On January 7, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) announced its 2020 Examination Priorities (2020 Priorities). Published annually, OCIE's priorities release is designed to provide securities industry participants with insight into OCIE's risk-based approach to examinations and the areas it currently believes present potential risks to investors and the US capital markets. In announcing the 2020 Priorities, SEC Chairman Jay Clayton said that OCIE's list of priorities sets forth key areas of existing and emerging risk that the Commission expects market participants to identify and mitigate.
OCIE prefaces the 2020 Priorities by emphasizing the vital importance of compliance programs and compliance professionals. OCIE notes that the positive impact of effective compliance is clear from the exams it has conducted. This includes compliance's active engagement in firm operations and early involvement in important business developments as well as a knowledgeable and empowered chief compliance officer who is provided with complete responsibility, authority, and resources to develop and enforce appropriate policies and procedures. Most significantly, OCIE believes it is crucial for there to be a commitment to compliance from C-level and similar senior executives, confirming that compliance is integral to the organization’s success and that support for compliance at all levels of an organization is a principal SEC concern.
Another important point made by OCIE is that it is the primary, and often only, regulator responsible for examining registered investment advisers (RIAs), and that this segment of the financial industry has grown significantly in recent years, along with the amount of assets under management. OCIE explains that while it has made significant strides in recent years to increase its coverage of RIAs, it lacks sufficient resources to adequately cover the RIA space and its coverage rates are not likely to keep pace with continued growth in the industry. OCIE warns that there is a risk of diminished coverage, quality, and effectiveness in its examination program without further support, and states that OCIE and SEC Chairman Clayton are focused on addressing this issue.
OCIE also highlights that many SEC enforcement actions are the result of OCIE examinations and referrals and that it expects this trend to continue. In addition, OCIE reports that it uses the examination process to encourage firms to make investors whole when fees are improperly calculated and charged. Industry participants should recognize that OCIE examinations may serve as a gateway to enforcement.
Before turning to its specific areas of focus, OCIE noted that its FY2020 examination priorities will also include significant new SEC rules including Regulation Best Interest, the Form CRS Relationship Summary and the SEC's interpretation under the Investment Advisers Act of 1940 relating to the standard of conduct for investment advisers. Market participants are encouraged to engage with OCIE as they modify their compliance programs to reflect these rules and interpretations.
Specific areas of focus. The 2020 Priorities include the following critical areas:
Retail investors, seniors and others saving for retirement. Of paramount importance to OCIE is the protection of retail investors, especially seniors and those saving for retirement. Consequently, its examinations of RIAs and broker-dealers will continue to focus on investments marketed to, or designed for such investors, including mutual and exchange-traded funds (ETFs), municipal and other fixed income securities, and microcap securities. This focus will include disclosures relating to fees, expenses, and conflicts of interest. OCIE notes that it is critically important for firms to provide investors with the disclosures required by federal securities laws, including disclosures relating to fees and expenses, and conflicts of interest. These disclosures help the investing public to make better informed choices and, according to OCIE, firms must effectively implement controls and systems to ensure that such disclosures are made and that the firm’s actions match those disclosures.
OCIE will also focus on recommendations and advice given to retail investors, with a particular emphasis on seniors (including recommendations and advice made by those targeting retirement communities). OCIE will also focus on recommendations and advice to teachers and military personnel. OCIE will also look closely at riskier products such as private placements and securities of issuers in new and emerging risk areas, especially those with high fees and expenses and those of issuers affiliated with or related to the registered firm making the recommendation. OCIE is also concerned with supervision of employee outside business activities and the conflicts that may arise.
OCIE will also examine RIAs to ensure they are fulfilling their fiduciary duties, assessing whether RIAs provide advice in the best interests of their clients and eliminate, or at least fully and fairly disclose, all conflicts of interest which might incline an RIA to render advice that is not disinterested. OCIE will continue to look at risks associated with fees and expenses, and undisclosed or inadequately disclosed compensation arrangements.
Information security. OCIE continues to prioritize cyber and other information security risks across its examination program. OCIE views information security as critical to the operation of the financial markets and the confidence of market participants; the impact of a breach in information security may have consequences well beyond the compromised firm. OCIE will prioritize information security in all of its examination programs, focusing on proper configuration of storage devices, information security governance generally, and protection of clients’ personal financial information. Other areas of concentration will include risk management, access controls, data loss prevention, vendor management, training and incident response and resiliency, and controls relating to online access and mobile application access to customer brokerage account information.
Fintech and innovation, digital assets and electronic investment advice. OCIE believes that advances in financial technologies, methods of capital formation and market structure, and the use by firms of new sources of data, warrant attention and review. OCIE will also examine firms dealing in digital assets and robo-advisers.
Digital assets. Recognizing the rapid growth of and related risks presented by the digital assets market, especially for retail investors lacking adequate understanding of the differences between digital assets and more traditional products, OCIE will identify and examine market participants in this space to assess suitability, portfolio management and trading practices, safety of client funds and assets, pricing and valuation, effectiveness of compliance programs and controls, and supervision of employee outside business activities.
Electronic investment advice. OCIE will be looking at RIAs that provide services through automated investment tools and platforms (ie, robo-advisers) to assess SEC registration eligibility, cybersecurity policies and procedures, marketing practices, satisfaction of fiduciary duties, adequacy of disclosures and effectiveness of compliance programs.
Investment advisers, investment companies, broker-dealers and municipal advisors. OCIE will continue to conduct risk-based examinations for all of these entities. It is particularly interested in RIAs advising retail investors and private funds. Examinations of investment companies will focus on mutual funds and exchange-traded funds, as well as their RIAs and boards of directors. Broker-dealer exams will focus how they prepare for and implement recent rulemaking, and their trading practices generally. Municipal advisor examinations will include review of registration and continuing education requirements and fiduciary duty obligations.
RIAs. OCIE generally looks at compliance programs of RIAs in core areas such as account selection, portfolio management practices, custody and safekeeping of client assets, best execution, fees and expenses, and valuation of client assets for consistency and appropriateness of methodology. OCIE also may assess adequacy of disclosures and governance practices in the core areas reviewed.
OCIE will continue to review RIA compliance programs, including whether the firm’s policies and procedures are reasonably designed, implemented, and maintained. OCIE will prioritize exam of RIAs that are dually registered as, or affiliated with, broker-dealers, as well as those with supervised persons who are registered representatives of unaffiliated broker-dealers. OCIE will concentrate on whether the firms have effective compliance programs with respect to best execution, prohibited transactions, fiduciary advice, and conflict disclosure, and will prioritize examining firms that use the services of third-party asset managers to assess their due diligence practices, policies, and procedures. OCIE is particularly interested in the accuracy and adequacy of disclosures provided by those RIAs that offer clients new or emerging investment strategies, such as those focused on sustainable and responsible investing and incorporate environmental, social, and governance criteria.
OCIE will also prioritize new RIAs and existing RIAs that have never been examined, as well as RIAs that have not been examined for several years to focus on whether their compliance programs have been appropriately adapted in light of any substantial growth or change in their businesses.
Mutual funds and ETFs. OCIE intends to prioritize examining mutual funds and ETFs, the activities of their RIAs, and oversight practices of their boards of directors. These exams will assess industry practices and regulatory compliance, focusing on RIAs that use third-party administrators to sponsor the mutual funds they advise or with which they are affiliated, mutual funds and ETFs that have not yet been examined, and RIAs to private funds that also manage a registered investment company with a similar investment strategy.
RIAs to private funds. OCIE will continue its focus on RIAs to private funds that have a greater impact on retail investors. These include RIAs that provide management to separately managed accounts alongside private funds. OCIE will also review such RIAs to assess compliance risks such as controls to prevent the misuse of material, non-public information, and conflicts of interest such as undisclosed or inadequately disclosed fees and expenses and the use of affiliates to provide services to clients.
Broker-dealers. In addition to sales practices, broker-dealer exams will also look at the safety of customer cash and securities, risk management, certain trading activities, effects of changing commission and cost structures, best execution, and payment for order flow arrangements.
With respect to financial responsibility, broker-dealers that hold customer cash and securities must ensure that those assets are safeguarded in accordance with SEC rules. Examinations will continue to focus on compliance with these rules and adequacy of internal processes, procedures, and controls. OCIE will also examine broker-dealers’ trading and risk management practices, including those relating to trading in "odd lots," which often represents retail interest and requires special treatment to ensure compliance with applicable laws, rules and regulations, including best execution. OCIE will also evaluate controls related to automated trading algorithms which, if poorly designed, can adversely impact the stability of the broker-dealer as well as that of the market in general. OCIE will look at the supervision of algorithmic trading activities including development, testing, implementation, maintenance, and modification of the programs supporting those activities and computer code access controls. OCIE will also assess the use of internal procedures, practices, and controls for trading risk management.
Municipal advisors. OCIE will examine municipal advisors for compliance with registration, professional qualification and continuing education requirements, and will review fiduciary duty obligations to municipal entity clients, requirements for fair dealing with market participants, and disclosure of conflicts of interest. OCIE will also look at the ways in which municipal advisors deal with conflicts while representing clients, and compliance with MSRB advertising rules
AML programs. OCIE will be looking for compliance by examined entities with applicable anti-money laundering requirements, including whether they appropriately adapt their programs to address regulatory obligations. OCIE will assess whether broker-dealers and investment companies have appropriate customer identification programs and whether they are satisfying obligations relating to filing Suspicious Activity Reports (SARs), complying with beneficial ownership requirements, and conducting due diligence on customers and robust, timely independent tests of their programs. The goal is to ensure that broker-dealers and investment companies have adequate policies and procedures that are reasonably designed to identify suspicious activity and illegal money-laundering activities.
Market infrastructure. OCIE is focused on entities that provide services that are critical to the functioning of the capital markets. These include clearing agencies, securities exchanges and alternative trading systems, and transfer agents. OCIE expects to pay particular attention to the security and resiliency of systems.
Clearing agencies. Under the Dodd-Frank Act, the SEC is required to examine, at least once a year, those registered clearing agencies that the Financial Stability Oversight Council has designated as systemically important and for which the SEC serves as the supervisory agency. In these exams, the SEC must assess, among other things, financial and operational risks, resources and capabilities to monitor and control them, the clearing agency’s safety and soundness, and compliance with applicable laws, rules and regulations. Through its Office of Clearance and Settlement and its Technology Controls Program, OCIE will review each clearing agency’s core risks, processes, and controls that touch on each requirement. Examinations will focus on compliance with SEC standards and other applicable federal securities laws, whether there have been appropriate corrective actions taken in response to prior examinations, and other areas identified in collaboration with the SEC Division of Trading and Markets and other regulators. These exams will include assessments of liquidity risk management, collateral and investment risk management, default risk management, cyber security and resiliency, and recovery and wind-down procedures more generally. They will also include examination of governance, legal, compliance and risk management frameworks.
OCIE notes that it also consults with the Federal Reserve Board each year on the scope and methodology of its Dodd-Frank examinations and routinely consults with the SEC’s Division of Trading and Markets concerning risks it observes in its supervisory role over clearing agencies. All of this is incorporated into the risk-based planning of OCIE’s exams.
National securities exchanges. OCIE will examine exchanges' operations, particularly their reactions to market disruptions, and how they monitor member activity for compliance with federal securities laws and rules. OCIE will focus on exchange efforts to protect the integrity of the marketplace from abusive, manipulative, and illegal trading practices.
Regulation systems compliance and integrity. SEC Regulation SCI requires entities such as national securities exchanges, registered and certain exempt clearing agencies, FINRA, the MSRB, alternative trading systems and certain other entities to establish, maintain, and enforce written policies and procedures designed to ensure that their system capacity, integrity, resiliency, availability, and security is adequate to maintain operational capability and promote fair and orderly markets. When certain events occur, these entities must take appropriate corrective action as soon as reasonably practicable and immediately notify the SEC. OCIE will continue to evaluate whether these entities have and enforce required written policies and procedures emphasizing IT inventory management, IT governance, incident response, and third party vendor management. OCIE will also review whether they have taken appropriate action in response to past exams.
Transfer agents. OCIE will examine transfer agents’ core functions including timely turnaround of items and transfers, recordkeeping and retention, and safeguarding of funds and securities. OCIE examinations will also focus on the requirement to annually file a report by an independent accountant concerning the transfer agent’s system of internal accounting controls, as well as compliance with obligations to search for lost security holders and provide notice to unresponsive payees. Candidates for examination this year will include transfer agents that serve as paying agents for issuers, those developing blockchain technology and those providing services to issuers of microcap securities, private offerings, crowdfunded securities, and/or digital assets.
FINRA and MSRB. OCIE will focus its examinations of the Financial Industry Regulatory Authority on operations, regulatory programs, and the quality of FINRA’s own examinations of broker-dealers and municipal advisors. OCIE will also evaluate the effectiveness of the Municipal Securities Rulemaking Board's operations and its internal policies, procedures, and controls.
In sum, the 2020 Priorities reflect OCIE’s assessment of risks, issues, and policy matters derived from developments in the markets and in the regulation of those markets, information gathered during examinations and from tips, complaints, and referrals, and coordination with other SEC Divisions and Offices, as well as other regulators. In formulating the 2020 Priorities, OCIE received feedback from its examination staff as well as input and advice from the SEC Chairman and other Commissioners, staff of other SEC divisions and offices, and other regulators.
However, the list is not exhaustive. OCIE can and will look at other areas as well. While the 2020 Priorities will drive OCIE's examinations, the scope of any examination is determined through a risk-based approach that includes analysis of an examined entity’s business, operations, services, products offered, and other risk factors, including its regulatory history. OCIE also solicits comments and suggestions relating to its mission, and requests those who suspect or observe activity that may violate the federal securities laws or otherwise harm investors to notify the SEC.
If you have any questions regarding the 2020 Priorities, need assistance in preparing for a regulatory exam, or would like to discuss your firm's compliance and supervisory policies and procedures, please contact one of the authors.