REGULATORY/LEGISLATIVE
Print this Article |
Top 5 exam priorities in 2023 for SEC-registered investment advisors
By Cary Kvitka
Compliance is a moving target. With many subjects to track, what should RIAs expect from SEC regulatory exams in 2023?
A “relatively painless” examination should be the goal
Bad news first: We don’t expect examinations in 2023 to be any easier. While we’ve worked with RIAs of various sizes, complexities, and cultures for years to help them through their regulatory exams, we have yet to encounter anyone who enjoyed the examination process. Even RIAs who received the coveted “no deficiency” letter were often surprised by that result because the exam process was so intense.
How do RIAs know where to focus?
I get this question a lot, and while I’d like to respond that RIAs should focus on every possible issue, the next-best answer is they should focus on high-risk areas. The SEC’s Division of Examinations publishes its examination priorities every year, so RIAs should analyze that document to help them decide where to focus. However, those broadly drafted priorities are not exhaustive. It therefore helps to consult with a professional with steady and recent experience with SEC examinations, who can evaluate how those priorities apply to your firm compared to other firms with similar business practices or compliance programs that have undergone recent examinations.
Taking this risk-based approach, I’ve compiled a current top-five list, based on the SEC’s 2022 published examination priorities. This list is filtered through my firm’s practical experience and ranked in importance based on what we’ve experienced day-to-day for most RIAs over the last few years.
1. Standards of conduct: fiduciary duties of care and loyalty
This has been a constant focus that we expect to continue. The 2022 examination priorities highlighted revenue-sharing arrangements, recommending or holding more expensive classes of investment products when lower-cost classes are available, recommending wrap fee accounts without assessing whether such accounts are in the best interests of clients, and recommending proprietary products resulting in additional or higher fees.
True to the SEC’s word, there were publicized enforcement actions against RIAs in 2022 for breach of fiduciary duty to advisory clients, including those focused on deficient conflict of interest disclosures and breaches in duty of care
One of the most common, yet overlooked, aspects of this area is RIAs recommending or holding more expensive mutual fund share classes when lower-cost share classes are available to their clients. The SEC has been focused heavily on this subject for several years, which can ultimately result in reimbursements being made from RIAs to their advisory clients. Therefore, RIAs should develop and adhere to policies addressing mutual fund share class selection for new clients and procedures for consistent review of existing client accounts to mitigate this palpable risk.
2. Fee calculations
This has been another area for continued SEC scrutiny. Following a 2021 national initiative and risk alert, the SEC staff identified several common areas where deficiencies occurred, including incorrect client account valuations, the failure to apply the correct tiered billing rate, and double billing of client accounts. Nearly every examination we’ve encountered has had some component focused on billing practices.
3. Information security
In February 2022, the SEC proposed a comprehensive cyber and data security rule under the Investment Advisers Act of 1940 and the Investment Company Act of 1940. The critical takeaway is that RIAs should adopt tailored data security policies and procedures. Nothing new. However, the proposed rule goes a few steps further than the SEC guidance that preceded it. Specifically, it would require a mandatory annual review of cybersecurity policies and procedures and impose mandatory reporting to the SEC of any significant cybersecurity incident through the IARD filing system. Because this subject continues to present high risk that is at the core of a pending proposed rule, we expect more SEC staff to pursue deeper lines of questioning than those that have historically been reserved for focused cybersecurity or sweep examinations.
Existing regulations are also proving to be sources of enforcement inspiration for the SEC. In July, the SEC charged three different financial institutions with violations of the SEC’s Identity Theft Red Flags Rule (Reg S-ID) for failing to tailor their policies and procedures to their businesses and for failing to update the policies regularly. This was apparently the first Reg S-ID enforcement action since 2018, which aligns with the SEC’s emphasis on cybersecurity deficiencies and signals its intention to reduce preventable cybersecurity losses in the RIA space
4. Advertising and marketing
The new Investment Adviser Marketing Rule mandatory compliance deadline passed in November 2022. While certain provisions of the rule are new and relatively untested, we expect extra scrutiny in other areas. For instance, if previous examination patterns are any guide, the SEC staff may first go after “low-hanging fruit”—firms that did not update their policies, those that kept old solicitor agreements in place—generally seeking evidence of RIAs not acting aware of the rule change. From there, we would expect the next round of examinations to focus on the more complex aspects of the rule, such as performance advertising.
5. Environmental, social, and governance (ESG) investing
Lastly, the SEC proposed an “issuer rule” in March 2022 that would eliminate inconsistencies in the existing types of ESG funds by creating three broad categories of funds and would require disclosure of certain information about ESG strategies in RIA brochures. We expect to see a continued focus from the SEC staff as it relates to funds and RIAs’ incorporation of ESG factors into their investment strategies, which has permeated some exams over the last few years.
Cary Kvitka is a partner and founding member of RIA Lawyers LLC, a law firm focused almost exclusively on counseling RIAs to meet their registration, examination, and compliance obligations under the Investment Advisers Act of 1940.
image credit: istock.com/matdesign24