Theta Lake Blog

SEC Exam Priorities for 2024 Focus on Firm’s Ability to Evidence Compliance

Written by Susannah Hammond | Oct 30, 2023 3:00:29 PM



The SEC exam priorities for 2024 give an essential insight into likely practices, products, and services which will be the focus of the Division of Examinations in the coming year. The priorities are those that pose emerging risks to investors or the markets, as well as examinations of core and perennial risk areas. Given the now more than $2.6bn of fines imposed for recordkeeping failures, it is fair to say that unmonitored communications channels and the incomplete capture of required records will continue to be key supervisory considerations for all U.S. financial services firms.

The focus on recordkeeping is twofold - first off the recordkeeping and obligations themselves but then also a firm’s ability to robustly and comprehensively evidence compliance with all regulatory requirements is critically dependent on upfront records capture and preservation. Only with the relevant, native context records able to be retrieved will firms be able to demonstrate that their policies and procedures are operating effectively and the business undertaken is compliant. 

Demonstrating effective compliance programs

The specifics of the exam priorities are divided by sector - investment advisers, investment companies, broker-dealers, self-regulatory organizations (such as FINRA), clearing agencies and other market participants such as municipal advisers, security-based swap dealers and transfer agents. A thread throughout is the need for regulated firms to be able to show the effectiveness of their compliance programs. An examination will focus on compliance policies and procedures, whether or not they reflect the business, are fit for purpose and operate effectively. 

For investment advisers, two of the areas under the Compliance Rule are:

  • the accurate creation of required records and their maintenance in a manner that secures them from unauthorized alteration or use and protects them from untimely destruction, and
  • safeguards for the privacy protection of client records and information; 

The examination of investment advisers' marketing practices will also include a particular focus on the adoption and implementation of ‘reasonably designed written policies and procedures’ as well as whether the firm has ‘maintained substantiation of their processes and other required books and records.’


For broker-dealers, the examination will evaluate whether the firm has ‘established, maintained, and enforced written policies and procedures reasonably designed to achieve compliance’ with in particular Regulation Best Interest. This analysis will include considering whether the written policies and procedures are ‘reasonably designed’ based on the costs, risks, and rewards of the securities and investment strategies that the broker-dealer recommends to customers.

For municipal advisors, examiners will review compliance with their obligations to document municipal advisory relationships and disclose conflicts of interest and requirements related to registration, professional qualification, continuing education, recordkeeping, and supervision. For municipal advisors, a new rule (MSRB Rule G-46), which becomes effective on March 1, 2024, is designed to establish the core standards of conduct for solicitor municipal advisors, which, among other things, include the disclosure of conflicts of interest and documentation of client relationships. Examinations of solicitor municipal advisors during the second half of fiscal year 2024 will focus on compliance with new MSRB Rule G-46.

For transfer agents, examinations will focus on the processing of items and transfers, recordkeeping and record retention, safeguarding of funds and securities, and filings with the Commission.

Recordkeeping is a core competency

Recordkeeping as a required core competency for financial services firms is neither new nor novel. Underpinning the SEC’s exam priorities is the inherent expectation that firms will be able to demonstrate robust compliance with all relevant regulatory requirements and for that firms will need to have appropriate and comprehensive recordkeeping and data governance in place. 

How Theta Lake Can Help 

Backed by the investment arms of Cisco, RingCentral, Salesforce, and Zoom, Theta Lake’s multi-award winning product suite provides patented compliance and security for modern collaboration platforms, utilizing hundreds of frictionless partner integrations including RingCentral, Webex by Cisco, Microsoft 365 and Teams, Slack, Zoom, Movius, Box, Mural, Asana and more

Theta Lake empowers organizations to safely, compliantly, and cost-effectively expand their use of unified communication platforms by enabling capture, compliant archives, and acting as an archive connector for existing archives of record across video, voice, and chat collaboration systems. Customers benefit from:

  • Searching instantly across participants, all modes of unified communication and collaboration tools, meshed conversations, and timelines in an easy to navigate search system that covers and provides full replay for voice, video, chat, email, images, emojis, files, whiteboards, and more.

  • Patented AI & ML to detect, surface, and enable actual response for regulatory, privacy, and security risks, including SEC RegBI, in an AI assisted review workflow with remediation and patented UCC security control integrations for protection across what is shared, shown, spoken, and typed.

  • The ability to ensure that all aspects of messaging can be preserved, and a full audit trail provided to supervisors and regulators. For example, chat messages can be viewed in their native format over the entire history of the conversation, with full context retained including images, GIFs, emojis and reactions.

  • Theta Lake’s risk and compliance suite provides an advanced security and privacy architecture named STAR3 (Secure in Transit, Access, in Redaction, Remediation, and Removal), which is  SOC2 Type II certified with ISO 27001 mapping, PCI DSS certified, 17a-4 and audit trail attested, BAA supported, and undergoes regular penetration testing so our customers, partners, and regulators worldwide are confident in That Lake’s data and system security, integrity, and privacy. 

Ways to learn more:

  • Visit us at: ThetaLake.com | LinkedIn | Twitter at @thetalake
  • Join a weekly 30-minute demo webinar here or request a bespoke demo today from our friendly team here
  • Keep up to date with regulatory perspectives from Theta Lake here
  • Download Theta Lake’s 2023/24 Digital Communications Governance, Compliance and Security Report