SEC's Division of Examinations Publishes 2025 Exam Priorities

[35891]

October 23, 2024

TO: ICI Members
Investment Company Directors
Chief Compliance Officer Committee
Chief Risk Officer Committee
Internal Audit Committee
SEC Rules Committee
Transfer Agent Advisory Committee SUBJECTS: Anti-Money Laundering
Compliance
Cybersecurity
Investment Advisers
Operations RE: SEC's Division of Examinations Publishes 2025 Exam Priorities

 

For the thirteenth year in a row, the Securities and Exchange Commission's Division of Examinations (the "Division" or "EXAMS") has published its examination priorities ("Priorities") for the coming year.[1] While the Division has historically published these exam priorities near the beginning of the calendar year, this is the second year in a row that it has published them to align with the Commission's October fiscal year start. We briefly highlight the 2025 priorities most relevant to ICI members, below.

Message from the Leadership Team

The Priorities begin with a "Message from the Leadership Team" discussing the Division's thirtieth anniversary, its evolution over that time, and how technological advancements and a changing industry landscape have impacted the Division's views on new and emerging risks and its approach to exams. The Division explains that it aims to promote compliance through proactive and early communications designed to allow registered firms more opportunities to evaluate their compliance efforts (e.g., through the publication of priorities and risk alerts, and through industry and investor outreach events). The Division also describes how it directs resources to critical risk areas to better ensure that it prioritizes inspections of registered firms it believes pose the greatest risk to investors and markets. It does so, using a centralized team of quantitative analysts and financial engineers that leverage data and information to identify potential exam candidates and practices. The Division is continuously refining this exam methodology, including its projected annual numbers, which tie its annual exam targets to the Division's risk-based exams approach and available staff resources.

Investment Advisers

Adhering to Fiduciary Standards of Conduct

The Priorities note that investment advisers are fiduciaries that owe a duty of care and a duty of loyalty to their clients. To ensure advisers' adherence to these fiduciary standards, EXAMS will focus on investment advice to clients regarding products, investment strategies, and account types, with specific attention to the following areas:

• high-cost products;
• unconventional instruments;
• illiquid and difficult-to-value assets; and
• assets sensitive to higher interest rates or changing market conditions, including commercial real estate.

Additionally, EXAMS will place an emphasis on dual registrants and advisers with affiliated broker-dealers. Common areas of focus will include:

• assessing investment advice and recommendations regarding certain products to determine whether they are suitable for clients' advisory accounts;
• reviewing client disclosures regarding how recommendations are made;
• reviewing the appropriateness of account selection practices (e.g., brokerage versus advisory); and
• assessing whether and how advisers mitigate and disclose conflicts of interest.

In evaluating investment advisers, the Division will analyze the impact of advisers' financial conflicts on providing advice and best execution with special attention to non-standard fee arrangements.

Effectiveness of Advisers' Compliance Programs

Although the depth of the Division's review of an adviser's compliance program will vary depending on its practices or products, such as if the adviser purports to utilize artificial intelligence ("AI"),[2] EXAMS will continue to focus on the effectiveness of advisers' compliance programs under Rule 206(4)-7.[3] In reviewing advisers' compliance policies and procedures, the Division will assess core areas of an adviser's compliance program[4] and will focus on:

• fiduciary obligations of advisers that outsource investment selection and management;
• alternative sources of revenue or benefits received, such as from selling non-securities based products to clients; and
• appropriateness and accuracy of fee calculations and the disclosure of fee-related conflicts, such as those associated with select clients negotiating lower fees when similar services are provided to other clients at a higher fee rate.

Examinations of Advisers to Private Funds

The Division will continue to focus on advisers to private funds and prioritize specific topics, such as:

• whether disclosures are consistent with practices, if an adviser has met its fiduciary obligations in times of market volatility, and whether a private fund is exposed to interest rate fluctuations (e.g., through commercial real estate, illiquid assets, and private credit);
• accuracy of calculations and allocations of private fund fees and expenses (both fund-level and investment-level);[5]
• disclosure of conflicts of interests and risks, and the adequacy of policies and procedures;[6] and
• compliance with recently adopted SEC rules, including amendments to Form PF and the updated investment adviser marketing rules, to assess whether advisers have established adequate policies and procedures and whether their practices conform to them.

Never Examined Advisers, Recently Registered Advisers, and Advisers Not Recently Examined

EXAMS will continue to place an emphasis on advisers that have never been examined or have not been recently examined with special attention on newly registered advisers.

Investment Companies

The Division will continue to prioritize Registered Investment Companies (RICs) for examination. To that end, EXAMS will review RIC compliance programs, disclosures, and governance practices, with particular attention on:

• fund fees and expenses, and any associated waivers and reimbursements;
• oversight of service providers (both affiliated and third-party);
• portfolio management practices and disclosures, for consistency with claims about investment strategies or approaches and with fund filings and marketing materials; and
• issues associated with market volatility.

The Division also will continue to monitor certain developing areas of interest, such as RICs with exposure to commercial real estate and compliance with new and amended rules. As with adviser examinations, the Division will continue to examine funds that have never before been examined and those that have not been recently examined with particular focus on newly registered funds.

Other Market Participants

Transfer Agents

EXAMS will continue to examine transfer agent processing, recordkeeping and record retention, safeguarding of funds and securities, and SEC filings. It will focus on transfer agents that use emerging technology to perform their duties.

Risk Areas Impacting Market Participants

Cybersecurity

EXAMS will evaluate registrants' procedures and practices to assess whether they are reasonably managing information security and operational risks to ensure the safeguarding of customer records and information, as applicable. It will pay increased attention to firms' policies and procedures, governance practices, data loss prevention, access controls, account management, and responses to cyber-related incidents, including those related to ransomware attacks. For third-party products and services, EXAMS will consider cybersecurity risks and resiliency goals associated with third-party products, sub-contractors, services, and any information technology resources used without the IT department's approval, knowledge, or oversight, as well as any non-supported infrastructure. The Division will assess how registrants identify and address third-party risks essential to business operation.

Regulation S-ID and S-P

The Division will prioritize exams that seek to ensure that firms are adequately safeguarding customer records and information and are complying with Regulation S-ID and S-P, as applicable. In doing so, EXAMS will focus on firms' policies and procedures, internal controls, oversight of third-party vendors, and governance practices. In addition, the Division will focus on firms' policies and procedures pertaining to safeguarding customer records and information at firms providing electronic investment services, including:

• identification and detection to prevent and protect against identity theft during customer account takeovers and fraudulent transfers;
• practices to prevent account intrusions and safeguard customer records and information, including personally identifiable information, especially for firms with multiple branch offices; and
• training on identity theft prevention and whether the policies and procedures are reasonably designed to protect customer records and information.[7] 

The Division will engage with firms during exams about their progress in establishing incident response programs reasonably designed to detect, respond to, and recover from unauthorized access to or use of customer information in preparation for the compliance date of the Commission's amendments to Regulation S-P.

Shortening of the Settlement Cycle

The Division will evaluate advisers' compliance with amended books and records requirements associated with the move to T+1 settlement. It also will assess advisers' operational changes or impacts related to institutional transactions that involve the allocation, confirmation, or affirmation processes subject to the new T+1 requirements. Examinations will assess any technological changes associated with shortening of the settlement cycle and evaluate any areas that need further attention and resources (e.g., specific products or counterparties that are not settling within the required timeframes).

Emerging Financial Technologies

EXAMS will examine firms that that employ certain digital engagement practices, such as digital investment advisory services, recommendations, and related tools and methods. The Division will prioritize the examination of AI use, automated investment tools, trading algorithms or platforms, as well as any associated risks. When reviewing these technologies, EXAMS will assess whether:

• representations are fair and accurate;
• operations and controls are consistent with investor disclosures;
• algorithms produce advice or recommendations consistent with investors' investment profiles or stated strategies; and
• controls to confirm that advice or recommendations resulting from digital engagement practices are consistent with regulatory obligations to investors, including older investors.

Specifically, the Division will review registrant representations regarding their AI capabilities or AI use for accuracy and assess whether firms have implemented adequate policies and procedures to monitor and/or supervise their AI use (e.g., in areas such as fraud prevention/detection, back-office operations, anti-money laundering, and trading functions). The Division also will examine how registrants protect against loss or misuse of client records and information from using third-party AI models and tools.

Crypto Assets

With respect to cryptocurrency, EXAMS intends to review the offer or sale and recommendations to invest in crypto assets, including exchange-traded crypto-related products. The exams will review whether registrants:

• meet and follow their respective standards of conduct when recommending or advising customers and clients regarding crypto assets with a focus on an initial and ongoing understanding of the products that retail-based investors (including older investors) use and retirement assets; and
• routinely review, update, and enhance their compliance practices (including crypto asset wallet reviews, custody practices, Bank Secrecy Act compliance reviews, and valuation procedures), risk disclosures, and operational resiliency practices, if required.

The Division also will assess registrant practices to address risks related to the use of blockchain and distributed ledger technology, including the security of crypto assets.

Anti-Money Laundering

The Division will continue to focus on AML programs and review whether broker-dealers and certain RICs are:

• appropriately tailoring their AML program to their business model and associated AML risks;
• conducting independent testing;
• establishing an adequate customer identification program, including for beneficial owners of legal entity customers; and
• meeting their Suspicious Activity Report filing obligations.

Examinations of certain RICs also will review policies and procedures for oversight of applicable financial intermediaries.

Lastly, the Division will review whether broker-dealers and advisers are monitoring the Department of Treasury's Office of Foreign Assets Control sanctions and ensuring compliance with such sanctions.

Miscellaneous Priorities

Other topics discussed in the Priorities as areas of focus for EXAMS in 2025 but not summarized in this memo include: Broker-Dealers (p. 8-9); National Securities Exchanges (p. 9); FINRA and the Municipal Securities Rulemaking Board (p. 9-10); Clearing Agencies (p. 10); Municipal Advisors (p. 11); Security-Based Swap Dealers and Swap Execution Facilities (p. 11); Funding Portals (p. 11-12); and Regulation Systems Compliance and Integrity (Reg. SCI) (p. 14).

 

Kenneth Fang
Associate General Counsel

Robert Hill
Legal Intern

Notes

[1] See SEC Division of Examinations, Fiscal Year 2025 Examination Priorities (Oct. 21, 2024), available at https://www.sec.gov/files/2025-exam-priorities.pdf.

[2] For example, if an adviser integrates AI into advisory operations (e.g., for portfolio management, trading, marketing, and compliance), EXAMS may look in depth at related compliance policies and procedures and disclosures to investors. Examples of other practices that may warrant additional focus, include: (a) focusing on valuation if adviser clients invest in illiquid or difficult-to-value assets; (b) focusing on supervision and oversight practices if an adviser uses a number of independent contractors working from geographically dispersed locations; or (c) focusing on compliance practices when an adviser changes its business models or is new to advising particular types of assets, clients, or services.

[3] Rule 206(4)-7 under the Investment Advisers Act of 1940 requires SEC-registered investment advisers to: (1) adopt and implement written policies and procedures that are reasonably designed to prevent violations of the Advisers Act and the rules thereunder by the adviser and its supervised persons; (2) designate a Chief Compliance Officer responsible for administering the adviser's policies and procedures; and (3) annually review compliance policies and procedures for their adequacy and effectiveness.

[4] The Division states that "core areas" of adviser compliance programs include, as applicable: marketing, valuation, trading, portfolio management, disclosure and filings, and custody. In addition, EXAMS typically will analyze an adviser's annual reviews of the effectiveness of its compliance programs and its assessment of conflicts stemming from business and compensation arrangements, arbitration clauses, and/or affiliations with certain parties and transactions.

[5] Areas that may impact the accuracy of fee calculations include the valuation of illiquid assets, the calculation of post-commitment period management fees, the offsetting of such fees and expenses, and the adequacy of disclosures.

[6] When focusing on conflicts, the Division may examine products or practices including: (1) the use of debt, fund-level lines of credit, investment allocations, adviser-led secondary transactions, and transactions between fund(s) and/or others; (2) investments held by multiple funds; and (3) the use of affiliated service providers.

[7] Examinations also will assess a firm's efforts to address operational risk, including technology risks, as operational failures may impact a firm's ability to safeguard customer records and information.