On December 20, 2018, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) released its annual list of examination priorities for 2019. These priorities can be helpful to all registrants subject to OCIE’s oversight (“Registered Entities”), who would be well advised to take these priorities into consideration when designing or updating their supervisory and compliance programs as useful indicators of areas of special focus that may present a higher enforcement risk. As has been true for several years now, OCIE is continuing its focus on issues relating to retail investors, risks specific to elderly and retiring investors, and cybersecurity. Other continuing areas of focus include assessing compliance and risk at Registered Entities, such as clearing agencies, exchanges, and transfer agents, that are responsible for critical market infrastructure, and anti-money laundering compliance by broker-dealers. Newly added to this year’s priority list is a focus on digital assets and the sales of microcap securities to retail investors. Also new to the list is a focus on broker-dealer compliance with the customer protection rule (Exchange Act Rule 15c3-3).
Of course, these priorities are not exhaustive and OCIE’s examinations are likely to focus on many areas beyond them. Moreover, OCIE continues to characterize its examination selection process and scope determinations as a risk-based approach that provides it with sufficient flexibility to allow for coverage of emerging and exigent risks as they arise.
Retail Investors, Including Senior Investors and Retirement Investments
Areas of particular focus related to retail investors include:
- Fees and Expenses. Areas of concern include proper disclosure of fees and expenses and whether fees and expenses are accurately calculated and charged in accordance with relevant disclosures and agreements. With respect to mutual fund share classes, OCIE will continue to evaluate financial incentives that may influence the selection of particular, i.e., more expensive, share classes. With respect to wrap fee programs, OCIE will continue to review the adequacy of disclosures and brokerage practices.
- Conflicts of Interest. Areas of concern include (i) the use by advisers of affiliated service providers and products, which can present conflicts related to portfolio management practices and compensation arrangements; (ii) securities-backed non-purpose loans and lines of credit; and (3) borrowing from clients. As with fees and expenses, OCIE intends to review whether registrants have adequately disclosed all conflicts as well as any associated risks.
- Senior Investors and Retirement Accounts and Products. In the case of broker-dealers, OCIE intends to conduct examinations that review how broker-dealers oversee their interactions with senior investors, including their ability to identify financial exploitation of seniors. Investment adviser examinations will continue to cover the services and products offered to seniors and those saving for retirement. OCIE examinations will continue to focus on the appropriateness of investment recommendations to seniors and supervision and compliance programs related thereto.
- Portfolio Management and Trading. Areas of review will include execution practices, the allocation of investment opportunities among clients, whether investments are consistent with client objectives, and the adequacy of disclosures to clients. Examinations will also consider investment adviser portfolio recommendations to assess whether investment or trading strategies are (i) suitable and in the client’s best interest based upon investment objectives and risk tolerance, (ii) consistent with investor disclosures, (iii) accompanied by adequate risk disclosures, and (iv) appropriately monitored for risk.
Other Areas of Focus
- Never-Before or Not Recently-Examined Investment Advisers. OCIE will continue to conduct risk-based examinations of newly-registered advisers as well as those that have never been examined and will prioritize examinations of advisers that have grown substantially or changed business models since they were last examined.
- Mutual Funds and Exchange Traded Funds. Because mutual funds and exchange traded funds (“ETFs”) are the primary investment vehicle for many retail investors, OCIE will continue to prioritize examinations of these funds. This will include a focus on the activities of their advisers and board oversight practices as well as industry practices and regulatory compliance in areas that may significantly impact retail investors. Particular areas of focus will include (i) risks associated with funds that track bespoke indexes, (ii) ETFs with little secondary market trading volume and smaller assets under management, (iii) funds with higher allocations to certain presumably risky securitized assets, (iv) funds with aberrational underperformance relative to peer groups, (v) funds managed by advisers that are new to managing registered investment companies, and (vi) advisers that provide advice to both RICs and private funds with similar investment strategies.
- Municipal Advisors. Areas of focus with respect to municipal advisors will include satisfaction of registration requirements and professional qualifications as well as continuing education requirements, compliance with MSRB rules relating to advertisements, and standard of conduct for obtaining CUSIP numbers on behalf of issuers. Other areas of priority will include disclosures regarding conflicts of interest and compliance with the advisor’s fiduciary duty to its municipal clients.
- Broker-Dealer and Customer Assets. New to this year’s priority list is a statement that OCIE intends to conduct examinations of select broker-dealers to ensure compliance with the Customer Protection Rule (Exchange Act Rule 15c3-3) and the implementation of sufficient procedures and controls to promote compliance.
- Microcap Securities. Also new to this year’s priority list is a focus on microcap securities, i.e., companies with a market capitalization under $250 million. OCIE’s focus will include reviewing for manipulative schemes, compliance with Regulation SHO, which governs short sales, and compliance with Exchange Act Rule 15c2-11, which governs the submission and publication of quotations by broker-dealers for certain over-the-counter securities.
Compliance and Risks in Registrants Responsible for Critical Market Infrastructure/Focus on FINRA and MSRB
In order to promote an efficient and stable market by reducing market-wide risks, OCIE intends to continue its existing program of examining clearing agencies, entities subject to Regulation SCI, transfer agents, and national securities exchanges. Similarly, OCIE will continue its oversight of FINRA, with a focus on FINRA’s operations and regulatory programs and the quality of FINRA’s examinations of broker-dealers and municipal advisors that are also registered as broker-dealers, and of the MSRB and the effectiveness of its policies, procedures, and controls.
New to this year’s priority list, OCIE intends to identify market participants offering, selling, trading, and managing digital assets. For firms engaged in the digital asset market, OCIE intends to conduct examinations focused on portfolio management of digital assets, trading, safety of client funds and assets, pricing of client portfolios, compliance, and internal controls.
OCIE intends to continue to prioritize cybersecurity across its examination programs. This will include a focus on proper configuration of network storage devices, information securities governance generally, and policies and procedures related to retail trading information security. OCIE also intends to emphasize cybersecurity practices at investment advisers with multiple branch offices, including those that have recently merged with other investment advisers, and to continue to focus on governance and risk assessment, access rights and controls, data loss prevention, vendor management, training, and incident response.
Anti-Money Laundering Programs
OCIE intends to continue to prioritize compliance by broker-dealers with their anti-money laundering (“AML”) obligations, including their obligations to file suspicious activity reports, their compliance with all aspects of their AML programs, and compliance with independent testing obligations.