2023 SEC Exam Priorities: Key Takeaways for Investment Managers

Earlier this year, the Examination Division (“Division”) of the Securities and Exchange Commission (“SEC”) published its 2023 examination priorities (the “Report”). The Division publishes these priorities annually to provide industry insights and highlight areas it believes present possible risks to investors. The Report is based on the Division’s observations from those examinations, as well as conversations with stakeholders within the SEC, their counterparts at other regulatory agencies, and market participants.

This year, the SEC will prioritize several key areas, including: (1) recently adopted rules for investment advisers and investment companies; (2) standards of conduct for broker-dealers and investment advisers; (3) ESG investing; (4) information security and operational resiliency; and (5) emerging technologies and crypto-assets.

New Investment Adviser and Investment Company Rule–Marketing Rule

The Division will focus on Rule 206(4)-1 of the Investment Advisers Act of 1940 (the “Marketing Rule”) and assess whether registered investment advisers (“RIAs”) have adopted and implemented written policies and procedures to prevent violations by the advisers and their supervised persons. Additionally, the Division will review whether RIAs have complied with substantive requirements of the Marketing Rule (e.g., whether firms can substantiate material statements of facts and meet requirements regarding performance advertising, testimonials, endorsements and third-party ratings). The Division will also concentrate on new rules applicable to investment companies, including the Derivatives Rule (Investment Company Act Rule 18f-4) and Fair Valuation Rule (Investment Company Act Rule 2a-5).

Investment Advisers to Private Funds

Next, the Division plans to conduct reviews focusing on advisers’ fiduciary duties and risk management. The Division intends to emphasize compliance programs, fees and expenses, custody, the Marketing Rule, conflicts of interest and the use of alternative data. Private fund advisers’ portfolio strategies, risk management, and investment recommendations and allocations will also be reviewed, with particular emphasis on conflicts and disclosures around these areas. The Division states that it will focus on private funds that have “specific risk characteristics”, such as being (1) highly leveraged; (2) managed along with business development companies (3) private equity funds using affiliates to provide services to portfolio companies and fund clients; (4) owning hard to value assets (e.g., crypto, commercial real estate); (5) invested in or sponsoring a SPAC; or (6) involved in adviser-led restructurings.

Environmental, Social, and Governance (“ESG”) Investing

The Division will continue to focus on ESG-related advisory services and fund offerings to ensure they are operating in accordance with their disclosures. This includes assessing whether ESG products are properly labeled and whether recommendations to retail investors are made in their best interests.

Information Security and Operational Resiliency

The Division will also prioritize cybersecurity risks in 2023, given the elevated risk environment due to larger market events, geopolitical concerns and the proliferation of cybersecurity attacks. The Division will focus on advisers’ policies and procedures, governance practices, and response to cyber-related incidents, including ransomware attacks. It will also review compliance with Regulations S-P and S-ID and examine practices to prevent account intrusions and safeguard customer records and information, including personally identifiable information. The Division will pay particular attention to the cybersecurity issues associated with the use of third-party vendors, unauthorized use of third-party providers, and operational resiliency planning for systemically significant registrants.

Additionally, the Division will review broker-dealers’ and RIAs’ practices to prevent interruptions to mission-critical services and to protect investor information, records and assets. It will assess whether policies and procedures are reasonably designed to safeguard customer records and information and whether the location of such records has been properly disclosed to the SEC. The focus will also include reviewing whether there has been unauthorized use of third-party providers, particularly for transition assistance when departing RIA personnel attempt to migrate client information to another firm.

Crypto Assets and Emerging Financial Technologies

Lastly, the Division will examine broker-dealers and RIAs that offer new products and services, including crypto assets and emerging financial technology, such as robo-advisers and online brokerage services. The Division will focus on whether market participants involved with crypto or crypto-related assets met their respective standards of care, and whether their compliance, disclosure, and risk management practices are updated and enhanced regularly.

These examinations will focus on first time registrants offering crypto or crypto-related assets, as well as broker-dealers and RIAs that employ digital engagement practices. The Division will assess whether these practices are consistent with investor disclosures, represent fair and accurate information, and consider the risks associated with these practices, especially for vulnerable investors such as seniors.