Accenture recently participated in the 2022 SEC and FINRA Examination and Enforcement Priorities Webinar, in partnership with Fordham Law School’s Program on Corporate Ethics and Compliance and Fordham Gabelli School of Business’ Center for Professional Accounting Practices. We were joined by panelists from the U.S. Securities and Exchange Commission (SEC), the Financial Industry Regulatory Authority (FINRA), and a global law firm. The panel covered a wide range of “hot” financial regulatory topics, from cybersecurity to ESG, AI, Regulation Best Interest, CCO liability, communications with the public, “influences,” and geopolitical events.
FINRA published its 2022 Report on FINRA’s Examination and Risk Monitoring Program on February 9, 2022, and the SEC published its 2022 Examination Priorities on March 30, 2022 (two days after our webinar). This blogpost addresses the issues covered by our panelists and highlights the current regulatory priorities of FINRA and the SEC.
FINRA released its priorities before our webinar, so we will focus first on this regulator. To fulfill its commitment to investor protection and market integrity, FINRA’s 2022 priorities include perennial mainstays such as firm operations related to AML and cybersecurity, communications and sales, and financial risk management. This agenda is supplemented in 2022 by the inclusion of, among other newly identified risk areas, disclosure of routing information, funding portals and crowdfunding offerings, and supervision of digital communications.
First, member firms are now required to disclose information about the handling of their customers’ orders in National Market System (NMS) stocks and listed options. Additionally, FINRA rules provide for different broker-dealer disclosure obligations depending on whether the order at issue is held or not-held, and the regulator has observed that certain firms may not be disclosing publicly where and how they route orders for execution.
Second, our webinar covered the supervision and record keeping of digital communications, both for investors and within firms, as a new priority in 2022. For example, although most member firms are aware of their obligations to have robust data retention policies and procedures, some still fail to prevent their employees’ off-platform communications and/or to retain all business-related communications. The panel noted that a financial institution’s failure to retain such communications may result in hefty fines and other sanctions.
Further, our panelists spotlighted how social media influencers (a/k/a “finfluencers”), including celebrities, market investment services on popular social media platforms like TikTok, Instagram, and YouTube. FINRA is examining firms that use finfluencers to acquire customers, including how such firms compensate finfluencers and what they do with the customer data obtained.
Similar to FINRA, the SEC’s focus in 2022 mirrors many of its priorities in prior years, including financial disclosures, compliance programs, fees and expenses, and conflicts of interest. Our panel also discussed the following environmental, social, and governance (ESG) topics in great detail:
- Investor protection. Investor demand for ESG-related information has skyrocketed in the past few years. But ESG offerings have lacked standardized definitions, which may make it challenging for investors to accurately assess ESG criteria and identify risks. Our panel noted that, as with other regulated areas, the SEC does not evaluate the merits of any particular ESG products, strategies, or investments, but instead has focused on ESG marketing and compliance, and evaluating whether advisers are, in fact, doing what they say they are doing in their communications with investors and regulators.
- Public statements. In our recent ESG Regulatory Newsletter: March 2022, we highlighted that greenwashing involves a company conveying a false impression or providing misleading information to the public about the environmental impact of the company’s goals or products. Our panel detailed the factors companies should consider, including policies, procedures, and controls, to screen ESG investment opportunities to minimize the risk of regulatory action related to public statements promoting these investments.
- Risk Alert on ESG Investing. During examinations of investment advisers, registered investment companies, and private funds offering ESG products and services, the SEC has observed discrepancies between the firms’ regulatory filings and their performance advertising. Our panel noted that, in order to develop and enhance their compliance practices, these firms should review the SEC’s Risk Alert on ESG Investing, dated April 9, 2021. The alert advises firms to (1) avoid portfolio management practices that are inconsistent with the company’s ESG disclosures, (2) implement ESG policies and controls that take into account their clients’ ESG-related investment mandates, and (3) establish consistent proxy voting procedures. In addition, as we discussed in a recent blogpost, companies may also consider creating ESG Centers of Excellence dedicated to enterprise-wide and industry-leading ESG regulatory compliance.
For CCOs at financial institutions and other companies subject to SEC and/or FINRA oversight, our webinar and the regulators’ 2022 priorities provide the following lessons:
- Compliance programs need adequate resources and funding. This function is seen by the SEC as critical to the maintenance of effective investor protection protocols, and is also being closely scrutinized by FINRA.
- Companies that suffer cyber intrusions may also be subjected to enforcement actions. Regulated institutions should establish enterprise-wide information security policies, procedures, and controls, including and especially at branch offices.
- Companies should keep fraud, KYC/AML, and digital currencies top of mind. Our panelists stressed that, in light of recent geopolitical crises, comprehensive monitoring is necessary for companies to remain compliant with the constant issuance of sanctions and other updates by governments and regulators. These companies should evaluate their risk exposure by conducting impact analyses and updating their procedures to monitor their compliance with a rapidly evolving and ever-expanding global regulatory landscape.
Finally, we noted that 2021 marked the first full calendar year during which Reg BI was in effect. Our panelists emphasized that financial institutions and registered representatives that fail to comply with the best interest standard of conduct when making recommendations to customers may be subject to rigorous examinations and enforcement actions. The webinar participants concluded that companies should have robust compliance functions to establish, implement, and continuously monitor their written policies, procedures, and controls in order to conform with regulatory requirements and priorities.