If we learned anything in 2024, it’s that compliance programs, and the professionals in charge of them, can’t become stagnant. Even for a moment.
In 2023, the Securities and Exchange Commission (SEC) issued fines totaling nearly $5 billion. And in 2024? The SEC set a new record, issuing $8.2 billion in fines and penalties.
The surge in civil penalties underscores the need for compliance teams to quickly adapt in a constantly changing and challenging regulatory environment. Not only that, but the headlines tell us where many of these challenges lie.
From harrowing enforcement actions to promising proposed and adopted regulations, this is your breakdown of 2024 and how to meet the SEC’s expectations – and avoid the headlines moving into 2025.
Headline Making Proposed and Adopted SEC Rules
The SEC’s rulemaking agenda outlines their focus areas and critical concerns for the coming years, addressing new risks based on how the market has adapted and how new technologies have changed the industry.
Recent SEC proposed and adopted regulations include:
Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Customer Information
On Aug. 2, 2024, the SEC’s recent amendments regarding Regulation S-P went into effect. According to the new changes, broker-dealers and investment advisers are required to provide clear notice to customers about the use of their nonpublic personal information. This includes procedures for providing timely notice to individuals affected by an incident involving their personal information. The goal of these changes was to modernize the initial Regulation S-P rule, originally adopted in 2000.
The takeaway? Creating and implementing a strong cybersecurity program will be critical to protecting your customers. Collaborate with your IT team to conduct a comprehensive risk assessment and develop a cybersecurity program tailored to your firm’s needs.
Customer Identification Programs for Registered Investment Advisers and Exempt Reporting Advisers
On May 13, 2024, the SEC and FinCEN filed a joint proposal to finalize regulations that would require registered investment advisers (RIAs) and exempt reporting advisers (ERAs) to establish processes for identifying and verifying investors’ identities before opening an account.
The takeaway? Between this joint proposal and the FinCEN’s recently finalized AML rule, it’s clear the industry is taking heed of evolving and increasing AML risks. And they expect firms to do the same. That said, it’s time for a compliance review of your business’s controls to ensure alignment with current and impending regulations.
SEC Proposes New Requirements to Address Risks to Investors From Conflicts of Interest Associated With the Use of Predictive Data Analytics by Broker-Dealers and Investment Advisers
On Jul. 26, 2023, the SEC proposed new rules that directly addressed firms’ artificial intelligence (AI) use. The new rules would require broker-dealers and investment advisers to take certain steps to address conflicts of interest associated with their use of predictive data analytics, like AI. The SEC wants to prevent any instances of firms using such technology to manipulate or mislead investors in their decisions. Firms would need to maintain documentation of their analysis of potential conflicts and take steps to address those conflicts.
The takeaway? As the SEC continues to modernize and delve into topics like predictive data analytics and AI, your compliance team should consider if AI is right for your firm. Whether your firm is one that embraces AI or not, given its increasing popularity, your compliance program should establish Policies and Procedures about the technology and ensure that all employees are aware of applicable protocols.
SEC Proposes Enhanced Safeguarding Rule for Registered Investment Advisers
On Feb. 15, 2023, the SEC proposed amendments to its Custody Rule. The changes would broaden the definition of “custody,” enhancing protections of customer assets managed by RIAs. Under the proposed changes, “custody” would extend “beyond client funds and securities to include any client assets in an investment adviser’s possession or when an investment adviser has authority to obtain possession of client assets.” Investors working with advisers would receive “the time-tested protections” for all their assets, even including cryptocurrency assets.
The takeaway? This proposed rule represents a major shift in the definition and application of custody. The definition will be broadened to include discretion as well as expanded beyond funds and securities to “assets,” which includes digital assets and cryptocurrencies. COMPLY estimates that if this rule is adopted as proposed, more than five thousand additional investment advisers will be deemed to have custody and subject to the additional obligations that entails.
Regulation Best Execution
On Dec. 14, 2022, the SEC proposed enhancements to the existing framework of duty of best execution. These enhancements would require broker-dealers to establish detailed policies and procedures for engaging in certain conflicted transactions with retail customers, as well as related review and documentation requirements.
The takeaway? This SEC continues to focus on ensuring market participants, including broker-dealers, have the appropriate policies, procedures, and practices in place to protect investors and the market. According to the SEC Fact Sheet, “Specifically, in any transaction for or with a customer or a customer of another broker-dealer, a broker-dealer (or a natural person who is an associated person of the broker-dealer) would be required to use reasonable diligence to ascertain the best market for the security and buy or sell in such market so that the resultant price to the customer is as favorable as possible under prevailing market conditions.”
Beyond New Rules: A Look at Recent Headlines
While total enforcement actions decreased this year, the resulting civil penalties set a new record. And the multiple six-figure dollar fines have sent a clear message: non-compliance will cost you.
However, headlines shined a light on various deficiencies found by the Department of Examinations, offering a bit of clarity to other firms. Headlines covered:
- The Marketing Rule: After the rule was imposed, the SEC began sweep examinations designed to assess the market adoption of the new requirements. As a result, more than 20 firms have been charged with violating this rule, most frequently for misrepresenting their firms’ performance on marketing materials, resulting in hundreds of thousands of dollars in fines.
- Insider Information: In several recent cases, the SEC has flagged areas of concern regarding insider trading, including the use of Material Non-Public Information (MNPI) for material gains, anti-fraud violations, and the misuse of material information.
- Books and Records: Every year, the SEC continues to bring new cases against firms for recordkeeping violations, totaling into the multi-millions in finaes. The takeaway? Recordkeeping remains one of the most analyzed components of a compliance program and one that firms can’t afford to overlook.
- Regulatory Filings: The SEC announced settled charges against more than 25 entities and individuals for regulatory filing violations. The SEC also settled charges against 11 institutional investment managers for similar reasons. Violations included failure to report information about holdings and transactions in a timely manner or accurately, resulting in more than $3.8 million in civil penalties.
10 Best Practices to Maintain Compliance and Stay Out of the Headlines
To remain compliant and meet evolving SEC expectations, firms must balance the demands of the new rules with existing compliance obligations, carefully navigating the tightrope of regulatory requirements.
To help, we’ve aggregated our top ten best practices. Stay in compliance and out of the headlines by following these tips:
1. Ensure Accuracy (and Timeliness) in Regulatory Filings
Firms should ensure that they file the proper forms, including Form ADV and Form PF, accurately and on time. Various firms may be subject to different forms and requirements. Pay close attention to the types of forms you’re required to complete and file to stay compliant.
Psst…Need a compliance partner who will file with ease and accuracy on your behalf? We got you covered!
2. Closely Monitor Conflicts of Interest
Firms must practice due diligence in disclosing conflicts of interest, including proper disclosure of Outside of Business Activities (OBAs). The SEC remains focused on this topic, stressing the importance of identifying and mitigating these conflicts and providing full and fair disclosures.
According to SEC guidance, a firm must have “a reasonable basis to conclude that the recommendation or advice provided is in the retail investor’s best interest.”
3. Review Your Marketing Practices
To ensure compliance with the Marketing Rule, a firm’s policies and procedures must address requirements for hypothetical performance, including the selection of assumptions, the presentation of results, and the use of disclaimers.
SEC sweeps continue to target firms with “false and/or misleading” statements, among other violations. To avoid legal action, firms should:
- Implement policies and procedures to properly review marketing materials
- Train employees on the rules and other regulations that may apply
- Review all marketing materials (even including business cards) for accuracy
4. Brush Up on Your Cryptocurrency Knowledge
While there is still a lack of clarity when it comes to rules surrounding cryptocurrency, many firms are adapting their programs to proactively prepare for potential compliance requirements.
Compliance professionals should closely follow regulatory updates, especially as the new SEC Chair takes their place in January 2025. Additionally, transaction monitoring systems should be used to help identify suspicious activity and avoid financial crimes.
5. Continuously Update Your Cybersecurity Policies
In conjunction with existing cybersecurity-related rules, like Reg S-P, the increase in cyber activity and rulemaking highlights the ongoing focus from regulators around the globe.
And as cyber risks (and associated costs) continue to increase, it is wise to ensure your entire team is educated on the risks so they can play a more active role in defending the firm.
Bonus: While there is still uncertainty surrounding AI, the Financial Industry Regulatory Authority (FINRA) stresses that firms should evolve their cybersecurity programs to account for AI-related risks. Take AI into consideration when creating and implementing new cybersecurity policies to stay on top of evolving requirements.
6. Follow Anti-Money Laundering Measures
While historically AML programs have applied specifically to broker-dealers, that is now changing. Recently, FinCEN issued an official AML rule for RIAs and ERAs.
This final rule comes into effect in early 2026, however, given the scope of necessary changes for firm’s compliance programs, we suggest taking action as soon as possible.
Additional SEC rules surrounding money-laundering are still pending. Firms should monitor changes to these policies closely and prepare for their official implementation in the near future.
7. Keep an Eye on Your MNPI
MNPI continues to remain a focus for the SEC and other regulatory agencies, due, in part, to the growing rate of work-from-home employees making the protection of MNPI more complex – and more challenging.
To avoid the eyes of the SEC and reduce insider trading risks, firms should create strict MNPI policies, establish access controls, follow relevant security procedures, and implement additional employee training, as necessary.
8. Maintain Comprehensive Records
Stay up to date on current regulations and risk alerts, making any necessary changes and ensuring accurate records are kept spanning at least a period of five years (generally) from the end of the fiscal year in which the last change or entry is made to any document.
Update your archival methods, particularly when it comes to social media and messaging apps, a recent area of focus for the SEC. Firms are increasingly relying on archiving tools to handle these concerns, ensuring a smoother transition.
9. Ensure a Thorough and Comprehensive Annual Review is Conducted
Annual reviews mandate the regular assessment of a firm’s Policies and Procedures. The goal? To uncover deficiencies and adjust the program accordingly to minimize the risks that come with a lapse in compliance. Reviews should include:
- In-depth review of regulatory developments
- Internal review of all forms for accuracy
- An assessment of any potential gaps in your compliance program
10. Utilize Advanced Technology
Implementing automation and customized workflows for daily tasks can assist firms in staying on track with their compliance. Solutions like the COMPLY Program Management reduce manual labor – and save valuable time.
Firms should adopt the proper technology and update processes as needed to ensure compliance, mitigate risks, and enable themselves to shift focus onto more pressing matters.
Regulatory Compliance Management in 2025
As SEC expectations continue to shift, it is more imperative than ever to maintain comprehensive compliance practices. However, that task is often easier said than done, which is why many firms look to expert third parties to ensure their processes and protocols are up to par.
COMPLY Mock SEC Audits and Compliance Reviews offers your compliance team a low-risk opportunity to test the program and address weak points before they create compliance challenges.
- Off-Site Review, where we request a series of compliance documents to understand your firm’s unique business practices and prepare for the onsite examination.
- Onsite Mock SEC Exam, where our compliance experts visit your firm’s offices and conduct a live mock SEC exam through a series of exercises and interviews.
- Off-site Exam Report, after we complete the onsite review, our compliance experts will provide a written summary of the findings and recommendations for how to enhance your compliance program.
Does your compliance program hold up to regulatory scrutiny? Let’s find out!