Senior retail investors and cybersecurity. The only thing they have in common is their presence on the list of examination priorities this year for the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE).
The priorities are published annually to provide insight into the areas the SEC believes present some of the greatest risks to investors in the coming year. They also provide advisory firms the opportunity to perform a self-evaluation to determine what policies and procedures need to be updated and what training opportunities should be scheduled in the months to come.
“We hope this transparency helps firms evaluate and improve their compliance programs, which ultimately helps protect investors,” said OCIE Director Pete Driscoll.
The ‘Hallmarks’ of Effective Compliance
A commitment to compliance from C-level executives has been referenced by OCIE as perhaps the most important “hallmark” of a good compliance program. As such, top-level executives would benefit from reviewing OCIE’s 2020 priorities to assess the impact on their respective business models and proceed to take proactive measures to review and strengthen their compliance programs.
In its 2020 Examination Priorities, OCIE cites the following three “hallmarks” of effective compliance:
- The compliance department’s active engagement in most facets of firm operations.
- Early involvement in important business developments.
- The employment of a knowledgeable CCO empowered with full responsibility, authority, and resources to develop and enforce policies and procedures.
In addition, OCIE emphasizes it is crucial that firms invest resources – including time and personnel – to enable effective compliance in the operation of their businesses.
In 2019, OCIE performed examinations of 2,180 registered investment advisers (RIAs), or 15% of the nation’s total population of RIAs. Examinations were completed of 350 broker-dealers. Altogether, more than 2,000 deficiency letters were issued, with many firms taking corrective measures such as amending policies and procedures. OCIE examinations remain firmly grounded in four pillars: promoting compliance, preventing fraud, identifying and monitoring risk, and informing policy.
Protecting Those Saving for Retirement
Seniors remain a favorite target of fraudsters. During the SEC’s most recent fiscal year, 36% of the standalone enforcement cases it brought were against investment advisors and investment management firms. Many of those were filed against firms that committed fraud against retirees or retail investors nearing retirement.
Going forward, firms can expect the SEC’s Division of Enforcement to maintain a rigorous approach in its oversight of intermediaries that serve and interact with retail investors and in its review of disclosures relating to fees, expenses, and conflicts of interest. Broker-dealers also must be mindful of the requirements of Regulation Best Interest, which will be a focus of OCIE.
Information Security
When it comes to cybersecurity, OCIE examinations will focus on the proper configuration of network storage devices and information security governance, and retail trading information security. With OCIE in mind, now is a good time for RIAs to review internal policies and procedures regarding the protection of clients’ personal financial information, the prevention of data loss, and incident response.
Examinations also will inquire as to a firm’s level of third-party and vendor risk management and oversight practices of cloud-based storage.
In terms of the growing space of digital assets/cryptocurrency, examinations will cover such topics as assessing investment suitability, pricing and valuation, the effectiveness of compliance programs and controls, and supervision of employees outside business activities.
Other Areas of Focus
OCIE will focus on RIAs that have never been examined, including new RIAs and RIAs registered for several years that have yet to be examined. Examinations of anti-money laundering requirements will be conducted to see if they meet regulatory obligations.
SEC-registered firms and RIAs that provide services to clients through Robo-advisors will also merit attention as financial technology and electronic investment advice continue to evolve and create new compliance challenges.
Let our experts at Core Compliance & Legal Services work with you to review your firm’s policies and procedures and be prepared in the event the SEC’s Division of Enforcement pays a visit in 2020. Contact us online or at (619) 278.0020.