examination Priorities
On March 3, 2021, the U.S. Securities and Exchange Commission’s (SEC) Division of Examinations (the Division) (formerly, the Office of Compliance Inspections and Examinations) released their FY 2021 Examination Priorities (Priorities). The Priorities continue to focus on protecting retail investors and assessing ongoing and emerging market-wide risks.
The 2021 Priorities reflect a significant shift and increased focus on climate and environmental, social, and governance (ESG) related risks and strategies, including a priority focus on:
- the consistency and adequacy of the disclosures Registered Investment Advisers (RIAs) and fund complexes provide to clients regarding these strategies
- whether the firms’ processes and practices match their disclosures
- whether fund advertising is accurate or includes false or misleading statements
- whether proxy voting policies and procedures and votes align with the strategies
- whether cybersecurity and operational resiliency plans, particularly those of systemically important registrants, account for the growing physical and other relevant risks associated with climate change
This coincides with the SEC’s establishment of a dedicated Climate and ESG Task Force in the Division of Enforcement.
The Priorities also include an increased focus on private fund risk disclosures and conflicts of interest, alternative data, digital assets, cybersecurity, technology, advanced analytics, anti-money laundering (AML), and Broker-Dealer and Registered Investment Company risks.
The Priorities are, in many respects, similar to the 2020 priorities. The emphasis on the protection of retail investors (particularly seniors and individuals saving for retirement) continues to be a top priority. However, cybersecurity, financial technology (FinTech), the discontinuation of LIBOR, market infrastructure, and a new entrant, ESG, round out this year’s Priorities.
The Division also used the Priorities to remind firms of the Division's recent name change, which demonstrates the important role examination staff plays in promoting a strong culture of compliance within the financial services industry. The Division also called attention to Director Driscoll’s recent remarks on knowledgeable and empowered CCOs with full responsibility, authority, and resources to develop and enforce policies and procedures. The Priorities specifically call on C-level executives to commit to setting a tone from the top that compliance is integral to the organization’s success and that there is tangible support for compliance at all levels of an organization.
The Division’s Priorities also specifically reference the eight risk alerts issued during FY 2020 which suggest compliance teams would be well advised to evaluate current processes procedures, and disclosures against the risks identified by the Division. While we expect the Priorities to drive 2021 examinations, a risk-based analysis of a firm and its business activities continue to be considerations when establishing focus areas. This approach allows the Division’s staff to be both flexible and efficient in covering emerging risks as they arise. As an added resource, the Division also established the 12-member Event and Emerging Risks Examination Team (EERT), which was announced in July and will serve to support examination teams. We have learned that the EERT will “generally” not conduct their own examinations but will be a backstop for exam teams in a supporting role. More information about the EERT can be shared by your ACA consultant.
Protecting retail investors (including seniors and individuals saving for retirement)
The Division will continue to focus on investments and services marketed to retail investors, such as mutual funds and exchange-traded products, municipal securities and other fixed income instruments, and microcap securities, such as those traded over the counter. Among other things, the Division will focus on the following:
- Standards of conduct - Regulation Best Interest and Form CRS
- Fraud, sales practices, and conflicts
- Retail-targeted investments
- Municipal and other fixed income securities
- Microcap securities
Given the SEC's focus on retail investors, firms should review their procedures for conducting marketing and advertising reviews to ensure they meet the requirements outlined in this guidance. Recent guidance from FINRA outlined certain general standards applicable to all types of retail communications, including calculation and presentation of performance and other common deficiencies.
With the Division’s focus on retail investors, RIAs can safely assume there will be a stronger focus on Form CRS compliance during the next phase of examinations. Even with the Division proactively providing sample Form CRS request lists and noting key examination focus areas back in April and October 2020, respectively, the Division still noted that hundreds of firms out of the over 13,000 Forms CRS filed were not filed on time. We can’t say how long the Division’s patience will last with RIAs’ Form CRS compliance during the next phase of examinations; however, the Division continues to encourage market participants (and other members of the public) to reference the Form CRS FAQs and also to send any questions to IABDQuestions@sec.gov.
Cybersecurity and operational resilience
As the pandemic has changed the landscape of how RIAs provide and communicate investment advice, and with an increasing number of RIA staff working remotely, the related cybersecurity concerns may seem endless. Whether it is endpoint security, data loss prevention, remote access controls, vendor management, and/or the use of third-party communication systems, RIAs need to remain aware that any of these can be an examination focus. This is an opportunity for heightened investor information protection procedures wherein RIAs can substantiate a continuous effort to develop and maturate a robust cybersecurity program. Such improvements can demonstrate a responsiveness and focus to both the Division’s Priorities and investors’ information. The Division will also evaluate whether cybersecurity and operational resiliency plans, particularly those of systemically important registrants, account for the growing physical and other relevant risks associated with climate change.
The Division will work with firms to identify and address information security risks, including cyber-attack related risks, and will encourage market participants to actively and effectively engage regulators and law enforcement in this effort.
The Division will also focus on controls surrounding online and mobile application access to investor account information, the controls surrounding the electronic storage of books and records and personally identifiable information identifiable information maintained with third-party cloud service providers, including firms’ policies and procedures to protect investor records and information.
Technology, innovation, and alternative data
As the integration of technology to facilitate compliance with regulatory requirements has gained more traction in recent years, the Division indicated that this would be another focus. RIAs that use alternative data and advice provided through automated investment platforms can expect further review wherein demonstrating controls around their receipt and protection of such alternative data. In addition, RIAs providing advice to clients through automated investment platforms can expect to demonstrate how their platforms operate consistently within representations and how investment recommendations are in the best interests of investors.
As innovations in financial technology (FinTech) and capital formation continue at a rapid pace, the Division remains committed to staying informed on how these developments could impact registrants and investors, including the following:
- Robo-advisers - Firms providing advice to clients through automated investment tools and platforms or firms offering automated asset allocation, fractional share purchases, customized portfolios and mobile applications.
- Use of regulatory technology (RegTech) – The SEC noted that the use of regulatory technology has increased significantly in recent years. RegTech can be a great asset when used correctly, but can lead to compliance program deficiencies if misused or configured incorrectly. Examinations will focus on the implementation and integration of RegTech in firms’ compliance programs.
- Digital assets - There has been significant price appreciation in this market, which could present investors with increased risk. The Division will continue to monitor the offer and sale, trading, and price discovery of digital assets, and for firms actively engaged in the digital asset market, examinations will focus on, among other things, investment suitability, portfolio management, trading, safety of client funds and assets, pricing, compliance programs and internal controls, and supervision of employee outside business activities.
The Division intends to engage with RIAs through examinations to assess their understanding of any exposure to LIBOR, their preparations for the expected discontinuation of LIBOR, and the transition to an alternative reference rate.
The discontinuation of LIBOR could also have significant impacts on the financial markets wherein the Division intends to engage with RIAs to assess their understanding of potential exposure, their preparedness for such discontinuation, and their transition to an alternative reference rate. As this discontinuation comes closer, RIAs can reasonably expect related dialogue with examination staff upon examination.
The Division has taken particular interest in the governance of ESG as part of an overall and/or stand-alone investment strategy. Examination staff will review for the accuracy and adequacy of disclosures made to investors in fund documents in addition to any type of advertising materials. In addition, proxy voting policies and procedures, including actual voting activity to assess alignment with the stated strategy, will be reviewed. We recommend that RIAs proactively review any representations made regarding their ESG offerings going forward.
The Division will continue to prioritize examinations for compliance with AML obligations to assess whether firms have established appropriate customer identification programs and whether they are satisfying their SAR filing obligations, conducting due diligence on customers, complying with beneficial ownership requirements, and conducting robust and timely independent tests of their respective AML programs.
RIA compliance programs
The Division will continue to review the compliance programs of RIAs, including whether those programs and their policies and procedures are reasonably designed, implemented, and maintained. The Division will continue to prioritize examinations of RIAs that have not been examined for years to focus on whether their respective compliance programs have adapted, given any substantial growth or change in business models. As part of this risk-based approach, the Division will also continue to conduct examinations of RIAs that have never been examined, including new RIAs and RIAs registered for several years that have yet to be examined. In November 2020, the Division released a risk alert about deficiencies found in Investment Adviser compliance programs, which highlighted issues created by firms who hadn’t devoted sufficient time and resources towards maintaining accurate policies and procedures. In the alert, they noted that advisers did not follow their own policies and procedures or have oversight of disclosures or performance used in advertising.
RIAs to private funds
The Division will continue to focus on advisers to private funds and will assess compliance risks, including a focus on liquidity and disclosures of investment risks and conflicts of interest.
More specifically, the Division will review for, among other things:
- Preferential treatment of certain investors by advisers to private funds that have experienced issues with liquidity, including imposing gates or suspensions on fund withdrawals; portfolio valuations and the resulting impact on management fees; adequacy of disclosure and compliance with any regulatory requirements of cross trades, principal investments, or distressed sales.
- Conflicts around liquidity, such as adviser led fund restructurings, including stapled secondary transactions where new investors purchase the interests of existing investors while also agreeing to invest in a new fund.
- Higher concentrations of structured products, such as collateralized loan obligations and mortgage-backed securities, to assess whether the funds are at a higher risk for holding non-performing loans and having loans with higher default risk than that disclosed to investors.
- Clearing agencies - The Division will examine registered clearing agencies’ governance, legal, compliance, and risk management frameworks by reviewing efforts to escalate deficiencies identified by the Division and internal auditors and whether they have taken timely and appropriate action to correct and mitigate the risks associated with those deficiencies.
- National securities exchanges – The Division will focus on exchange operations to monitor, investigate, and enforce member and listed company compliance with, as applicable, exchange rules and the federal securities laws.
- Transfer agents - The Division will continue to examine transfer agents’ core functions: the timely turnaround of items and transfers, recordkeeping and record retention, and the safeguarding of funds and securities.
Watch our on demand SEC examination priorities webcast
Watch on demand as ACA’s Carlo di Florio, Karen Foley, Alyssa Briggs, Pat Shea, and Christine Tetherly-Lewis discuss how the 2021 examination priorities may impact your firm and how you can prepare. Join here.
How we help
We recommend that RIAs review their compliance programs with these Priorities in mind and consider taking action to adjust or make any necessary improvements prior to an examination.
In addition to our compliance consulting services we can also provide:
- mock SEC examinations and compliance program reviews
- focused performance reviews
- regulatory technology
- managed services
- cybersecurity solutions
- ESG advisory services
To learn more about how we can help enhance or strengthen your compliance program, please reach out to your ACA consultant or contact us here.