In a year dogged by fines for off-channel communications and recordkeeping failures – and with regulatory leaders such as SEC Chair Gary Gensler warning about the impending risks of generative AI – it may come as a surprise to some that both these ‘hot’ topics are passed over in favor of more ‘perennial’ compliance risks.
While the 2023 lookback does highlight that the SEC has established “specialized teams” to address “emerging issues” such as crypto, artificial intelligence, and cybersecurity – the priorities appear to mark a return to well-worn topics. Meanwhile, ESG – which has featured on the SEC’s priority list for the last three years – has curiously been dropped completely from the agenda.
What are the SEC’s key examination priorities for 2024?
For 2024, the regulator has set out seven key focus areas:
- Investment advisers
- Investment companies
- Broker dealers
- Self-regulatory organizations
- Clearing agencies
- Other market participants
- Risk areas impacting various market participants
1. Investment advisers: suitability, marketing rules, and third-party risk
Investment advisers (IAs) top the list for the SEC’s 2024 priorities, with the regulator highlighting that:
“Examining for adviser’s adherence to their duty of care and duty of loyalty obligations remains a priority for the Division.”
In particular, the SEC will be looking at investment advice provided to clients – especially where such advice concerns complex or high cost investments, unconventional strategies, or “older investors”. The SEC will want to see that any advice given is in the client’s best interest, is suitable, and avoids conflicts of interest. This includes reviews of economic incentives and whether all necessary disclosures have been made.
In keeping with recent regulatory action, which saw nine firms hit with $850,000 in fines for Marketing Rule failures, the SEC has said that it will continue to focus on the marketing practices of IAs. In particular, it will be looking to see whether such firms have adopted and implemented written policies and procedures to meet the new marketing requirements.
Also of note is the SEC’s commitment to scrutinizing a firm’s policies and procedures for “selecting and using third-party and affiliate service providers”. While third-party risk is not a new topic, it is a growing challenge. This was demonstrated in October 2022, with the SEC’s publication of new oversight requirements for IAs looking to outsource services to third parties.
2. Investment companies: liquidity, fees, and managing market volatility
Investment companies are the second priority for the SEC in 2024, with a particular focus on their importance to retail investors and those saving for retirement. As well as looking at overarching compliance programs and fund governance programs, the SEC will be looking at the effectiveness of firm’s derivative risk management and liquidity risk management programs.
Highlights include increased inspection of investment companies’ fees and expenses models, compliance with the fund derivatives rule (Investment Company Act Rule 18f-4), and how firms are managing “issues associated with recent market dislocations and volatility”.
Firms that have never been examined before, or have not had examinations for “a number of years”, will be first on the SEC’s list in 2024. This is especially true of recently registered investment companies.
3. Broker dealers: Regulation Best Interest, regulatory compliance, and branch office supervision
While third on the list, broker dealers (BDs) fail to escape the watchful eye of the SEC. As a priority, the regulator will be looking at the “standard of conduct” for BDs “at the time when they recommend to a retail customer a securities transaction or investment strategy”. This development is closely associated with Regulation Best Interest, which includes key topics such as disclosures, conflict of interest, suitable recommendations, and whether a customer’s best interests have been put at the heart of advice.
On the theme of regulatory compliance, the SEC will also be placing a focus on whether BDs are complying with both the net Capital Rule and the Customer Protection Rule and related processes, procedures, and controls in these areas. Further to this, and in conjunction with Financial Industry Regulatory Authority (FINRA) amendments to Rule 3110c, the SEC will continue to assess BDs supervision of branch office locations.
4. Self-regulatory organizations
Following the crash of Silicon Valley Bank in March 2023, there has been a general increase of focus on self-regulatory organizations (SROs). This looks set to continue, with the SEC placing SROs fourth on their list of priorities. The regulator is looking to see whether national securities exchanges are meeting their obligations to enforce compliance with SRO rules and federal securities laws. As well as this, the SEC will be conducting a risk-based oversight examination of FINRA as standard.
5. Clearing agencies: credit risk, financial resource, and operational risk
The Dodd-Frank Act behooves the SEC to examine each systematically important clearing agency on an annual basis. With that in mind, the SEC will be looking to conduct its annual examinations to ensure that clearing agencies have policies and procedures in place to ensure that they have sufficient financial resources, are protecting against credit risk, are managing member defaults, and are tackling operational risks. As seen in other priority areas, liquidity models, internal audit functions, and third-party service provider risks will be areas of focus for the regulator.
6. Other market participants: compliance with new rules
More generally, the SEC has highlighted municipal advisors, transfer agents, and security-based swaps dealers as other market participants of interest. For municipal advisors, MSRB Rule G-46 will come into force on March 1, 2024. With this in mind, the SEC will be focusing on compliance with this rule in the second half of Fiscal Year 2024.
7. Risk areas impacting market participants: third-party risk, crypto, and AML
The final priority of the SEC is in fact a number of priorities, or rather a series of risks that pose a challenge to compliance teams across the gamut of financial services.
Firstly, operational resilience and information security continue to pose challenges to firms. The SEC will be looking to see that firms have implemented practices to prevent interruptions to mission-critical services, and protect investor information, records, and assets. In particular, the SEC will be looking at whether policies and controls have been implemented to conduct effective oversight of third-party vendors. It will be especially important to see whether third parties have been adequately vetted for their resilience to cyber-related incidents, as well as their ability to safeguard records and information. Cybersecurity is now a well-established compliance risk, and one that continues to feature on the SEC’s agenda.
Secondly, and in the most forward-looking chapter of the SEC’s 2024 Examination Priorities, the SEC is committing to look at crypto assets and emerging financial technology – unsurprising given the regulator’s well documented dealings and declarations with Crypto over the last year. This includes features such as automated investment advice, more technological trading algorithms, and artificial intelligence. Interestingly, while generative AI is now widely considered a compliance risk, it is not highlighted as a priority focus for the SEC in the coming year, which is a surprise given previous hints that the regulator would be writing rules around AI in late 2023.
Turning again to regulatory compliance, the SEC has tabled Regulation Systems Compliance and Integrity (SCI) as a priority area, particularly features associated with operational capabilities.
Finally, and again unsurprisingly, anti-money laundering (AML) programs will be keenly monitored by the SEC in 2024. Interestingly, while the SEC is prioritizing AML, it makes no reference to the importance of surveillance systems – in yet another unlikely omission.
Overall, the SEC’s 2024 Examination Priorities are more ‘zombie’ than blockbuster – prioritising perennial, conventional issues over emerging threats to financial services. It will be interesting to see whether the regulator sticks to a more conventional approach in practice.
