Last week, both the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations and the Financial Industry Regulatory Authority issued their annual Examination Priorities. Each regulatory entity identified many common areas for their 2020 reviews, including sales practices, preparation for and compliance with new requirements under Regulation Best Interest; fintech applications, such as digital assets; and information security.

As in prior years, OCIE noted that it will prioritize the protection of retail investors in its reviews. It will seek to ensure that required disclosures are being made, particularly those related to fees and expenses and conflicts of interest. Additionally, after June 30, OCIE intends to evaluate both broker-dealers’ and registered investment advisors’ implementation of Regulation BI and use of Form CRS. (Click here for an overview of Regulation BI and Form CRS in the article “SEC Adopts New Regulation to Ensure Retail Customers’ Best Interest Takes Priority Over Broker-Dealer’s” in the June 9, 2019 edition of Bridging the Week.)

OCIE indicated it will also continue to identify and examine registrants who are involved with digital assets. Among specific areas of attention will be suitability, investment management and trading practices, protection of clients’ funds and assets, pricing and valuation; effectiveness of compliance programs, and controls and oversight of outside business activities. OCIE will also prioritize review of investment advisors that provide their clients automated investment tools and platforms commonly known as “robo-advisors.”

Additionally, OCIE proposed to continue to prioritize information security at registrants, paying close attention to the configuration of network storage devices, information security governance generally and retail trading information security. OCIE expressly will focus on registrants’ oversight of certain service providers and network solutions, including those providing cloud-based storage, among other topics.

As before, OCIE will review broker-dealers’ and investment companies’ anti-money laundering programs, including the monitoring and potential reporting of suspicious activities, and emphasize review of never–before or not recently examined investment advisors.

Similarly, FINRA indicated that, in its examinations of members, it would focus on sales practices and supervision, market integrity, financial management and firm operations. Among other things, FINRA intends to consider how firms comply with their obligations to help prevent market manipulation, report certain transactions and handle short sales. FINRA will seek to determine whether firms engaging in digital assets businesses have filed a continuing membership application with it, how fair and balanced relevant marketing materials are, whether firms imply that digital assets businesses being conducted through a non-SEC-registered affiliate are being overseen by a registered broker-dealer, and what controls and procedures a member has to support its digital assets transactions. FINRA will also examine the robustness of members’ policies and procedures to protect customer records and information and firms’ business continuity plans. Like OCIE, FINRA will review members’ implementation of Regulation BI and Form CRS after June 30, and evaluate their preparedness for the new requirements beforehand.

Compliance Weeds: The beginning of every year provides a natural opportunity for registrants to review their written policies and procedures to ensure they accurately reflect current requirements and practices and, if applicable, current personnel. It is easy, over time, for policies and procedures to become stale and persons referenced by name in such documents to no longer be with a registrant. Unfortunately, if something goes wrong, it will not be helpful to have written policies grounded on outdated regulatory requirements, practices that are inconsistent with written policies, or written policies that are so generic they are not correlated to actual practices. Ensuring that policies and procedures address hot button issues identified by regulators in summaries of examination priorities – such as the OCIE’s and FINRA’s 2020 examination priorities – is also advisable.