The SEC's Office of Compliance Inspections and Examinations (OCIE) has published its 2018 examination priorities. Not surprisingly, it will continue to focus on the protection of retail investors and ensuring that registrants are appropriately disclosing or resolving conflicts of interest. In addition, OCIE will pay particular attention to developments in cryptocurrencies and initial coin offerings (ICOs). OCIE also identified its oversight of FINRA and the MSRB as an area of focus, which should be of particular interest to broker-dealers and municipal securities dealers.
OCIE broke its priorities into five categories, each of which is summarized below.
Matters of Importance to Retail Investors. For several years now, OCIE has focused a portion of its examination efforts on matters related to retail investors, including seniors and those saving for retirement. That focus will not wane in 2018. OCIE will continue to pursue examinations of firms that provide products and services directly to retail investors, and will focus on higher risk products and recent technological changes affecting how these firms can deliver investment advice. Areas identified as warranting OCIE's particular attention include:
- Disclosure of the Costs of Investing. OCIE will examine whether retail investors are receiving proper disclosure regarding fees and the calculation of fees, expenses and other charges, as well as conflicts of interest that might incentivize the recommendation of certain products and services that are riskier or generate higher fees. OCIE will focus on business practices that it believes present increased risks, such as:
o Advisory personnel that may receive financial incentives to recommend mutual fund share classes that charge higher fees;
o Accounts where investment advisory representatives have departed the firm and the accounts have not been assigned to new representatives to provide oversight;
o Advisers that switch accounts from commission-based fees to a fees calculated as a percentage of assets under management; and
o Private fund advisers that manage funds with a high percentage of investors, such as non-profits and pension plans, that invest for the benefit of underlying retail clients.
- Senior Investors and Retirement Accounts. OCIE will examine broker-dealers' oversight of their representatives' interactions with senior investors. In particular, OCIE intends to evaluate whether broker-dealers' supervisory procedures and other internal controls facilitate the ability to identify financial exploitation of seniors. OCIE identified variable insurance products and target date funds as two areas of potential focus.
- Digital Assets and Blockchain. OCIE noted that as the market for cryptocurrencies and ICOs has expanded, the number of broker-dealers and investment advisers engaged in this space has also grown. OCIE intends to monitor the sale of these products and, if it determines that the products are securities, to examine for regulatory compliance. OCIE will focus on whether firms have implemented adequate controls and safeguards to protect client assets and whether investors are receiving adequate disclosure about the risk of investment losses, liquidity risks, price volatility, and potential fraud that OCIE believes are inherent in these products.
- Mutual Funds and ETFs. OCIE intends to focus on mutual funds that have experienced poor performance relative to their peer groups, those that are managed by advisers with little experience in managing mutual funds, and those that hold securities which are difficult to value during times of market stress. OCIE will also examine ETFs that seek to track custom-built indexes and to evaluate any conflicts the adviser may have with the index provider and the adviser's role with respect to the selection and weighting of index components. OCIE will also examine ETFs that have little secondary market trading volume.
- Robo-Advisers and Other Electronic Investment Advice. Examinations will focus on how firms: monitor computer algorithms that generate securities recommendations; oversee the production of investor marketing materials; protect investor data; and disclose conflicts of interest.
- Wrap Fee Programs. OCIE will evaluate whether registered advisers associated with wrap-fee programs are acting in a manner consistent with their fiduciary duty and their contractual obligations to clients. This includes whether they are adequately disclosing conflicts of interests, how they seek best execution, and the costs of "trading away."
- Never Before Examined Advisers. OCIE emphasized that it is data-driven and continues to improve its ability to collect and evaluate trading data and evaluate regulatory filings. OCIE said it will use such data to facilitate exam scoping, planning, and execution and to select for examination never before examined investment advisers that have elevated risk profiles.
- Municipal Advisers. OCIE will examine municipal advisors to evaluate their compliance with the SEC's registration, recordkeeping, and supervision requirements and their compliance with MSRB rules regarding professional qualification, continuing education, and core standards of conduct.
- Best Execution. OCIE intends to examine broker-dealers to assess whether they have implemented adequate best execution policies and procedures for municipal bond and corporate bond transactions.
Compliance and Risks in Critical Market Infrastructure. OCIE will examine entities that provide services critical to the proper functioning of capital markets, including:
- Clearing agencies. OCIE will continue to conduct annual examinations of clearing agencies that the Financial Stability Oversight Council (FSOC) has designated as systemically important and for which the SEC is the supervisory agency. Among other things, these examinations will focus on whether clearing agencies have taken corrective action in response to prior examination findings.
- National Securities Exchanges. OCIE will focus its examinations of securities exchanges on, among other things, the internal audits conducted by the exchanges and the governance and operation of certain National Market System (NMS) plans.Transfer Agents. OCIE's examinations of transfer agents will focus on transfers, recordkeeping, and the safeguarding of client funds and securities, particularly for those transfer agents that serve as paying agents or that service microcap or crowdfunding issuers.
- Regulation Systems Compliance and Integrity (SCI) Entities. Regulation SCI requires national securities exchanges, clearing agencies, and certain alternative trading systems, to establish, maintain, and enforce policies and procedures for their systems' capacity, integrity, resiliency, availability, and security. OCIE intends to examine these entities to evaluate whether they have effectively implemented adequate written policies and procedures, controls related to how systems record the time of transactions or events and how they synchronize with other systems, and business continuity plans adopted by such entities.
FINRA and MSRB. OCIE will examine FINRA's operations and regulatory programs and the quality of FINRA's examinations of broker-dealers and municipal advisors that are also registered as broker-dealers. Similarly, OCIE's examinations of the MSRB will evaluate the effectiveness of its operational and internal policies, procedures, and controls related to its oversight of municipal securities firms.
FINRA previously announced its own examination priorities for 2018 which overlap with OCIE's priorities in a variety of areas, including the focus on senior investors, cybersecurity, AML programs, and cryptocurrencies. Consistent with its regulatory mandate and historic areas of focus, however, FINRA also said that it intends to focus on a variety of additional areas, including so-called "high-risk" firms and brokers, and suitability concerns in connection with sales of complex products. Between these two regulators, there are a variety of issues for broker-dealers to consider in connection with potential examinations and their review of their own operations and compliance infrastructure.
Cybersecurity. OCIE said that it will continue to prioritize cybersecurity in each of its examination programs. This includes, among other things, governance and risk assessment, access rights and controls, data loss prevention, vendor management, training, and incident response.
Anti-Money Laundering (AML) Programs. In 2018, OCIE will examine whether certain SEC-regulated entities, such as broker-dealers and investment companies, have adopted adequate AML programs. For example, OCIE will consider customer due diligence requirements and whether such entities are taking reasonable steps to understand the nature and purpose of customer relationships and to properly address risks. OCIE will also evaluate whether these entities are filing timely, complete, and accurate suspicious activity reports (SARs) and whether they are appropriately testing their AML programs.
OCIE continues to focus on protecting retail and retirement investors, conflicts of interest, and disclosure issues. At the same time, however, it is evaluating new technologies and products and how those technologies and products may affect the market and various market participants.
In addition to announcing its specific priorities, OCIE took the opportunity to remind registrants and their service providers of the four "pillars" underlying OCIE's operations: promoting compliance; preventing fraud; identifying and monitoring risk; and informing policy. It also said that its priorities continue to be evaluated on a risk-based, data-driven platform, and that it will make the highest and best use of its resources including, without limitation, new technologies that facilitate its analytical efforts.
This reminder should not be under-emphasized since, over the last several years, OCIE and its staff have continually improved their ability to use data provided by registrants and other market participants to identify and focus on high-risk business practices and products. Registrants should be allocating a portion of their resources to analyzing and understanding their own data before OCIE does so.