Examiners at the Securities and Exchange Commission (SEC) will be asking tough questions of registered firms regarding how they handle risks related to operational security, interact with financial technology companies and crypto assets, and the maturity of their anti-money laundering (AML) programs.

On Monday, the SEC’s Division of Examinations released its 2024 exam priorities, detailing the agency’s primary focus areas for investment advisers, investment companies, broker-dealers, transfer agents, municipal advisers, securities-based swap dealers, clearing agencies, and other self-regulatory organizations.

The division’s 2023 exam priorities were released in February, leading to some overlap. The SEC said it wanted to provide registered entities an updated list of priorities at the start of the federal fiscal year, which began Oct. 1.

Priorities will include evaluating firms’ compliance with the marketing rule and Regulation Best Interest; their disclosures on conflicts of interest and fees; and how well they implement, monitor, and supervise their compliance policies and procedures.

The 2024 report listed risk areas affecting various market participants in FY2024 that SEC examiners will be focusing on.

Information security and operational resiliency: Examiners will assess how well regulated entities prevent interruptions to mission-critical services and protect investor information, records, and assets.

Regulated entities should have adequate policies and procedures, internal controls, and oversight of third-party vendors to be resilient against risks posed by cyberattacks, firms’ dispersed operations, weather-related events, and geopolitical concerns, the report said.

Examiners will also assess how prepared firms are to deal with the SEC’s rule shortening trade settlement cycles from two days to one day, which takes effect in May 2024.

Crypto assets: Examiners will be scrutinizing how regulated entities handle crypto assets—particularly, the issue of whether their advice to market participants on crypto assets meets their respective standards of conduct and if compliance practices regarding crypto consistently meet the requirements of the Bank Secrecy Act (BSA).

Registered entities must comply with custody requirements under the Advisers Act for crypto assets and properly disclose the risks associated with those assets to investors.

Emerging financial technology: Technology, including broker-dealer mobile apps and automated investment advice to clients, will be closely reviewed.

“The division will focus on broker-dealers and advisers offering new products and services or employing new practices, particularly technological and online solutions that service online accounts aimed at meeting the demands of compliance and marketing,” the report stated.

AML compliance: The division will continue to focus on firms’ AML programs, the report said, to review whether firms are appropriately tailoring their program to their business model and associated risks; conducting independent testing; establishing an adequate customer identification program, including for beneficial owners of legal entity customers; and meeting their suspicious activity report filing obligations under the BSA.