SEC 2022 exam priorities stress compliance ‘must be empowered’

The Division of Examinations (formerly the Office of Compliance Inspections and Examinations, or OCIE) publishes its examination priorities annually “to provide insights into its risk-based approach, including the areas it believes present potential risks to investors and the integrity of the U.S. capital markets,” the SEC stated.

Richard Best recently took over as acting head of the division.

The agency’s name change last year led some to speculate that “the removal of ‘compliance’ from the division’s name was intended to deemphasize our long-standing focus on, and commitment to, promoting compliance and to empowering compliance officers,” the SEC stated in its examinations report. “Rest assured, that is not the case. The importance of improving and promoting compliance remains at the forefront of the division’s work.”

Chief compliance officers and compliance staff are “routinely” engaged on each examination, but “while many registrants demonstrate the value and importance they place on compliance,” far too often the agency examines registrants where “that is not the case,” the SEC stated.

“In last year’s leadership message, we highlighted compliance engagement across business lines, knowledgeable chief compliance officers, and firm principals’ commitment to compliance,” the agency said. “It bears repeating: Compliance officers must be empowered and receive support in the form of resources and a tone from the top that recognizes their contributions.”

In its report, the SEC highlighted resiliency as a key characteristic of effective compliance programs, including policies and procedures that are developed and designed to withstand all kinds of changes.

“A well-designed and resilient compliance program and compliance staff should be able to adjust, pivot, and address a range of conditions and scenarios,” the SEC stated.

In performing examinations, the SEC said it has observed the following commonalities of resilient compliance programs:

• Participation and input across all business and operational lines: “Staff from across a firm working in collaboration with compliance can bring additional expertise and diverse perspectives to the development of a compliance program and the design of effective controls,” the SEC said.
• Change management: “A well thought out and well-designed compliance program will be flexible enough to adjust to known variables in operations and business but will also have established processes in place to monitor effectiveness and to pivot or be updated when appropriate,” the SEC said.
• Periodic review and testing of policies and procedures: In the context of investment adviser compliance programs, “reviews should consider compliance matters that arose previously, changes in business activities, and regulatory changes,” the agency stated. An effective periodic testing program should be able to detect outlier events or unusual patterns and “significantly contributes to the ongoing resiliency of a compliance program.”

“We fully anticipate that our focus on compliance, support of compliance, and compliance empowerment will continue, and we look forward to continued engagement with the compliance community in the year to come,” the SEC stated.

Examination priorities

The following is a nonexhaustive list of 2022 priorities the Division of Examinations highlighted:

Financial technologies and crypto assets: Financial technologies will be under increased scrutiny by examiners to review whether broker-dealers and registered investment advisers (RIAs) considered their “unique risks” when designing their regulatory compliance programs, the SEC said.

“RIA and broker-dealer examinations will focus on firms that are, or claim to be, offering new products and services or employing new practices … to assess whether operations and controls in place are consistent with disclosures made and the standard of conduct owed to investors and other regulatory obligations; advice and recommendations, including by algorithms, are consistent with investors’ investment strategies and the standard of conduct owed to such investors; and controls take into account the unique risks associated with such practices,” the SEC said.

Regarding crypto assets, examinations “will continue to review the custody arrangements for such assets and will assess the offer, sale, recommendation, advice, and trading of crypto assets,” the SEC said.

RIAs who manage private funds: Examinations will review advisers’ fiduciary duties and assess risks that “focus on compliance programs, fees and expenses, custody, fund audits, valuation, conflicts of interest, disclosures of investment risks, and controls around material nonpublic information,” the SEC said. The division will also review private fund advisers’ portfolio strategies, risk management, and investment recommendations and allocations, focusing on conflicts and disclosures around these areas.

Environmental, social, and governance: ESG-related advisory services and investment products, including mutual funds, exchange-traded funds, and private fund offerings, will continue to be a focus, the SEC said.

“Examinations will typically focus on whether RIAs and registered funds are accurately disclosing their ESG investing approaches and have adopted and implemented policies, procedures, and practices designed to prevent violations of the federal securities laws in connection with their ESG-related disclosures, including review of their portfolio management processes and practices,” the agency said.

Proxy voting policies and procedures will also be examined to ensure alignment with ESG-related disclosures and mandates.

Regulation Best Interest (Reg BI): Examinations will focus on how registrants are satisfying their obligations under Reg BI and the Advisers Act fiduciary standard to act in the best interests of retail investors.

“Examinations will include assessments of practices regarding consideration of investment alternatives, management of conflicts of interest, trading, disclosures, account selection, and account conversions and rollovers,” the SEC said.

Information security and operational resiliency: Examinations of broker-dealers’, RIAs’, and other registrants’ practices will continue to focus on “whether firms have taken appropriate measures to safeguard customer accounts and prevent account intrusions; oversee vendors and service providers; address malicious email activities, such as phishing or account intrusions; respond to incidents, including those related to ransomware attacks; identify and detect red flags related to identity theft; and manage operational risk as a result of a dispersed workforce,” the SEC said.