Office of Compliance Inspections and Examinations Publishes 2018 Exam Priorities

The majority of these Exam Priorities are not surprising because they reflect the Commission’s continued focus on retail investors, conflicts of interest, fee disclosure, cybersecurity, cryptocurrency and AML programs.² The Exam Priorities can serve as a roadmap for firms to assess their policies, procedures and compliance programs, and to prepare for OCIE exams. This Update outlines and elaborates on each of the Exam Priorities.

As an initial matter, we note that the Exam Priorities include some interesting insights in a discussion of OCIE’s guiding principles. For example, in reaffirming OCIE’s limited resources, the Exam Priorities make clear that decisions such as which firms to examine and the scope of the exams are guided by a risk-based analysis (rather than in routine cycles). This risk-based approach is driven by rapidly advancing data analysis, including OCIE’s proprietary National Examination Analytics Tool (NEAT) developed by its Quantitative Analytics Unit. The insights and skills of OCIE’s financial engineers and analysts result in targeted risk analyses to identify potential high-risk examination candidates and risk-based issues to focus OCIE exams.

A Continued Focus on Retail Investors – what does this mean?

In the past, OCIE often focused on investor-related themes, including conflicts of interest, investment adviser fees and expenses, and the adequacy and accuracy of disclosures. The Exam Priorities continue this trend. OCIE will continue to prioritize the proper disclosure and calculation of fees, expenses and other charges investors pay. OCIE also will continue to devote its attention to valuation, particularly where advisers calculate fees and expenses on asset valuation.

Efforts to safeguard Main Street investors include an emphasis on certain business models or practices, including conflicts of interest that may incentivize the promotion of certain products — specifically those with higher commissions or expense ratios that may be inherently more risky than others and potentially unsuitable for retail investors. In the advisory account context, OCIE will review failures to assign new investment advisory representatives to client accounts when existing representatives depart and changes in account fee structures from commission-based to a percentage of client assets under management. OCIE also will continue its years-long concentration on the fairness and structure of wrap fee programs for various types of retail investors, including best execution and the disclosure of costs included in wrap fee programs for bundled services provided by investment managers. Interestingly, in the context of retail investors, OCIE also notes that it will focus on private fund managers with a “high concentration” of nonprofit organizations and pension funds investing for the benefit of retail investors.

Given the role mutual funds and exchange-traded funds (ETFs) play as primary investment vehicles for retail investing, it is no surprise they are a priority. Indeed, retail funds have been a Commission focus for many years.³ OCIE continues to highlight advisory personnel that recommend mutual fund share classes with higher sales loads or distribution fees as well as on the risks associated with underperforming mutual funds, mutual funds facing liquidity issues and mutual funds that have inexperienced managers or hold securitized products or other investments that are difficult to value. OCIE will focus on mutual funds and ETFs themselves, including performance and valuation issues, as well as risks of lightly traded ETFs and conflicts related to ETF index providers.

Investment advice offered through automated or digital platforms also continues to be a priority, including the examination of compliance programs’ oversight of robo-advisers and similar platforms. Examinations will include review of compliance oversight of the algorithms used to generate investment recommendations, investment marketing materials, protection of investor data and disclosure of conflicts of interest.

Once again, included within the goal of protecting retail investors is continued OCIE focus on never-before-examined investment advisers and examination of advisers that have “elevated risk profiles.” Since implementation in 2012 of adviser registration requirements mandated by the Dodd-Frank Wall Street Reform and Consumer Protection Act, the examination of both newly registered advisers and advisers that have not been examined in some time continues to be high on the OCIE priority list. More recently, Chairman Clayton announced that the Commission reassigned approximately 100 broker-dealer examiners to conduct investment adviser exams and that he expects an increase in investment adviser exams of more than 40 percent this year.⁴

Finally, three other areas that OCIE identified as key for retail investors include: municipal advisors and underwriters, fixed income order allocations, and cryptocurrency and related issues. Compliance by municipal advisors with registration, bookkeeping, supervision and other MSRB requirements will remain in focus. Fixed income order execution will be examined to assess whether broker dealers fulfill their best execution obligations. The Commission also has been vocal about the risk of investment loss, liquidity risk, price volatility and fraud in the cryptocurrency space. Accordingly, cryptocurrency and other blockchain products and services, including initial coin offerings (ICOs), are new focus areas that clearly will receive resources and attention.

Compliance and Risks in Critical Market Infrastructure

Entities that provide critical market infrastructure continue to be an exam priority. With an emphasis on systemically important agencies, clearing agencies can expect OCIE to examine, among other things, their compliance with the Commission’s standards for covered clearing agencies and remediation of deficiencies identified in prior exams. Additionally, national securities exchanges can expect requests for internal audits that will serve as a source of information regarding compliance failures and other deficiencies. Other focal points of these exams will include revenue and expense generation, allocation and governance. OCIE further noted that the examination of transfer agents will focus on transfers, recordkeeping and safeguarding funds and securities. Lastly, OCIE will continue to focus on the controls, policies and procedures of Regulation Systems Compliance and Integrity entities (including national securities exchanges and clearing agencies) in order to evaluate their ability to take corrective action in the event of a system anomaly.

FINRA and MSRB

The Commission’s oversight of both FINRA and the MSRB will continue throughout 2018. OCIE will scrutinize FINRA’s operations and regulatory programs as well as the quality of its broker-dealer and municipal advisor examinations. The MSRB can expect OCIE to evaluate the effectiveness of its internal operational policies, procedures and controls.

Cybersecurity

OCIE will continue to work with firms in all sectors to identify and manage cybersecurity risks and encourage other market participants to engage in this effort as well. OCIE’s examinations will focus on cybersecurity governance, risk assessment, access rights and controls, data loss prevention, vendor management, training and incident response. Given the attention that the Commission has paid to cybersecurity in speeches, congressional testimony and stated priorities, registrants should expect cybersecurity to be a component of any Commission exam. Registrants also should take note of the Enforcement Division’s creation of a Cyber Unit this past September.⁵

AML Programs

The Exam Priorities indicate that OCIE’s examinations will focus on determining whether financial institutions are adapting their AML programs to address their AML obligations and whether they are filing timely, complete and accurate suspicious activity reports. Examiners will assess whether firms are taking reasonable steps to understand the nature and purpose of customer relationships to comply with their customer due diligence/Know Your Customer responsibilities. OCIE will examine whether financial institutions are conducting timely, robust and independent testing of their AML programs. The 2018 Exam Priorities demonstrate that AML remains a key OCIE focus.⁶

As noted, OCIE’s announced priorities should come as no surprise. The Exam Priorities reflect certain concerns and risks Commission officials have expressed over the past few years. Firms should use the roadmap outlined by OCIE to test for, enhance and remediate any suspected deficiencies related to the 2018 OCIE priorities.

¹ U.S. Securities and Exchange Commission 2018 National Exam Program Examination Priorities, Office of Compliance Inspections and Examinations, available at https://www.sec.gov/about/offices/ocie/national-examination-program-priorities-2018.pdf.

² See “Testimony on Examining the SEC’s Agenda, Operation, and Budget,” Chairman Jay Clayton, Washington, D.C., October 4, 2017 (“While I will not go into great detail on all of the principles here, I would like to highlight the second principle, which is particularly important to me – that our analysis starts and ends with the long-term interests of the Main Street investor; or as I call them, ‘Mr. and Ms. 401(k)’ ”), available at https://www.sec.gov/news/testimony/testimony-examining-secs-agenda-operation-and-budget.

³ See U.S. Securities and Exchange Commission Division of Investment Management: Report on Mutual Fund Fees and Expenses, December 2000, available at https://www.sec.gov/news/studies/feestudy.htm.

⁴ See Chairman Clayton’s Testimony at FN 2.

⁵ See “Testimony on Examining the SEC’s Agenda, Operation, and Budget,” Chairman Jay Clayton, Washington D.C., October 4, 2017 (“Cybersecurity is an area that is vitally important to the SEC, our markets and me personally. The prominence of this issue and the heightened focus the agency has on it is the result of various factors, including (1) the increased use of and dependence on data and electronic communications, (2) the greater complexity of technologies present in the financial marketplace and (3) the continually evolving threats from a variety of sources”), available at https://www.sec.gov/news/testimony/testimony-examining-secs-agenda-operation-and-budget. See also The SEC Enforcement Division’s Initiatives Regarding Retail Investor Protection and Cybersecurity, Stephanie Avakian, Co-Director, Division of Enforcement, Washington, D.C., October 26, 2017, available at https://www.sec.gov/news/speech/speech-avakian-2017-10-26#_edn1.

⁶ See “Anti-Money Laundering:  An Often-Overlooked Cornerstone of Effective Compliance,” Kevin W. Goodman, National Associate Director, Broker-Dealer Examination Program, Office of Compliance Inspections and Examinations, Securities Industry and Financial Markets Association, June 18, 2015, available at https://www.sec.gov/news/speech/anti-money-laundering-an-often-overlooked-cornerstone.html.