On June 5, 2024, the SEC's Division of Examinations (the Division) released a risk alert regarding the examination of broker-dealers. The alert acknowledges the diversity of the broker-dealer population in the marketplace both in terms of the products and the services offered to their customers and, in turn, outlines the risk-based factors utilized by the Division for purposes of selecting firms and determining the scope of review for each examination. You can read more about the Division's risk-based approach in Section II of the Alert located here.

This update aims to highlight the Sample Initial Information Request List attached to the Division's alert as an Appendix. It contains a list of documents and information that any firm with reasonably designed compliance controls should have available as part of the examinations process. The sample request targets three regulatory requirements specific to broker-dealers (Reg BI, Form CRS and Sales Practices; Anti-Money Laundering; and Net Capital and Customer Protection), and in addition, other key risk areas broadly applicable to the market (e.g., Information Security and Operational Resiliency; Crypto Assets and Emerging Financial Technology).

For your convenience, we have also reviewed the Division's FY24 Exam Priorities Report and incorporated below a list of substantive issues that would likely be emphasized and assessed as part of the Division's compliance testing for the topics noted above. As the Division continues to direct its resources to address emerging risks, new and developing industry practices and products, as well as the latest regulatory developments, firms should expect many or all of these topics to cut across the upcoming examinations cycle.

General Information

Organizational Information

• Organizational structure, affiliations, and control persons.
• Remote offices and branch locations.
• Firm employees.
• Committees (e.g., responsibilities, members, meeting frequency, meeting minutes).

Business and Operations

• Description of the firm's business, including any recent significant changes.
• Clearing agreements.
• Website domain addresses used by the firm and by associated persons.
• Compensation arrangements for associated persons, including bonus and non-cash compensation.

Financial Information

• Annual audited report(s).
• Income statement(s).
• General ledger(s).
• Profit and loss statement(s).
• Expense and revenue sharing agreements.

Legal and Disciplinary

• Pending and settled litigation, arbitration, or Administrative Proceeding involving the firm or any supervised person.
• Inquiries, complaints, investigations, or subpoenas from any regulatory authority received by the firm.
• List of all associated persons who have been subject to special or heightened supervision or terminated for cause.

Supervisory and Compliance Structure

Books and Records, and Compliance and Oversight Processes

• Written supervisory and compliance policies and procedures.
• Oversight Processes (e.g., compliance reviews, surveillance, and/or supervisory reviews).
• Customer complaints and correspondence and the process for monitoring such communications, including electronic communication.
• Written guidance and training provided to employees, and any documentation of attendance.

Branch Office Oversight

• List of branch offices, including doing business as names.
• Description of the firm's process to perform branch office inspections.
• Any Profit and Loss statement by branch.
• List of registered personnel within selected branches and their compensation earned.
• List of associated persons' outside business activities.

Information Processing, Reporting, and Protection

• Safeguards for the protection of customer records and information.
• Electronic access controls.
• Business continuity plan.
• Cybersecurity incidents or breaches (e.g., incident description, impact, and remediation).

Regulatory Requirements (Select Topics)

Sales Practices, Regulation Best Interest, and Form CRS

• List of products sold.
• Customer fee schedule.
• Written policies and procedures for Regulation Best Interest and Form CRS compliance.
• Customer account list.
• Purchase and Sales Blotter.
• List of offerings or private placements facilitated or sold by the firm.
• Form CRS and Regulation Best Interest Disclosures.
• Surveillance and Monitoring Reports.
• Any Conflicts inventory.

Anti-Money Laundering (AML)

• List of current or ongoing external investigations and/or inquiries by regulatory entities into any AML-related functions.
• List of any committees that regularly discuss topics/issues relating to compliance with AML requirements.
• AML written supervisory policies and procedures.
• List of customer accounts with risk rankings and date of onboard and most recent know­ your-customer review.
• Surveillance, monitoring, and management reports.
• Most recent reviews performed over the firm's know-your-customer, transaction monitoring, and suspicious activity report handling areas.

Net Capital and Customer Protection

• FOCUS reports.
• Trial balance and balance sheets.
• Net capital computation, including all supporting workpapers.
• List of all bank accounts and customer checks.
• Payables and receivables.
• Changes in ownership equity.
• Cash disbursement journal.
• 15c3-3 Customer and PAB10 reserve computations and work papers.
• Reserve bank account statements and no-lien letters.
• Allocations for customer and PAB reserve computation.
• Concentration reports used for customer margin debit balances.

Broker-Dealer Regulatory Requirements

Reg BI, Form CRS, and Sales Practices

The Staff may consider a firm's recommendations process with an emphasis on specific types of products and investors. Key information such as the costs, risks, and rewards of the securities and investment strategies recommended by the broker-dealer, as well as its disclosures to its customers, will be part of the compliance evaluation process.

1. Recommendation Process
   1. Recommendations with regard to certain products, investment strategies, and account types;
   2. Disclosures to investors regarding conflicts of interest;
   3. Conflict mitigation practices;
   4. Processes for reviewing reasonably available investment alternatives; and
   5. Factors considered in light of the investor’s investment profile, including investment goals and account characteristics.
2. Certain Product Types
   1. Complex, such as derivatives and leveraged ETFs;
   2. High cost, such as variable annuities;
   3. Illiquid, such as nontraded REITs and private placements;
   4. Proprietary; and
   5. Microcap securities.
3. Certain Investor Types
   1. Older investors; and
   2. Long-term investors
4. Dual Registrants (BD+IA) and Multiple Locations
   1. Conflict of interest practices;
   2. Account allocation practices (where an investor has multiple accounts);
   3. Account selection process (brokerage versus advisory); and
   4. Supervision of branch offices.
5. Form Customer Relationship Summary (CRS)
   1. Filing of the form with the Commission and delivery to retail customers;
   2. Relationships and services that it offers to retail customers;
   3. Fees and costs; and
   4. Disclosure of conflicts of interest and the firm’s disciplinary history.

Anti-Money Laundering

The SEC is principally focused on the Bank Secrecy Act’s requirement that firms establish an AML program that addresses the risks associated with the business’ location, size, customers served, types of products and services offered and manner in which they are offered.

1. An AML program tailored to the firm’s business model and associated AML risks, including procedures to perform adequate customer due diligence;
2. Independent testing to detect potential instances of AML activity;
3. Establishment of an adequate customer identification program, including for the beneficial owners of legal entity customers; and
4. Compliance with SAR filing obligations with FINCEN and Office of Foreign Asset Control sanctions frameworks.

Net Capital Rule and Customer Protection Rules

The Division remains focused on firms’ internal processes, procedures, and controls to facilitate compliance with each of these rules of financial responsibility as part of its broader effort to promote and maintain market stability and efficiency.

1. Fully paid lending programs;
2. Accounting for certain types of liabilities, such as reward programs, point programs, gift cards and non-brokerage services; and
3. Credit, interest rate, market, and liquidity risk management controls to assess whether sufficient liquidity exists in the case of a stress event.

Key Market Risk Areas

Information Security and Operational Resiliency

The Division continues to review broker-dealers’ cybersecurity and operations risk practices to prevent interruptions to mission-critical services and to protect investor information, records and assets.

1. Prevention of account intrusions and safeguarding of customer information, records and assets;
2. Compliance framework with respect to cyber-related incidents;
3. Management of risk with respect to third-party products and services, particularly with respect to essential business operations and the broader market; and
4. Preparations for shortening the settlement cycle for most transactions to one business day after the trade date.

Crypto Assets and Emerging Fin-Tech

The proliferation of crypto assets and their associated products and services along with emerging financial technology such as broker-dealer mobile applications have prompted the Division’s attention from an investor protection and market stability perspective.

1. Offer, sale, recommendation, and advice regarding trading in crypto assets or related products;
2. Technological risks associated with the use of blockchain and distributed ledger technology;
3. Technological and online solutions that service online accounts, particularly from a marketing perspective; and
4. Automated investment tools, artificial intelligence, and trading algorithms or platforms.

For your reference, please click here to access the Division's FY24 Exam Priorities Report.