SEC Division of Examination’s 2023 priorities: ESG, information security, operational resiliency and crypto

On 7 February 2023, the US Securities and Exchange Commission’s Division of Examinations published its priorities for the year, reflecting the shift in regulatory attitudes towards a more transparent, accountable and technologically innovative financial industry.  

The priorities solidify the Division’s objectives in ensuring total compliance, fairness of markets, protection of consumers and embracing technological change. Gary Gensler, SEC Chair, added that “in a time of growing markets, evolving technologies, and new forms of risk, our Division of Examinations continues to protect investors” and “in executing against the 2023 priorities, the Division will help ensure compliance with the federal securities laws and rules.”

Richard R. Best, the Division of Examinations’ Director, said that their “examination program continues moving forward and remains committed to furthering investor protection through high-quality examinations and staying abreast of the latest industry trends and emerging risks to investors and the markets.”

The Division of Examination’s mission

The regulatory agenda looks to scrutinise the financial services industry across a wide range of issues including Regulation Best Interest, Anti-Money Laundering, Environmental, Social and Governance (ESG) and crypto assets.

The Division continues “to move forward by adjusting to the new realities of the environment” and the aftermath of the global pandemic, inflation and cyber threats.  The long-standing mission is based on the below four pillars to promote compliance, prevent fraud, and identify and monitor risk.

(1) Promote compliance

(2) Prevent fraud

(3) Monitor risk and

(4) Inform policy

Key priorities are listed below:

1. Regulation Best Interest and Fiduciary Duty

Regulation Best Interest for broker-dealers and the fiduciary standard for investment advisors are based on important fiduciary principles that require them to act in the best interest of retail investors and not prioritise their own interests (or those of their firm) over investor interests.

The Division will prioritise checking for compliance with these standards among broker-dealers and Registered Investment Advisors (RIAs). It will focus on examining areas such as investment advice, disclosures, processes for evaluating best interests, and factors considered when aligning with an investor’s investment profile. In the case of RIAs, the examiners will also review the adequacy of conflict-of-interest disclosures.

The examinations may focus on specific types of products, strategies, and investors, and may also look into economic incentives that may cause conflicts of interest. The Division will review firms’ policies and procedures for identifying and managing these conflicts and examine customer agreements to ensure they do not limit the standard of conduct.

2. Anti-Money Laundering

The current geopolitical environment and increased imposition of global sanctions have motivated the Division to continue its efforts in examining broker-dealers and specific registered investment companies for compliance with Anti-Money Laundering (AML) regulations. This consists of evaluating whether firms have implemented adequate consumer identification processes and whether they are meeting their SAR filing obligations, for example, ongoing due diligence on customers and overseeing independent tests of their AML programmes.  

The objective is to assess if firms have appropriate measures to effectively identify suspicious activity and money laundering. As per the Bank Secrecy Act, financial institutions are required to employ AML programmes that can effectively monitor suspicious activity, file Suspicious Activity Reports (SARS) where appropriate and identify and verify customers.  SARS plays a crucial role in combating financial crimes such as terrorist financing and corruption.

3. Environmental, Social and Governance investing

The growing interest in ESG investing means that there is increased competition for RIAs and registered funds. Consequently, investment providers are progressively introducing strategies that incorporate ESG strategies.

To prevent false ESG claims, the Division will be focused on ESG-related advisory services and fund offerings, including whether these funds are adhering to their stated disclosures. It will also examine whether ESG products are labelled accurately and whether recommendations are made in the best interest of retail investors.

4. Crypto assets

Given the recent crypto crashes in 2022 such as FTX and BlockFi, the Division will be scrutinising the increasing adoption of new financial technologies (e.g. broker-dealer mobile apps and RIAs for automated digital investment advice) and investment opportunities including crypto assets.

These practices will be examined to ensure compliance and a high level of regulatory standards, including fair and accurate representation of offerings to investors and reviews of risk management policies. Those directly involved with crypto or crypto-related assets will be assessed to determine whether they meet standards of care and whether their compliance procedures are regularly updated.

5. Information security and operational resiliency

The high-risk environment concerning cybersecurity is more prominent because of geopolitical concerns, the increase in cyberattacks and larger market events. Considering these risks, the Division will continue to assess the practices of broker-dealers and RIAs to mitigate disruptions in services and protect investors’ information, assets, and records.

Cybersecurity is a key focus area, especially for registrants, including RIAs, broker-dealers, investment companies, municipal advisors, transfer agents, exchanges, and clearing agencies. The Division will be reviewing whether policies are adequately designed to protect customer data – both in the registrants’ systems and information stored by a third-party provider.

Further, the Division will examine the cyber risks linked to using third-party vendors, whether there have been unauthorised uses of third parties and overall operational resiliency planning including efforts in addressing climate change risks.

The full publication is available here.

CUBE comment

Not much has changed since the Division’s list of priorities from 2022. The main priorities have largely stayed the same – ESG investing, information security, operational resiliency and emerging technologies and crypto assets were all listed in the 2022 regulatory agenda. The focus is still on ensuring compliance in the financial services industry through increased regulatory scrutiny as well as examining new and emerging risks, products and services, market events and investor concerns.

The Division’s priorities provide a blueprint for the areas that firms should be largely focussed on for the coming year. The Division’s regulatory agenda will likely lead to an increased workload for compliance teams to ensure their firm is compliant. Now is the ideal time for firms to proactively take steps in identifying gaps in compliance processes as per the enforcement areas e.g. ESG and AML.

To avoid feeling like Bambi on ice, firms must act now and not fall culprit to increased regulatory scrutiny. Ensure compliance procedures reflect the Division’s regulatory agenda for 2023 by keeping on top of climate-related disclosers, Regulation Best Interest, operational resilience, ESG etc. Firms must refrain from cutting compliance corners and implement regulation best practices adequately.

Feeling overwhelmed by the myriad of regulatory obligations?  CUBE’s Automated Regulatory Intelligence can make regulatory compliance manageable for your firm. CUBE’s Artificial Intelligence and Machine Learning capabilities can provide your business with a tailored regulatory inventory, comprised of relevant regulations. The platform filters out the noise and maps these regulations to your internal controls.

Keep ahead of regulatory obligations by speaking to CUBE.