The Office of Compliance Inspections and Examinations (OCIE) of the U.S. Securities and Exchange Commission (SEC) released its annual list of 2020 Examination Priorities on Jan. 7, 2020.
Many of OCIE’s 2020 examination priorities, including the focus on retail investors, fraud, conflicts (and related disclosures), among others, are perennial risk areas that OCIE routinely prioritizes. While the SEC release discusses new issues in greater detail than continuing areas of interest, practitioners must continue to focus on these areas and monitor whether the SEC provides guidance throughout the year.
In its 2020 report, OCIE emphasized that the keys of effective compliance are a culture and tone set from the top (including C-level executives). In fact, a commitment to compliance from C-level executives was referenced as perhaps the most important “hallmark” of a good compliance program. Therefore, top level executives will benefit from reviewing the 2020 priorities to assess the impact on their business models and take proactive measures to strengthen their compliance programs.
The 2020 report also emphasizes certain “hallmarks” of effective compliance, including the compliance department’s active engagement in most facets of firm operations, early involvement in important business developments, and the employment of a knowledgeable CCO empowered with full responsibility, authority, and resources to develop and enforce policies and procedures. It is crucial that firms invest resources – including time and personnel – to enable effective compliance in the operation of their businesses.
Most securities industry participants (with a specific emphasis on registered investment advisers (RIAs), broker-dealers, registered investment companies, municipal advisors, and transfer agents) are subject to examination. Such examinations remain firmly grounded in four pillars: promoting compliance, preventing fraud, identifying and monitoring risk, and informing policy. Accordingly, OCIE has continued its practice of organizing its priorities around thematic areas. This year’s areas are:
- Retail Investors, Including Seniors and Those Saving for Retirement
- Information Security
- Financial Technology (Fintech) and Innovation, Including Digital Assets and Electronic Investment Advice
- Additional Focus Areas Involving RIAs and Investment Companies
- Additional Focus Areas Involving Broker-Dealers and Municipal Advisors
- Anti-Money Laundering (AML) Programs
- Market Infrastructure
- Focus on Oversight of FINRA (Financial Industry Regulatory Authority) and MSRB (Municipal Securities Rulemaking Board)
This GT Alert summarizes key points in each of these thematic areas.
Retail Investors, Including Seniors and Those Saving for Retirement
Protecting retail investors, such as seniors and those saving for retirement, is a perennial examination priority. OCIE will prioritize examinations of intermediaries that serve retail investors, namely RIAs, broker-dealers, dually registered firms, and investments marketed to retail investors, such as mutual funds and exchange-traded funds (ETFs).
OCIE noted that it is extremely important that registered firms provide investors with the disclosures required by the federal securities laws, including those relating to fees and expenses, and to conflicts of interest (another continuing emphasis of the SEC), which will help enable the investing public to make better informed choices. As an overarching precept, RIAs should be aware of their duties of care and loyalty and be careful not to render interested advice unless all conflicts are fully disclosed. Similarly, broker-dealers, and their associated persons, must pay attention to the requirements of Regulation Best Interest, the implementation and impact of which also will be a focus of OCIE.
Information Security
OCIE will continue to prioritize information security. Examinations will focus on proper configuration of network storage devices, information security governance, and retail trading information security.
Specifically for RIAs, OCIE will focus on protection of clients’ personal financial information with special attention paid to governance and risk management; access controls; data loss prevention; vendor management; training; and incident response and resiliency. RIAs and other industry participants must also be mindful of third-party and vendor risk management, where OCIE mentions a specific focus on oversight practices, including participants leveraging cloud-based storage.
Financial Technology (Fintech) and Innovation, Including Digital Assets and Electronic Investment Advice
OCIE’s exam priorities often evolve in response to new technological trends. For example, this year, OCIE notes that registered firms are increasingly using new sources of data, referred to as “alternative data,” that may drive investment decision-making. Such data is often obtained by a computer-based algorithm that scans websites on a certain topic. OCIE is currently monitoring the use of alternative data during its examinations of firms using such data. In addition, OCIE will continue prioritizing both developments regarding digital assets and the provision of electronic investment advice (i.e., “robo-advisers”).
With respect to digital assets, examinations will assess investment suitability, portfolio management and trading practices, safety of client funds and assets, pricing and valuation, effectiveness of compliance programs and controls, and supervision of employee outside business activities.
With respect to electronic investment advice, OCIE will remain focused on SEC registration eligibility, cybersecurity policies and procedures, marketing practices, adherence to fiduciary duty, adequacy of disclosures, and effectiveness of compliance programs.
Additional Focus Areas Involving Rias and Investment Companies
Of particular concern to RIAs and investment companies, OCIE will continue to focus on the appropriateness of account selection, portfolio management practices, adequacy of disclosures, custody and safekeeping of client assets, best execution, fees and expenses, and valuation of client assets for consistency and appropriateness of methodology. Furthermore, OCIE will continue to review the compliance program of RIAs, including whether such programs are reasonably designed, implemented, and maintained. In addition, never-before-examined advisers, as well as those that have not been examined for a number of years, should take heed of the risks highlighted above and note that the SEC will continue its focus on examining advisers that have yet to be examined or have not been examined for some time.
Furthermore, OCIE will review RIAs serving private funds to assess compliance risks, including the misuse of non-public information, conflicts of interest, inadequately disclosed fees and expenses, and the use of affiliates to provide services to clients.
Additional Focus Areas Involving Broker-Dealers and Municipal Advisors
Broker-dealer examinations will focus on sales practices, risk management, certain types of trading activity, the effects of evolving commissions and other cost structures, best execution, and payment for order flow arrangements.
With respect to municipal advisors, OCIE will examine whether they have satisfied their registration, professional qualification, and continuing education requirements. Furthermore, municipal advisors should be aware of their fiduciary duty obligations to municipal entity clients, fair dealing with market participant requirements, and the disclosure of conflicts of interest.
Anti-Money Laundering (AML) Programs
OCIE will continue to examine broker-dealers and investment companies for compliance with their AML obligations. Examinations will seek to confirm that firms have established appropriate customer identification programs that satisfy their SAR filing obligations, conduct due diligence on customers, comply with beneficial ownership requirements, and conduct independent tests of their AML programs.
Market Infrastructure
OCIE noted that it will conduct risk-based examinations of clearing agencies and national securities exchanges. For clearing agencies, OCIE will examine core risks, processes, and controls that touch on the requirements under the Dodd-Frank Act and other federal laws. Similarly, for national securities exchanges, OCIE will monitor compliance with the laws and rules concerning abusive, manipulative, and illegal trading practices. Both clearing agencies and national securities exchanges should review their compliance with Regulation SCI, which is emphasized specifically in the SEC’s 2020 priority list.
Focus on FINRA and MSRB
OCIE will stay focused on FINRA and MSRB, examining both organizations with the aim of identifying aspects of their operations that are important to the protection of investors and market integrity. OCIE will then take observations from these inspections and examinations to make detailed recommendations to improve processes.
Conclusion
OCIE’s 2020 priorities are by no means exhaustive, and actual examinations will include inquiries into a variety of other areas based upon changes in market conditions, regulations, industry practice, information uncovered by OCIE, and principals of investor protection. As we have seen in previous years, developments during the 2020 calendar year may prompt OCIE to expand or modify its focus on these and other issues facing the securities industry. Industry participants should be advised to touch base with counsel periodically to assess how the SEC’s latest guidance, or newest regulation, may affect their business model.
Registrants should keep in mind that OCIE also will shift its resources to conduct additional “for cause” examinations where specific matters come to light regarding a particular registrant or class of registrants.