Each year, the SEC releases its Exam Priorities toward the end of the first quarter. The document is a regular reminder that compliance is not a one-and-done endeavor. The world we work in is constantly changing, and regulatory expectations often shift to adjust to new realities.
Reflecting on the latest Exam Priorities can help compliance officers decide where to direct their energy in the coming year. Here, we dive into the SEC’s priorities released at the end of March 2022 and flag some of the areas CCOs should think about.
Standards of Conduct
The SEC takes its mission of protecting investors seriously. That’s why firms’ standards of conduct are a perennial focus of SEC Exam Priorities.
This year, the document was especially focused on ensuring firms are acting in clients’ best interests and communicating those efforts to clients.
Maintaining appropriate standards of conduct starts with fiduciary duty. The SEC reminds firms that the client’s best interest should be at the heart of every decision. Each investment must be considered with respect to a client’s risk tolerance, potential upside and downside, and costs associated with each asset.
It’s also crucial firms keep an eye on their internal actions. The SEC affirms that firms should be focused on managing conflicts of interest and staying honest about any incentives they receive for recommending certain products or strategies.
The final component of acceptable standards of conduct is sharing your firm’s practices with clients. You must disclose incentives. You must share information assembled for Form CRS and Form ADV with clients. That’s how they develop a clear understanding of how you run your business. Clients need to know about any potential conflicts of interest, disciplinary history, and fees and costs.
RIA and Broker-Dealer Regulatory Exams
For both RIAs and broker-dealers, the SEC’s regulatory exams focus on ensuring you have a robust, effective compliance program. The SEC wants to see programs with clear documentation, testing, and employee training.
For broker-dealers, the SEC places particular emphasis on:
- ●The firms’ recommendations and sales practices around more complex or risky asset classes. This includes SPACs, structured products, leveraged and inverse exchange-traded products (ETPs), REITs, private placements, annuities, municipal and other fixed-income securities, and microcap securities.
- ●Practices, policies, and procedures related to evaluating cost and reasonably available alternatives. Is your firm recommending products that are genuinely in the investor’s best interest?
- ●Compensation structures for your team. The SEC is concerned with conflicts that these structures may create. If you are tapped for an exam, the SEC may focus on securities sales conducted by your highest-compensated team members.
For RIAs, the SEC is focused on:
- ● Fiduciary duty. Are you acting in your clients’ best interest, providing impartial advice, disclosing conflicts of interest, and maintaining duties of care and loyalty? If you’re missing critical components of the standards of conduct guidelines outlined above, you’re likely not meeting the SEC’s expectations.
- ● Advisory fee errors. This includes everything from a failure to adjust fees as promised in investor agreements, to mistakes in calculating tiered fees to a failure to refund prepaid fees on accounts that had been closed or pro-rated fees for new clients.
Information Security and Operational Resiliency
Technology is an essential part of business today. There are significant advantages to using digital solutions in your organization, but it also means you must have a plan to protect personal information and maintain operational resiliency.
The SEC expects firms to implement measures to prevent service interruptions and protect clients’ personal identifying information (PII).
There’s a lot to consider regarding technological risks, from creating secure client-facing accounts to establishing airtight connections between your distributed team in our new work-from-home reality.
On the client-facing side, you should:
- ● Help clients maintain account security. Consider implementing features like multi-factor authentication for your accounts.
- ● Verify investors’ identities and work to prevent unauthorized account access.
- ● Prevent and disclose any account intrusions or data leaks.
Internally, it’s essential to:
- ● Address any phishing scams or potential hacking incidents resulting from suspicious emails sent to your team.
- ● Keep an eye on red flags related to identity theft, and communicate with clients about risks or leaks.
- ● Respond to incidents promptly.
- ● Establish best practices for your distributed team, such as using VPNs and secure cloud-based applications.
- ● Vet the security practices of your vendors and service providers to ensure they meet your standard.
Even if you’ve read through countless SEC Exam Priorities of years past, there is always something new to focus on. Every firm has its strengths and weaknesses, so it’s wise for compliance officers to review the latest document with an eye toward SEC expectations your firm might struggle to meet. The best way to remain audit-ready is to be proactive about addressing regulatory concerns.