2021: The Year in Review

Amidst a continuing global pandemic, new political administrations, and increased regulatory scrutiny, firms have had to learn to transform how they conduct business, oversee their compliance programs, and maintain operational resilience. Growing trends like environmental, social, and governance (ESG) and digital assets have taken center stage while mainstay risk areas like cybersecurity have demanded constant vigilance.

As you look ahead to 2022, here are a few of 2021’s key regulatory and industry highlights that may impact how you prioritize year-end compliance tasks, allocate resources, and plan future initiatives.

Marketing Rule

Just before the start of 2021, the U.S. Securities and Exchange Commission (SEC) officially Adopted the New Marketing Rule for Investment Advisers. The long-awaited overhaul of the Advertising Rule (Rule 206(4)-1 under the Investment Advisers Act of 1940 (Advisers Act)) will have material impact on SEC-registered investment advisers based around the world. The new rule, which is referred to as the “Marketing Rule,” is intended to modernize the framework for investment adviser advertising and replace the patchwork of cases, no-action letters and SEC staff guidance that has developed in this area since the rule was first adopted in 1961. 

In March, the SEC confirmed that firms would need to take an all or none early adoption approach to the new Marketing Rule. At our Fall 2021 Virtual Conference, we asked attendees about their priorities and approach to implementing the SEC's New Marketing Rule and heard that marketing and advertising would be their #1 priority in 2022.

Are you ready to comply? Check out our Marketing Rule Insights library for in-depth articles, FAQs, and on demand webcasts to help you prepare.

ESG

A flurry of activity from the SEC at the beginning of 2021 made it crystal clear that ESG would be a top priority in the near and long term. This has proved true for other global regulators, including the Financial Conduct Authority (FCA), and the United Nations Principles for Responsible Investing (UNPRI) and other industry leaders looking to ensure firms are providing investors with greater transparency and consistency in ESG-related disclosures for investment products. 

• UNPRI’s Next Reporting Period Delayed Until Early 2023
• FCA Provides AFMs Guidance and Warning on Authorised ESG and Sustainable Investment Funds
• FCA Publishes Consultation on Climate-Related Financial Disclosure
• Finding Leverage - How Debt Investors are Tackling the Challenge of ESG
• CFA Institute Releases ESG Disclosure Standards for Investment Products
• ESG Examinations in Full Swing, and Most Advisers are Candidates
• SEC Keeps ESG Momentum with Release of Risk Alert
• SEC Turns Watchful Eye on ESG
• FAQ: Implementing the Updated PRI Framework

Cybersecurity & Risk

Cybersecurity risk is constantly mutating and growing, posing a particular threat to financial services firms, which are 300% more likely to suffer a cyber-attack than other sectors. As a result, it remains a top priority for regulators, as seen this summer when the SEC announced that it sanctioned eight firms in three separate actions for failure to establish and implement cybersecurity policies and procedures. 

Ransomware

2021 began in the shadow of the SolarWinds attack. With both government and the financial industry being affected, regulators were keen to gain as much insight as possible and quickly assess and report any impacts. However, the focus on phishing attacks and ransomware didn’t stop there.

Early in the year, both the U.S. National Futures Association (NFA) and Financial Industry Regulatory Authority (FINRA) issued warnings of fake emails, shortly followed by the attack that led to the shutdown of the Colonial Pipeline.

• FinCEN Issues Amended Advisory on Ransomware and Use of Financial System to Facilitate Ransom Payments
• Private Equity Firms Report Receiving Phishing Emails and Scam Capital Calls
• Apple® Issues Patch to Fix Spyware Vulnerability
• Microsoft® Reports “Zero-Day” Attacks Using Tainted Office® Files
• Firms Report Phishing Attempts That Impersonate Microsoft®
• Critical Security Flaw Discovered in Fortinet Security Products Require Upgrad
• The Department of Homeland Security Requires Pipeline Operators to Set Cybersecurity Safeguards
• Active Supply-Chain Ransomware Attack Against Kaseya VSA
• SEC Request for Information About SolarWinds Compromise
• FBI Warns of Criminals Impersonating Advisers and Brokers
• FINRA Warns of Additional Fake Emails
• Ransomware Attack Shuts Down Major Fuel Pipeline; PE Firms Advised To Enhance Protections   
• Gas Pipeline Suffers Ransomware Attack

Read our Ransomware 101 series for more insights on how your firm can prevent and detect a ransomware attack, to engaging with law enforcement if there is one.

Privacy

GDPR celebrated it’s third-year anniversary in 2021, and data privacy legislation continues to be pursued by various countries and states, including New York, Florida, Oklahoma, Washington, and Minnesota. Earlier this year, the Virginia Senate passed the Consumer Data Protection Act and the government of China passed a data privacy law in August.

Whether data privacy legislation will ultimately be enacted on a national level in the United States remains to be seen. It would be wise for firms to prepare well in advance of proposed enactments.

AML

In 2021, AML continued to be a priority for the SEC’s examinations of broker-dealers and registered investment companies. The Financial Crimes Enforcement Network (FinCEN) published its first government-wide priorities for AML (the “Priorities”) and more recently proposed rulemaking to implement reporting requirements of beneficial ownership information for legal entities, both mandates established by the AML Act of 2020 passed by U.S. Congress earlier this year. Additionally, FINRA urged firms to incorporate the government-wide Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) Priorities into their AML programs.

• FINRA Releases AML/CFT Priorities
• FinCEN Issues AML Priorities
• AML Update for Investment Advisers

Holistic Surveillance & Technology

The complexity of trading risk is evolving as remote and hybrid workplaces become the norm. An increased reliance on eComms platforms alongside the ability to potentially evade traditional surveillance mechanisms have made it more difficult to spot risks related to MNPI and insider trading. The SEC’s “Shadow Trading” case shows that regulators have taken notice and are looking deeper and beyond the traditional definition of insider trading.

Fortunately for compliance leaders, artificial intelligence (AI) technologies like machine learning, natural language processing (NLP), and robotic process automation (RPA) are continuing to mature and see increased adoption, bringing us closer than ever to having a truly integrated surveillance system at our disposal.

• Review and Enhance Your Holistic Surveillance Program: A Year-End Checklist
• Holistic Surveillance – To Trading Activity and Beyond
• FCA Market Watch 68: Mind the Surveillance and Compliance Gaps!
• Breaking Down Surveillance Data Silos to Achieve Risk-360

U.S. Regulatory Rulings, Changes, and Enforcement Actions

Despite the ongoing pandemic and a changing administration, regulators have continued to stay active throughout the year to uphold their mandate to protect investors, maintain fair, orderly, and efficient markets, and facilitate capital formation.

SEC

In addition to the increased focus on ESG, the SEC’s 2021 Priorities also included an increased focus on private fund risk disclosures and conflicts of interest, alternative data, digital assets, cybersecurity, technology, advanced analytics, anti-money laundering (AML), and Broker-Dealer and Registered Investment Company risks. With the issuance of nine Risk Alerts this year, the SEC’s Division of Examinations continued its trend of increased transparency in communicating expectations on various risks.

For firms based in the U.S., there is a clear sense that as the new SEC administration, led by Chair Gary Gensler, finds its footing, we are likely to see a more aggressive SEC in the year ahead.

In November, the SEC’s Division of Enforcement published their annual report. By the numbers, FY 2021 was a busy year for Enforcement. They announced that they filed 434 new enforcement actions in fiscal year 2021, representing a 7 percent increase over the prior year. The new actions were wide ranging, including emerging threats in the digital asset/cryptocurrency and special purpose acquisition companies (SPAC) spaces. 

In response to the 2021 Division of Enforcement Annual Report, Chair Gary Gensler is noted as saying "The SEC’s Enforcement Division is the cop on the beat for America’s securities laws…As these results show, we go after misconduct wherever we find it in the financial system, holding individuals and companies accountable, without fear or favor, across the $100-plus trillion capital markets we oversee."

• Observations from Examinations of Advisers that Provide Electronic Investment Advice
• Registered Investment Company Initiatives Exam Observation
• Exam Priorities Spotlight: Focus on Private Equity and Real Estate Advisers
• Early Signs of a Significantly More Expansive Approach to SEC Examinations of Private Markets Fund Managers
• SEC Chairman Gensler Signals an Increase in Scrutiny & Regulation of Private Markets Fund Industry
• SEC Staff Statement on Registered Funds Investing in the Bitcoin Futures Market
• SEC Increases Focus on Digital Assets
• Managing Compliance Concerns in the Wake of GameStop Corp. Stock Inflation
• SEC Issues $1M Fine for Failure to Disclose Breach Information

• SEC Fines Registered Investment Adviser for Misrepresentation of Investment Performance and Marketing Violations

Commodity Futures Trading Commission (CFTC) registrants and National Futures Association (NFA)

The NFA continued its efforts to update and revise its regulations in response to current events. Requirements were implemented for CPOs to notify the NFA in the event of significant liquidity issues in response to industry participant “blow-ups” from the past year. The NFA also updated the definition of branch offices in response to the increased trend in the “remote-work environment” due to the COVID-19 pandemic. ACA expects this trend to continue into 2022.

• NFA Announces Amendments to Interpretive Notice 9002 Regarding Branch Office Registration
• NFA Announces New CPO Notice Filing Requirements

FINRA

A notable development in 2021, was FINRA’s focus on retail communications. Broker-dealers continue to face scrutiny with respect to retail communications, specifically as they relate to private placements, the use of internal rates of return (IRR), and compliance with the Global Investment Performance (GIPS^®) standards. In addition, FINRA continues to monitor broker-dealers engaged in digital assets, a trend that ACA anticipates will continue into 2022 and beyond.

• FINRA Updates Advertising Regulation FAQs
• Regulatory Changes Force Private Fund Managers to Re-Focus on IRRs or Face Fundraising Hurdles
• FINRA Amends Rules 5122 and 5123 Filing Requirements to Include Retail Communications that Promote or Recommend Private Placements
• FINRA Reminds Firms of Supervisory Obligations Related to Outsourcing to Third-Party Vendors
• FINRA Announces its 2021 Risk Monitoring and Examinations Report
• FINRA Regulatory Actions in Q1 2021

European Regulatory Rulings, Changes, and Updates

Financial services firms operating in the UK and Europe faced a challenging 2021, thanks to regulatory change, geopolitical pressures, alongside continuing fallout from the COVID-19 pandemic.

The year saw firms embedding the Senior Manager & Certification Regime (SM&CR) obligations and getting to grips with ESG regulatory frameworks and standards, including the EU’s SFDR and the UK’s Financial Reporting Council’s approach. The looming Investment Firm’s Prudential Regime (IFPR), which comes into force on 1 January 2022, has also created a raft of work for firms that will need to hold more capital and liquidity to meet new disclosure requirements.

What’s more, firms have had to prepare for the deadline for the LIBOR transition, which we wave goodbye to at the end of 2021. Add to this, the ongoing post-Brexit effect and the impact of the SEC’s new marketing rules, there’s no doubt that it’s been an eventful and demanding year.

Here we capture some of our related insights from 2021.

General

• FCA Business Plan 2021/2: A New Era in Financial Services Regulation in the UK?
• FCA Clears the Way for Potentially Greater UK SPAC Issuance
• EU Cross Border Fund Distribution Directive and Regulation - Raises More Questions than it Answers?
• FCA Confirms Dates for Cessation of Panel Submissions For All LIBOR Settings

Post-Brexit

• FCA Warn of 'Tough, Assertive Approach’ to Brexit TPR Landing Slot Authorisations
• EEA Firms Applying for Full Authorisation Under the TPR: Challenges and Potential Pitfalls
• Post-Brexit FAQs - FCA Authorisation and Compliance for EEA Firms in the TPR
• Brexit: EMIR Reporting - Getting the Right Repository
• EEA Firms in the TPR: Have you Received your Landing Slot to Apply for Full Authorisation in the UK?

Investment Firm Prudential Regime (IFPR)

• Q&A: Understanding the new Remuneration Rules under the UK’s Investment Firms Prudential Regime
• IFPR is Just 100 Days Away: Are You Ready?
• European Regulator Fines Major Trade Repository for EMIR Breaches
• The UK’s Investment Firm Prudential Regime: 13 Key Considerations for Successful Implementation

Transaction reporting and market abuse

• European Regulator Fines Major Trade Repository for EMIR Breaches
• Majority of Firms in Breach of Transaction Reporting Requirements
• ESMA final report recommends expansion of transaction reporting regime to AIFMS and UCITS Management Companies
• New Research Shows That 97% of Firms are Reporting Incorrectly Under MiFIR/EMIR
• Brexit: EMIR Reporting - Getting the Right Repository
• FCA Market Watch 68: Mind the Surveillance and Compliance Gaps!

Compliance Officer 2022 Checklist

With the above and other upcoming developments in mind, it’s time to make your year-end checklist as you wrap-up your compliance obligations for 2021 and build your compliance program’s roadmap for 2022. Download our checklist below to use as a guide to end the year strong.

Download U.S. Checklist           

Download European Checklist

Tune in to Our Upcoming Webcast

The Year in Review: What’s Happened in Regulatory Compliance, Cybersecurity, ESG, and Performance in 2021

December 21, 2021 | 11:00 AM EST / 4:00 PM GMT

Tune in as ACA's Carlo di Florio, Chief Services Officer, Jessica Bonsall, Director - ESG, Erika Roess, Director - Performance, Jeffrey Gorton, Senior Principal Consultant - Cyber, and Neha Pasricha, Principal Consultant – U.S. Regulatory Compliance, will share trends, insights, and developments in the areas of regulatory compliance, ESG, cybersecurity and risk, and performance from 2021 and discuss what to expect in 2022. Register here

Questions?

If you have questions about these updates or would like more information about how ACA can help enhance or strengthen your compliance program in 2022, please reach out to your ACA consultant or contact us here.