The long-awaited 2021 Examination Priorities from the Securities and Exchange Commission’s (SEC) Division of Examinations was recently released. The priorities include several emerging issues, including climate-related risks, technology and Regulation Best Interest (Reg BI).
New SEC Priorities for 2021
Climate and ESG
SEC will focus on environmental, social and governance (ESG) matters in light of market developments and increasing awareness in this space. The agency will look at the implications of climate change upon registrants’ operations, the consistency and adequacy of climate-change and ESG disclosures, and compliance in the context of ESG-oriented investment strategies.
The Division pivoted to focus on the most pressing risks. This includes examining whether registered firms’ business continuity plans were updated, operational and effective, and addressing increased cybersecurity and supervision risks facing firms in a remote environment.
The Division will focus on the use, implementation and integration of technology by firms to facilitate compliance with regulatory requirements. The SEC has observed that alternative data, or data gleaned from non-traditional sources, is increasingly being used by firms, including private fund advisers, as part of their business and investment decision-making processes. Reviews will include examining whether firms are implementing appropriate controls and compliance around the creation, receipt and use of such information.
The SEC will review whether firms have taken appropriate measures to:
- Safeguard customer accounts and prevent account intrusions, including verifying an investor’s identity to prevent unauthorized account access
- Oversee vendors and service providers
- Address malicious email activities, such as phishing or account intrusions
- Respond to incidents, including those related to ransomware attacks
- Manage operational risk due to dispersed employees in a work-from-home environment.
The Division will also focus on controls surrounding online and mobile application access to investor account information, the controls surrounding the electronic storage of books and records and personally identifiable information maintained with third-party cloud service providers, and firms’ policies and procedures to protect investor records and information. The Division will again be reviewing registrants’ business continuity and disaster recovery plans.
The Division will expand the scope of examinations to focus on assessing whether broker-dealers are making recommendations they have a reasonable basis to believe are in customers’ best interests and evaluating broker-dealer processes for compliance and alterations made to product offerings. The Division will also conduct enhanced transaction testing as part of these examinations and will evaluate firm policies and procedures designed to meet additional elements of Regulation Best Interest, the recommendation of rollovers and alternatives considered, complex product recommendations, assessment of costs and reasonably available alternatives, how sales-based fees paid to broker-dealers and representatives impact recommendations, and policies and procedures regarding how broker-dealers identify and address conflicts of interest.
The Division will continue to review the compliance programs of investment advisors (including whether those programs and their policies and procedures are reasonably designed, implemented and maintained), portfolio management practices, custody and safekeeping of client assets, best execution, fees and expenses, business continuity plans, and valuation of client assets for consistency and appropriateness of methodology.
The report also mentions other areas of interest by the SEC, including compliance concerns related to retail investors, including seniors and those saving for retirement, market structure and anti-money laundering (AML).
Risk factors for investment advisers and broker-dealers
While these priorities drive many of the SEC’s examinations, the agency selects firms and the areas of focus for examination according to a risk-based analysis, which varies depending on the type of firm and its business activities. For registered investment advisers (RIAs) and broker-dealers, the Division considers dozens of risk factors, which include:
- Products and services offered (including certain products identified as having higher risk characteristics)
- Compensation and funding arrangements
- Disclosures and representations made to customers
- Prior examination observations and regulatory history
- Whether the firm has never been examined, is newly registered, or has not been examined in many years
- Material changes in firm leadership or other key personnel
- Whether a firm has access to investor assets (i.e., custody)
The aforementioned characteristics and factors are not exhaustive, but they provide insight into criteria the Division considers in its risk-based analysis.
How to prepare for an SEC examination
Technology continues to be a key theme for the regulators this year. This means firms need to capture, archive, and supervise all written business communications. This includes retention of electronic communications such as email, text messages, instant messages, social media and collaboration tools. Periodically test the systems to ensure the communications are being captured for review and retention. To test whether advisors are using unapproved communication channels, I recommend setting up automated keyword searches.
The tone in 2021 has not changed for the SEC when it comes to noncompliance. The regulators will continue to penalize firms for failing to meet regulatory requirements, including fines and other enforcement actions. Firms should consider reviewing their controls, policies and procedures regarding the above enforcement priorities.
Author: Marianna Shafir Esq. Regulatory Advisor at Smarsh
Marianna Shafir, Regulatory Advisor at Smarsh, is responsible for regulatory affairs worldwide. With her expertise in financial services industry, compliance and e-discovery, Marianna counsels Smarsh clients on meeting regulatory obligations, leveraging technology and guidance on best practices related to electronic communications supervision. Prior to joining Smarsh, Marianna worked for BNY Mellon and Invesco where she was an instrumental member on compliance teams.Marianna has also served as an adjunct professor at New York Career Institute where she taught Law Office Management and Real Estate Law. She earned her Juris Doctorate from Nova Southeastern University. She is a frequent speaker at industry conferences and a contributor to various online publications.
Our range of innovative solutions can be tailored to suit your unique requirements, no matter whether you’re currently working from home, or are continuing to go into the office. Our services can be deployed individually or combined to form a broader solution to release your energies and focus on your clients.