SEC releases 2024 exam priorities early with focus on emerging risks

Regulator aims to provide earlier insight by aligning publication with the start of its fiscal year.

Key risks, examination topics, and priorities the SEC’s examinations division plans to focus on in the coming year have been released by the agency in a 28-page examination priorities for 2024 document.

“We hope that aligning the publication of our examination priorities with the beginning of the SEC’s fiscal year will provide earlier insight to registrants, investors, and the marketplace of adjustments in our areas of focus year to year,” said Richard R Best, Division of Examinations Director.

The agency’s priorities will mainly revolve around compliance with its new rules, operational resiliency, and emerging technologies – including artificial intelligence and cryptocurrency – the SEC said.

Operational resiliency and crypto

The SEC said it will focus on broker-dealers and advisers’ practices to prevent operational disruptions and respond to them accordingly. “Operational disruption risks remain elevated due to the proliferation of cybersecurity attacks, firms’ dispersed operations, intense weather-related events, and geopolitical concerns,” the SEC wrote. “Given these risks and concerns, cybersecurity remains a perennial focus area for all registrants.”

Another lingering priority from 2023 is the focus on crypto assets, as the division “will continue to monitor and, when appropriate, conduct examinations of registrants,” in the crypto market, according to the report. The SEC notes that examinations will focus on the “offer, sale, recommendation of, advice regarding, trading in, and other activities in crypto assets or related products.”

This includes reviewing whether such registrants involved with crypto assets follow their respective standards of conduct when recommending or advising clients regarding crypto assets, particularly when the investors are retail-based (including older investors) and investments involve retirement assets.

In addition, the division will assess whether any technological risks associated with the use of blockchain and distributed ledger technology have been addressed, including whether compliance policies and procedures are “reasonably designed, accurate disclosures are made and the risks pertaining to the security of crypto asset securities are addressed”, if required by applicable law.

AI and marketing practices

A new focus this year in the technology realm is on artificial intelligence, for which the SEC issued a proposal in July. The proposal directs investment advisers and broker-dealers to identify conflicts of interest associated with certain technologies, such as AI, and to neutralize or eliminate the effect of those conflicts.

Examinations will also include marketing practice assessments for whether advisers have adopted and implemented reasonably designed written policies and procedures to prevent violations of the Advisers Act and the rules issued under it, including recent reforms to the Marketing Rule, the SEC further notes.

As part of these assessments, the SEC will check whether advisers appropriately disclosed their marketing-related information on Form ADV and maintained substantiation of their processes and other required books and records.

Marketing practice reviews will also assess whether disseminated advertisements include any untrue statements of a material fact, are materially misleading, or are otherwise deceptive. The SEC will also review whether they comply with the requirements for performance (including hypothetical and predecessor performance), third-party ratings, and testimonials and endorsements. 

Reg BI, attention to compliance details

Although Regulation Best Interest (Reg BI) has been around for a couple of years, the SEC notes that its main attention in the next year will be determining whether broker-dealers have established, maintained, and enforced written policies and procedures to achieve compliance with Reg BI as a whole.

This includes considering whether the written policies and procedures are reasonably designed based on the costs, risks, and rewards of the securities and investment strategies that the broker-dealer recommends to customers.

The division will also continue to focus on dual registrants and examinations will encompass firms’ conflicts of interest and account selection practices (for example, brokerage versus advisory and wrap fee accounts), among other things. These examinations will also evaluate whether broker-dealers have met their obligation to filed required Form CRS with the Commission and deliver the relationship summary to retail customers.

Tried and true principles of examination

The division continues to prioritize examinations of advisers that have never been examined, including recently registered advisers, and those that have not been examined for a number of years.

The division also continues to prioritize examinations of registered investment companies, including mutual funds and ETFs, due to their importance to retail investors, particularly those saving for retirement, with a particular focus on firms’ disclosure and oversight of advisory fees.

When reading the priorities document, SEC-registered firms should remember that the scope of any SEC examination includes a specialized analysis of an entity’s operations, services, products offered, and other risk factors.

Given the emphasis in the exam priorities document, businesses should focus their compliance and surveillance efforts on areas of potentially heightened risk to retail investors in particular, such as those contained in the rules regarding fund names, Reg BI, and conflicts of interest.

Compliance budgets

The clearly delineated list of key risks, trends, and examination topics in the document create a template for businesses as they determine compliance budgets, set priorities for updating policies and procedures, fine tune and test all regulatory technology and deadline trackers, revisit risk assessments and upgrade training modules for staff in the upcoming year.

And the document (or compliance’s summary and interpretation of it) should be shared with managers in a variety of departments, as many of the compliance tasks alluded to in the document are going to rely on cross-departmental cooperation and vigilance.