The Securities and Exchange Commission's Office of Compliance Inspections and Examinations (OCIE) recently announced its 2018 examination priorities. This year, the OCIE examination priorities are largely focused on (1) matters of importance to retail investors, including seniors and those saving for retirement, (2) compliance and risks in critical market infrastructure, (3) FINRA and MSRB, (4) cybersecurity, and (5) antimoney laundering. OCIE's 2018 examination priorities reflect areas of potential high risk to investors and the U.S. capital markets. In its Leadership Team's opening message, OCIE reiterated that its work stands on four pillars: (i) promoting compliance, (ii) preventing fraud, (iii) identifying and monitoring risk, and (iv) informing policy. OCIE also reminds us that in executing these policies, its approach is risk based and data driven, seeks transparency and maximization of resources, and embraces innovation and technology.

Retail Investors, Including Seniors and Those Saving for Retirement

As it did in 2017, OCIE stated that it will continue to prioritize the protection of retail investors, particularly senior investors and those investing in retirement. In this regard, OCIE will review financial professional disclosures and the calculation of fees and expenses charged to investors. OCIE will also evaluate "roboadvisers," or "investment advisers and broker-dealers that offer investment advice through automated or digital platforms." In a further effort to protect senior investors, OCIE will evaluate all interactions with senior investors, including the investment advisors themselves, to identify practices that may or do result in the financial exploitation of seniors. OCIE's focus on "wrap fee" programs--a program where an investor is charged a "single bundled (wrapped) fee based on a percentage of assets for investment advisory and brokerage services"2--is to continue as well. Specifically, OCIE will determine whether broker-dealers and investment advisors are "acting in a manner consistent with their fiduciary duty" and whether they are satisfying their "contractual obligations to clients."

Moreover, in recognition of the growing and developing cryptocurrency market, OCIE will monitor the role of broker-dealers and investment advisers in the sale and exchange of cryptocurrency, specifically "whether financial professionals maintain adequate controls and safeguards to protect the assets from theft or misappropriation, and whether financial professionals are providing investors with disclosure about the risks associated with these investments."

Compliance and Risks in Critical Market Infrastructure

In its annual announcement, OCIE states that it will continue to evaluate clearing agencies, national securities exchanges, and transfer agents to ensure that they are in compliance with effective rules. OCIE further stated that it will focus on clearing agencies that the Financial Stability Oversight Council designates as "systematically important," and their compliance with the SEC's Standards for Covered Clearing Agencies, prior evaluations, and other standards set by other collaborating regulators. In evaluating the over 20 national securities exchanges, OCIE will review the exchanges' internal audits, fees collected under the Exchange Act, and the operation of certain National Market System plans.

OCIE further acknowledged the importance of transfer agents to the securities market, given that they "stand between the companies that issue securities and the individuals and entities that own those securities." OCIE stated that transfer agent examination candidates will include those agents who serve as paying agents or serve microcap or crowdfunding issuers. Their examinations will also focus on transfers, record keeping, and safeguarding funds and securities.

Cybersecurity

OCIE acknowledged that cybersecurity is critical to the operation of our markets. Given the severe risk and consequences cyberattacks pose to market participants and retail investors, OCIE is continuing to work with firms to examine their cybersecurity policies, data loss prevention, training, incident response, and other internal procedures used to prevent or minimize the effects of cyberattacks on their clients. OCIE stated that it is focused on working with firms to identify and manage cybersecurity risks and "to encourage market participants to actively and effectively engage in this effort."7 OCIE will continue to focus on "governance and risk assessment, access rights and controls, data loss prevention, vendor management, training, and incident response."

Anti-Money Laundering

The Bank Secrecy Act requires certain financial institutions to adopt and maintain anti-money laundering (AML) programs geared toward, among many things, identifying their customers, conducting customer due diligence, and monitoring accounts for suspicious activity, including terrorist financing, organized crime, and public corruption. OCIE stated that evaluating these AML programs is a top priority this year, and will ensure that the financial institutions are taking appropriate and reasonable steps to satisfy their obligations to customers, while also understanding the purpose and nature of customer relationships, to prevent the risk of fraudulent activity. In this regard, OCIE also intends to assess whether firms are (i) "filing timely, complete and accurate suspicious activity reports," and (ii) "conducting robust and timely independents tests of their AML programs."

Conclusion

OCIE's 2018 examination priorities include a number of familiar topics, including protection of retail investors, cybersecurity, and AML. Financial firms should be advised that OCIE's priorities are not an exhaustive list and may be adjusted in light of market conditions, industry developments, and OCIE's ongoing risk assessment activities.