- SEC Cyber Priorities SEC Cyber Priorities
The Securities and Exchange Commission’s (SEC) Division of Examinations (Division) released its examination priorities, highlighting a variety of recurring and new risk areas. In addition to the stated priorities, registrants should stay apprised of developments in the SEC’s active rule-making agenda and analyze all risk alerts issued by the Division as they provide valuable insight into risk areas of potential concern. The Division is guided by its “four pillars” mission—to promote compliance, prevent fraud, monitor risk and inform policy—and the 2024 priorities reflect the Division’s focus on risks as a result of the continued evolution of capital markets, complex financial products offered to investors and the impact of technology.
Firms that embrace a proactive approach enhancing their compliance programs on an ongoing basis are best prepared to navigate regulatory examinations in 2024. Kroll, with its wealth of industry insights and decades of combined compliance experience, will assist investment advisers and broker dealers with the identification and mitigation of business risks arising from compliance failures. Through services such as an initial gap analysis, ongoing engagements, SEC mock examinations, regulatory ruling readiness GAP assessments and various compliance tools, our seasoned team can remedy identified areas of weakness and strengthen your overall compliance program.
The following are highlights of the 2024 examination priorities that underscore an investment adviser’s primary responsibility: fiduciary duty. The Division will expect investment advisers to maintain reasonably designed risk-based policies and procedures tailored to address compliance, including, but not limited to:
- Rendering of investment advice that is in the client’s best interest while exercising duty of care and duty of loyalty
- Compliance with the Marketing Rule, including appropriate disclosures, Form ADV responses and maintaining sufficient documentation to substantiate marketing materials
- Review, testing and disclosure of the adviser’s compensation arrangements
- Valuation of client assets, with particular focus on illiquid assets
- Assessment of controls in place to safeguard material non-public information and identification of potential sources of material non-public information
- Review accuracy and completeness of regulatory filings and disclosures to clients and investors
- Oversight of third-party and affiliated service providers and branch offices
- Obtaining informed consent from investors when implementing material changes to advisory agreements
Investment advisers to private funds must also prioritize the review of the following areas:
- Portfolio management risks, including the effects of rising interest rates, valuation and illiquidity
- Adherence to contractual agreements, including terms, conditions, allowable actions and consent requirements
- Focus and testing for all fees, expenses and triggering events for fee offsets, fee reductions and other required compensation adjustments
- Robust due diligence practices in the investment identification process, including disclosure of conflicts as they relate to side-by-side management and the use of affiliated service providers
- Review of processes, procedures and controls as they relate to the safekeeping of assets, including custodians and counterparties
- Monitoring of certain triggering events that require regulatory filings and disclosure.
For registered investment companies, the Division is focused on the protection of retail investors and retirees. Therefore, in addition to certain risk areas highlighted for investment advisers above, the Division will also focus on:
- Fund governance practices, including board oversight, for the review, approval and execution of advisory and other fund fees and analysis of performance
- Recordkeeping to support valuation practices
- Assessment of risk management with a focus on derivative risk and liquidity risk management programs
For broker-dealers, the Division will continue to focus its examinations on the following areas:
- Compliance with Regulation Best Interest and obligations with regards to recommendations of complex, illiquid and costly investments
- Relationship summary within Form CRS specific to services offered to retail customers, fees and costs, conflicts of interests and disciplinary history disclosures
- Compliance with the Net Capital Rule and Customer Protection Rule emphasizing lending programs, differential treatment of liabilities, risk, liquidity and stress management
- Adherence to financial responsibility rules and trading practices through appropriate and regular review of equity and fixed income trading practices
- Tailored anti-money laundering (AML) programs that address business model and associated AML risks related to, but not limited to:
- Independent AML program testing
- Suspicious Activity Report (SAR) filings
- Monitoring Office of Foreign Assets Control (OFAC) sanctions
- Well-established customer identification programs
Although the announced priorities provide a roadmap into the national examination agenda, they are only one data point. Registrants are encouraged to confer with their experts to be informed about local-area priorities, emerging risks, enforcement activity and agency risk alerts and take any necessary steps to adjust their risk identification and compliance mitigation strategies.
Tackling the 2023 SEC Cybersecurity Rules
Cybersecurity remains a priority for the SEC, and the new rules on cyber incident disclosure, reporting, and governance mark a significant shift for many businesses. Our experts explore the impact of the new rules and key approaches to address them.