On February 7, 2018, the Securities and Exchange Commission's (SEC) Office of Compliance Inspections and Examinations (OCIE) released its 2018 examination priorities.1 This year's priorities comprise five principal areas: (1) retail investors, (2) infrastructure risks, (3) FINRA and Municipal Securities Rulemaking Board (MSRB), (4) cybersecurity, and (5) anti-money laundering (AML) programs.
In connection with the release, OCIE announced that its work stands on four “pillars”: (i) promoting compliance; (ii) preventing fraud; (iii) identifying and monitoring risk; and (iv) informing policy.
Relatedly, OCIE announced the five principles by which it will abide in the execution of its examination priorities:
- OCIE Is Risk-Based. In order to effectively oversee all the market participants under its jurisdiction, OCIE uses a risk-based strategy to, among other things, narrow down the potential examination candidates and determine the appropriate scope of its exams and resource allocation more generally.
- OCIE Is Data-Driven. In concert with its risk-based strategy, OCIE uses data analytics in areas such as risk assessment and exam scoping to help better identify high-risk exam candidates and to more efficiently analyze information during its exams
- OCIE Is Transparent. OCIE will continue publication of its activities, the motives behind its actions and its findings along the way
- OCIE Is Efficient. OCIE will continue to analyze its allocation of resources with the goal of advancing investor protecting and fulfilling the SEC's mission.
- OCIE Is Committed to Innovation and New Technology. OCIE will assess the potential impact of technological advances on the financial markets, including ways in which investors may be harmed.
This Client Alert summarizes the main points of OCIE's examination priorities. It is important to note, however, that the below list is not exhaustive. OCIE maintains the flexibility to add priorities throughout the year as it identifies new risks to investors and the marketplace.
Unsurprisingly, one of OCIE's main priorities continues to be examining firms that sell investment products and services to retail investors, particularly seniors and those saving for retirement. To this end, OCIE emphasized the following areas:
- Disclosure of Investment Costs. OCIE will seek to examine whether retail investors are receiving proper disclosure regarding fees and their calculation, expenses, and other charges to investors, as well as conflicts of interest that might incentivize firms to recommend to investors certain products and services that are riskier or generate higher fees. Particular business practices and models identified by OCIE as increasing risks to investors include:
- Advisory personnel who may receive financial incentives to recommend to investors mutual fund share classes that charge higher fees and the conflicts of interest that may not be disclosed to investors;
- Accounts where investment advisory representatives have departed their firms, and the accounts have not been assigned a new representative to properly oversee them;
- Advisers that switch accounts from being charged a commission-based fee to a fee calculated as a percentage of assets under management; and
- Private fund advisers that manage funds with a high percentage of investors investing for the benefit of retail clients, such as nonprofit organizations and pension plans.
- Robo-Advisers and Other Automated or Digital Platforms. OCIE will focus its efforts on how firms monitor computer algorithms that generate securities recommendations to investors, oversee the production of investor marketing materials, protect investor data and disclose conflicts of interest.
- Wrap Fee Programs. OCIE will evaluate whether advisers associated with wrap fee programs are behaving in a manner consistent with fiduciary duty and fulfilling their contractual obligations to clients. This review will look at how advisers seek best execution, whether they are sufficiently disclosing conflicts of interest, and the costs of “trading away.”
- Never-Before-Examined Investment Advisers. OCIE will focus on “never-before-examined” advisers, using risk-based analysis to prioritize examinations of those advisers with “elevated risk profiles.”
- Senior Investors and Retirement Accounts and Products. OCIE will examine broker-dealers' oversight of the interactions between their representatives and senior investors. Particularly, OCIE seeks to evaluate whether broker-dealers' supervisory procedures and other internal controls facilitate the ability to identify financial exploitation of senior investors. OCIE specifically noted variable insurance products and target date funds as two areas of potential focus.
- Mutual Funds and ETFs. OCIE will focus on funds that have experienced poor performance relative to their peer groups and/or are managed by inexperienced investment advisers. OCIE will also pay particular attention to funds that hold securities that are difficult to value during times of market stress. OCIE seeks to examine ETFs that purport to track custom-built indices and to evaluate any conflicts the adviser may have with the index provider and the adviser's role in connection with the selection and weighting of index components. OCIE will also focus on ETFs that have little secondary market trading volume and that face the risk of being delisted from an exchange and having to liquidate assets.
- Municipal Advisers and Underwriters. OCIE will review municipal advisers, particularly municipal advisers that are not registered as broker-dealers, for their compliance with registration, recordkeeping and supervision requirements. Such examinations will also review for compliance with MSRB rules.
- Fixed Income Order Execution. OCIE will examine whether broker-dealers have implemented best execution policies and procedures consistent with regulatory requirements for municipal bond and corporate bond transactions.
- Blockchain and ICOs. Recognizing that the expansion of the market for cryptocurrencies and initial coin offerings (ICOs) has led to a corresponding increase in the number of broker-dealers and investment advisers engaged in the market, OCIE intends to monitor the sale of such products, and if it determines that the products are securities, to examine for regulatory compliance. Particular areas of focus in this regard will include whether financial professionals maintain sufficient controls and safeguards to protect the products from theft or misappropriation as well as the adequacy of risk disclosures to the investor regarding investments in such products.
Compliance and Risks in Critical Market Infrastructure
- Clearing Agencies. In conjunction with the SEC's Division of Trading and Markets and other regulators, OCIE will continue annual examinations of “systemically important”2 clearing agencies under the SEC's jurisdiction. OCIE will focus on whether clearing agencies have taken corrective action in response to prior examination findings.
- National Securities Exchanges. OCIE will focus on, among other things, the internal audits conducted by the exchanges, fees paid, and the governance and operation of certain National Market System (NMS) plans
- Transfer Agents. OCIE's examinations of transfer agents will focus on transfers, recordkeeping, and the safeguarding of client funds and securities, especially for those transfer agents that serve as paying agents or that service microcap or crowdfunding issuers
- Regulation Systems Compliance and Integrity (SCI)3 entities. OCIE will continue its examination of SCI entities to evaluate whether they have instituted adequate written policies and procedures that cover, among other things, controls related to how the systems record the time of transactions or events, their readiness and business continuity plans, and how they synchronize with other systems.
FINRA and MSRB
- FINRA. OCIE will monitor FINRA's operations and regulatory programs as well as the quality of FINRA's examinations of broker-dealers and municipal advisers that are also registered as broker-dealers
- MSRB. OCIE will examine the MSRB to evaluate the effectiveness of select operational and internal policies, procedures and controls.
OCIE has yet again announced that cybersecurity remains a prime area of focus in 2018. OCIE's focus will prioritize, among other things, governance and risk assessment, data loss prevention, vendor management, access rights and controls, training, and incident response.
In 2018, OCIE will continue to examine whether regulated entities (including broker-dealers and investment companies) have established AML programs as required by the Bank Secrecy Act. For example, OCIE will consider customer due diligence requirements and whether such entities are taking reasonable steps to understand the nature and purpose of customer relationships and to properly address risks. OCIE will also evaluate whether such entities are conducting robust and timely independent tests of their AML programs.
This year OCIE maintains its focus on protecting retail investors, particularly seniors and those investors planning for retirement, as well as potential and actual conflicts of interest and disclosure issues. OCIE, however, continues to adapt its priorities as the types of technologies and products used in the marketplace continue to expand.
Conspicuously absent from this year's priorities are references to money-market funds and the examination of private fund advisers for potential conflicts of interest. The absence of money-market funds from this year's priorities signals confidence on the part of OCIE in fund sponsors' implementation of the reforms that became effective in 2016. With respect to the absence of private fund advisers in this year's priorities, we would caution that the focus on private funds remains implicit, especially given OCIE's prioritization of conflicts of interest in several areas that are applicable to private fund sponsors.
Over the past several years, OCIE has continually expanded its ability to utilize data of registrants and other market participants to identify high-risk business models and products. In 2018 we expect OCIE to continue enhance its focus on the collection and analysis of data from registrants' filings and other public and private sources as a primary tool. As such, it is important that advisers be proactive in examining their own data and practices to identify potential risks and areas of focus by OCIE. Likewise, advisers should ensure that all applicable (or potentially applicable) areas of focus highlighted in OCIE's 2018 examination priorities are specifically addressed in writing in their compliance policies and procedures.
1 The official release.
2 As designated by the Financial Stability Oversight Council.
3 Regulation SCI was adopted by the SEC for the purpose of strengthening the technology infrastructure of the U.S. securities markets. See Regulation Systems Compliance and Integrity, Release No. 34-37639 (November 19, 2014). Regulation SCI requires, in part, SCI entities (which include national securities exchanges, clearing agencies and certain alternative trading systems) to establish, maintain and enforce policies and procedures for their systems' capacity, integrity, resiliency, availability and security.