The SEC’s 2022 examination priorities highlight areas of heightened attention and risks, such as crypto assets and cyber security, as well as core areas of SEC supervision, including investor protection. Notably, many areas of “significant focus” align with recently issued regulatory proposals in the areas of private funds, ESG, standards of conduct, and cybersecurity. SEC registered market participants should consider these examination priorities in such areas as risk coverage, controls, and testing.
The SEC’s Division of Examination (Division) issued its annual list of examination priorities focusing on products, practices, and services that it believes present significant areas of heightened risk to investors and U.S. capital markets. While the priority areas will primarily drive the Division’s examinations, the SEC adds the caveat that “the scope of any examination is determined through a risk-based approach that includes analysis of a given entity’s history, operations, services, products offered, and other risk factors.”
Significant Focus Areas
The SEC will prioritize examinations of areas that it believes pose unique or emerging risks to investors or the markets. These “significant focus areas” include:
- Private funds: Examinations of registered investment advisers (RIAs) to private funds continues to be prioritized based on the size, complexity, and rapid growth of the private funds market. The SEC staff states there has been a 70 percent increase in assets managed by investment advisers to private funds in the past five years. The Division will focus its reviews on the:
- Calculation and allocation of fees and expenses, including the calculation of post-commitment period management fees and the impact of valuation practices at private equity funds
- Potential for preferential treatment of certain investors that have experienced issues with liquidity, including imposing gates or suspensions on fund withdrawals
- Compliance with the Investment Advisers Act Custody Rule, including the “audit exception” to the surprise examination requirement and related reporting and updating of Form ADV
- Adequacy of disclosure and compliance with any regulatory requirements for cross trades, principal transactions, or distressed sales
- Around liquidity, such as RIA-led fund restructurings, including stapled secondary transactions where new investors purchase the interests of existing investors while also agreeing to invest in a new fund
- Conflicts of interest and disclosures concerning the adviser’s portfolio strategy, risk management, and investment recommendations and allocations
- Practices, controls, and investor reporting around risk management and trading for private funds with indicia of systemic importance, such as outsized counterparty exposure or gross notional exposure when compared to similarly situated firms.
See related KPMG Regulatory Alerts:
Private Funds: SEC Proposed Amendments to Form PF (here)
Private Funds: Proposals to enhance investor protections (here)
- Environmental, Social and Governance (ESG) investing. As RIAs increasingly offer and evaluate investments that entail ESG strategies or components, the Division highlights the risk of including potentially false and misleading disclosure statements pertaining to portfolio management practices due, in part, to a lack of standardized ESG terminology and varied approaches to ESG investing. Reviews will focus on RIA’s and registered fund’s:
- Accurate disclosure of ESG investing approaches, as well as their adoption and implementation of policies, procedures, and practices designed to prevent violations of the federal securities laws including review of their portfolio management processes and practices
- Adherence to proxy voting policies and procedures, and alignment with their ESG-related disclosures and mandates
- Potential overstatement or misrepresentation of ESG factors considered or incorporated into portfolio selection (greenwashing).
See related KPMG Regulatory Alerts:
Climate Risk: SEC’s Mandatory Climate Disclosures Proposal (here)
SEC Examinations Risk Alert: Compliance issues in ESG investing (here)
- Standards of Conduct: Regulation Best Interest, Fiduciary Duty, and Form CRS. Continuing focus on standards of conduct for broker-dealers and RIAs will address how broker-dealers and RIAs demonstrate acting in the best interests of retail investors through compliance with requirements under Regulation BI and the Advisers Act fiduciary standard. Examinations will assess:
- Consideration of alternative practices (e.g., regarding potential risks, rewards, and costs)
- Management of conflicts of interest (e.g., incentive programs, compensation structures)
- Trading (e.g., RIA best execution obligations)
- Disclosures (e.g., disclosures pursuant to Reg BI, and provided in Form ADV and Form CRS)
- Account selection (e.g., brokerage, advisory, or wrap fee)
- Account conversions and rollovers.
See related KPMG Regulatory Alert:
Form CRS Disclosure: SEC Staff Statement (here)
- Information security and operational resiliency. Due to the critical impact that information security has on business continuity, and the importance of data protection, the Division will assess how broker-dealers and RIAs prevent mission-critical service interruptions and protect investor information, records, and assets, as well as their compliance with Regulations S-P and S-ID, where applicable. Additionally, continued focus will be on business continuity and recovery plans, particularly in regard to climate risk and substantial disruptions to normal business operations, including maturation and improvements to the plans. Examinations will specifically review the measures that firms take to:
- Protect customer accounts and prevent account intrusions
- Oversee vendors and service providers
- Address malicious email activities, such as phishing or account intrusions
- Respond to cyber incidents, including ransomware attacks
- Identify and detect red flags related to identity theft
- Manage operational risk resulting from dispersed workforces in work-from-home environments.
See related KPMG Regulatory Alert:
Cybersecurity: SEC Proposal for Adviser/Fund Risk Management (here)
- Emerging technologies, and crypto assets. The Division will examine broker-dealers and RIAs utilizing developing technology such as “robo-advisers” to determine whether they consider associated unique risks into their compliance programs. Firms offering or claiming to offer new products and services, or to employ new practices such as fractional shares, “Finfluencers,” or digital engagement practices, will be assessed on whether they:
- Have operations and controls in place that are consistent with required standards of conduct, as well as the associated disclosures
- Provide advice and recommendations to investors, including by algorithms, that are consistent with investors’ investment strategies and the standard of conduct owed to such investors
- Have controls that take into account the unique risks associated with such practices.
Examinations of broker-dealers and RIAs offering crypto assets will continue to also focus on custody arrangements and the offer, sale, recommendation, advice, and trading of these assets. Exams will also consider whether participants have i) met their respective standards of conduct when recommending to or advising investors on crypto assets, and ii) routinely reviewed, updated, and enhanced compliance practices (e.g., custody, AML, valuation procedures), risk disclosures, and operational resiliency practices.
Additionally, the Division will conduct exams on mutual funds and ETFs offering exposure to crypto assets in order to assess compliance, liquidity, and operational controls around portfolio management and market risk
Other Focus Areas
The SEC also highlighted additional areas of examination focus including:
- Clearance and settlement: As required under Title VIII of the Dodd Frank Act, the Division will conduct at least one risk-based examination of SEC supervised clearing agencies that are designated as systemically important. Specifically, the examinations will focus on core risks, processes, controls, and the nature of clearing agencies’ operations and assessment of financial and operational risk. In addition, risk-based examinations of registered clearing agencies (including both those that have and have not been designated as systemically important) will assess the adequacy and timeliness of efforts to remediate prior deficiencies, including, the role of senior leadership, and examine other risk areas identified in collaboration with the SEC’s Division of Trading and Markets and other regulators, such as margin, counterparty credit risk, disclosure framework, governance, recovery and wind-down, default management, liquidity risk management, and project management.
- Regulation SCI: Continued examination focus will assess whether Regulation SCI entities:
- Have incident response policies and procedures that are reasonably designed, with a particular focus on ransomware
- Use third-party network infrastructure services to support critical functions
- Have policies and procedures pertaining to the return to the workplace or further hybridization of the workplace after the extended telework posture caused by the COVID-19 pandemic
- Established reasonably designed policies and procedures to identify and mitigate software supply chain risks, including secure code development practices of SCI entities.
See related KPMG Regulatory Alert:
Cybersecurity: SEC Reg SCI Proposal, Future Considerations (here)
- LIBOR Transition. The Division will continue to conduct exams and other outreach efforts in order to assess the exposure of market participants overseen by the Division to LIBOR and their transition to alternative reference rates in connection with registrants’ own financial operations, the exposures of their clients and customers, and their obligations when recommending LIBOR-linked instruments. Market participants would include RIAs, broker-dealers, investment companies, municipal advisors, transfer agents and clearing agencies.
- AML: As a continued priority of the Division, examinations will focus on broker-dealers’ and RIAs’ compliance with AML requirements including whether firms:
- Adhere to SAR filing obligations
- Conduct customer due diligence
- Comply with beneficial ownership requirements
- Conduct robust and timely independent tests of their AML programs.
Related KPMG Thought Leadership includes:
- KPMG Regulatory Alert: Examination and Risk Monitoring| FINRA 2022 Report
- KPMG Regulatory Insights POV: Assessing crypto and digital asset risks
- KPMG Regulatory Insights POV: Ten Key Regulatory Challenges of 2022
- KPMG Regulatory Insights POV: Operationalizing climate risks