SEC Announces 2023 Examination Priorities
The Division of Examinations (the Division or Exams) at the US Securities and Exchange Commission (SEC) announced its 2023 examination priorities on February 7, 2023. The Division publishes these priorities annually to give broker-dealers and investment advisers a sense of the compliance issues they should focus on in the year ahead. This year’s iteration reflects both the SEC’s longstanding mission of promoting compliance, preventing fraud, monitoring risk, and informing policy, as well as addressing new and emerging areas of risk. For 2023, Exams has indicated that it will focus on, among other things, (1) compliance with the new Marketing Rule; (2) compliance with Investment Companies rules; (3) private funds; (4) Environmental, Social, and Governance (ESG) or impact investing; (5) broker-dealers; (6) financial technology (FinTech) and crypto-assets; and (7) information security (InfoSec) and operational resiliency.
Compliance With New Marketing Rule: Exams is prioritizing compliance with a number of significant new rulemakings, most notably the new Marketing Rule, Rule 206(4)-1 of the Investment Advisers Act of 1940 (Advisers Act), which was adopted in December 2020 and went into effect on November 4, 2022. Exams will assess whether Registered Investment Advisors (RIAs) have adopted and implemented written policies and procedures that are reasonably designed to prevent violations of the Marketing Rule by the RIAs and their associated persons. The Division will also review whether RIAs have complied with the substantive requirements of the Marketing Rule, including the requirement that RIAs have a reasonable basis for believing they will be able to substantiate material statements of fact and requirements for performance advertising, testimonials, endorsements, and third-party ratings. RIAs should (i) confirm that their compliance manuals and training programs cover the Marketing Rule, (ii) review all marketing materials that they currently use (even if prepared before the effective date of the new rule) to confirm that they comply with the requirements of the new rule, and (iii) confirm that their client referral and placement agent relationships comply with the requirements of the new rule.
Compliance With Investment Companies Rules: Exams also will emphasize new rules applicable to investment companies, including the Derivatives Rule (Investment Company Act Rule 18f-4) and Fair Valuation Rule (Investment Company Act Rule 2a-5).
Private Funds: Exams observed that more than 5,500 RIAs manage roughly $21 trillion in private fund assets in strategies that include hedge funds, private equity funds, and real estate funds. Exams will focus on various issues under the Advisers Act, including:
- conflicts of interest;
- calculation and allocation of fees and expenses, including the calculation of post-commitment period management fees and the impact of valuation practices at private equity funds;
- compliance with the Marketing Rule;
- policies and practices regarding the use of alternative data and compliance with Advisers Act Section 204A to prevent misuse of material non-public information; and
- compliance with the Advisers Act Rule 206(4)-2 (Custody Rule), where applicable, including timely delivery of audited financials and selection of permissible auditors.
With the exception of the focus on the new Marketing Rule, the other areas of priority are not new, and RIAs should already have policies, procedures, trainings, and other compliance tools in place to address them. It would be prudent to revisit those tools to make sure that they are adequate and that the RIA’s personnel are adhering to all applicable requirements.
Exams singled out RIAs to private funds with specific risk characteristics as an area of focus, including (i) highly-leveraged private funds; (ii) private funds managed side-by-side with BDCs; (iii) private equity funds that use affiliated companies and advisory personnel to provide services to their fund clients and underlying portfolio companies; (iv) private funds that hold certain hard-to-value investments, such as crypto assets and real estate-connected investments, with an emphasis on commercial real estate; (v) private funds that invest in or sponsor Special Purpose Acquisition Companies; and (vi) private funds involved in adviser-led restructurings, including stapled secondary transactions and continuation funds. It will not be a surprise if managers of those types of funds see more examination activity, and they should prepare themselves by doing mock-exam exercises, etc.
ESG or Impact Investing: Exams continues its interest in ensuring that ESG-related investments and strategies are appropriately labeled, monitored, and disclosed. Among other things, Exams will focus on whether RIAs and registered funds are accurately disclosing their ESG investing approaches and whether they have adopted and implemented policies, procedures, and practices designed to prevent violations of the federal securities laws in connection with their ESG-related disclosures. Exams also stated that it will review voting of client securities in accordance with proxy voting policies and procedures, including whether the votes align with their ESG-related disclosures and mandates and whether there are misrepresentations of the ESG factors considered in or incorporated into portfolio selection. RIAs that promote an ESG or impact focus in their investment programs should be sure that they are familiar with and are adhering to the current rules related to ESG and their impact on RIAs.
Broker-Dealers: Exams will focus on broker-dealer compliance and supervisory programs generally, including those for off-channel electronic communications relating to firm business. Exams will also monitor broker-dealer sales practices and consistency with Regulation BI (Best Interest) and the Advisers Act fiduciary standard to act in the best interests of retail investors and not to place their own interests before those of retail investors. Exams will pay special attention to practices regarding the consideration of investment alternatives, management of conflicts of interest, trading, disclosures, account selection, and account conversions and rollovers. In addition, Exams will monitor broker-dealer compliance with the aggregation units and locate requirements of Regulation SHO, penny stock disclosure rules, compliance with Regulation ATS by alternative trading systems, and compliance with the safeguards of the Customer Protection Rule and the Net Capital Rule by firms that hold customer cash and securities. Exams also will assess broker-dealer activity involving microcap, municipal, fixed income, and over-the-counter securities.
FinTech and Crypto Assets: Exams stated that it will focus on the offer, sale, recommendation of, or advice regarding trading in crypto or crypto-related assets and include whether firms (1) met and followed their respective standards of care when making recommendations, referrals, or providing investment advice and (2) routinely reviewed, updated, and enhanced their compliance, disclosure, and risk management practices. In addition, Exams plans to monitor, and when appropriate, conduct examinations of registrants potentially affected by recent financial distress among crypto asset market participants.
Exams also stated that it will continue its emphasis on examinations of broker-dealers and RIAs that are using new financial technologies for compliance, marketing, and operations, for example, on-line brokerage services, internet advisers, and automated investment tools and trading platforms, including RIAs referred to as “robo-advisers.” Firms with digital engagement practices can also expect greater scrutiny from Exams, which will assess whether (i) recommendations were made or advice was provided; (ii) representations are fair and accurate; (iii) operations and controls in place are consistent with disclosures made to investors; (iv) any advice or recommendations are in the best interest of the investor taking into account the investor’s financial situation and investment objectives; and (v) risks associated with such practices are considered.
InfoSec and Operational Resiliency: Exams has been focused on cybersecurity and in December issued a Risk Alert noting that they observed deficiencies in adherence to Regulation S-ID by RIAs and broker-dealers. On the heels of that risk alert, Exams plans to focus on cybersecurity in 2023. Exams recognized that the “current risk environment” for cybersecurity is elevated given recent market events, geopolitical concerns, and the proliferation of cybersecurity attacks. In response, Exams will continue to review the practices of broker-dealers, RIAs, and other registrants intended to prevent interruptions to mission-critical services and to protect investor information, records, and assets. Exams indicated a particular interest in ransomware attacks, which have increased over time. Exams will review whether firms have taken appropriate measures to safeguard customer accounts and prevent account intrusions; oversee vendors and service providers; address malicious email activities, such as phishing or account intrusions; respond to incidents; identify and detect red flags related to identity theft; and manage operational risk as a result of a dispersed workforce. The Division will also review systematically significant registrants’ operational resiliency planning, including, for example, their efforts to consider and/or address climate-related risk. RIAs and broker-dealers should make sure that they have appropriate information technology support and tailored processes, procedures, and escalation plans in place in the event of a cyber-related incident. Exam staff has noted that they will specifically be focusing these documents. Further, firms should understand and ensure they are compliant with the requirements of Regulations S-P and S-ID in light of the Risk Alert and a spate of recent enforcement actions under these regulations.
* * * * *
The 2023 examination priorities report reflects Exam’s assessment of the most significant risks, issues, and policy matters affecting market participants and provides a road-map to the specific areas that Exams will focus on during the coming year. As the SEC continues to pursue a vigorous regulatory and enforcement agenda, with an all-time high of $4.2 billion in civil penalties received in fiscal year 2022, firms should carefully review their policies and procedures and proactively assess and, as necessary, address these areas prior to any upcoming examinations. While many of Exam’s 2023 priorities are continuations of past priorities, firms should be particularly alert this year to compliance with the new Marketing Rule and their policies and procedures in the areas of cybersecurity and cryptocurrency.
Arnold & Porter’s Financial Services, Investment Management, and Securities Enforcement and Litigation practices have been actively monitoring and advising in this area. Please reach out to any of the authors or your regular Arnold & Porter contact to discuss how to stay ahead of this fast-moving landscape.
© Arnold & Porter Kaye Scholer LLP 2023 All Rights Reserved. This Advisory is intended to be a general summary of the law and does not constitute legal advice. You should consult with counsel to determine applicable legal requirements in a specific fact situation.