SEC 2025 Exam Priorities

Written By Robert Tull

The SEC’s 2025 Examination Priorities highlights the staff’s focus on the effectiveness of adviser compliance programs but does not provide any guidance regarding the criteria examiners use to evaluate whether a compliance program is deemed effective.  While it would be sensible to assume that the SEC applies the same criteria as the Department of Justice when evaluating the effectiveness of compliance and ethics programs, it never acknowledges the shared guidance and examiners do not demonstrate any understanding such valuable guidance. It’s a long-held behavior that the SEC will not disclose its criteria and instead relies on examiner discretion and enforcement actions to inform firms and compliance professionals. 

In light of this, we’ve translated what little guidance the SEC will acknowledge and identified the specific criteria that will demonstrate the effectiveness of a compliance program, using the lens of our Home” model for effectiveness. Recall that our Home model reflects the SEC’s mandate that compliance professionals - and compliance programs - must be knowledgeable, competent, empowered, and adequately resourced.

When evaluating whether the compliance staff and the compliance program are knowledgeable regarding the regulations, industry best practices, and the business itself, effectiveness is measured by the following criteria:

  • The degree to which the firm’s policies, procedures, and training provide accurate and clear guidance on the regulatory requirements.

  • The degree to which policies, procedures, and training are embedded in the business personnel responsible for the business activities in the compliance area, such as Marketing and Business Development personnel, Traders, Portfolio Management, Investment Analysts, Operations personnel, and Client / Investor Service personnel.

  • How the firm’s workflows compare to similar firms, including segregation of duties, resource allocation, and critical controls.

  • How well the policies and procedures fit the current business structure and strategic objectives.

Compliance areas that are driven by explicit rules, like marketing and custody, are easier to demonstrate the compliance program’s design, whereas compliance areas that are principal based – like portfolio management, valuation, and conflicts around compensation and fees – will rely on clear risk assessments that illustrate the linkage between risks and conflicts and policies and procedures.

Demonstrating operational effectiveness (the analog for competency) is driven first by how well the firm’s compliance program provides clear, accurate, and complete disclosures and guidance for each compliance area.  These client-facing disclosures and internal guidance must adequately address all identified risks and conflicts associated with each business and compliance area.  This requires firms to identify and assess those risks and conflicts and illustrate how they are mitigated by policies, controls, and monitoring activities.  Business changes and the analysis of monitoring activities should result in changes to the policies, controls, and monitoring activities when appropriate.  Furthermore, the compliance personnel must be competent in making sound and information-based decisions regarding the application and evolution of the compliance policies and procedures.

An empowered compliance program is more than simply having a Chief Compliance Officer who is responsible and accountable for the compliance program.  A truly empowered compliance program includes active management involvement and clear coordination between business line personnel and compliance personnel.  A clear indication of the effectiveness of a compliance program for examiners is the extent of information sharing and coordination between business teams and compliance personnel.  When compliance personnel are actively informed and coordinating with marketing personnel, investment and trading teams, and back-office teams, it nurtures an integrated and effective compliance program.  An empowered and effective compliance program has clear lines of escalation, remediation, and enforcement regarding compliance issues identified in business processes.

Lastly, an effective compliance program is adequately resourced.  In the context of the compliance areas highlighted in the Priorities, this means that the compliance program has adequate personnel capacity to address volume of activities in each compliance area, whether that is the volume of marketing materials generated, the number of client accounts and scope of client guidelines, or trading volumes (to name a few).  Where business activities eclipse and overwhelm compliance capacity, a compliance program would not be deemed effective by examiners.  Firms can expand compliance resources through vendors and specialty systems, including the systems that are primarily for the business workflow (as opposed to purely a compliance tool).  Examiners will also evaluate the relationship between firm investments in compliance resources relative to the scope and volume of activities requiring compliance monitoring.  When firms have abundant business activities (such as producing thousands of marketing materials, onboarding hundreds of new clients, or placing millions of trades) but are scarce on compliance resources, examiners will often interpret this disparity as confirmation that the firm does not have an effective compliance program. 

An effective compliance program is not something an adviser can purchase through a vendor or delegate to a service provider.  An effective compliance program is only possible through effective compliance professionals operating within the firm. 

Applying the Home model framework will help advisers be “exam-ready” for 2025 and years to come.

Robert Tull
Next

The “Home” Model of Effective Compliance