2022 SEC Examination Priorities ESG, Private Funds, Data Security, and Digital Assets

April 4, 2022

2022 SEC Examination Priorities: ESG, Private Funds, Data Security, and Digital Assets

WHAT HAPPENED?

On March 30, 2022, the Division of Examinations (the Division) published its 2022 Examination Priorities.  These annual priorities highlight practices, products, and services that present heightened risks to investors or U.S capital markets.

The Four Pillars: These priorities are in line with

1. promoting compliance;
2. preventing fraud;
3. identifying and monitoring risk; and,
4. and informing policy.

WHAT SHOULD I DO?

The circulation of these Priorities can help your firm improve its compliance program and prepare for the next, inevitable SEC examination.

Observations from examinations noted several commonalities of resilient compliance programs:

• Inclusivity: Having buy-in from staff and requiring their participation and input in the compliance program brings diverse perspectives and expertise to the development of a compliance program.  Additionally, inclusivity can bring a sense of shared ownership and greater attention to implementation.
• Change Management: Programs that are designed to be flexible enough to adjust to know variables in operations and address new compliance risks avoid deficiencies found in “set it and forget it” policies and procedures.
• Reviews and Testing: Periodic review and testing is necessary for an adequate and effective compliance program. Reviews should consider compliance matters that arose previously, changes in business activities, and regulatory changes.  Testing provides a means to affirm policies and procedures are operating as intended and to detect gaps in compliance. Routine testing and periodic review are the most significant contributors to a resilient compliance program.

2022 Examination Priorities identified five significant focus areas for 2022:

1. Private Funds;
2. ESG Investing
3. Standards of Conduct
4. Information and Security and Operational Resiliency; and,
5. Emerging Technologies and Crypto-Assets.

Other priorities include familiar topics like the LIBOR transition, AML policies, and core needs of compliance programs.

Private Funds
As the first significant focus area due to consequential exam findings, the size and complexity of the private fund market, and the increase in assets managed by advisers to private funds.

Examinations of advisers to private funds will continue to review:

1. the calculation and allocation of fees and expenses, including the calculation of post-commitment period management fees and the impact of valuation practices at private equity funds;
2. the potential preferential treatment of certain investors by RIAs to private funds that have experienced issues with liquidity, including imposing gates or suspensions on fund withdrawals;
3. compliance with the Custody Rule, including the “audit exception” to the surprise examination requirement and related reporting and updating of Form ADV regarding the audit and auditors;
4. the adequacy of disclosure and compliance with any regulatory requirements for cross trades, principal transactions, or distressed sales; and
5. conflicts around liquidity, such as RIA-led fund restructurings, including stapled secondary transactions where new investors purchase the interests of existing investors while also agreeing to invest in a new fund.

This focus aligns with the January 27, 2022, Risk Alert on examinations of private fund advisers and the SEC’s recent budget request to Congress for nearly $2.15 billion and 400 new staff positions to address the growing number of private funds.

Environmental, Social, and Governance (ESG) Investing
Investor demand has led RIAs to increasingly offer and evaluate investments that employ ESG strategies or incorporate certain ESG criteria.

Issue Identified:  Disclosures regarding ESG-related practices risk materially false and misleading statements due to:

1. the lack of standardization in ESG investing terminology;
   the variety of approaches to ESG investing (e.g., consideration of ESG factors alongside others; using ESG factors as the driving or main consideration; or impact investing seeking to achieve measurable ESG impact goals); and
   the failure to effectively address legal and compliance issues with new lines of business and products.
2. the variety of approaches to ESG investing (e.g., consideration of ESG factors alongside others; using ESG factors as the driving or main consideration; or impact investing seeking to achieve measurable ESG impact goals); and
3. the failure to effectively address legal and compliance issues with new lines of business and products.

Focus will continue ESG-related advisory services and products to ensure:

1. accurately disclosure their ESG investing approaches and implementing policies and procedures designed to prevent violations of law in connection with ESG-related disclosures;
2. voting of client securities in accordance with proxy voting policies and procedures and whether the votes align with their ESG-related disclosures and mandates; or
3. advisers are not overstating or misrepresenting the ESG factors considered or incorporated into portfolio selection in the marketing of ESG-related services or products (e.g., greenwashing).

Standards of Conduct/Fiduciary Standard
The Division will continue to address standards of conduct issues with reviews focused on the Advisers Act fiduciary standard to act in the best interests of retail investors and to place their client interests first.

Exams will focus on the effectiveness of compliance programs, testing, and training that are designed to support retail investors receiving recommendations and advice in their best interests and whether advisers are acting consistently with their fiduciary duty to clients, looking at both duties of care and loyalty.  This includes best execution, conflicts of interest and related impartiality of advice, and any accompanying disclosures.

Hot spots will include:

1. revenue sharing arrangements;
   recommending or holding more expensive classes of investment products when lower cost classes are available
   recommending wrap fee accounts without assessing whether such accounts are in the best interests of clients, including the impact of the move to zero commissions on certain types of securities transactions by several broker-dealers; and
   recommending proprietary products resulting in additional or higher fees.
2. recommending or holding more expensive classes of investment products when lower cost classes are available
3. recommending wrap fee accounts without assessing whether such accounts are in the best interests of clients, including the impact of the move to zero commissions on certain types of securities transactions by several broker-dealers; and
4. recommending proprietary products resulting in additional or higher fees.

Such reviews also will include an assessment of compliance policies and procedures designed to address conflicts and ensure advice in the best interest of clients, including investment costs and an assessment of disclosures to enable investors to provide informed consent.

Information Security and Operational Resiliency
Applying information security controls is critical to ensuring business continuity. Vigilant protection of data is also critical to the operation of the financial markets and the confidence of its participants. The Division will continue to review practices to:

1. safeguard customer accounts and prevent account intrusions, including verifying an investor’s identity to prevent unauthorized account access;
   oversee vendors and service providers;
   address malicious email activities, such as phishing or account intrusions;
   respond to incidents, including those related to ransomware attacks;
   identify and detect red flags related to identity theft; and
2. oversee vendors and service providers;d
3. address malicious email activities, such as phishing or account intrusions;d
4. respond to incidents, including those related to ransomware attacks;d
5. identify and detect red flags related to identity theft; andd
6. manage operational risk because of a dispersed workforce in a work-from-home environment.

In the context of these examinations, the Division will focus on compliance with Regulations S-P and S-ID, , and business continuity and disaster recovery plans, with particular emphasis on the impact of climate risk.

Emerging Technologies and Crypto-Assets

The Division has observed a notable increase in the number of RIAs choosing to provide automated digital investment advice to their clients (known as “robo-advisers”), and a proliferation of the offer, sale, and trading of crypto-assets.

Exams will focus on firms that are, or claim to be, offering new products and services or employing new practices (e.g., fractional shares, “Finfluencers,” or digital engagement practices) to assess whether:

1. operations and controls in place are consistent with disclosures made and the standard of conduct owed to investors and other regulatory obligations;
   advice and recommendations, including by algorithms, are consistent with investors’ investment strategies and the standard of conduct owed to such investors; and
   controls consider the unique risks associated with such practices.
2. advice and recommendations, including by algorithms, are consistent with investors’ investment strategies and the standard of conduct owed to such investors; and
3. controls consider the unique risks associated with such practices.

Regulators will also scrutinize market participants engaged with crypto-assets and will continue to review the custody arrangements for such assets and will assess the offer, sale, recommendation, advice, and trading of crypto-assets. The Division determine whether RIAs involved with crypto-assets

• • have met their respective standards of conduct when recommending to or advising investors with a focus on duty of care and the initial and ongoing understanding of the products; and

routinely review, update, and enhance their compliance practices, risk disclosures, and operational resiliency practices.

• routinely review, update, and enhance their compliance practices, risk disclosures, and operational resiliency practices.

The Division will also be eyeing mutual funds and ETFs offering exposure to crypto-assets to assess, compliance, liquidity, and operational controls around portfolio management and market risk.WHAT DOES THIS MEAN FOR MY FIRM?Your firm may be more likely to be examined by the Division in 2021 if any of the focus areas above affect your firm. For the fiscal year there was a 3% increase in the number of firms examined (16% for 2021) and the stated goal of examining at least 15% of RIAs annually. The priorities selected by the Division can help your firm improve its compliance program and prepare for the next, inevitable examination.

The Division will likely release more risk alerts and in-depth information on the 2022 Examination Priorities in the coming months, which will provide further details on who may be examined and how these focus areas will be reviewed.

Fairview Investment Services provides comprehensive and ongoing compliance services, including complete examination support. Contact Fairview Investment Services with questions concerning the Division’s examination process or for additional information about the 2022 Examination Priorities.

Fairview Cyber specializes in the creation, testing, and maintenance of meaningful cybersecurity programs for financial industry businesses, in compliance with SEC regulations. Reach out to Fairview Cyber for more information about achieving comprehensive and compliant cybersecurity practices.