On January 7, 2020, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) released its 2020 examination priorities. OCIE is prioritizing practices, products, and services that it believes present heightened risks to investors or market integrity. The examination priorities are organized around seven themes, many of which build on OCIE’s priorities from prior years:
- Retail investor protection, including seniors and those saving for retirement;
- Market infrastructure;
- Information security;
- Focus areas relating to investment advisers, investment companies, broker-dealers, and municipal advisors;
- Anti-money laundering programs (AML);
- Financial technology (Fintech) and innovation, including digital assets and electronic investment advice; and
- Financial Industry Regulatory Authority (FINRA) and the Municipal Securities Rulemaking Board (MSRB).
Retail Investor Protection, Including Seniors and Those Saving for Retirement
Continuing with the trend in recent years, OCIE will focus on recommendations and advice given to retail investors, with a particular focus on seniors and those saving for retirement. The examinations will focus on intermediaries that serve retail investors—namely, registered investment advisers (RIAs), broker-dealers, and dually-registered firms—and on investments marketed to, or designed for retail investors, such as mutual funds and exchange-traded funds (ETFs), municipal securities and other fixed income securities, and microcap securities. OCIE will also focus on higher risk products, such as those that:
- are complex or non-transparent;
- have high fees and expenses; or
- where an issuer is affiliated with or related to the registered firm making the recommendation.
OCIE acknowledged the impact that Regulation Best Interest and Form CRS will have on retail investors. In order to help broker-dealers with the June 30, 2020 compliance date for Regulation Best Interest and Form CRS, OCIE will engage with broker-dealers during the exam process to answer questions they may have concerning implementation of the new rules.
With regard to RIAs as fiduciaries, OCIE will focus on whether they have fulfilled their duties of care and loyalty by providing advice in the best interests of their clients and eliminating—or at least exposing—conflicts of interest. Fees and expenses, as well as undisclosed—or inadequately disclosed—compensation arrangements, will likely continue as focus areas.
Information Security
In 2020, OCIE examiners will focus on:
- Governance and risk management;
- Access controls;
- Data loss prevention;
- Vendor management;
- Training; and
- Incident response and resiliency.
As in past years, these focus areas will allow OCIE to prioritize cyber and other information securities risks in each of its five examination programs. Examinations will focus on proper configuration of network storage devices, information security governance generally, retail trading information security, and RIAs’ protection of clients’ personal financial information. With respect to third-party and vendor risk management, OCIE will focus on oversight related to certain service providers.
Fintech and Innovation, Including Digital Assets and Electronic Investment Advice
Recognizing that advancements in financial technologies, methods of capital formation and market structures, and registered firms’ use of new sources of data warrant ongoing attention and review, OCIE has placed particular emphasis on Fintech and Innovation in 2020.
In the digital asset space, OCIE will continue to assess: (1) suitability; (2) portfolio management and trading practices; (3) safety of client funds and assets; (4) pricing and valuation; (5) effectiveness of compliance programs and controls; and (6) supervision of employee outside business activities.
With regard to “robo-advisers” or automated investment tools and platforms, OCIE will continue its focus on:
- Registration;
- Cybersecurity policies and procedures;
- Marketing;
- Fiduciary duty, including adequacy of disclosures; and
- Effectiveness of compliance programs.
Additional Focus Areas Relating to Investment Advisers, Investment Companies, Broker-Dealers, and Municipal Advisors
These registrants can expect OCIE to continue its risk-based examinations in 2020.
- New RIAs and RIAs registered for several years that have yet to be examined should expect to become areas of focus for OCIE in 2020.
- Investment companies can expect examinations focusing on mutual funds and ETFs, RIA activity, and oversight practices.
- Broker-dealer examinations will focus on recent rulemaking and trading practices, and
- Municipal advisor examinations will include registration and continuing education requirements, as well as fiduciary duty obligations.
Anti-Money Laundering
AML is a repeat priority for OCIE as it is for all regulators in the financial industry regulatory space. In 2020, OCIE will examine whether broker-dealer and investment companies are complying with their AML obligations. OCIE notes four areas of review:
- customer identification programs and SAR filing obligations;
- customer due diligence;
- compliance with beneficial ownership requirements; and
- timely and robust independent testing of AML programs.
Market Infrastructure
With respect to market infrastructure, OCIE will continue examinations of entities providing services critical to market infrastructure, including clearing agencies, national securities exchanges, alternative trading systems, and transfer agents. Particular attention will be given to the security and resiliency of entities’ systems.
Conclusion
OCIE’s examination priorities for 2020 will largely follow prior focus areas, emphasizing the protection of retail investors with particular focus on fee disclosures, senior investors, and retirement accounts. OCIE will also continue to examine firms’ abilities to manage risk associated with cybersecurity breaches, money laundering, and digital assets and electronic investment advice. Finally, regulated firms are reminded that the examination priorities identified are not exhaustive and that OCIE will continue to conduct examinations determined through a risk-based approach that includes analysis of an entity’s history, operations, services, products offered, and other factors.