- The SEC (and the prior FINRA issuance, see KPMG Regulatory Alert here) provides an incredibly helpful “roadmap” for companies to utilize in terms of 2023 regulatory expectations.
- The SEC’s 2023 Examination Priorities give insight into a large array of upcoming regulatory risks and areas of SEC attention, including:
- New rules (e.g., Marketing Rule, Derivatives Rule, and Fair Valuation Rule).
- Examination focal areas (e.g., RIAs to private funds; retail investor “best interest” and fiduciary duty; ESG-related service and fund offerings, fund labeling and retail investor “best interest"; and crypto or “crypto-related” asset trading).
- Companies should quickly assess and conduct “gap assessment” of their practices relative to such regulatory insight in order to prioritize actions, seek investments (as needed), and swiftly ‘remediate’ known gaps to regulatory expectations.
The SEC’s Division of Examinations (Division) issued its annual list of examination priorities focusing on products, practices, and services that it believes present significant areas of heightened risk to investors and U.S. capital markets. The Division’s 2023 priorities, which reflect the SEC’s ambitious 2022 and 2023 regulatory rulemaking agenda, are outlined below.
Significant Focus Areas
The Division notes that 2023 examinations will prioritize several significant focus areas that pose unique or emerging risks to investors or the markets, as well as examinations of “core and perennial” risk areas. Notable new and “significant focus areas” include:
- Compliance with Recent Rules: The Division is prioritizing examining compliance with SEC’s recently adopted rules, including the:
- Marketing Rule (Advisers Act Rule 206(4)-1): 1) Whether register investment advisers (RIAs) have adopted and implemented written policies and procedures reasonably designed to prevent violations of the Marketing Rule, and 2) Compliance with requirements related to substantiating material statements of fact, performance advertising, testimonials, endorsements, and third-party ratings.
- Derivatives Rule (Investment Company Act Rule 18f-4): 1) Whether registered investment companies (RICs) have adopted and implemented policies and procedures reasonably designed to manage the funds’ derivatives risks and prevent violations of the Derivatives Rule, and 2) Compliance with Rule 18f-4 including adoption and implementation of a derivatives risk management program, board oversight, and whether disclosures are complete and accurate.
- Investment Company Act Fair Valuation Rule 2a-5: 1) Funds’ and fund boards’ compliance with requirements for determining fair value, implementing board oversight duties, setting recordkeeping and reporting requirements, and permitting funds’ board to delegate valuation determinations, and 2) Whether adjustments have been made to valuation methodologies, compliance policies and procedures, governance practices, service provider oversight, and/or reporting and recordkeeping.
See related KPMG Regulatory Alert:
Special Alert | SEC Investment Adviser Marketing Rule (here)
- Private funds: Examinations of RIAs to private funds remains a priority due to the size, complexity, and rapid growth of the private funds market. The SEC staff states there has been an 80 percent increase in gross assets managed by investment advisers to private funds in the past five years (reaching total gross assets of $21 trillion). Reviews will focus on:
- Conflicts of interest.
- Calculation and allocation of fees and expenses, including the calculation of post-commitment period management fees and the impact of valuation practices at private equity funds.
- Compliance with the Marketing Rule, including performance advertising and compensated testimonials and endorsements, such as solicitations.
- Policies and practices regarding the use of alternative data and compliance with Advisers Act Section 204A (Prevention of Misuse of Nonpublic Information).
- Compliance with the Advisers Act Rule 206(4)-2 (Custody Rule), where applicable, including timely delivery of audited financials and selection of permissible auditors.
- Funds with specific risk characteristics, such as funds that:
- Are highly leveraged.
- Are managed side-by-side with business development companies.
- Use affiliated companies and advisory personnel to provide services to their fund clients and underlying portfolio companies.
- Hold certain hard-to-value investments, such as crypto assets and real estate-connected investments, with an emphasis on commercial real estate.
- Invest in or sponsor SPACs.
- Are involved in adviser-led restructurings, including stapled secondary transactions and continuation funds.
See related KPMG Regulatory Alerts:
Private Funds: SEC, CFTC Joint Proposal to Amend Form PF (here)
Private Funds: SEC Proposed Amendments to Form PF (here)
Private Funds: Proposals to enhance investor protections (here)
- Standards of Conduct: Regulation Best Interest, Fiduciary Duty, and Form CRS. Continuing focus on standards of conduct for broker-dealers and RIAs will address how broker-dealers and RIAs demonstrate acting in the best interests of retail investors through compliance with requirements under Regulation Best Interest and the Advisers Act fiduciary standard. Examinations will assess:
- Investment advice and recommendations with regard to products, investment strategies, and account types, particularly around complex, high cost, illiquid, or proprietary products and unconventional strategies purporting to address rising interest rates.
- Disclosures made to investors and whether such disclosures include all material facts relating to any conflicts of interest associated with the advice and recommendations.
- Processes for making best interest evaluations, including those for reviewing reasonably available alternatives, evaluating costs and risks, and identifying and addressing conflicts of interest.
- Factors considered in light of the investor’s investment profile, including investment goals and account characteristics.
- Economic incentives to recommend products, services, or account types.
- Compliance with Form CRS, including delivery to investors, filing with the SEC, and posting the current summary to the firm’s public website.
See related KPMG Regulatory Alerts:
SEC Examinations Risk Alert: Regulation Best Interest (here)
Form CRS Disclosure: SEC Staff Statement (here)
- Environmental, Social and Governance (ESG) investing. The Division acknowledges that RIAs and registered funds are increasingly offering and evaluating investments that entail ESG strategies or components. Reviews will focus on RIA’s and registered funds’:
- ESG-related advisory services and fund offerings, including accurate disclosure of ESG investing approaches.
- Recommendations of ESG products for retail investors and whether they are made in the investors’ best interest.
- Labeling of ESG products.
See related KPMG Regulatory Insights materials:
KPMG Regulatory Insight View: ESG Risk Practices (here)
Investor Protections: SEC proposed Names Rule and ESG Investment Practices Disclosure (here)
SEC Examinations Risk Alert: Compliance issues in ESG investing (here)
Other Focus Areas
The SEC also highlighted additional areas of examination focus including:
- Information Security and Operational Resiliency: The Division notes “the current risk environment related to cybersecurity is considered elevated given the larger market events, geopolitical concerns, and the proliferation of cybersecurity attacks, particularly ransomware attacks.” As such, the Division will assess firms’ policies and procedures, governance practices, and response to cyber-related incidents, including those related to ransomware attacks, and compliance with Regulations S-P and S-ID, where applicable. Examinations will look to practices for:
- Safeguarding customer records and information and preventing account intrusions, as well as policies and practices around access and authorization, including from remote environments.
- Cybersecurity risks associated with the use of third-party vendors, including visibility into the security and integrity of third-party products and services.
- Operational resiliency planning, such as efforts to consider and/or address climate-related risks.
See related KPMG Regulatory Alerts:
Data Retention and Deletion: Increasing Regulatory Expectations (here)
Cybersecurity: SEC Proposals for Public Company Reporting, Disclosures (here)
Cybersecurity: SEC Proposal for Adviser/Fund Risk Management (here)
- Crypto Assets and Emerging Financial Technology: The Division will examine broker-dealers and RIAs offering new products and services (e.g., crypto assets and associated products or services) or employing new practices using emerging technologies (e.g., mobile apps, automated digital investment advice) to determine whether they consider associated unique risks in their compliance programs. Firms employing digital engagement practices and related tools and methods will be assessed on whether:
- Recommendations were made or advice was provided (e.g., through the use of social media marketing and social trading platforms).
- Representations are fair and accurate.
- Operations and controls in place are consistent with disclosures made to investors.
- Any advice or recommendations are in the best interest of the investor considering the investor’s financial situation and investment objectives.
- Risks associated with such practices are considered, including the impact these practices may have on certain investors, such as seniors.
The Division will “monitor and, when appropriate, conduct examinations” of registrants potentially impacted or affected by disruption in the crypto asset market. Examinations will assess whether market participants involved in crypto and crypto-related assets (including offering, sale, recommendation of, advice regarding, or trading):
- Met and followed their respective standards of care when making recommendations, referrals, or providing investment advice.
- Routinely reviewed, updated, and enhanced their compliance, disclosure, and risk management practices.
- RIA Examinations: In addition to core areas for review (e.g., custody and safekeeping of assets, valuation, portfolio management, brokerage and execution, calculation of fees) examinations will include policies and procedures for retaining and monitoring electronic communications and using third-party service providers.
- RIC Examinations: Beyond “perennial focus areas”, such examinations will consider processes for assessing and approving fund fees, derivatives and liquidity risk management programs, and funds with specific characteristics, such as: turnkey funds; mutual funds that converted to ETFs; and medium and small fund complexes that have experienced excessive staff attrition.
- Broker-Dealer Examinations: In 2023, examinations will focus on “broker-dealer compliance and supervisory programs generally, including those for electronic communications related to firm business, as well as the recordkeeping for those electronic communications.” Areas of continued focus will include compliance with the Customer Protection Rule and the Net Capital Rule; trading practices in equities and fixed income securities, including conflicts of interest in order routing and execution that may negatively impact retail investors; and compliance with Regulation SHO.
- Clearance and Settlement: Title VIII of the Dodd Frank Act requires the SEC to annually conduct at least one risk-based examination of SEC supervised clearing agencies that are designated as systemically important. These examinations will focus on core risks, processes, and controls in areas including the nature of clearing agencies’ operations and assessment of financial and operational risk. Other registered clearing agencies will be examined based on risk. For all examinations, areas of focus may include liquidity risk management, counterparty credit stress testing, governance and escalation, and the compliance function, among other things.
- Regulation SCI: “SCI entities” (including national securities exchanges, registered and certain exempt clearing agencies, FINRA, MSRB, plan processors, and certain ATSs) are required to establish, maintain, and enforce written policies and procedures “reasonably designed” to ensure their systems’ capacity, integrity, resiliency, availability, and security. Continued examination of these entities’ policies and procedures will focus on:
- Consideration of the software development life cycle, with a particular focus on the programs to review and keep current systems development and testing methodologies.
- Ensuring SCI systems operated by third parties on behalf of SCI entities have adequate levels of capacity, integrity, resiliency, availability, and security.
- Whether a system, if breached, would be reasonably likely to pose a security threat to SCI systems.
- Ensuring SCI systems have adequate levels of security to maintain the SCI entity’s operational capability, giving consideration to reliance on external applications such as the cloud.
See related KPMG Regulatory Alert:
Cybersecurity: SEC Reg SCI Proposal, Future Considerations (here)
- AML: SEC states the importance of AML program examinations has been elevated due to the current geopolitical environment and the increased imposition of sanctions. Examinations will focus on broker-dealers’ and RIAs’ compliance with AML requirements including whether firms:
- Have appropriate customer identification programs.
- Adhere to SAR filing obligations.
- Conduct ongoing customer due diligence.
- Comply with beneficial ownership requirements.
- Conduct robust and timely independent tests of their AML programs.
- LIBOR Transition. The Division will continue to assess broker-dealer and RIA preparation for transition away from LIBOR, which is scheduled for discontinuation in mid-2023.