On October 16, 2023, the SEC’s Division of Examinations (“EXAMS”) released its 2024 examination priorities to inform investors and registrants of the key risks, examination topics, and priorities that the EXAMS plans to focus on in the upcoming year. EXAMS indicated that SEC examinations in 2024 will prioritize areas that pose emerging risks to investors or the markets in addition to core and perennial risk areas.
https://www.sec.gov/news/press-release/2023-222?utm_medium=email&utm_source=govdelivery
EXAMS conducts examinations and inspections of various market participants including SEC-registered investment advisers, broker-dealers and other self-regulatory organizations.
Key Salus GRC Takeaways:
Investment advisers and private fund managers should consider taking the following steps in order to prepare for an SEC Exam in 2024:
- Engage for a comprehensive annual review of their firm’s compliance program.
- Undertake a thorough review of their firm’s policies and procedures, including those related to the safeguarding of information and cybersecurity.
- Conduct a due diligence review of current or prospective vendors or service providers.
- Supervise a comprehensive risk assessment of their firm’s cybersecurity environment to categorize and prioritize its cybersecurity risks.
- For advisers that invest in cryptocurrencies on behalf of clients, evaluate the appropriateness of crypto investments, particularly with regard to suitability for clients, and undertake a review of their policies and procedures and related disclosures in this area.
Summary of 2024 SEC Exam Priorities:
Within this release, EXAMS highlighted the following priorities applicable to investment advisers and private fund managers, as well as priorities related to cybersecurity and cryptocurrencies.
All Investment Advisers:
In regard to the fiduciary duty of investment advisers, EXAMS will focus on:
- Investment advice provided to clients with regard to complex products, such as derivatives and leveraged ETFs, high-cost illiquid products such as REITs, and unconventional strategies such as those that purport to address rising interest rates.
- Whether investment advice rendered is in a client’s best interest and whether an adviser adequately addresses conflicts of interest.
- Economic incentives and conflicts of interest of firms and their staff particularly for those firms which are dually registered as broker-dealers and investment advisers.
- Disclosures made to investors.
In these exams on investment advisers, EXAMS will also focus on the following compliance requirements:
- Adequacy of firms’ annual compliance reviews in the mitigation of conflicts of interest
- Compliance Policies and Procedures
- Adherence to the new Marketing Rule
- Assessments of adviser compensation arrangements
- Valuation of illiquid investments
- Safeguarding of MNPI
Private Fund Advisers:
In examinations of advisers to private funds, EXAMS will focus on:
- Portfolio management risks related to recent market volatility and higher interest rates.
- Interactions with LPACs
- Fees and expenses including adequacy of disclosures and fee offsets.
- Due diligence of prospective portfolio companies.
- Custody and related disclosures.
- Form PF Event Reporting in connection with recent amendments to Form PF (which will become effective December 11, 2023).
Cybersecurity:
As to Information Security, Operational Resiliency and Cybersecurity, EXAMS will expect that firms will have completed the following:
- Policies and Procedures: Implemented reasonably designed cybersecurity policies and procedures addressing key elements of cybersecurity preparedness.
- Risk Assessments: Conducted periodic cybersecurity risk assessments to categorize and prioritize cybersecurity risks.
- Service Provider Relationships: Undertaken periodic risk assessments on service providers that receive, maintain or process adviser or fund information, or that are permitted to access their information systems, including the information residing therein.
- Threat and Vulnerability Management: Detected, mitigated, and remediated cybersecurity threats and vulnerabilities.
- Incident Response and Recovery: Implemented measures to detect, respond to, and recover from a cybersecurity incident. Advisers and funds must also document any cybersecurity incidents that occur.
Cryptocurrencies:
For crypto managers, EXAMS will focus on the following:
- Whether the firm has sufficiently evaluated the appropriateness of crypto investments, particularly with regard to suitability for retail investors.
- Has the firm undertaken an ongoing review and compliance with policies and practices around wallet reviews, custody practices, Banking Secrecy Act requirements and valuation, as well as data safeguarding and business continuity plans.
- What is the efficacy of the firm’s policies and procedures as well as appropriate disclosures around the technological risks associated with the use of blockchain and distributed ledger technology.
Please contact Salus GRC with your questions and concerns related to these SEC Exam Priorities, an active or potential SEC exam or the current governance, risk and compliance landscape for investment advisers, private fund managers or other market participants.