Are the SEC and FINRA setting up shop in the metaverse? Not quite yet, but we stress yet! Like private sector businesses, U.S. financial services regulators are increasingly exploring what the metaverse, augmented reality (AR), and virtual reality (VR) mean for their registrants’ businesses and also for the means and methods of regulating them.
One noteworthy example: FINRA recently announced that it is developing “Xpand Reality,” an AR-based app for investor education. FINRA also recently proposed allowing its members to remotely satisfy their internal office inspection obligations without an on-site visit. For their own part, FINRA and SEC staff largely remain in work-from-home status (although this may change with a post-summer return to “normal”).
Our guess is that it is only a matter of time before regulators utilize elements of AR, VR, and the metaverse to conduct remote exams — but that is likely several years away. What is more likely in the near-term is that many financial industry firms will develop a metapresence in search of increased efficiency and greater engagement with customers and personnel. When this happens, regulatory exams, whether in-person or remote, will encompass firms’ virtual footprints. Regulators will likely apply existing regulatory guidance and frameworks early on, but may eventually develop new rules and expectations over time to align with the advancement of technology.
Firms can and should be “thinking in 3D” (more on that below) early and often so they and their personnel are prepared for that virtual knock on the door.
Virtual ExamsWhether or not remote exams were inevitable, the COVID-19 pandemic has accelerated FINRA’s and the SEC’s adoption of this exam format. This trend seems likely to continue and a firm’s metapresence could facilitate and even be a feature of remote exams. For example, a firm could provide regulators with something akin to administrator access to the firm’s virtual office for certain records, or use a VR data room to provide documents responsive to regulatory requests. Firms could also provide regulators with a means to automate their review of rep/client meetings in the metaverse and review the various iterations of communications and correspondence, all without the firm devoting significant time preparing the production, as is often needed today.
The metaverse will provide firms with novel avenues for communications and interaction, internally and externally. Absent new regulatory guidance, however, firms will need to look to past technological advancements to understand regulators’ expectations. Social media provides a good starting point to understand how regulators are likely to view a firm’s communications in the metaverse. FINRA’s content standards will of course continue to apply. The same is true for SEC requirements that statements not be materially misleading or omit necessary material facts. Firms will also need to continue to be aware of third-party content and links that might appear in their metapresence and whether the firm or its personnel adopt or otherwise become entangled with the content.
Supervision of personnel and their activity will be a major focus of any firm’s metapresence. Perhaps paradoxically, interactions in the metaverse could actually promote greater means of firm supervision, as interactions will occur through a central “location” (i.e., the firm’s virtual space), which could help create a central digital repository of documents, communications, and other records and interactions for review (including perhaps even recordings of meetings, pitches, etc.). Firms will need to tailor their written supervisory procedures to address interactions in the metaverse, the actions firms (including their compliance teams) will take if they detect problems, how to document findings and any corrective action, and how firms will train associated persons on these new and evolving standards. Regulation Best Interest would also apply to recommendations in the metaverse and firms will need to develop a way to comply with the various disclosures and other requirements of this standard of conduct.
Activity in the metaverse could similarly assist firms with their recordkeeping obligations. The virtual office “location” and the communications device could essentially serve as one package, with interactions and communications recorded on a centralized ledger. Information presented to the client could be immediately turned into a record of what was presented, to whom, and when. Iterative records used in a virtual space could automatically be stored and updated. In this regard, the SEC recently proposed new recordkeeping requirements that would allow firms to do away with the current “WORM” requirement in favor of an audit-trail alternative that would require storage and retrieval of iterative versions of documents. A firm might utilize its metapresence as a way to comply with these requirements.
Thinking in 3D
For firms that do dip a virtual toe in the metaverse, “thinking in 3D” will be critical. What we mean by that is:
- Design. Map your firm’s strategy for staking a metapresence. Identify the key considerations, risks, challenges, and opportunities for your firm. Plan for unknowns. Include key stakeholders within your organization and your contacts at regulators (keeping them in the dark probably hurts you here). Integrate your systems, processes, and controls. Strive to ensure that messaging to clients and the market is crystal clear. Then hit repeat on all this to catch what you might have previously missed.
- Deployment. Rolling out your metapresence strategy should be done carefully and purposefully. Ensure that your personnel are well-trained. The various components of your real-life business must be speaking to and working with the virtual components. Your messaging to the market must be on point. Stay in close communication with your regulators, not only on successes but especially if hiccups occur (and before they grow into actual problems).
- Dedication. It will take commitment to ensure that a metapresence is working for your firm’s business and this will be a very subjective set of inputs and outputs for each firm in the space. Regular and repeated reviews of progress and status and opportunities for adjustments are critical. Seek input from your clients and your personnel on what’s working/not working. Consistently look for regulatory and compliance gaps and plug them immediately.
Significant resources are currently being deployed to the metaverse. So while conducting business and exams in the metaverse remains speculative for now for most financial firms and regulators, it may not be too long before that changes. This is not dissimilar to the early days of online-brokerage, robo-advice or even use of social media by firms. If done in a rule-focused and compliance-minded way, early-adopters may get a leg up on their competition by appearing more attractive to younger investors. And on top of potentially enhancing engagement with clients, staking a metapresence could actually be fun — let’s not forget about that!
However, because of the highly-regulated nature of their businesses, financial industry firms will need to consider the topics mentioned above as they establish a metapresence, along with cybersecurity, business continuity, AML, KYC/customer identification and a host of other legal, regulatory, and compliance obligations. And as always, firms should be on the lookout for new regulatory guidance, rules, and requirements as they spring up.
Nicholas J. LosurdoPartner