The SEC’s Office of Compliance Inspections and Examinations (“OCIE”) published its National Exam Program Examination Priorities (here). This year’s publication comes in the form of a brochure, much like the one issued by the Division of Enforcement in November 2017, detailing the new focus of the Division as well as the prior fiscal year’s statistics (here).
The 2018 exam priorities are built on five basic principles designed around five “themes,” according to the brochure. Many of the themes are familiar from prior years such as a focus on retail investors (also a key for the Enforcement Division), seniors, fees, compliance systems, cybersecurity, SARs and money laundering. New on the list of exam priorities is cryptocurrencies that involve securities; a subset of virtual currencies which are not all covered by the federal securities laws (here). Virtual currencies have been a key focus of concern for SEC Chairman Clayton (here).
Key principles on which the OCIE inspection program is built are:
- Risk based: A central part of the program ties to an analysis of what OCIE calls the “root causes of harm to investors and markets” from which the greatest risks are identified. This analysis informs the priorities of the program in terms of those selected to be inspected and the scope of the exam.
- Data: Data analysis is a key part of the inspection process. In particular the Quantitative Analytics Unit or QAR of the National Exam Analytics Tool; which is also referred to as NEAT, is used to facilitate an analysis of trading blotters. Data analysis is also used to identify high risk candidates for examination.
- Transparent: OCIE is committed to being transparent about the program in order to encourage compliance.
- Resources: Since the program has limited resources, OCIE focuses on leveraging those assets to maximum effectiveness.
- Technology: The program embraces the use of new technology in an effort to do more with less.
The five building blocks of the program tie directly to what OCIE calls the “five themes” of the program: retail investors, compliance and risks in critical market infrastructure, the SROs – FINRA and the MSRB -- cybersecurity and AML.
Key themes discussed in the OCIE brochure, along with examples of items that inspectors will examine include:
Matters of importance to retail investors and seniors: This is a key focus that was also included in last year’s list of exam priorities. Here OCIE intends to focus on higher risk products and technology changes regarding the delivery of investment advice. Key areas include:
- Cost of investing: Disclosures regarding fees and practices that might create incentives to recommend or use products with higher fees and increased risks; changes in products or the adviser representative; and the manner in which fees are calculated.
- Electronic investment advice: In this area inspectors will focus on the use of so-called “robo-advisers”.
- Wrap fee programs: This category includes recommendations to invest in such a program, conflicts for advisers regarding best execution and the investment associated with executing the trades through another broker-dealer – that is, trading away. OCIE has focused on this area in the past; enforcement has brought a series of actions centered on these programs.
- Senior investors and retirement accounts: This area has also been a key priority of the program in the past. Here OCIE intends to focus on the manner in which firms supervise the relation with senior investors. Areas of focus include the ability of the firm to identify these situations to avoid the exploitation of seniors and the firm’s related internal controls.
- Mutual funds – ETFs: The focus for mutual funds will be on those that performed poorly, have inexperienced advisers or that hold difficult to value securities (valuation issues have long been a key OCIE focus). For ETFs the focus will be on those with little secondary market trading volume and that face a risk of being delisted or those which may have to liquidate and whether investors were adequately informed of the risks.
- Fixed income order execution: The central focus here is on the implementation of best execution policies and procedures.
- Muni advisers: The key in this category is compliance with the registration, record-keeping and supervision requirements as well as MSRB rules for professional qualifications, continued education and core standards.
- Cryptocurrency, ICOs: OCIE intends to monitor these products and assess regulatory compliance where they involve securities, an issue which was the subject of an Enforcement Report of Investigation in July 2017 (here).
FINRA and MSRB: For FINRA, OCIE plans to focus on the examination of broker-dealers and municipal advisors that are registered as broker-dealers. For municipal securities firms, the inspection staff will examine the effectiveness of select operational and internal policies, procedures and controls.
Cybersecurity: The inspection program will continue to prioritize this key area, focusing on governance and risk management as well as access rights and controls, data loss prevention, vendor rights, trading and incident response.
AML: For broker-dealers and investment companies the inspection process will focus on the timely, complete and accurate filing of SARs and whether the firm is conducting adequate, timely and robust tests of its system.
In publishing these exam priorities OCIE emphasized that they are not exclusive. Perhaps more importantly, as new issues and risks emerge, OCIE may incorporate them into the program. It is thus of critical importance to continually monitor new alerts published by OCIE to keep abreast of additional areas that may be added to the inspection program.