On October 21, 2024, the EXAMS division released its 2025 examination priorities letter. The 2025 priorities letter represents only a sliver of the topics firms can expect EXAMS to cover over the next year, and this alert focuses on a few of the key areas in which broker-dealers will face scrutiny.
Technology is an overarching theme throughout the priorities letter. This comes as no surprise as the SEC Chair, Commissioners, and staff have repeatedly emphasized in recent years that the agency’s rules generally are tech-neutral, while at the same time, the agency has adopted and proposed numerous rules aimed at trying to keep pace with developments in technology. Similarly, various enforcement actions the SEC has settled with market participants, particularly those that are not registered, have targeted platforms and developers of innovative technology deployed in the securities industry.
Emerging Financial Technologies
EXAMS will continue prioritizing their review of firms that make recommendations via automated tools and use of certain other “digital engagement practices,” such as digital investment advisory services and “gamified” recommendations, as well as use of AI. These types of tools and interactions with investors have become ubiquitous in recent years. The SEC does not seem to love this development and proposed new “PDA” rules (predictive data analytics) to attempt to address conflicts that may arise from use of these technologies. Findings from EXAMS will likely inform the rule reproposal that is expected within the coming months. For those firms incorporating AI into their internal processes or interactions with investors, EXAMS will assess whether firms have implemented adequate policies and procedures to monitor and/or supervise their use of the AI tools. These reviews will cover investment recommendations and advice as well as operational tasks, such as fraud prevention and detection, back-office operations, AML checks, and trading functions. EXAMS will also focus on how firms protect against loss or misuse of client information that may occur as a result of use of third-party AI models.Reg. BI and Form CRS
EXAMS will continue its focus on the basic blocking and tackling of Reg. BI, including recommendations (including considerations of investors’ profiles), disclosures, identifying and disclosing conflicts of interest, and considering reasonably available alternatives. Broker-dealers should pay particularly close attention to Reg. BI requirements when recommending illiquid or complex products, such as levered or inverse products, structured products, privately offered securities, products with complex fee structures or exotic benchmarks, and digital asset securities. EXAMS will also scrutinize firms’ practices for recommending various account types, like self-directed IRAs, margin accounts, or option accounts. Similarly, EXAMS will focus efforts on recommendations made to senior investors and investors saving for college or retirement.
EXAMS will also pay close attention to Form CRS, including for simple accuracy and completeness as well as thorough disclosures of fees and other costs, conflicts of interest, and disciplinary history. Firms should periodically review their relationship summaries to ensure that they remain accurate and up to date (and ad hoc reviews are important upon any significant change to business, product mix, personnel hires, fee model changes, etc.). Firms that have not previously filed and delivered a relationship summary should also take a fresh look to verify that no filing or delivery obligation exists, even if a firm’s business relates to providing services in a limited way, like for a captive investment adviser.
Information Security and Operational Resiliency
As noted in the priorities letter, operational disruption remains a key risk across the securities industry, given the prevalence of cyberattacks, firms’ dispersed operations, weather events, and geopolitical concerns. Because of this, EXAMS will continue focusing on practices that prevent interruptions to mission critical systems. The priorities letter cites cybersecurity, Regulations S-P and S-ID, and shortening of the settlement cycle as priorities within this area. Firms should be aware that in March 2023, the SEC proposed (but has not yet adopted) new Rule 10, new Form SCIR, and related cybersecurity requirements for “Market Entities” that perform critical services to support the fair, orderly, and efficient operations of the US securities markets, including broker-dealers, FINRA, the MSRB, exchanges, TAs, and clearing agencies. Additionally, in May 2024, the SEC adopted amendments to Reg. S-P to modernize and enhance the privacy and cybersecurity obligations of “covered institutions” regarding their treatment of consumers’ nonpublic personal information.
Nearer term, broker-dealers should continue focusing on maintaining policies and procedures reasonably designed to identify and detect cyber threats (including ransomware attacks) and address areas like data loss prevention, vendor diligence, access controls, and account management. Related to Reg. S-P and Reg. S-ID, EXAMS will focus on policies and procedures, internal controls, oversight of third-party vendors, and governance practices related to safeguarding customer records and information.
The priorities letter identifies Reg. SCI compliance as a separate but related focus area for 2025.
Trading Practices
EXAMS will continue to focus on retail equity and fixed income trading, including execution of retail orders, fees, structure, marketing, and conflicts around products like bank sweep programs, fully-paid lending, and mobile apps and online trading. EXAMS will also target trading practices associated with pre-IPO companies and the sale of private company shares in secondary markets. Key issues involving secondary trading of private shares include resale exemptions and ensuring that any platform or group of persons that brings persons together to trade is properly registered (e.g., as a broker-dealer operating as an ATS). This could also lead EXAMS to focus on applicability of private offering registration exemptions—i.e., considering whether an issuer, at the time of the offering, had a view toward creating or enabling a secondary market.
Crypto Assets
EXAMS staff will continue to review practices related to the offer, sale, recommendation, advice pertaining to, and trading of, crypto assets, including products like spot bitcoin exchange-traded products. The SEC has not adopted any new rules related to crypto asset securities (nor finalized any rule amendments related to the same). This, combined with the “technology neutral” mindset of the SEC, means that industry participants must continue applying existing rules and regs to any activity tied to digital assets, including those that are or could be crypto asset securities. In addition to considering Reg. BI implications, firms should also routinely review, update, and enhance (as needed) their risk disclosures, operational resiliency practices, and compliance practices related to wallet reviews, custody, AML and BSA compliance, and valuation.
Looking Ahead
We will monitor for updates in these areas and potential affects on the SEC’s remaining “Reg Flex” rulemaking agenda.
This informational piece, which may be considered advertising under the ethical rules of certain jurisdictions, is provided on the understanding that it does not constitute the rendering of legal advice or other professional advice by Goodwin or its lawyers. Prior results do not guarantee similar outcomes.
Contacts
- /en/people/l/losurdo-nicholas
Nicholas J. Losurdo
Partner - /en/people/g/grobbel-christopher
Christopher Grobbel
Counsel