Every year, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) publishes its examination priorities to address risks that are a potential threat to investors or the integrity of the U.S. capital markets. On December 20, 2018, OCIE released its 2019 examination priorities, which are available at https://www.sec.gov/files/OCIE%202019%20Priorities.pdf. These priorities are a must-read for Registered Investment Advisers (“RIAs”) and broker-dealers as they implement and improve their compliance programs.
OCIE’s examination priorities involve six themes that include perennial risk areas, as well as developing products and services:
- Compliance and risk related to registrants responsible for critical market infrastructure;
- Matters of importance to retail investors, including seniors and those saving for retirement;
- FINRA and MSRB reviews;
- Digital assets such as cryptocurrencies, coins, and tokens;
- Cybersecurity; and
- Anti-money laundering (“AML”) programs.
According to SEC Chairman Jay Clayton, these priorities demonstrate that OCIE remains focused on critical market infrastructure and Main Street investors.
Compliance and Risks in Critical Market Infrastructure
The proper functioning of capital markets is still a high priority for the SEC. To achieve that goal, OCIE will focus on compliance and risk among registrants responsible for critical market infrastructure, such as clearing agencies, national securities exchanges, and transfer agents. For example, OCIE will conduct examinations of clearing agencies to ensure that trades settled on time and at the agreed-upon terms.
There are more than twenty national securities exchanges that facilitate transactions in the marketplace. OCIE examines their internal audit and surveillance programs and funding for regulatory programs.
Retail Investors, Including Seniors and Those Saving for Retirement
Because protecting retail investors continues to be an OCIE priority, examiners will focus on a number of areas that include:
Fees and Expenses: Disclosure of the Costs of Investing
Fees and expenses may diminish an investor’s return. Therefore, it is imperative that investors receive adequate disclosure of the fees and expenses they are paying for products and services. Financial professionals must accurately calculate and charge fees in accordance with their disclosures and client agreements.
As part of its risk-based examination program, OCIE will examine firms whose practices or business models increase the risk of inadequately disclosed fees, expenses, or other charges. OCIE will continue to analyze the financial incentives that may impact financial professionals’ choice of certain mutual fund share classes. Examiners will also scrutinize RIAs’ wrap fee programs, which are not necessarily the right choice for every investor.
Conflicts of Interest
RIAs must comply with their fiduciary and contractual obligations. Conflicts of interest can incentivize an adviser to recommend certain types of products and services.
To protect investors, examiners will review policies and procedures that address the following areas:
- Use of affiliated service providers and products;
- Securities-backed non-purpose loans and lines of credit, which allow borrowers to use the securities in their brokerage or advisory accounts as collateral to obtain a loan; and
- Borrowing funds from clients, which raises a number of conflicts of interest for an RIA.
When examiners encounter this practice, they will dig down to determine if the firm made full disclosure. For instance, an RIA may fail to disclose that the firm’s finances are deteriorating.
Senior Investors and Retirement Accounts and Products
To prevent financial exploitation of senior investors and investors saving for retirement, OCIE will examine how broker-dealers oversee their interactions with them. Examinations of RIAs will focus on their compliance program and the appropriateness of their recommendations to seniors. Examiners will determine if an RIA is effectively supervising its employees and independent representatives.
Portfolio Management and Trading
During RIA examinations, examiners will be reviewing portfolio management processes to determine whether the adviser’s investment or trading strategies are:
- Consistent with disclosures made to investors;
- Relying on new and risky investments or products without full disclosure of the risks; and
- Monitored for risks that go hand-in-hand with the strategy; and
- Suitable for and in the best interests of investors.
An RIA’s fiduciary duty goes well beyond the obligation to recommend suitable investment or trading strategies.
Never-Before or Not Recently-Examined Investment Advisers
OCIE is still devoting resources to inspect RIAs that have never been examined. Using its risk-based approach, OCIE will schedule exams of newly-registered investment advisers, as well as firms registered for several years. Another of OCIE’s priorities is to examine RIAs that have not been inspected for several years and have grown substantially or changed business models.
Mutual Funds and Exchange Traded Funds
Many retail investors utilize mutual funds and exchange traded funds (“ETFs”) as their go-to investment vehicles. Examinations will evaluate industry practices and regulatory compliance in a number of areas that significantly impact retail investors. Among the risks focused on, examiners will look closely at funds with aberrational underperformance relative to their peer groups
Municipal advisors give advice to or on behalf of a municipal entity regarding the issuance of municipal financial products or municipal securities. OCIE will conduct select examinations of municipal advisors that have never been examined. Examiners will focus on whether these municipal advisors have satisfied their registration requirements and continuing education requirements. Examiners will investigate whether the municipal advisor fully disclosed its conflicts of interests and fulfilled its fiduciary duty to a municipal entity.
Broker-Dealers Entrusted with Customer Assets
When broker-dealers hold customers’ cash and securities, they are subject to the Customer Protection Rule and other regulations. Broker-dealers must ensure that customers’ assets are safeguarded and accurately reported. The Customer Protection Rule curtails the broker-dealer’s use of customer assets. Examiners will ensure that the broker-dealer has complied with this rule and has implemented procedures and controls to promote compliance.
Microcap securities, which have a market capitalization of under $250 million, pose a greater threat to investors. OCIE will focus on a variety of areas, such as pump-and-dump schemes.
Oversight of FINRA and MSRB
OCIE will continue to oversee FINRA by examining the organization’s operations and regulatory programs, as well as the quality of its examinations of broker-dealers and municipal advisors. OCIE will also examine MSRB to ascertain the effectiveness of its operations. In addition, examiners will assess MSRB’s policies, procedures, and controls.
Investing in digital assets can be very risky for investors. The number of digital market participants, such as RIAs, broker-dealers, and trading platforms, continues to escalate. OCIE continues to monitor the offer and sale, trading and management of digital assets. When these products are securities, examiners will make sure they are compliant with applicable regulations.
All of OCIE’s examination programs will prioritize cybersecurity. OCIE is placing special emphasis on the proper configuration of network storage devices, information security governance, and policies and procedures governing retail trading information security.
In a speech on December 6, 2018, Chairman Clayton, said this:
From a market oversight perspective, we continue to prioritize cybersecurity in our examinations of market participants, including broker-dealers, investment advisers and critical market infrastructure utilities. In assessing how firms prepare for a cybersecurity threat, safeguard customer information, and detect red flags for potential identity theft, for example, we have focused on areas including risk governance, access controls, data loss prevention, vendor management and training, among others.
Clayton said that the SEC’s Cyber Unit targets cyber-related misconduct. The Cyber Unit has focused on alleged misconduct involving intrusions into retail brokerage accounts, the submission of false regulatory filings, and hacking to obtain material non-public information. The SEC expects firms to educate their clients regarding scams and cyber-threats, so they will not be victimized.
Anti-Money Laundering Programs (“AML”)
Examiners will inspect broker-dealers to ensure they are complying with applicable anti-money laundering requirements, including whether firms are appropriately adapting their AML programs to address their regulatory obligations.
OCIE’s priorities are not carved in stone. OCIE will change its examination priorities in response to market conditions, industry practices, and emerging threats to investors.
Nevertheless, RIAs and broker-dealers will benefit significantly from reviewing and improving their compliance program in view of OCIE’s 2019 priorities.