SEC’s Office of Compliance Inspections Releases Its 2018 Examination Priorities

February 12, 2018Alerts Securities Industry Alert

The Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) has released its 2018 examination priorities, an annual report outlining the areas of the securities industry its examiners will target. This year, the priorities are organized into five broad areas:

  • Compliance and risks in critical market infrastructure
  • Retail investors
  • FINRA and MSRB
  • Cybersecurity
  • Anti-money laundering programs

The priorities also deal with recent hot-button developments in cryptocurrency and initial coin offerings. Firms should review the 2018 priorities and ensure that internal controls and practices are updated to effectively handle priority risks.

Compliance and Risks in Critical Market Infrastructure

Clearing agencies, national securities exchanges, transfer agents and the like are critical to the operation of financial markets. Thus, the OCIE will continue to target these entities for examination. As to clearing agencies, the OCIE will examine those designated as systemically important by the Financial Stability Oversight Council and focus on compliance with the SEC’s Standards for Covered Clearing Agencies. For national securities exchanges, the OCIE will focus on the exchange’s internal audits, fees, governance and the operation of National Market System plans. Finally, for transfer agents, the focus will be on transfers, recordkeeping and the controls in place for protecting funds and securities.

In addition, the SEC will examine whether entities subject to Regulation Systems Compliance and Integrity have effectively implemented policies for their systems’ capacity, integrity, resiliency, availability and security.

Retail Investors

Recognizing that many seniors are increasingly reliant on investments to fund retirement, the OCIE will continue to prioritize the protection of elderly and retiring investors. Firms providing investment services to these investors should ensure that they have internal controls in place to detect and prevent financial exploitation of senior investors.

On another front, the rapid growth of cryptocurrency and related markets has drawn the attention of the OCIE. Firms involved in these markets will be examined to ensure that theft-prevention controls are in place and that investors are fully informed of the risks inherent in initial coin offering markets, such as investment losses, liquidity, fraud and volatility. When a cryptocurrency qualifies as a security – which is not always abundantly clear – advisors must comply with the applicable securities laws.

Beyond these two areas, other areas of focus in the retail investor realm include: (i) ensuring transparency and accurateness in the charging of fees and other investment costs; (ii) “robo-advisers” and computer program algorithms that generate investment advice; (iii) advisors and broker-dealers that charge investors a single, bundled fee based on the percentage of assets being invested (i.e. “wrap fee programs”); (iv) never before examined advisers, particularly those with elevated risk profiles; (v) mutual funds and exchange traded funds; (vi) municipal advisors and underwriters; and (vii) ensuring best execution of customer orders in the fixed income secondary market.

FINRA and MSRB

The SEC will continue its oversight of FINRA and MSRB by inspecting these agencies’ operations and regulatory programs. As in previous years, the SEC will rely upon FINRA to carry the torch in supervising broker-dealers. Similarly, the SEC will look to MSRB to take the lead in supervising municipal advisors and broker-dealers that buy, sell and underwrite municipal securities.

Cybersecurity

Financial markets are constantly evolving to incorporate improvements in technology, which also bring new and unique cyber-risks. Consequently, the last few years have seen the SEC devote substantial resources to cybersecurity, and it expects market participants to do the same. This year, the OCIE’s focus will be on governance and risk assessment, access rights and controls, data loss prevention, vendor management, training and incident response.

Anti-Money Laundering Programs

The Bank Secrecy Act, 31 U.S.C. § 5311, et seq., requires securities firms (among others) to establish anti-money laundering programs. These programs must include means by which to identify customers, perform due diligence, and monitor accounts for suspicious activity. As to the latter requirement, suspicious activity must be reported to the Financial Crime Enforcement network via Suspicious Activity Reports. These reports have become increasingly important to law enforcement agencies in combatting terrorist financing, organized crime and public corruption. It is imperative that firms update their anti-money laundering programs and run independent tests on the efficacy of such programs. Suspicious Activity Reports must be filed timely and in full compliance with the Bank Secrecy Act.

Conclusion

The SEC priorities portend a regulatory scheme focused on customer protection and fraud-prevention in the face of an evolving marketplace. Issues driven to the forefront of the public consciousness, such as the disclosure of investment fees and cryptocurrency, have in turn elicited an increased focus by the SEC. At the same time, the SEC remains committed to ensuring that firms adjust their cybersecurity and anti-money laundering controls to account for new risks. Firms should thoroughly review the SEC’s 2018 priorities and consult with outside counsel to ensure that an appropriate response is implemented in their internal systems.

This publication is intended for general information purposes only. It does not constitute legal advice. The reader should consult with knowledgeable legal counsel to determine how applicable laws apply to specific facts and situations. This publication is based on the most current information at the time it was written. Since it is possible that the laws or other circumstances may have changed since publication, please call us to discuss any action you may be considering as a result of reading this publication.