On March 30, 2022, the U.S. Securities and Exchange Commission’s (“SEC”) Division of Examinations (the “Division”) issued its annual examination priorities for 2022. The Division will prioritize five significant focus areas that pose unique or emerging risks to investors or the markets during its examinations. We will focus our review of the Division’s examination priorities on the way they impact investment advisers and private funds.
These focus areas include: (i) private funds; (ii) environmental, social and governance (“ESG”) investing; (iii) standards of conduct; (iv) information security and operational resiliency; and (v) emerging technologies and crypto-assets. The SEC noted that while these five areas of focus are critical, they are not comprehensive and will not be the only issues the Division addresses in examinations, risk alerts, and industry and investor outreach. The 2022 SEC Examination Priorities address a composite of perennial exam considerations combined with more current emerging focus areas, which align with the Division’s mission to promote and improve compliance, prevent fraud, monitor risk, and inform policy.
Significant Focus Areas
Below is a summary of the significant focus areas:
- Private Funds. The Division states that over the past several years the private funds market has grown significantly, in both size and complexity. The Division estimates that approximately one third of all registered investment advisers (“RIAs”) advise private funds and those private funds hold approximately $18 trillion of investments. Specific topics for RIA exams will include:
- calculation and allocation of management and performance fees, expenses (including the calculation of post-commitment period management fees), and the impact of valuation practices at private equity funds;
- the potential preferential treatment of certain investors by RIAs to private funds that have experienced issues with liquidity, including imposing gates or suspensions on fund withdrawals;
- compliance with the Investment Advisers Act of 1940 (“Advisers Act”) Rule 206(4)-2 (the “Custody Rule”), including the “audit exception” to the surprise examination requirement and related reporting and updating of Form ADV regarding the audit and auditors that serve as important gate-keepers for private fund investors;
- the adequacy of disclosure and compliance with any regulatory requirements for cross trades, principal transactions, or distressed sales; and
- conflicts around liquidity (such as RIA-led fund restructurings), including stapled secondary transactions where new investors purchase the interests of existing investors while also agreeing to invest in a new fund.
- Environmental, Social, and Governance (ESG) Investing. The Division will review ESG disclosures to determine if they involve materially false and misleading statements or omissions. The Division notes that the risk of misleading ESG disclosure is heightened by the lack of standardization in ESG investing terminology along with the increasing size and complexity in ESG investing. To mitigate this risk, the Division will continue to focus on ESG-related advisory services and investment products. Examinations will generally focus on: (i) the accuracy of ESG investing disclosures; (ii) the voting of client securities in accordance with proxy voting policies and procedures and whether the votes align with their ESG-related disclosures and mandates; and (iii) whether RIAs or registered funds overstate or misrepresent ESG factors used in portfolio selection.
- Standards of Conduct: Regulation Best Interest, Fiduciary Duty, and Form CRS. The Division will continue to focus on RIAs’ compliance with fiduciary standards under the Advisers Act, including compliance with duties of care and loyalty, best execution obligations, financial conflicts of interest and impartiality of advice (e.g., the recommendation of proprietary products resulting in additional or higher fees), and any attendant client disclosures. RIA reviews will also include an assessment of the adequacy of the RIA’s compliance policies and procedures designed to address conflicts and ensure advice in the best interest of clients. It will also focus on the existence of adequate disclosures to enable investors to provide informed consent.
- Information Security and Operational Resiliency. Examinations will focus on whether RIAs’ have taken appropriate measures to: (i) safeguard customer accounts and prevent account intrusions; (ii) oversee vendors and service providers; (iii) address malicious email activities, such as phishing; (iv) respond to incidents, including those related to ransomware attacks; (v) identify and detect red flags related to identity theft; (vi) manage operational risk as a result of a dispersed workforce in a work-from-home environment; and (vii) comply with Regulations S-P and S-ID, where applicable. In addition, the Division will review firms’ business continuity and disaster recovery plans and consider how such plans have progressed and improved overtime.
- Emerging Technologies and Crypto-Assets. There has been significant growth in financial technology (e.g., “robo-advisors”) and the proliferation of the offer, sale, and trading of crypto-assets. For this reason, the Division will examine RIAs use of developing financial technologies to assess unique risks of these activities and the design of their compliance programs to manage such risks. For emerging technologies and crypo-assets, the Division will focus on firms that are, or claim to be, offering new products and services or employing new practices to assess whether: (i) the RIA has operations and controls in place that are consistent with disclosures made and the standard of conduct owed to investors; (ii) advice and recommendations are consistent with investors’ investment strategies and the standard of care owed to investors; and (iii) the controls take into account the unique risks associated with such practices.
Examinations of market participants engaged in crypto-assets will continue to review the custody arrangements for such assets and will assess the offer, sale, recommendation, advice, and trading of crypto-assets, including, in particular, whether market participants: (i) have met their respective standards of conduct when recommending crypto-assets or advising investors on crypto-assets; and (ii) routinely review, update, and enhance their compliance practices (e.g., crypto-asset wallet reviews and anti-money laundering reviews), risk disclosures, and operational resiliency practices (i.e., data integrity and business continuity plans).
- RIA Compliance Program. In addition to the above concentration areas, the Division will continue to examine RIA’s compliance in the following core areas: (i) marketing practices; (ii) custody and safety of client assets; (iii) valuation; (iv) portfolio management; (v) brokerage and execution; (vi) conflicts of interest; and (vii) related disclosures. The Division plans to continue its practice to examine whether an RIA’s compliance program addresses: (a) whether investment advice is in each client’s best interest; (b) adequacy of oversight of service providers; and (c) sufficiency of resource to perform compliance duties.
If an RIA uses alternative data or data gleaned from non-traditional sources as part of their business and investment decision-making processes, the Division will review the compliance processes around gathering and using such information, and whether the information is potentially impermissible material non-public information. The Division will review whether a firm sufficient oversight practices to mitigate any heightened risks, such when an RIA employs an individual with prior disciplinary history, does the RIA have heighted oversight practices.