October 26, 2023

Thorough Exam: SEC's Division of Examinations Announces Fiscal Year 2024 Priorities

Holland & Knight SECond Opinions Blog
Jessica B. Magee
Gavel and scale resting on desk

Amid ongoing federal government shutdown risks and the close of its fiscal year, the U.S. Securities and Exchange Commission's (SEC) Division of Examinations (Exams) recently announced its fiscal year (FY) 2024 priorities. According to Exams, "this year's examinations will prioritize areas that pose emerging risks to investors or the markets in addition to core and perennial risk areas." In addition to key focus areas outlined based on the types of entities subject to examination, Exams identified the following risks to various market participants as FY 2024 priorities:

  • Information Security and Operational Resiliency: Firms need to have systems, policies and people in place to maintain service during volatile events.
  • Crypto Assets and Emerging Financial Technology (FinTech): Firms must ensure rigorous compliance with applicable professional standards, statutes, and rules even as their business models involve cutting edge products and technology.
  • Regulation Systems Compliance and Integrity (Reg SCI): Firms must ensure they invest in and maintain systems that adequately support key market functions and improve resiliency.
  • Anti-Money Laundering (AML): Firms must understand and adhere to the Bank Secrecy Act and tailor programs to meet their particular risk profiles.

Of note, although Exams identified environmental, social and corporate governance (ESG) as a key priority in FY 2022 and FY 2023, it did not explicitly identify it as a priority for FY 2024.

Entities Subject to Examination

Exams is comprised of more than 1,100 SEC staff members who work in the agency's Washington, D.C., "home office" and across the agency's 11 regional offices to examine and inspect SEC-registered investment advisers, investment companies, broker-dealers, transfer agents, municipal advisors, securities-based swap dealers, clearing agencies and other self-regulatory organizations.

Using a risk-based approach to conducting the National Exam Program (NEP), Exams staff focus on practices, products and services they feel pose a heightened risk to investors or the capital markets at large. Each year, Exams carries out a comprehensive review and recommendation process to identify its annual priorities – starting with input from the frontline examiners most familiar with the registrant practices they encounter day to day. Of course, the published priorities are just that – hot topics deemed to be of utmost interest and importance to the NEP. Hence, registrants subject to examination in FY 2024 should understand the staff's priorities – as they will likely inform the types of document and information requests issued in an examination – while also being prepared for the staff to inquire about the firm's history, operations, staffing, resources, services, products offered, policies, practices and risk factors. Exams staff who spot issues of concern outside of the stated FY 2024 priorities will continue to address them through the deficiency letter – and possibly enforcement referral – processes.

FY 2024 Examination Priorities

Though Exams has published annual exam priorities for more than a decade, this year – for the first time – it aligned its release with the start of FY 2024 to "better inform investors and registrants of the key risks, trends, and examination topics" the Division will focus on in the year ahead. Registrants should ensure that their appropriate personnel familiarize themselves with the 28-page report detailing the priorities which, at a high level, include:


Investment Advisers

  • Advice about products, strategies and account topics – particularly including exchange-traded funds (ETFs), real estate investment trusts (REITs) and unconventional strategies like those intended to address rising interest rates – and advice on these matters to older clients and those saving for retirement
  • Processes for determining that investment advice is being provided in a client's best interest (suitability, best execution, cost and risk assessment, and identifying and addressing conflicts)
  • Economic incentives for advisers to recommend certain products, services or account types, including arrangements with affiliated firms
  • Investor disclosure, including all material facts relating to conflicts
  • Adviser compliance programs, policies and procedures, including whether they 1) reflect the various aspects of the adviser's business, compensation structure, services, client base and operations, 2) address applicable current market risks and 3) address recently enacted rules such as the Marketing Rule and updated Compliance Rule
  • Advisers to private funds, with specific focus on 1) portfolio management risks around market volatility and interest rates, 2) limited partner advisory committees (LPAC) and advisory board contractual requirements for notice and consent, fee and expense calculations, and valuation of illiquid assets, 3) post-commitment period management fees and disclosure adequacy, 4) due diligence practices, 5) conflicts, controls and disclosures for private funds managed side-by-side with registered investment companies and the use of affiliate service providers, 6) custody compliance and Form ADV reporting, 7) timely completion of private fund audits and distribution of audited financial statements, and 8) policies and procedures for Form PF reporting
  • Continued prioritization of never-before-examined advisers, including recently registered firms and those that have not been examined in several years

Investment Companies

  • Compliance programs, fund governance practices, disclosures to investors and accuracy of SEC reporting
  • Board processes for assessing and approving advisory and other fund fees, particularly for funds with weaker performance relative to peers
  • Valuation practices (e.g., implementing board oversight duties, setting recordkeeping and reporting requirements, and overseeing valuation designees)
  • Effectiveness of written compliance policies and procedures concerning oversight of advisory fees, fee waivers and reimbursements with a focus on 1) charging different advisory fees to different share classes of the same fund, 2) identical strategies offered by the same sponsor through different distribution channels charging different fee structures, 3) high advisory fees relative to peers, and 4) high registered investment company fees and expenses, particularly those of registered investment companies with weaker performance relative to peers
  • Adoption and implementation of written policies and procedures reasonably designed to prevent violations of the fund derivatives rule (Investment Company Act Rule 18f-4)
  • As with adviser examinations, continued focus on examining never-before-examined registered investment companies and those that have not been examined in a number of years


  • Compliance with Regulation BI, including written policies and procedures with an emphasis on 1) recommendations on products, investment strategies and account types, 2) conflict disclosures and mitigation practices, 3) processes for reviewing reasonably available alternatives, and 4) factors considered in light of an investor's investment profile, including investment goals and account characteristics
  • Exams focused on products like 1) derivatives and leveraged ETFs, high-cost variable annuities, non-traded REITs, private placements, and proprietary and microcap securities, and 2) older investors and those saving for retirement or college
  • Form CRS compliance, including on 1) the relationships and services offered to retail investors and related fees and costs, 2) conflicts, 3) whether any disciplinary history is disclosed, and 4) assessment of whether an entity has satisfied its duty to file the form and deliver a relationship summary to retail customers
  • Compliance with the Net Capital Rule (Exchange Act Rule 15c3-1) and the Customer Protection Rule (Exchange Act Rule 15c3-3) and related internal processes, procedures and controls
  • Equity and fixed income trading practices, including compliance with Regulation SHO, Regulation ATS and Exchange Act Rule 15c2-11

Self-Regulatory Organizations (SROs)

  • National securities exchanges enforcing compliance with SRO rules and the federal securities laws, with a focus on exchange order handling, surveillance, investigation, enforcement programs for disciplining member firm violations and oversight of regulatory service agreements
  • Risk-based oversight examinations of the Financial Industry Regulatory Authority (FINRA) and the Municipal Securities Rulemaking Board (MSRB)

Clearing Agencies

  • The SEC is required to examine, at least once annually, each clearing agency it supervises that is designated as systemically important.
  • Examinations will focus on 1) core risks, processes and controls, 2) risk-based examinations will be carried out for other registered clearing agencies that have not been designated as systemically important, all including a focus on liquidity management, 3) models and model validation, and 4) margin systems, third-party service providers and internal audit.

Other Market Participants

  • Municipal advisor examinations, with a focus on 1) fiduciary duty satisfaction, including documenting relationships, 2) disclosing conflicts, 3) registration, 4) professional qualifications, 5) recordkeeping, 6) supervision, and 7) compliance with new MSRB Rule G-46 following its March 1, 2024, effectiveness
  • Whether security-based swap dealers have implemented policies and procedures for compliance with applicable rules and if they are meeting their obligations under Regulation SBSR

Information Security and Operational Resiliency

  • Focus on efforts to prevent service interruption and to protect investor information and assets
  • Policies and procedures, controls, vendor oversight, governance and incident response planning for cyber issues, including ransomware attacks and whether firms are adequately training staff on identify theft prevention, customer records and information protection
  • Practices to prevent account intrusions and safeguard customer records and information, including personally identifiable information (PII), with a focus on firms with multiple offices
  • Practices to promote cyber resiliency, including firm practices, policies and procedures to prevent account intrusions, safeguard information and oversee third-party vendors

Crypto Assets and Emerging FinTech

  • Examinations will focus on 1) the offer, sale, recommendation of and advice about trading in crypto assets, including whether firms meet applicable professional standards, especially when advising retail investors, and 2) if firms are reviewing and enhancing compliance practices, operational resiliency and risk disclosures
  • For crypto assets that are funds or securities, examinations will assess 1) if advisers are complying with custody requirements, 2) technological risks associated with the use of blockchain and distributed ledger technology, 3) whether compliance policies and procedures are reasonably designed, and 4) disclosures and risks pertaining to the security of crypto assets.
  • Broker-dealers and advisers offering new products and services or employing new practices, particularly technological and online solutions that service online accounts targeting compliance and marketing, including automated investment tools, artificial intelligence (AI) and trading algorithms or platforms

Reg SCI1

  • Exams will focus on entities' written policies and procedures for adequate capacity, integrity, resiliency, availability and security to maintain operational capability and promote and maintain fair and orderly markets.
  • One area of particular focus will be on the physical security of systems housed in data centers.


  • Focus on whether broker-dealers, advisers and certain registered investment companies are 1) appropriately tailoring AML programs to their business risk model and risks, 2) conducting independent testing of their programs, establishing an adequate customer identification program, including for beneficial owners of legal entity customers, and 3) satisfying filing obligations for Suspicious Activity Reports (SARs)
  • Registered investment company exams will likely include a review of policies and procedures around oversight of financial intermediaries.
  • Broker-dealers and advisers' exams will consider whether firms are monitoring Office of Foreign Assets Control (OFAC) sanctions and ensuring compliance with same.

Considerations for Registrants

  • ESG Not in Priorities, but Registrants Should Remain Vigilant: As noted above, Exams dropped ESG as a key priority for FY 2024. The omission is an odd one in light of the SEC's recently proposed ESG rules for advisers, the SEC's recently finalized "Names Rule" that governs the names of investment funds (which has significant ESG implications) and the Division of Enforcement's continued focus on ESG disclosures, concerns over greenwashing and growing track record of actions. Even with the removal from examination priorities, firms should remain vigilant in policing these areas in light of the new and proposed rules and recent enforcement activity, and prepare for continued interest from Exams.
  • Cyber, Systems and Operational Resiliency Are Paramount: The SEC proposed investment adviser cyber rules last year, has proposed changes to Regulation S-P and recently finalized cyber rules for public companies. The agency's focus on cyber issues and operational resiliency as data theft, ransomware events and other breaches continue, combined with increased complexity and negative consequences of such events, mean Exams will be laser-focused on this priority throughout FY 2024 and beyond. Firms must invest time and effort in designing, implementing, testing and policing their policies and systems.
  • Risk Alerts on Firms' Compliance with New Rules: Exams published nine risk alerts in FY 2023, summarizing examination observations on firms' compliance with Regulation S-ID, Regulation BI, LIBOR transition, AML compliance and implementation of the SEC's new Marketing Rule. Of note, as Exams was carrying out and reporting on fieldwork examining how firms were adjusting to and implementing policies to adhere to the new Marketing Rule, the Division of Enforcement filed a set of inaugural enforcement actions for alleged violations of the rule. Moving into FY 2024 and in light of upcoming compliance deadlines for recently adopted rules, firms should consider the possibility of similar parallel efforts with regard to examining compliance with, and enforcing alleged violations of, the SEC's new rules applicable to advisers to private funds (which includes a material change for registered advisers' annual compliance assessment obligations).
  • Custody Issues Still in Focus: Custody compliance will remain a focus of examinations as evidenced by the SEC's proposed new safeguarding rule, collateral implications from the new private fund adviser rules on audits for custody purposes and recent enforcement actions involving alleged custody violations. Registrants have already witnessed Exams increasingly stress-testing custody compliance over the past year, and it is expected this will remain at a heightened level, particularly in light of the increased attention to crypto custody issues as mentioned above.
  • Increased In-Person Visits, Though Virtual Examinations May Continue: Exams staff conducted more in-person fieldwork in FY 2023 and are expected to do so in FY 2024 as well, although in many instances examinations – or portions of them – have been carried out on a virtual basis.
  • Specialized Examination Teams: In FY 2023, Exams established specialized teams "to better address emerging issues and risks associated with crypto assets, financial technology, such as artificial intelligence, and cybersecurity, among others." Firms should prepare for subject matter experts to hone in on these and other specialized topics when preparing for and navigating exams.

Next Steps

The SECond Opinions Blog will continue to monitor and report on new guidance and risk alerts from the SEC's Division of Examinations and the Division of Enforcement's investigations of – and actions against – registered firms. If you need any additional information on this topic – or anything related to SEC examinations or enforcement – please contact the authors or another member of Holland & Knight's Securities Enforcement Defense Team.


1 Adopted in 2014 to strengthen the securities markets' technology infrastructure, Reg SCI applies to national securities exchanges, registered and certain exempt clearing agencies, Financial Industry Regulatory Authority (FINRA), Municipal Securities Rulemaking Board (MSRB), Alternative Trading Systems (ATSs) and certain other entities.

Related Insights