With new SEC leadership in place, including Chairman Gary Gensler and Director of Enforcement Gurbir Grewal, the Commission’s examination trends continue to evolve. Some focus areas, like cybersecurity and business continuity, are more relevant than ever with the changes to how business is conducted worldwide. Below are some of the most pressing topics from recent SEC exams:
- Cybersecurity: Between Chairman Gensler’s background in data security and the recent up-tick in ransomware attacks internationally, the SEC is increasing its efforts to evaluate firms’ cybersecurity practices. Recently, a 32-item request list was circulated to some advisers, which is focused on data security programs and related issues. Firms should make cybersecurity a priority in their compliance programs to protect sensitive information and avoid data compromise by bad actors.
- Surprise custody audits: For firms with third-party custody arrangements that do not meet the seven conditions outlined in the Custody Rule, or otherwise have access to client assets, a surprise custody audit performed by an independent accounting firm is required in order to meet the Custody Rule. The SEC is looking closely at the integrity of these exams to ensure the evaluation is actually unexpected by firms, not a preplanned or disclosed event.
- Mutual fund share class selection: Recently discovered deficiencies among firms’ mutual fund share class selection practices have encouraged examiners to continue to spotlight this compliance concern. Although share class selection has long been a priority for regulators, the renewed focus on retail investor protection has likely spurred the latest upturn in this exam initiative.
- Misleading hypothetical performance: Currently, advisers may advertise hypothetical performance only under specific conditions. Although some of these guidelines will soon change under the new SEC Marketing Rule, the SEC is looking closely at firms marketing hypothetical performance numbers that they believe could be misleading.
- Oversight of investment advisory representatives in remote offices: In 2020 the Division of Examinations, formerly the Office of Compliance Inspections and Examinations (OCIE), released a Risk Alert related to branch office compliance concerns. These guidelines extend to investment adviser representatives working remotely due to the pandemic. As a result, the SEC is continuing efforts to specifically evaluate branch office and remote working practices.
- Review of Form CRS delivery confirmation and recordkeeping: A key requirement of Form CRS asks advisers to deliver and record distribution of the document to current and prospective retail clients. This includes initial delivery, redelivery to clients when amendments are made, and other obligations. With Form CRS as a relatively new requirement, the SEC is focused on ensuring advisers are fully compliant. OCIE released a Risk Alert outlining common Form CRS compliance gaps last year.
- Business continuity and pandemic response: Following the operational shock of the COVID-19 pandemic for many businesses, gaps were revealed in business continuity plans and pandemic response capabilities across the financial industry. As such, the SEC continues to focus on the firms’ prior response measures and preparation for potential future crises.
WHAT DOES THIS MEAN FOR ME?
Your firm should remain aware of the above items and how they may affect your firm if an SEC exam is initiated. Deficiencies during routine examinations could lead to fines or other enforcement by the Commission. If your firm needs assistance with its compliance operations, Fairview can help. Our in-house regulatory experts will evaluate your compliance program and establish a plan to achieve and maintain compliance with SEC regulations. If you would like more information about our services, contact us today to start the conversation.