If it seems that the SEC has become more aggressive lately, it has. In 2022, it filed 760 total enforcement actions that resulted in a record $4.2 billion in civil penalties, up from $3.6 billion in 2021. In 2023, the SEC upped the ante, filing 784 enforcement actions totaling $4.9 billion, with a significant number targeting smaller firms for compliance failures.
While the 2024 tallies aren’t in yet, enforcement actions are not decreasing. The financial and reputational repercussions of ending up on the wrong side of the SEC can be severe, especially for smaller RIAs and broker-dealers. Understanding the critical risk areas can help firms stay compliant and avoid costly and damaging penalties.
Here are five of the top compliance failures and ways to mitigate these risks:
1. Inadequate record keeping: The SEC fined nine firms a total of $79 million in September 2023 for recordkeeping failures. That figure was dwarfed by August 2024, with the SEC announcing penalties of $392.75 million against 26 broker-dealers, investment advisers, and dually registered broker-dealers and investment advisers for “widespread and longstanding” failures by the firms and their personnel to maintain and preserve electronic communications.
The firms admitted the facts outlined in their respective SEC orders and have begun implementing improvements to their compliance policies and procedures to address these violations. Three of the firms self-reported their violations, so they will pay significantly lower civil penalties than they would have otherwise.
Automating recordkeeping processes can ensure compliance and prevent hefty fines.
2. Failure to file timely reports: In recent years, the SEC has penalized several firms for violations regarding Forms ADV and CRS. Deficiencies identified included firms not delivering these forms within the required timeframe and failing to post them on the firm’s public website in a prominent place. In some instances, these firms failed to include all the necessary information to satisfy the SEC’s requirements. Firms found in violation have been censured, compelled to cease violating the provisions in the future and assessed a civil penalty.
Automating report submissions can prevent delays and ensure timely filings of Forms ADV and CRS, as well as other required documents.
3. Insufficient advanced cybersecurity measures: The recently implemented SEC amendments to Reg S-P make it more critical than ever that advisors and firms have clearly defined procedures. These safeguards must include how a firm plans to protect client data, notify clients of a breach and remediate any impact. The new regulations also require firms to monitor the cybersecurity of their third-party vendors. Data breaches and weak cybersecurity protocols will result in severe penalties.
Data breaches and weak cybersecurity protocols will result in severe penalties.
In today’s environment, where bad actors continue to find new ways to steal personal data, firms must implement robust cybersecurity measures to protect sensitive information from these evolving threats.
4. Inaccurate marketing and advertising: Nine advisers were recently fined $1.24 million for Marketing Rule violations. This penalty represents the largest fine so far as part of the SEC’s ongoing Marketing Rule crackdown on wealth management firms. The Marketing Rule opened the door to new forms of advertising, however, it also came with important new warnings about providing context and balance in promotional materials.
Since the Rule was enacted in late 2022, the SEC has been taking enforcement action to emphasize its importance. In 2023, nine RIAs were fined a combined $850,000 for advertising “hypothetical performance” in public materials. In 2024, an additional five RIAs were hit with a combined fine of $200,000.
The alleged violations in the latest wave include making untrue statements, presenting endorsements and third-party ratings without appropriate context and including third-party ratings in their ads without disclosing when those ratings were issued or the period they covered.
Since the SEC is ramping up its policing of non-compliance with the new Marketing Rule, firms must understand the rule and its nuances and enhance their review to ensure all marketing materials comply with the requirements to avoid penalties.
5. Lack of proper supervision and training: In recent years, many firms have been penalized for inadequate supervision. The SEC continues to bring failure-to-supervise cases against registered firms and their senior management – including their chief executive officers – for allegedly not responding reasonably to red flags relating to their representatives’ misconduct.
Written compliance policies and procedures, especially concerning onboarding and monitoring high-risk representatives, form the basis of any supervisory program and demonstrate whether a firm and its senior management are fulfilling their oversight responsibilities.
Firms must also design and implement specific written policies and procedures to oversee and monitor advisory services provided at remote or branch offices to ensure all advisors are consistently and adequately supervised regardless of location.
Procedures must provide for the inspection or audit of each office by the RIA at regular intervals.
Investing in training and proper supervision can mitigate risks and enhance compliance efforts. Procedures must provide for the inspection or audit of each remote, field or branch office by the RIA at regular intervals to ensure compliance with all written policies and procedures and to address any outstanding issues that may be present at a remote, field or branch office.
Third-Party Solutions
Smaller firms must prioritize these areas to avoid costly penalties and enhance compliance. It can be overwhelming, especially for small firms where people wear many hats. Luckily, outsourced companies are doing innovative things with cutting-edge compliance software and services. Find a third-party solutions company that is pairing artificial intelligence with expert human expertise that can take much of the compliance burden off an advisor or chief compliance officer’s shoulders, allowing them to stay ahead of the evolving compliance landscape.
Sid Yenamandra is Founder and CEO of Surge Ventures and CEO of RegVerse, a provider of AI solutions, including Avery, a generative AI-powered regulatory management platform.
