Episode 6: SEC Exam Priorities, Part 2


Hello, this is Michelle Jacko, CEO of Core Compliance and Legal Services. And on this week's CCO Buzz, we will be continuing part 2 of our discussion of the SEC's Office of Compliance Inspections and Examinations 2018 Examination and Regulatory Priorities. 

Our last CCO Buzz focused on protections for retail investors, and this week, we're going to be covering 2 general themes: 

First, from the examination side, we wanted to let you know that as part of the 2018 initiatives, the SEC will continue its efforts to examine never-before-examined investment advisers. The purpose of this is to make a risk-based assessment as to whether or not their compliance programs are sound during the first years of operation. 

The second big examination focus will be on municipal advisers. OC will continue its focus on municipal advisers, to evaluate their compliance, registration and record keeping, revision requirements, and also those municipal advisers who are not registered as broker-dealers. They're going to be looking for compliance with MSRB rules,  regarding the professional qualifications of the continuing education requirement, and of course, the core standards of conduct and duties. 

One of the primary areas that we're seeing with our clients is focus on non-registrants who should be registered as a municipal adviser, and guidance from the staff that they should be registering with the MSRB. 

Another area of focus is on cybersecurity. 

We've seen cybersecurity as part of the SEC's priority list since 2016. Like the past, the SEC's focus on cybersecurity will be intensified as the rise in cyber-threats continue. Specifically, the SEC will be looking at cybersecurity risks and focus on everything from governance and risk assessments to looking at data loss prevention and controls and vendor management, to training, access rights and controls, as well as incident response plans. 

What we are seeing is an increased emphasis on whether or not advisers have even developed an incident response plan, and if so, if they've ever had to implement it. If you can recall, the SEC issued a risk alert on August 7, 2017 which shared both positive as well as inadequate controls at varius cybersecurity examinations, and we would strongly encourage you to review this risk alert as you're developing your cybersecurity advancement in the compliance program area. 

Finally, we wanted to focus on Anti-Money Laundering. I've often heard clients state that AML is not a requirement for investment advisers. Under the Bank Secrecy Act, AML should be part of your compliance program especially with regards to certain checks that you have to ensure that the source of funds that are entering the financial market place are appropriate. 

Therefore, the SEC will be looking at AML programs to see whether or not they have identified customers, conducted due diligence, monitored for suspicious activity, and if so, what is the escalation procedure in that regulated entity to ensure that when obligated, they are filing timely and completely accurate SAR reports - which are Suspicious Activity Reports. 

As you can hear from this priority list, the commission is really focused on internal control development. 

Next week's CCO Buzz will focus on practical considerations that you as chief compliance officers should be considering as you make advancements in your compliance program in 2018 and beyond. 

For more information, please contact us at area code 619.278.0020 or at info@corecls.com. Thank you.