Thorough Exam: SEC's Division of Examinations Announces Fiscal Year 2024 Priorities
Amid ongoing federal government shutdown risks and the close of its fiscal year, the U.S. Securities and Exchange Commission's (SEC) Division of Examinations (Exams) recently announced its fiscal year (FY) 2024 priorities. According to Exams, "this year's examinations will prioritize areas that pose emerging risks to investors or the markets in addition to core and perennial risk areas." In addition to key focus areas outlined based on the types of entities subject to examination, Exams identified the following risks to various market participants as FY 2024 priorities:
- Information Security and Operational Resiliency: Firms need to have systems, policies and people in place to maintain service during volatile events.
- Crypto Assets and Emerging Financial Technology (FinTech): Firms must ensure rigorous compliance with applicable professional standards, statutes, and rules even as their business models involve cutting edge products and technology.
- Regulation Systems Compliance and Integrity (Reg SCI): Firms must ensure they invest in and maintain systems that adequately support key market functions and improve resiliency.
- Anti-Money Laundering (AML): Firms must understand and adhere to the Bank Secrecy Act and tailor programs to meet their particular risk profiles.
Of note, although Exams identified environmental, social and corporate governance (ESG) as a key priority in FY 2022 and FY 2023, it did not explicitly identify it as a priority for FY 2024.
Entities Subject to Examination
Exams is comprised of more than 1,100 SEC staff members who work in the agency's Washington, D.C., "home office" and across the agency's 11 regional offices to examine and inspect SEC-registered investment advisers, investment companies, broker-dealers, transfer agents, municipal advisors, securities-based swap dealers, clearing agencies and other self-regulatory organizations.
Using a risk-based approach to conducting the National Exam Program (NEP), Exams staff focus on practices, products and services they feel pose a heightened risk to investors or the capital markets at large. Each year, Exams carries out a comprehensive review and recommendation process to identify its annual priorities – starting with input from the frontline examiners most familiar with the registrant practices they encounter day to day. Of course, the published priorities are just that – hot topics deemed to be of utmost interest and importance to the NEP. Hence, registrants subject to examination in FY 2024 should understand the staff's priorities – as they will likely inform the types of document and information requests issued in an examination – while also being prepared for the staff to inquire about the firm's history, operations, staffing, resources, services, products offered, policies, practices and risk factors. Exams staff who spot issues of concern outside of the stated FY 2024 priorities will continue to address them through the deficiency letter – and possibly enforcement referral – processes.
FY 2024 Examination Priorities
Though Exams has published annual exam priorities for more than a decade, this year – for the first time – it aligned its release with the start of FY 2024 to "better inform investors and registrants of the key risks, trends, and examination topics" the Division will focus on in the year ahead. Registrants should ensure that their appropriate personnel familiarize themselves with the 28-page report detailing the priorities which, at a high level, include:
Investment Advisers |
|
Investment Companies |
|
Broker-Dealers |
|
Self-Regulatory Organizations (SROs) |
|
Clearing Agencies |
|
Other Market Participants |
|
Information Security and Operational Resiliency |
|
Crypto Assets and Emerging FinTech |
|
Reg SCI1 |
|
AML |
|
Considerations for Registrants
- ESG Not in Priorities, but Registrants Should Remain Vigilant: As noted above, Exams dropped ESG as a key priority for FY 2024. The omission is an odd one in light of the SEC's recently proposed ESG rules for advisers, the SEC's recently finalized "Names Rule" that governs the names of investment funds (which has significant ESG implications) and the Division of Enforcement's continued focus on ESG disclosures, concerns over greenwashing and growing track record of actions. Even with the removal from examination priorities, firms should remain vigilant in policing these areas in light of the new and proposed rules and recent enforcement activity, and prepare for continued interest from Exams.
- Cyber, Systems and Operational Resiliency Are Paramount: The SEC proposed investment adviser cyber rules last year, has proposed changes to Regulation S-P and recently finalized cyber rules for public companies. The agency's focus on cyber issues and operational resiliency as data theft, ransomware events and other breaches continue, combined with increased complexity and negative consequences of such events, mean Exams will be laser-focused on this priority throughout FY 2024 and beyond. Firms must invest time and effort in designing, implementing, testing and policing their policies and systems.
- Risk Alerts on Firms' Compliance with New Rules: Exams published nine risk alerts in FY 2023, summarizing examination observations on firms' compliance with Regulation S-ID, Regulation BI, LIBOR transition, AML compliance and implementation of the SEC's new Marketing Rule. Of note, as Exams was carrying out and reporting on fieldwork examining how firms were adjusting to and implementing policies to adhere to the new Marketing Rule, the Division of Enforcement filed a set of inaugural enforcement actions for alleged violations of the rule. Moving into FY 2024 and in light of upcoming compliance deadlines for recently adopted rules, firms should consider the possibility of similar parallel efforts with regard to examining compliance with, and enforcing alleged violations of, the SEC's new rules applicable to advisers to private funds (which includes a material change for registered advisers' annual compliance assessment obligations).
- Custody Issues Still in Focus: Custody compliance will remain a focus of examinations as evidenced by the SEC's proposed new safeguarding rule, collateral implications from the new private fund adviser rules on audits for custody purposes and recent enforcement actions involving alleged custody violations. Registrants have already witnessed Exams increasingly stress-testing custody compliance over the past year, and it is expected this will remain at a heightened level, particularly in light of the increased attention to crypto custody issues as mentioned above.
- Increased In-Person Visits, Though Virtual Examinations May Continue: Exams staff conducted more in-person fieldwork in FY 2023 and are expected to do so in FY 2024 as well, although in many instances examinations – or portions of them – have been carried out on a virtual basis.
- Specialized Examination Teams: In FY 2023, Exams established specialized teams "to better address emerging issues and risks associated with crypto assets, financial technology, such as artificial intelligence, and cybersecurity, among others." Firms should prepare for subject matter experts to hone in on these and other specialized topics when preparing for and navigating exams.
Next Steps
The SECond Opinions Blog will continue to monitor and report on new guidance and risk alerts from the SEC's Division of Examinations and the Division of Enforcement's investigations of – and actions against – registered firms. If you need any additional information on this topic – or anything related to SEC examinations or enforcement – please contact the authors or another member of Holland & Knight's Securities Enforcement Defense Team.
Notes
1 Adopted in 2014 to strengthen the securities markets' technology infrastructure, Reg SCI applies to national securities exchanges, registered and certain exempt clearing agencies, Financial Industry Regulatory Authority (FINRA), Municipal Securities Rulemaking Board (MSRB), Alternative Trading Systems (ATSs) and certain other entities.