On March 3, 2021, the Securities and Exchange Commission’s Division of Examinations (formerly the Office of Compliance Inspections and Examinations, now either “the Division” or “EXAMS”) announced its fiscal year 2021 examination priorities.

EXAMS noted that despite logistical challenges posed by the pandemic, the Division still completed 2,952 examinations in FY 2020, which was a mere 4.4 percent decrease from FY 2019. The number of RIA firms subject to SEC oversight has increased to more than 13,900. The SEC has stated that they expect to be able to cover about 15% in FY 2021.

The SEC’s 2021 priorities inevitably reflect the impacts of the COVID-19 pandemic, as well as new and emerging risks concerning cybersecurity, climate change (“ESG”), and digital assets. Below, is a summary of the key takeaways from the report.

1) FinTech

With the rapid growth and economic importance of financial technologies, alternative data and digital assets, the Division is putting greater emphasis on regulating these areas. The Division will examine whether fintech firms are operating consistently with their representations, whether firms are appropriately handling customer orders, and how firms make trade recommendations in mobile applications. In examining participants in the digital assets markets, the Division will focus on several areas, including the suitability of these investments; portfolio management and trading practices; safety of client funds and assets; and pricing and valuation.

2) AML Programs

No surprise here – the Division will continue to review firms’ compliance with applicable AML requirements, in particular, whether broker-dealers and registered investment companies have adequate policies and procedures in place that are reasonably designed to identify suspicious activity and illegal money-laundering activities. The Division’s continued focus on AML is not surprising in light of the Anti-Money Laundering Act of 2020, which Congress enacted on January 1, 2021. For more information on this change, see our blog, “Six Need-to-Know Facts about the AML Act of 2020.”

3) LIBOR Transition

Like last year, the Division continues to be focused on the industry’s transition away from LIBOR. The Division will assess registrants’ understanding of any exposure to LIBOR, their preparations for the expected discontinuation of LIBOR, and the transition to an alternative reference rate.

4) RIA Compliance Programs

The Division’s limited coverage of registered investment advisers (RIAs) has always been an ongoing conversation of regulatory concern. To address that concern, this year the Division will prioritize RIAs that have not been examined in recent years or have never been examined since registering. In line with other regulators, the Division will continue to try to ensure that RIAs’ compliance programs are robust and effective. The Exam Priorities note that the Division will be particularly focused on products and services marketed as sustainable, socially responsible, impact, and/or environmental, social and corporate governance (“ESG”) conscious.

5) Operational Resiliency

As climate-change becomes more prevalent, the Division intends to review whether firms are considering effective practices to help improve responses to large-scale events caused by climate-change. These examinations will include review of business continuity and disaster recovery plans, and will be similar to the work the Division did after Hurricane Sandy.

6) Information Security

Cybersecurity has been a priority issue for several years, but the COVID-19 pandemic raised the stakes with the increase in remote working. Remote operations raise concerns about, among other things, data loss, remote access, use of third-party communication systems and vendor management. The Division will review whether registrants have taken appropriate measures to: safeguard customer accounts and prevent account intrusions, including verifying an investor’s identity to prevent unauthorized account access; oversee vendors and service providers; address malicious email activities, such as phishing or account intrusions; respond to incidents, including those related to ransomware attacks; and generally manage operational risk as a result of remote operations.

7) Municipal Advisors

Similarly, COVID-19 has created risks for municipal advisors and their clients. The Division will continue its examinations of municipal advisors’ registration, professional qualifications, and continuing education requirements. It will also focus on whether municipal advisors have met their fiduciary duty obligations to municipal entity clients.

8) Regulation Best Interest

After the flood of risk alerts and FAQs that have come out over the years, it’s no surprise the Division will continue to focus on Reg BI in the coming year. Firms should expect the Division to review, among other areas, the processes firms have used to recommend complex products, make recommendations to new customers, and identify and address conflicts related to recommendations.