SECURITIES CORNER

SEC APPROVES NEW AND UPDATED PCAOB AUDITS STANDARDS

Recently, the SEC approved a new PCAOB standard, AS 1000, which redefined the foundational standards for auditors, as well as amended existing PCAOB audit standards (AS1105 and AS2301) to address use of technology-assisted analysis. Additionally, the SEC approved changes to the PCAOB's contributory liability rule (Rule 3502) to limit those who directly and substantially contributed to a firms’ violation from a recklessness standard to a negligence standard.

  • The introduction of AS 1000, reaffirms, consolidates, and modernizes the general principles and responsibilities of the auditor when conducting an audit by focusing on auditor’s duty to protect investors through informative, accurate, and independent reports; exercise of due professional care, and professional judgment when performing audits; and compliance with ethics and independence rules. For most, AS 1000, will take effect for audits of financial statements for fiscal years beginning on or after Dec. 15, 2024.
     
  • The SEC amended AS 1105, Audit Evidence, and AS 2301, The Auditor’s Response to the Risks of Material Misstatement, to address the use of technology-assisted data analysis in audit procedures. These amendments provide auditors clarity as to their responsibilities when using analytical tools to conduct audits. AS 1105 and AS 2301, will take effect for audits of financial statements for fiscal years beginning on or after Dec. 15, 2025.
     
  • Lastly, the SEC amended Rule 3502, the PCAOB’s contributory rule from recklessness to negligence standard for an associated person’s contributory liability, while maintaining the requirement that to be held liable, an associated person must have contributed to the firm’s violation “directly and substantially.” The amendments to Rule 3502 will become effective in 60 days. The amendment does not apply to conduct before the effective date.

 

SEC Chair Gary Gensler stated that he was “pleased that the PCAOB is fulfilling its obligations under the Sarbanes-Oxley Act by updating its standards and rules regarding the practice of auditing.” Especially since "[t]he PCAOB found that 46% of the auditing engagements it reviewed in 2023 fell short of obtaining sufficient, appropriate audit evidence." The new standards, will require registered accounting firms to identify, manage and continuously monitor risks to audit quality control and will hold audit firm leadership accountable if the firm falls short of requirements.

THE SEC REITERATED ITS RECORDKEEPING REQUIREMENTS AND IT COST $390M TO TWENTY-SIX FIRMS 

Recently, the SEC announced that 26 dually registered broker-dealers and investment advisers have agreed to pay combined almost $400 million in penalties to settle charges related to recordkeeping failures related to off-channel communications. Off-channel communications refer to any form of communication that takes place outside the official channels and leads to failures to capture, archive, record keep, or maintain communications through company-approved channels. The SEC has been actively investigating, fining, and enforcing such violations and enforcing the recordkeeping requirements.

 

The announcement indicates that the SEC continues to focus on “off-channel communications” violations, thereby enforcing the recordkeeping provisions of the federal securities laws. According to the SEC, the laws are “essential to investor protection and well-functioning markets.”

 

Notably, the SEC encourages self-reporting, as it highlighted that the three firms which elected to self-report their violations prior to staff’s investigations received credit for doing so and will pay reduced penalties as a result.

SEC HOLDS INVESTMENT ADVISOR LIABLE FOR CRYPTO ASSET CUSTODY FAILURES

Earlier this month, the SEC charged and imposed a hefty civil penalty against an investment adviser (the “Advisor”) who failed to properly safeguard its clients’ assets. In the charge, the SEC alleged that the Adviser violated the SEC’s Investment Advisers Act (the “Act”), which requires that investment advisers who have custody over client funds, must hold those funds with a qualified custodian like a bank or broker-dealer.

 

The charges against the Adviser stem from the collapse of one of the largest global cryptocurrency exchange companies (the “Company”) following systematic fraud allegations. The SEC found that the Adviser failed to comply with its duties under the Act because it was storing client assets’ on the Company’s collapsed platform, which was not a qualified custodian. Due to these failures, nearly half of the funds stored on the platform were lost in connection with the collapse of the Company and were exposed to potential misuse and misappropriation.

 

The charges against the Adviser have ignited an important conversation around a custodian’s obligations to safeguard cryptocurrency. Currently, some proposals are attempting to qualify crypto assets as an asset class that require proper custody. Specifically, these proposals are attempting to protect and cover crypto assets that do not necessarily fall under the definition of funds or securities. 

NEW ANTI-MONEY LAUNDERING RULE FOR INVESTMENT ADVISERS

Recently, the Financial Crimes Enforcement Network (FinCEN) issued the Anti-Money Laundering/Countering the Financing of Terrorism Program and Suspicious Activity Report Filing Requirements for Registered Investment Advisers and Exempt Reporting Advisers (the “New Rule”). The New Rule will extend anti-money laundering compliance obligations to Investment advisers registered with the SEC (RIAs) and Investment advisers that report to the SEC as exempt reporting advisers (ERAs) beginning January 1, 2026.

 

The Bank Secrecy Act (BSA) requires “financial institutions” to establish and maintain anti-money laundering (AML) compliance programs. Historically, the definition of “financial institutions” did not include RIAs and ERAs. The New Rule now includes RIAs and ERAs in the definition of financial institutions which thereby extends the BSA’s affirmative AML program requirements thus requiring RIAs and ERAs to (1) adopt written AML compliance programs; and (2) monitor and report suspicious activity to FinCEN. Under the New Rule, the compliance programs must include:

  • Internal policies, procedures, and controls reasonably designed to prevent being used for money laundering, terrorist financing, or other illicit financial activities;
  • Designation at least one AML compliance officer;
  • Provide ongoing AML training for appropriate personnel;
  • Independent testing of the program’s effectiveness; and
  • Risk-based procedures for conducting ongoing customer due diligence to (1) understand the nature and purpose of customer relationships for the purpose developing a customer risk profile; and (2) identify and report suspicious transactions and, on a risk basis, to maintain and update customer information.

 

The New Rule will allow RIAs and ERAs to delegate the implementation and operation of some or all aspects of their AML programs to third parties. However, an adviser elects to delegate any aspects of its AML program, the adviser remains fully responsible and legally liable for the program’s compliance with the New Rule.

 

Additionally, the New Rule will require RIAs and ERAs to file suspicious activity reports (SARs) for transactions “conducted or attempted by, at, or through” the RIA and ERA if the Transaction involves at least $5000 and the RIA or ERA knows, suspects, or has reason to suspect that the transaction (a) involves funds derived illegally, (b) designed to evade BSA reporting requirements; (c) contains no business, apparent lawful purpose, or appears not to be one the customer would normally engage in; or (d) involves use of the RIA or ERA to facilitate criminal activity.

 

Implementation of the New Rule will require detailed attention and planning, even for advisers that already have an AML in place. Thus, it remains important for advisers to prepare early and monitor any future developments.