On March 3, 2021, the SEC’s Division of Examinations (Division) published its examination priorities for the year. These priorities are the driving force behind the Division’s examinations but are not exhaustive. Examiners may focus on other issues during an examination.
The Division, which was previously called the Office of Compliance Inspections and Examinations, circulates its yearly priorities to alert Registered Investment Advisers (RIAs) and broker-dealers regarding the risks that firms should address. The Division’s goal is to prevent harm to investors and the capital markets.
The Division’s examination priorities, as well as the press release that accompanied it, demonstrate that the SEC is very concerned about climate change and its impact on RIAs. It is also concerned about firms’ handling of investment strategies that rely upon environmental, social, and governance (ESG) criteria. More RIAs are offering investment strategies that focus on ESG factors. In addition, the Division wants firms to address the risks that arise when many employees are working remotely.
2021 priorities in a nutshell
The SEC’s 2021 compliance priorities can be reviewed HERE. While the Division’s 2021 priorities cover a number of specific areas, they fall within the following categories:
- Protecting retail investors, such as seniors and individuals saving for retirement;
- Information security and operational resiliency;
- Financial technology (Fintech) and innovation, including digital assets;
- Anti-money laundering (AML) programs;
- The London Inter-Bank Offered Rate (LIBOR) transition to an alternative reference rate;
- Focus areas relating to investment advisers and investment companies, including compliance programs, registered funds, and advisers to private funds;
- Focus areas involving broker-dealers and municipal advisors; and
- Market infrastructure.
Protecting retail investors, especially seniors, has long been a priority for the Division. Toward that end, the Division will focus on compliance with Regulation Best Interest and Form CRS. As always, examiners will determine if RIAs are fulfilling their fiduciary duty. Examiners will also look at whether firms are mitigating conflicts of interest. Where required, firms must provide sufficient disclosure of conflicts of interest, so retail investors are able to give informed consent to them. In addition, examiners will scrutinize products that are frequently used by retail investors, such as mutual funds, exchange-traded funds (ETFs), municipal securities and other fixed income securities, variable annuities, private placements, and microcap securities.
While protecting retail investors is a perennial priority, the impact of climate change on the Division’s priorities is new. The Division has stressed the importance of planning for risks that are likely to go hand-in-hand with climate change. The Division said it will shift its focus to determine whether firms’ business continuity plans (BCPs) account for the increased possibility that there will be more intense and more frequent climate-related events. The Division’s efforts will be similar to the steps taken after Hurricane Sandy. Even if an RIA’s BCP has evolved and improved over the years in response to Covid-19 and other events, examiners are likely to have much higher expectations going forward.
Information security and operational resiliency
It is not just weather that can cripple a business, which is why information security and operational resiliency are high priorities for the Division. RIAs and broker-dealers must take appropriate measures to safeguard customer accounts and prevent account intrusions. Firms should implement policies and procedures requiring verification of an investor’s identity to prevent unauthorized account access. In addition, firms should oversee vendors and service providers. They should also address malicious email activities, such as phishing, and must guard against ransomware attacks.
The Division has previously warned firms about the risks that arise when much of their workforce is working from home. There are concerns regarding access to investor account information, as well as the controls surrounding the electronic storage of books and records and personally identifiable information maintained with third-party cloud service providers. Firms’ policies and procedures should be designed to help reduce these risks.
The Division has also made financial technology, including digital assets, a priority for 2021. Because the Division published a risk alert on digital asset securities on February 26, 2021, firms could have predicted that this area would be a priority. That particular risk alert is available HERE.
There are additional priorities listed by the Division in its release. As an example, the Division will focus on advisers to private funds. Examinations will address liquidity issues, as well as the disclosure of investment risks and conflicts of interest. Examinations will emphasize private funds with a higher concentration of structured products.
The Division reaffirmed that it will continue to review the compliance programs of RIAs, including whether their policies and procedures are reasonably designed, implemented, and maintained. The Division will review the consistency and adequacy of the disclosures that RIAs and fund complexes provide to their clients to determine whether the firms’ processes and practices match their disclosures.
The Division’s priorities will not remain stagnant during any given year. Priorities many change as examinations identify emerging risks. Firms need to make certain that their compliance programs address all of the risks they face, not just the Division’s priorities. In preparation for examinations, examiners will review a firm’s business model, services, history, product offerings, and other risk factors.
About RIA Compliance Group: RIA Compliance Group is an investment adviser compliance consulting firm based in Delray Beach, Florida. The firm’s mission is to provide affordable, timely, practical, and cost-effective compliance advice. We help investment advisers to comply with the myriad of state and SEC regulations and compliance obligations facing their firms. RIA Compliance Group takes pride in giving personal service and real world compliance advice, not theoretical concepts and legalese. The firm interacts on a daily basis with SEC and state securities regulators.