The priorities highlight emerging and core risk areas for investment advisers, broker-dealers, and other entities, including cybersecurity and crypto assets.

By Laura Ferrell, Aaron Gilbride, Marlon Q. Paz, Jamie Lynn Walter, Stephen P. Wink, Naim Culhaci, and Deric Behar

On October 16, 2023, the Securities and Exchange Commission’s (SEC) Division of Examinations (the Division) published its annual examination priorities for 2024 (2024 Priorities), which focus on “certain practices, products, and services that [the Division] believes present potentially heightened risks to investors or the integrity of the U.S. capital markets.” The Division will prioritize areas that pose emerging risks to investors or the markets, as well as examinations of core and perennial risk areas. The 2024 Priorities include certain of these focus areas, but are not an exhaustive list.

The 2024 Priorities are primarily organized by entity, with just four thematic topics broken out separately as applicable to a wide range of market participants: (1) information security and operational resiliency; (2) crypto assets and emerging financial technology; (3) regulation systems compliance and integrity; and (4) anti-money laundering. Notably, ESG was not specifically identified as a priority in adviser reviews for the first time in years.

The Division will continue to prioritize examinations of advisers and investment companies that have never been examined, including new registrants, as well as those that have not been examined for a number of years.

Investment Advisers

The Division will continue to prioritize investment advisers’ compliance with their fiduciary duties, and the 2024 priorities specifically note adherence to both the duty of care and the duty of loyalty. In particular, the Division will focus on:

  • investment advice given to clients, especially when involving complex, high cost, illiquid, or unconventional products or strategies;
  • the processes by which advisers determine whether investment advice is in the client’s best interest (in light of the clients’ investment profiles), including determinations of suitability, best execution, costs and risks, and conflicts of interest;
  • economic incentives advisers may have to recommend certain products, services, or account types;
  • conflicts of interest associated with advisers that are dually registered as broker-dealers, use affiliated firms to perform client services, or have financial professionals servicing both brokerage customers and advisory clients;
  • disclosures made to investors and whether they include all material facts relating to conflicts of interest associated with the investment advice sufficient to allow a client to provide informed consent to the conflict;
  • compliance programs and advisers’ annual reviews of the effectiveness of their compliance programs, with attention to whether policies and procedures are reasonably designed and implemented, and appropriately tailored to the advisers’ business, including compensation structure, services, client base, and operations, and address applicable current market risks. Specifically, the Division will focus on:
    • portfolio management processes;
    • disclosures made to investors and regulators;
    • proprietary trading by the adviser and the personal trading activities of supervised advisory personnel;
    • safeguarding of client assets from conversion or inappropriate use by advisory personnel;
    • the accurate creation of required records and their maintenance in a manner that secures them from unauthorized alteration or use and protects them from untimely destruction;
    • safeguards for the privacy protection of client records and information;
    • trading practices;
    • marketing advisory services;
    • processes to value client holdings and assess fees based on those valuations; and
    • business continuity plans.
  • marketing practices, to ensure:
    • compliance with the Advisers Act (including the updated Marketing Rule);
    • proper Form ADV disclosure;
    • books and records substantiation;
    • advertisements do not include any untrue statements of a material fact or are materially misleading or deceptive;
    • compliance with rules governing performance reporting, third-party ratings, and testimonials and endorsements.
  • compensation arrangements;
  • valuations regarding advisers’ recommendations to clients to invest in illiquid or difficult-to-value assets (such as commercial real estate or private placements);
  • safeguarding of clients’ material non-public information;
  • completeness and accuracy of disclosures in regulatory filings (including Form CRS);
  • registration eligibility;
  • third-party and affiliated service providers selection and use;
  • branch office oversight; and
  • informed client consent when advisers implement material changes to their advisory agreements.

Investment Advisers to Private Funds

Advisers to private funds remain a significant focus of examinations. The Division will prioritize specific topics for investment advisers to private funds, such as:

  • Portfolio management risks when there is exposure to market volatility or higher interest rates, which may include private funds with poor performance or valuation issues or private funds with more leverage and illiquid assets
  • Adherence to contractual requirements regarding limited partnership advisory committees or similar structures (e.g., advisory boards), including with respect to contractual notification and consent protocols
  • Accurate calculation and allocation of private fund fees and expenses (both at the fund level and investment level), including valuation of illiquid assets, calculation of post-commitment period management fees, adequacy of disclosures, and offsetting of fees and expenses
  • Due diligence practices for consistency with policies, procedures, and disclosures, particularly with respect to private equity and venture capital fund assessments of prospective portfolio companies;
  • Conflicts, controls, and disclosures (specifically regarding private funds managed alongside registered investment companies, and use of affiliated service providers)
  • Compliance with custody requirements under the Advisers Act, including accurate Form ADV reporting, timely completion of private fund audits by a qualified auditor, and distribution of audited financial statements by private funds
  • Policies and procedures for accurate reporting on Form PF, including upon the occurrence of reporting events.

Investment Companies

For registered investment companies, the Division will generally evaluate compliance programs, governance practices, processes for assessing and approving advisory and other fund fees, valuation practices, and derivatives risk management and liquidity risk management programs (when appliable). Specific areas of focus include:

  • fees and expenses;
  • the presence of effective written compliance policies and procedures concerning the oversight of advisory fees and associated fee waivers and reimbursements;
  • board approval of the advisory contract and fees;
  • derivatives risk management assessments and related issues such as board oversight, disclosures regarding use of derivatives, and oversight of derivative valuations (including with respect to business development companies); and
  • compliance with exemptive order conditions.

The Division will continue to prioritize examinations of funds that have never been examined, including recently registered funds, as well as funds that have not been examined for a number of years.


The Division plans to focus on broker-dealer compliance with standing regulatory priorities, including Regulation Best Interest, financial responsibility (Net Capital Rule and Customer Protection Rule), Regulation SHO, Regulation ATS, and Exchange Act Rule 15c2-11. The 2024 Priorities highlight the following topics for particular attention in its examination priorities for broker dealers (and dual registrants):

Regulation Best Interest

The Division identified certain areas of particular focus in its examination for compliance with Regulation Best Interest, including:

  • broker-dealer recommendations with regard to products, investment strategies, and account types;
  • disclosures made to investors regarding conflicts of interest;
  • conflict mitigation practices;
  • processes for reviewing reasonably available alternatives;
  • factors considered in light of the investor’s investment profile (e.g., investment goals, account characteristics, age, and sophistication).

The Division will focus on certain recommended products: such as (1) complex, (2) high cost, (3) illiquid, (4) proprietary, and (5) microcap securities. The Division announced that it may also focus on recommendations to certain types of investors, such as older investors and those saving for retirement or college.

As part of the examinations, the Division will evaluate the firm’s supervisory system, including written supervisory procedures (WSPs), allocation practices at dual registrants, and supervision of branch offices.

Form CRS

To assess the content of a broker-dealer’s relationship summary, the Division will review:

  • descriptions of the relationships and services it offers to retail customers, fees and costs, and conflicts of interest;
  • disclosure of any disciplinary history;
  • filing of Form CRS with the SEC and delivery to retail customers.

Broker-Dealer Financial Responsibility Rules

Examinations will focus on compliance with the Net Capital Rule, the Customer Protection Rule, and related internal processes, procedures, and controls. The Division identified key focus areas, including fully-paid lending programs and broker-dealer accounting for certain types of liabilities (e.g., reward programs, point programs, gift cards, and non-brokerage services). The Division will assess broker-dealer credit, interest rate, market, and liquidity risk management controls.

Broker-Dealer Trading Practices

The Division will review equity and fixed income trading practices and compliance with:

  • Regulation SHO (including the rules regarding aggregation units and locate requirements);
  • Regulation ATS (and whether the operations of alternative trading systems are consistent with the disclosures in Forms ATS and ATS-N); and
  • Exchange Act Rule 15c2-11 (governing the publication of quotations for securities in a quotation medium other than a national securities exchange (i.e., over-the-counter securities).

Self-Regulatory Organizations

The Division highlighted the following topics for the specified self-regulatory organizations (SROs):

National Securities Exchanges

  • Adherence to obligations to enforce compliance with SRO rules and the federal securities laws.

Financial Industry Regulatory Authority (FINRA)

  • Risk-based oversight examinations of FINRA’s major regulatory programs
  • Oversight examinations of FINRA’s examinations of certain broker-dealers and municipal advisors that are FINRA members

Municipal Securities Rulemaking Board (MSRB)

  • Risk-based oversight examinations of MSRB’s major regulatory programs and compliance exams

Clearing Agencies

For systemically important clearing agencies, the Division will review:

  • core risks, processes, and controls;
  • the nature of clearing agencies’ operations;
  • financial and operational risk;

For clearing agencies not designated systemically important, the Division will conduct risk-based examinations.

Areas of focus for the Division for all registered clearing agencies may include review of:

  • policies and procedures that address, among other things, maintaining sufficient financial resources, protecting against credit risks, managing member defaults, and managing operational and other risks;
  • liquidity risk management;
  • models and model validation;
  • margin systems;
  • third-party service providers;
  • operations; and
  • internal audit functions.

Municipal Advisors

  • Fiduciary duty obligations to clients, particularly regarding pricing, method of sale, and structure of municipal securities
  • Obligations to document municipal advisory relationships
  • Disclosure of conflicts of interest
  • Requirements related to registration, professional qualification, continuing education, recordkeeping, and supervision
  • Compliance with new MSRB Rule G-46, which becomes effective March 1, 2024

Security-Based Swap (SBS) Dealers

  • Implementation of policies and procedures related to compliance with SBS rules generally
  • Obligations under Regulation SBSR to accurately report SBS transactions to security-based swap data repositories
  • Compliance with applicable capital, margin, segregation, and substituted compliance requirements

Transfer Agents

  • Processing of items and transfers
  • Recordkeeping and record retention
  • Safeguarding of funds and securities; and
  • Filings with the SEC.

Risk Areas Impacting Various Market Participants

The Division highlighted four risk areas that can affect a broad range of institutions and investors.

Information Security and Operational Resiliency

The Division will review institutions’:

  • cybersecurity (specifically, registrants’ policies and procedures, internal controls, oversight of third-party vendors governance practices, and responses to cyber-related incidents, including ransomware attacks);
  • practices to prevent interruptions to mission-critical services and operational disruptions;
  • protection of investor information, records, and assets, including practices related to safeguarding of customer records and information at branch offices;
  • staff training regarding cybersecurity and customer data protection;
  • practices to promote cyber resiliency;
  • concentration risk associated with the use of third-party providers, and registrant visibility into the security and integrity of third-party products and services; and
  • preparations associated with shortening the transaction settlement cycle as of the compliance date of May 28, 2024;

Emerging Financial Technology and Cryptoassets

The Division will review institutions’ use of emerging financial technologies, new products and services, and new technological or online solutions, such as:

  • mobile applications;
  • compliance and marketing related solutions;
  • automated investment tools and advice (“Robo Advice”);
  • artificial intelligence;
  • trading algorithms or platforms;
  • alternative data; and
  • cryptoassets or related products.

With regard to crypto assets, the Division will examine institutions’:

  • compliance with standards of conduct when recommending or advising customers and clients regarding crypto assets;
  • compliance practices (including cryptoasset wallet reviews, custody practices, Bank Secrecy Act (BSA) compliance reviews, and valuation procedures), risk disclosures, and operational resiliency practices (i.e., data integrity and business continuity plans), if required;
  • compliance with the custody requirements under the Advisers Act (Rule 206(4)-2), when applicable; and
  • exposure to and mitigation of technological risks associated with the use of blockchain and distributed ledger technology, including whether compliance policies and procedures are reasonably designed, accurate disclosures are made, and security risks are addressed (if required by applicable law).

Regulation Systems Compliance and Integrity (Reg SCI)

  • Enforcement of written policies and procedures to ensure the capacity, integrity, resiliency, availability, and security of critical market infrastructure

Anti-Money Laundering (AML)

  • Policies, procedures, and internal controls reasonably designed and tailored to achieve compliance with the Bank Secrecy Act and its implementing rules
  • Independent testing
  • Customer due diligence
  • Suspicious Activity Report (SAR) filing obligations
  • Office of Foreign Assets Control (OFAC) sanctions monitoring and compliance
  • Customer identification program implementation (including for beneficial owners of legal entity customers)
  • Oversight of applicable financial intermediaries

Key Takeaways

The 2024 Priorities highlight the keys risk areas that the Division will focus on this year. The Division acknowledged that the numerous rules that have recently been promulgated will alter the regulatory landscape and impact registrants and other market participants. The Division will therefore “need to consider the impact of these rules, which will influence potential examinations, compliance risks and new focus areas.” The 2024 Priorities also note that Division staff have continued to conduct more in-person fieldwork, and in many instances, provided virtual options to both examiners and registrants to participate in different stages of an examination to broaden access.

With respect to retail investors, certain focus areas were highlighted “due to their importance to retail investors, particularly those saving for retirement.” Concern for retail-based investors was, however, mentioned as a concern in the discussion of institutional involvement in cryptoassets. The Division also reiterated its focus on Regulation Best Interest.

As noted earlier, one notable omission from the 2024 Priorities was any specific mention of ESG concerns, whether involving investments and strategies that incorporate certain ESG criteria, ESG-related advisory services and fund offerings, appropriate labelling, accuracy and adequacy of disclosures, or best intertest concerns. While we do not believe that the omission means that ESG will not be a focus area, it is a marked contrast from previous years when ESG was highlighted or at least mentioned.

In addition, the Division also launched a series of joint regulatory trainings with FINRA staff to enhance communication and collaboration between both regulators related to their respective examination programs.

According to Division of Examinations’ Director Richard R. Best, publicizing examination priorities “increases transparency into the examination program and encourages firms to focus their compliance and surveillance efforts on areas of potentially heightened risk to retail investors.” Given the aggressive enforcement posture of the SEC in recent years, financial institutions should be aware of the 2024 Priorities and should review and remediate compliance programs as needed.