On January 8 and February 7, 2018, respectively, the Financial Industry Regulatory Authority (“FINRA”) and the Office of Compliance Inspections and Examinations (“OCIE”) of the U.S. Securities and Exchange Commission (“SEC”) each published their 2018 regulatory and examination priorities.  Both regulators emphasized their commitment to prioritizing the protection of retail investors, with a particular focus on protecting senior and other more vulnerable investors. Additionally, both sets of priorities focused on cybersecurity and the need to prevent investor harm in this arena. For the first time, OCIE and FINRA both discussed cryptocurrencies and initial coin offerings (“ICOs”) in their 2018 priorities memoranda, highlighting the rapid growth of and the world’s white-hot interest in this industry, and echoing concerns that the staff of both regulators have expressed to investors regarding ICOs.
These published priorities, though not exhaustive, enable financial institutions, broker-dealers, investment advisers, and others to focus on issues and areas that regulators will be examining more closely in the coming year.  To this end, we offer a summary of some of the most significant OCIE and FINRA regulatory and examination priorities for 2018.
OCIE 2018 Examination Priorities
Peter Driscoll has now spent a full calendar year as the Director of OCIE, and it is clear from OCIE’s published priorities that there will be at least some shift in focus of its examinations in 2018. This year’s priorities reflect more “themes” around which OCIE plans to concentrate its examinations this year, including a theme dedicated specifically to FINRA and the Municipal Securities Rulemaking Board (“MSRB”). The other central themes include: (a) Matters of importance to retail investors, including seniors and those saving for retirement; (b) Compliance and risks in critical market infrastructure; (c) Cybersecurity; and (d) Anti-Money Laundering programs. Also new this year, OCIE laid out five principles upon which it will rely in executing its priorities including that the SEC is (a) risk based; (b) data driven; and (c) transparent; and that the SEC strives to (d) put its resources to their highest and best use; and (e) embrace innovation and new technology.
Retail Investors Like in past years, OCIE emphasized that it will continue its focus on retail investors, carrying forward Chairman Jay Clayton’s public emphasis on the “long-term interests of the Main Street investor”  or, as he often says, “Mr. and Mrs. 401(k) .”  In particular, OCIE plans to pay close attention to seniors and those saving for retirement, and will pursue examinations of firms that provide products and services to these types of investors. OCIE noted that it also plans to concentrate on high-risk products and recent technological changes, and laid out several specific areas of focus including:
Disclosure of the Costs of Investing. OCIE believes it is critically important that fees, expenses, and other charges are properly disclosed to investors. OCIE emphasized that it is important for financial professionals to inform investors of any conflicts of interest that could cause certain types of products or services to be recommended to investors that might be riskier or more expensive.  In this regard, OCIE examiners will look at whether fees and expenses are calculated and charged in accordance with the disclosures provided to investors, and will pay close attention to fees charged to advisory accounts, particularly where the fee is dependent on the value of the account. OCIE also stated that it will focus on firms that have practices that may create increased risks of investors paying insufficiently disclosed fees, expenses, or other charges including: (a) certain advisory personnel that may receive financial incentives to recommend that an investment in particular share classes of mutual funds be purchased or held where the investors might pay higher sales loads or fees; (b) accounts where investment advisory representatives have departed from firms and the accounts have not been assigned a new representative to oversee them properly; (c) advisers that changed the manner in which fees are charged from a commission on executed trades to a percentage of client assets under management; and (d) private fund advisers that manage funds with a high concentration of investors that invest for the benefit of retail clients, i.e., non-profits and pension plans.
Electronic Investment Advice. OCIE will continue to examine both investment advisers and broker-dealers that use automated or digital platforms to offer investment advice, including “robo-advisers.” Examinations will look at firms’ compliance programs, including the oversight of computer program algorithms that generate recommendations, as well as the firms’ marketing materials, investor data protection, and disclosure of conflicts of interest.
Wrap Fee Programs. OCIE will continue last year’s focus on wrap fee programs (i.e., investment programs that charge a single asset-based fee for bundled advisory and brokerage services). Examiners will look at whether (a) the recommendations to invest in a wrap fee program and to continue in the program are reasonable; (b) conflicts of interests are disclosed; and (c) investment advisers are obtaining best execution and disclosing all applicable costs.
Never-Before-Examined Investment Advisers. OCIE noted that it will continue to make risk-based assessments in selecting investment advisers for examination.
Senior Investors and Retirement Accounts and Products. Like FINRA (discussed below), OCIE will increase its focus on how broker-dealers oversee their interactions with and controls for senior investors, particularly relating to sales of products and services directed at them. Specifically, OCIE examinations will focus on investment recommendations, sales of variable insurance products, and sales and management of target date funds, which have exploded in recent years. Additionally, OCIE will examine investment advisers and broker-dealers in relation to retirement vehicles such as 403(b) and 457 plans which primarily serve state and local government and nonprofit employees.
Mutual Funds and Exchange Traded Funds (“ETFs”). OCIE will focus particularly on mutual funds that (a) have experienced poor performance or liquidity in terms of their subscriptions and redemptions relative to their peer groups; (b) are managed by advisers who lack experience managing registered investment companies; or (c) hold securities which are potentially difficult to value during times of market stress, including securitized auto, student, or consumer loans, or collateralized mortgage-backed securities. The focus on ETFs will be on funds that have little secondary market trading volume and face the risk of being delisted from an exchange and having to liquidate assets, as investors may be forced to pay the liquidation costs. In this respect, OCIE will review whether these investment risks are adequately disclosed to investors.
Municipal Advisors and Underwriters. OCIE will continue its focus on municipal advisors and will evaluate their compliance with registration, recordkeeping, and supervision requirements, particularly those municipal advisors that are not registered as broker-dealers.  Additionally, OCIE will look for compliance with MSRB rules regarding professional qualification and continuing education requirements, along with core standards of conduct and duties. OCIE added that it will continue to examine municipal underwriters for compliance with MSRB and SEC rules as well.
Fixed Income Order Execution. OCIE will continue to examine broker-dealers for the implementation of best execution policies and procedures for both municipal bond and corporate bond transactions.
ICOs, Secondary Market Trading, and Blockchain. A number of new risks for retail investors have appeared with the explosion of cryptocurrency and its related technology, Blockchain, onto the market. This hot topic makes its debut on OCIE’s examination priorities memorandum this year. OCIE will monitor the sale of these products and examine them for regulatory compliance. Specifically, examiners will review whether adequate controls and safeguards are in place to protect assets from theft or misappropriation, and whether investors are provided with adequate disclosures concerning the risks associated with these “new” investments.
Compliance and Risks in Critical Market Infrastructure OCIE highlighted four areas of focus under this theme, including:
Clearing Agencies. OCIE will continue its practice of conducting annual examinations of clearing agencies which the Financial Stability Oversight Council has designated as systemically important and for which the SEC is the supervising agency. These examinations will have a particular focus on (a) compliance with the SEC’s standards for Covered Clearing Agencies; (b) whether clearing agencies have taken timely corrective action in response to prior examinations; and (c) other areas identified in collaborating with the Division of Trading and Markets, and other regulators, if applicable.
National Securities Exchanges. With respect to national securities exchanges, OCIE will focus on the internal audits conducted by the exchanges, the fees paid under Section 31 of the U.S. Securities Exchange Act (“Exchange Act”), and the governance and operation of the National Market Systems (“NMS”) plans. With respect to the NMS plans, OCIE plans to examine the equities and options consolidated market data plans, focusing on governance, revenue and expense generation, as well as revenue and expense allocation procedures.
Transfer Agents. OCIE will also examine transfer agents, noting that candidates for examination will be transfer agents who serve as paying agents or that service microcap or crowdfunding issuers. The examinations will focus on transfers, recordkeeping, and the safeguarding of funds and securities.
Regulation Systems Compliance and Integrity (“SCI”) Entities. OCIE will continue to examine SCI entities, which include national securities exchanges, clearing agencies, and certain alternative trading systems, for their compliance with Regulation SCI. OCIE will particularly focus on SCI entities’ implementation of their policies and procedures, and will review controls relating to how systems record the time of transactions or events and how they synchronize with other systems. Additionally, OCIE will review entities’ readiness and business continuity plan effectiveness, vendor risk management, and enterprise risk management.
Focus on FINRA and MSRB FINRA. OCIE reiterated its emphasis on the SEC’s oversight of FINRA, and noted that its examinations of FINRA this year will focus on FINRA’s operations and regulatory programs, along with the quality of FINRA’s own examinations of broker-dealers and municipal advisors that are also registered as broker-dealers.
MSRB. The examination staff will also examine the MSRB, given the SEC’s responsibility to regulate municipal securities firms. Particular attention will be paid to the effectiveness of select operational and internal policies, procedures, and controls.
Like FINRA, OCIE highlighted the importance of cybersecurity particularly with the rise in cyber threats seen over the past year.  OCIE noted that it intends to work with firms to identify and manage cybersecurity risks, and its examinations in this area will focus on governance and risk assessments, access rights and controls, data loss prevention, vendor management, training, and incident response. OCIE previously released a Risk Alert on August 7, 2017 outlining observations from recent cybersecurity examinations that firms and financial professionals can also use as a tool to ensure readiness in this increasingly important area. 
Anti-Money Laundering (“AML”)
In 2018, OCIE will continue to focus on examining whether entities have appropriately adopted AML programs to address their obligations, which include having written programs to identify customers, performing customer due diligence, and monitoring accounts for suspicious activity. Additionally, OCIE will evaluate whether regulated entities are filing timely, complete, and accurate Suspicious Activity Reports (“SARs”), and whether they are conducting timely and robust testing of their AML programs.
FINRA 2018 Examination and Regulatory Priorities
After a full calendar year on the job, FINRA’s President and CEO, Robert W. Cook, distinctly makes his mark on FINRA’s 2018 priorities letter, from the addition of multiple new topics to a new section (titled “New Rules”). FINRA, like OCIE, addresses ICOs and cryptocurrency transactions. Additionally, Mr. Cook noted that “[a] number of our specific priorities from last year remain priorities this year, such as our continuing focus on high-risk brokers in terms of both rulemaking initiatives and examinations.”  FINRA, like OCIE, continues to pay particular attention to investment recommendations made to unsophisticated and vulnerable investors, including the elderly.
Six broad areas of focus are identified: (a) Fraud; (b) High-risk Firms and Brokers; (c) Operational and Financial Risks; (d) Sales Practice Risks; (e) Market Integrity; and (f) New Rules.
Acknowledging that fraud is always on its radar, FINRA touts its ability to investigate fraud aggressively and, when necessary, refer potential insider trading and other fraudulent activities to the SEC. FINRA continues its focus on microcap fraud schemes, especially as it relates to elderly (senior) investors who have been victimized by unregistered individuals using high-pressure sales tactics. With the addition of new FINRA Rule 2165 and amendments to FINRA Rule 4512 (discussed below), firms are better equipped to protect senior investors. Because FINRA will investigate brokers who use their own or their customers’ accounts to trade in microcap stocks with known or unknown counterparties, FINRA cautions firms to closely monitor their brokers’ activity in microcap stocks and evaluate their internal policies and training regarding contact with microcap stock promoters to help prevent brokers from engaging in any fraudulent scheme.
High-Risk Firms and Brokers
Continuing its top priority of 2017, FINRA seeks to further mitigate the potential risks that high-risk firms and individual brokers can pose to investors. FINRA identified four specific areas it will focus on: (1) firms’ hiring and supervisory practices for high-risk brokers especially those firms’ remote supervision arrangements, supervision of point-of-sale activities, and branch inspection programs; (2) recommendations for speculative or complex products to unsophisticated or senior investors by high-risk brokers, situations in which registered representatives operate as power-of-attorney or trustee on customers’ accounts or have future rights as a named beneficiary, and rollovers of qualified plans into non-qualified accounts; (3) when registered representatives conduct private securities transactions by raising funds from investors they serve away from their firm, FINRA will evaluate how firms monitor the proper use of proceeds from these offerings and whether the representatives adequately disclose their interest in, control of, and association with the issuer; and (4) firms’ controls regarding the outside business activities of registered persons, including identifying instances when representatives borrow money from their customers or make payments to customers from their outside business bank accounts.
Operational and Financial Risks
Again this year, FINRA highlighted several areas of focus relating to operational and financial risks including:
Business Continuity Planning (“BCPs”). FINRA Rule 4370 requires firms to have reasonably designed plans to meet their existing obligations to customers in case of an emergency or business disruption. The devastating effects of Hurricanes Harvey and Maria highlight the need for firms to maintain BCPs. When physical access to firm locations is impossible for an extended period, customers need alternative access to firms’ systems. Principally, FINRA will review how and under what circumstances firms activate their BCPs, and firms’ plans for restoring systems, procedures, and records once they are prepared to resume normal business operations.
Customer Protection and Verification of Assets and Liabilities. Pursuant to Exchange Act Rules 15c3-1 and 15c3-3, FINRA will examine the accuracy of firms’ net capital and reserve computations and focus on processes for verifying customer assets and proprietary assets and liabilities in firms’ financial records. FINRA may also contact custodial banks or other entities to assess the validity of reported positions.
Under Rule 15c3-3, FINRA will continue to evaluate whether firms have implemented adequate controls and supervision to protect customer assets. The main focus will be on whether firms maintain sufficient documentary evidence to demonstrate that securities are held free of liens and encumbrances, especially those held at foreign custodians; and whether firms’ foreign depositories, clearing agencies and custodial banks are “good control locations.” FINRA may also review underlying arrangements with foreign custodians to determine if they permit cross-liens or use temporary holding accounts.
Technology Governance. Because some firms have experienced major customer service and regulatory problems as a result of operational breakdowns caused by implementing new systems or modifications to existing systems, FINRA will review firms’ information and technology change management policies and procedures.
Cybersecurity. Cybersecurity threats remain a top FINRA priority. It will evaluate the effectiveness of firms’ cybersecurity programs, preparedness, technical defenses and resiliency measures. FINRA also reminded firms to consult its Examination Findings Report (issued in December 2017) for additional information and to ensure existing policies and procedures assess whether a SAR needs to be filed upon identifying a cybersecurity event.
AML. FINRA continues to find deficiencies related to firms’ policies and procedures to detect and report suspicious transactions, the adequacy of resources dedicated to AML monitoring, and the sufficiency of independent testing required under FINRA Rule 3310(c). FINRA asks firms to review its Examination Findings Report to better understand FINRA’s areas of concerns and observations on effective AML practices. Additionally, firms with foreign affiliates should ensure that high-risk transactions are not conducted through accounts at member firms, including in microcap and dual-currency securities. Firms should also confirm that their AML surveillance programs cover accounts used in connection with securities-backed lines of credit (“SBLOCs”) and aggregate activity across accounts when multiple accounts are used to receive and disburse funds in connection with an SBLOC.
Liquidity Risk. Consistent with past years, FINRA will review whether a firm’s liquidity planning is tailored to its business and customers, and will focus on the adequacy of firms’ material stress testing assumptions. When developing liquidity management plans, FINRA urges firms to review Regulatory Notice 15-33 for useful information on effective practices.
Short Sales. FINRA will examine firms’ policies and procedures for establishing and monitoring rates charged to customers for short sales. Specifically, when securities are borrowed in a conduit account and then loaned to a house account at a much higher rate, FINRA will evaluate whether firms calculate such rates in accordance with their procedures.
Sales Practice Risks Though four areas of focus are highlighted, FINRA’s addition of ICOs and cryptocurrencies for the first time in its annual letter makes the biggest splash given the increased regulatory scrutiny on transactions involving digital products:
Suitability. The vetting process takes center stage this year in terms of how firms meet their suitability obligations, including identifying complex products and ensuring that personnel are educated and trained to sell and supervise complex products. As part of the vetting process, FINRA counsels firms to identify product risks first and then educate personnel on those risks so that an informed evaluation can be made before recommending such products, especially to unsophisticated, vulnerable investors. Among other areas, FINRA will review situations involving Unit Investment Trusts, multi-share class products, concentrated positions in interest-rate sensitive instruments, short-term trading of products typically held long-term, IRA rollover recommendations involving securities transactions, and recommendations involving a switch from a brokerage account to an investment adviser account when it clearly disadvantages the customer.
ICOs and Cryptocurrencies. In a nod to the growing spotlight on digital assets and ICOs, like OCIE, FINRA assures the broker-dealer industry that it will closely monitor developments, including the role firms and representatives “may play in effecting transactions in such assets and ICOs.” Broadly speaking, where digital assets constitute securities, or an ICO involves the offer and sale of securities, FINRA may review all mechanisms firms have in place to comply with relevant laws, regulations and rules.
Use of Margin. To address observed shortcomings in the use of margin, FINRA will assess firms’ disclosure and supervisory practices related to margin loans. For example, FINRA has observed representatives soliciting customers to engage in share purchases on margin without informing them of the associated risks, as well as representatives entering into margin transactions without the customer’s written authority.
SBLOCs. As with other complex products, FINRA will seek to ensure that firms adequately disclose to customers the potential risks of such products, including the potential impact of a market downturn or an increase in interest rates, as well as tax implications. Also, where an SBLOC lender is an affiliate of the member firm or other third party, firms must have controls to earmark the collateral securing the SBLOC and make certain that the SBLOC collateral is not dually pledged for any other extension of credit.
Market Integrity This year, eight areas of focus were announced which reflect FINRA’s commitment to promoting market integrity in a manner that facilitates vibrant capital markets.
Manipulation. To keep pace with new threats and changes in market participants’ behavior, FINRA continues to enhance and expand its surveillance program. As evidenced by its Cross Market Auction Ramping surveillance pattern, launched in August 2017, artificial intelligence is used to identify potentially manipulative trading surrounding the open or close. FINRA also revised its Cross Market Marking the Open and Close surveillance pattern to reduce false positives, and enhanced its Cross Market Layering surveillance pattern to detect collusion among multiple market participants engaged in layering.
Best Execution. FINRA is expanding its equity best execution surveillance program to assess price improvement when firms route customer orders for execution or execute internalized customers orders. Specifically, it will evaluate both the frequency and relative amount of price improvement obtained or provided in comparison to other routing or execution venues. FINRA reiterates that firms must not let order routing inducements or their proprietary interests interfere with their duty of best execution. If a conflict of interest exists, FINRA will review how firms manage this situation. FINRA will also expand its fair pricing and best execution review in fixed-income securities, with an expected focus on transactions in U.S. Treasury securities.
Regulation SHO. Rule 201 of Regulation SHO captures FINRA’s increased attention this year. Firms should ensure that their policies and procedures prevent the execution or display of a short sale order at a price that is equal to or less than the national best bid when a Short Sale Circuit Breaker is in effect for a NMS security. If firms rely on an exemption to Rule 201, FINRA reminds firms to make sure their activity or short sale transactions qualify for the exemption, and to mark the order and report the trade as short exempt.
Fixed-Income Data Integrity. FINRA’s fixed income surveillance and trading examination programs will continue to review for complete, timely and accurate reporting of TRACE-eligible securities, and examinations will expand to include U.S. Treasury securities.
Options. FINRA remains focused on rooting out potential front running in correlated option products. To that end, FINRA designed surveillance patterns to detect related scenarios involving options where a market participant trades one product while having knowledge of a pending transaction in a correlated product prior to the public dissemination of the terms of the order. Among other areas, FINRA will also focus on options “marking the close” activity where the final National Best Bid and Offer is impacted in order to benefit positions held by the same account or other accounts acting in concert, and will conduct reviews of potential options-related violations of Exchange Act Rule 14e-4, which governs partial tender offers and requires that participants tender no greater than their “net long position.”
Market Access. To address firms’ deficiencies with the Market Access Rule (Exchange Act Rule 15c3-5), FINRA will seek to ensure that, among other things, broker-dealers maintain reasonable documentation to support financial limits, and conduct periodic reviews to assess the reasonableness of their thresholds.
Alternative Trading System Surveillance. Where FINRA has opened a review based on surveillance alerts related to potentially manipulative activity occurring on or through an Alternative Trading System (“ATS”), FINRA will review the ATS’ supervisory systems to ensure they are reasonably designed to achieve compliance with applicable laws, regulations and rules.
Report Cards. To assist firms with their compliance efforts, FINRA will launch three new report cards: (1) the Auto Execution Manipulation Report Card which will help firms identify non-bona fide orders designed to move the NBBO; (2) the Alternative Trading System Cross Manipulation Report Card which tracks potential manipulation of the NBBO in the context of modifying a security’s prevailing midpoint price on an ATS crossing venue; and (3) the Fixed Income Mark-up Report Card which will, among other things, provide data to firms, including median and mean percentage mark-ups for each firm.
FINRA’s letter also discussed some “significant” new rules that have or are currently scheduled to become effective in 2018, including:
- Financial Exploitation of Specified Adults. Effective February 5, FINRA Rule 2165 allows firms to place a temporary hold on disbursements of funds or securities from the accounts of specified customers where there is a “reasonable” belief of financial exploitation of these customers. Separate and apart from its Priorities Letter, FINRA recently issued guidance in the form of Frequently Asked Questions regarding Rule 2165 (and the amendments to Rule 4512 (below)). Importantly, FINRA makes clear that Rule 2165 does not apply to securities transactions, although it could apply to the proceeds from such a transaction if disbursed from a specified adult’s account and there is a reasonable belief of financial exploitation.
- Amendments to FINRA Rule 4512 (Customer Account Information). Amendments to Rule 4512 (also effective February 5) complement new FINRA Rule 2165 by, among other things, requiring members to make “reasonable efforts” to acquire the name and contact information for a trusted contact person for a non-institutional customer’s account. The aim is for the trusted contact person to serve as a resource to help protect the account from financial exploitation.
- The Financial Crimes Enforcement Network’s Customer Due Diligence Rule. Effective May 11, this rule applies to covered financial institutions, including broker-dealers, and seeks to strengthen due diligence in four areas: (1) customer identification and verification; (2) beneficial ownership identification and verification; (3) understanding the nature and purpose of customer relationships; and (4) ongoing monitoring for reporting suspicious transactions and, on a risk basis, maintaining and updating customer information.
- Amendments to FINRA Rule 2232 (Customer Confirmations). Effective May 14, among other things, the amended rule strives for greater transparency as it requires a member to disclose the amount of a mark-up or mark-down applied to trades with retail customers in corporate or agency debt securities if (and only if) the member also executed offsetting principal trades in the same security on the same trading day.
- Margin Requirements for Covered Agency Transactions (Amendments to FINRA Rule 4210). Effective June 25, there are new margin requirements for covered agency transactions.
- Consolidated FINRA Registration Rules. Effective October 1, FINRA Rules 1210 through 1240 seek to bring order and efficiency to FINRA’s qualification and registration requirements by, among other things, eliminating duplicative testing of general securities knowledge on representative-level examinations, and removing several outdated or unnecessary representative-level registration categories.
OCIE’s and FINRA’s examination priorities highlight principal risk areas for the securities industry and provide notice of anticipated examination and regulatory focus areas in 2018. Material deficiencies discovered in the examination process in these areas may be more likely to lead to investigations by the enforcement staff of both the SEC and FINRA, so firms should take heed of these priorities and assess their compliance and supervisory programs in connection with these identified risks.