On February 7, 2018, the Office of Compliance Inspections and Examinations (OCIE) of the U.S. Securities and Exchange Commission (SEC) released its 2018 examination priorities.1 The examination priorities indicate that the SEC will continue its existing examination focus from prior years with additional emphasis on investor protections in the retail market and are organized in five general categories:

  1. Retail Investors The protection of retail investors, particularly seniors and those saving for retirement, is a continuing priority for the agency. In its efforts to protect retail investors, OCIE will continue to examine how fees and costs are disclosed by private advisors that manage funds with a high percentage of investors investing for the benefit of retail clients. OCIE also will focus on the adequacy of compliance programs of automated or digital platforms, such as robo-advisers. In addition, OCIE will focus on newly registered or never-before-examined investment advisors based on a risk-based assessment. Moreover, examiners plan to assess whether broker-dealers have implemented policies and procedures to ensure best execution for municipal and corporate bond transactions. To address the rapid growth of the sale of crypto currency and initial coin offerings, examiners will review whether adequate controls are employed to protect assets from misappropriation or theft and provide investors with disclosure concerning risk and potential fraud.
  2. Compliance and Risks in Critical Market InfrastructureOCIE will continue to focus on clearing agencies that the Financial Stability Oversight Council has designated as systemically important. National security exchanges, transfer agents, and regulation systems compliance and integrity (SCI) entities fall within this focus area.
  3. Financial Industry Regulatory Authority (FINRA) and Municipal Securities Rulemaking Board (MSRB) OCIE will continue to monitor FINRA regarding the quality of its operations and regulatory programs, as well as how the agency examines the entities within its purview. OCIE also will examine the MSRB to evaluate the effectiveness of certain operational and internal policies, procedures and controls.
  4. Cybersecurity Cybersecurity is an ongoing priority for OCIE. In particular, OCIE’s examination programs will emphasize: (a) governance and risk assessment; (b) access rights and controls; (c) data loss prevention; (d) vendor management; (e) training; and (f) incident response.
  5. Anti-Money Laundering (AML) ProgramsAML is a continued focus for the agency, with examinations that will focus on whether regulated entities are appropriately adapting their AML programs to address their obligations and making timely filings.

Regulated entities should ensure they have addressed these priority areas. These priorities are not exhaustive.