This year’s examination priorities of the Office of Compliance Inspections and Examinations (OCIE) of the U.S. Securities and Exchange Commission (SEC) were announced on February 6, 2018, and cover five broad, albeit non-exhaustive, topics.1

  • Protection of retail investors, including seniors and those saving for retirement;

  • Compliance and risks of entities (such as clearing agencies, securities exchanges and transfer agents) that provide critical market infrastructure functions;

  • The quality and effectiveness of the operations and regulatory programs, policies, procedures and controls of Financial Industry Regulatory Authority (FINRA) and Municipal Securities Rulemaking Board (MSRB);

  • Cybersecurity, including high level issues, such as governance and risk assessment, ongoing internal controls and procedures (including access rights, training and vendor management) and incident response; and

  • Anti-money laundering programs.

The priorities were determined based on the experiences of OCIE staff, and in consultation with the SEC chairman and commissioners, staff from other divisions and offices, the Office of the Investor Advocate and other regulatory agencies. OCIE noted that the priorities are “not exhaustive” and that other examination topics may emerge as additional risks are identified, or as a result of local risk assessments by the SEC’s regional offices. Accordingly, registrants cannot expect examinations conducted by the SEC in 2018 to be limited to those articulated in the announcement.

Message from OCIE’s Leadership Team

New to this year’s priorities is a message from OCIE’s leadership team that describes the principles underlying the priorities and their implementation. These principles take as their starting point the consistent growth in the number, complexity and assets of SEC registrants during a period that the SEC examination staff has not grown in number commensurately. Thus, the SEC has centered its examination program on risk analysis (principle 1), where the staff’s highest and best use (principle 4) is to focus on firms, activities and areas that present the highest risk of harm to investors and markets. A critical application of this principle is the staff’s increasing use of data analytics (principle 2) for risk assessment (in particular, identifying higher risk examination candidates) and examination scoping, planning and execution. The SEC staff has sought to keep pace with technological innovation (principle 5) to understand the advances impacting the markets and registrants’ business models and how these might be used to harm investors. Finally, the announcement is a reminder that the staff tries to be transparent about examination findings (principle 3) through Risk Alerts and other public statements, so that registrants can learn from these findings, which the staff views as a force multiplier for the examination program.

Retail Investors, including Seniors and those Saving for Retirement

The first identified priority is the protection of retail investors, which OCIE states “is embedded in the SEC’s mission and ... OCIE’s organizational culture.” OCIE’s examinations will focus on “higher risk products” and “recent technological changes” in the provision of investment advice. OCIE emphasizes the following areas of focus, most of which continue and/or expand upon existing examination priorities:

  • Disclosure of the Costs of Investing. OCIE notes that examiners will review whether fees and expenses charged (e.g., to advisory accounts) are calculated as disclosed to investors in investor agreements or otherwise, as well as the adequacy of disclosures of potential conflicts of interest (e.g., related to incentives for recommending products with greater cost or risk), perhaps signaling one component of the SEC’s standard of conduct rulemaking. OCIE will also consider whether certain practices or business models increase the risk of inadequate disclosure to investors. These include (among others): changing the manner of calculating fees from commission-based to a percentage of client assets under management; and “private fund advisers that manage funds with a high concentration of investors investing for the benefit of retail clients, including non-profit organizations and pension plans.”
  • Electronic Investment Advice. OCIE will continue its focus on robo-advisers and other automated or digital platforms through which investment advisers – and broker-dealers – primarily engage with clients online. A particular focus will be how compliance programs oversee “computer program algorithms that generate recommendations,” as well as “marketing materials, investor data protection, and disclosure of conflicts of interest.”
  • Wrap Fee Programs. OCIE will also continue the SEC’s focus on wrap fee programs, particularly the assessment of whether investment advisers are complying with their contractual and fiduciary duties to clients. Examiners will review: the reasonableness of recommendations related to wrap fee programs; the appropriate disclosure of potential conflicts of interest; and whether “investment advisers are obtaining best execution and disclosing costs associated with executing trades through another broker-dealer.”
  • Never-Before-Examined Investment Advisers. OCIE will continue to select advisers with “elevated risk profiles” for examination.
  • Senior Investors and Retirement Accounts and Products. Following on the recent effective date of FINRA’s rules relating to the financial exploitation of seniors and other vulnerable adults,2 OCIE will evaluate broker-dealers’ interactions with, and ability to identify the financial exploitation of, senior investors. Among other issues, examinations will focus on registrants’ supervision of representatives’ sales practices to senior investors. With respect to broker-dealers and investment advisers that provide services related to retirement accounts, OCIE examinations will include (among other matters) the review of: investment recommendations; sales of variable insurance products and target date funds; and registrants’ “involvement in retirement vehicles that primarily serve state and local government employees and non-profit employees.”
  • Mutual Funds and Exchange Traded Funds (ETFs). In examining mutual funds, OCIE will focus on funds “(i) that have experienced poor performance or liquidity in terms of their subscriptions and redemptions relative to their peer groups, (ii) that are managed by advisers with little experience managing registered investment companies, or (iii) that hold securities which are potentially difficult to value during times of market stress.” In examining ETFs, OCIE will focus on “funds that have little secondary market trading volume and that face the risk of being delisted from an exchange and having to liquidate assets,” and on whether such funds have adequately disclosed the related investment risks.In examining mutual funds and ETFs that track custom-built indexes, OCIE will assess whether the adviser has conflicts with the index provider, and will review the adviser’s involvement in the “selection and weighting of index components.”
  • Municipal Advisors and Underwriters. OCIE examinations will continue to focus primarily on municipal advisors that are not registered as broker-dealers and their compliance with registration, recordkeeping and supervision requirements, as well as on MSRB rules including professional qualification and continuing education requirements and on the core standards of conduct and duties of municipal advisors. OCIE will also continue to examine municipal underwriters for their compliance with SEC and MSRB rules.
  • Fixed Income Order Execution. OCIE will examine broker-dealers’ implementation of best execution policies and procedures for secondary market transactions involving municipal and corporate bonds.
  • Cryptocurrency, ICOs, Secondary Market Trading and Blockchain. OCIE will “monitor the sale of these products, and where the products are securities, examine for regulatory compliance.” OCIE will assess the adequacy of protection of assets from theft or misappropriation and whether appropriate disclosure of risks (e.g., losses, liquidity, price volatility and potential fraud) are provided to investors. Chairman Clayton recently stated that professionals in the ICO market “need to act responsibly and hold themselves to high standards ... [and] they can do better.”3

Compliance and Risks in Critical Market Infrastructure

The priorities cover:

  • Clearing Agencies. OCIE will examine “systemically important” (as designated by the Financial Stability Oversight Council) clearing agencies that are supervised by the SEC, for compliance with applicable SEC standards and the taking of “timely corrective action” in response to prior exams.
  • National Securities Exchanges. OCIE will focus on exchanges’ internal audits and fees paid under the Securities Exchange Act of 1934, as well as the operation of certain National Market Systems (NMS) plans.
  • Transfer Agents. OCIE will focus examinations on “transfers, recordkeeping, and the safeguarding of funds and securities,” as well as transfer agents that service microcap or crowdfunding issuers.
  • Regulations Systems Compliance and Integrity (SCI) Entities. OCIE will assess the effectiveness of the implementation of compliance policies and procedures for the capacity, integrity, resiliency, availability and security of the systems of clearing agencies, and national securities exchanges, alternative trading systems and other SCI entities. Examiners will also evaluate SCI entities’ controls for recording transaction time, systems’ synchronization, readiness, business continuity planning, vendor risk management and enterprise risk management, including with respect to subsidiaries and interconnected infrastructure. Cloud-based services will be a particular focus of examiners.

Focus on FINRA and MSRB

OCIE will examine FINRA’s operations and regulatory programs and the quality of its examinations of broker-dealers, including those registered as municipal advisors. The examination staff will also examine the effectiveness of particular MSRB operational and internal policies, procedures and controls.

Cybersecurity

Cybersecurity will continue to be a focus of each OCIE examination program, especially with respect to evaluating “governance and risk assessment, access rights and controls, data loss prevention, vendor management, training, and incident response,” among other issues.

Anti-Money Laundering (AML) Programs

In examining the AML programs of covered institutions (including SEC-registered broker-dealers and investment companies), OCIE will review (among other areas) the institutions’ customer due diligence and risk assessment. OCIE will also evaluate whether the institutions properly file suspicious activity reports and conduct robust and independent tests of their AML programs.

SEC Fiscal Year 2019 Budget Request

On February 22, 2018, the SEC submitted to Congress a budget request for fiscal year 2019,4 which discusses the allocation of restored positions to OCIE and the Division of Enforcement. The budget request indicates the SEC’s continuing commitment to robust examination and enforcement programs. The SEC’s budget request for fiscal year 2019 includes, among other requests for staff increases:

  • OCIE. Restoration of 24 positions, including 13 positions allocated to examinations of investment advisers and investment companies and three positions to examinations related to clearance and settlement and two positions to examinations of broker-dealers, exchanges, FINRA and MSRB.
  • Division of Enforcement. Restoration of 17 positions, including trial lawyers and support of newly created Retail Strategy Task Force and Cyber Unit.

Conclusion

OCIE indicates that the description of its priorities “is not exhaustive.” Therefore, while the priorities indicate where OCIE intends to focus resources in the coming year, registrants should not expect examinations to be limited to the issues highlighted above. Nonetheless, the priorities provide the first comprehensive signal of the Clayton SEC’s examination policies. While they do reflect Chairman Clayton’s signature emphasis on Main Street investors, technological changes and cybersecurity, there also is considerable continuity with the priorities of the SEC under prior Chair Mary Jo White. With this continuity and signaling in mind, firms may want to review their policies and procedures and conduct internal compliance reviews.