Episode 7: 2018 SEC Exam Priorities, Part 3 - Tips for CCOs

Need to know what specific actions you should take as a CCO in light of the SEC's recent exam priorities? Michelle Jacko, CEO of Core Compliance℠, discusses the specifics of what CCOs should be considering in the upcoming weeks and months. 

 

Transcript: 

Hello, this is Michelle Jacko, CEO of Core Compliance and Legal Services, and on this week's CCO Buzz, we will be talking about part 3 of the 2018 SEC examination priorities. 

Specifically, what are some of the action items that you, as a compliance professional, should be thinking about in the weeks and days ahead. If we look at the beginning of the 2018 National Examination Program's priority list for this year, you'll see that it opens with the series of different priorities that the SEC was focusing on, such as: 

  • Their risk based initiatives, 
  • Their data driven analytics, 
  • The transparency that they have, 
  • And the resources that they are utilizing to assess risk. 

A great place for every firm to start is to consider those priorities, and to conduct a risk assessment at their firm level. What we suggest is by using a conflict of interest inventory checklist, you would be able to go through your firm to identify what are the areas that pose the biggest conflicts?

Generally speaking, that would involve compensation arrangements, it could involve outside business activities, and of course,  your affiliates, that are providing different products and services. 

As you identify those conflicts, those areas are likely of the highest risk to your firm, and you would want to make sure that such conflicts are disclosed in your policies and procedures, your Form ADV, and your advisory contracts. 

The next thing that I would do is going through what the SEC has outlined as their priorities for 2018, and take a look and consider what areas that they provided guidance on, no matter if you're providing robo-advisory advice, perhaps you're the manager for a WRAP fee program or a sponsor, or fit into the category of a never-before-examined adviser. 

If you take a look, specifically, at what the commission is looking at, you'll be able to see very clearly that for example in a WRAP fee program, they're looking at the recommendations that are being provided, and are they reasonable. So in other words, suitability. 

Again, they're looking at conflicts of interest being disclosed to the end client, and of course, best execution, and the costs associated with executing trades. If those are their three primary areas, what you can simply do is go through your ADV, and ensure that the conflicts are being disclosed, particularly for those investment advisers whose fiscal year end is December 31st, whereby you will be updating your Form ADV no later than March 31st and submitting that to the SEC. 

Take a look and see "are our conflicts transparent and adequately disclosed? Do we have internal controls in place for looking at the suitability of certain WRAP fee program recommendations that our investment adviser representatives are making?" and "What are we doing to analyze best execution? Are we conducting quarterly reviews? Are we documenting those reviews? And are we really taking a look at the end cost that could be impacting the performance of that WRAP fee program? And are those costs adequately disclosed to the end investor?"

Next they take into consideration areas such as critical compliance risks in your infrastructure. Consider how are you looking at and identifying cybersecurity risks? 

One of the things that the staff very carefully documented is that while they're looking at governance structures and risk assessments of cyber programs, they're looking at what steps has the firm taken in order to prevent data loss. How are they conducting due diligence on their vendors?  How are they conducting training, and is there actually a robust incident response plan? 

Formulate a checklist in those areas. Take a look at, and map, this is the internal control that we are using for example to conduct due diligence on our vendors, particularly those that are supporting our cyber infrastructure. Is it documented? Do I have the right people involved in due diligence? And how are we following up in detecting red flags if any are detected? 

I also wanna take a look at how we are protecting our senior investors, what are the infrastructure and controls we have in place for servicing retirement accounts, what are we doing in terms of AML program? 

While many investment advisers may have some general policies and procedures in this area, by using the 2018 SEC exam priority list, you will be able to go through your policies and procedures and see did you touch upon all of the areas specified by the staff? 

Did you document what is the firm's policy in that area? And were you able to articulate in a clear manner what is your procedure for complying with that federal regulation? Doing that exercise will go a long way to ensuring that your compliance program is sufficient and can meet examination scrutiny when the regulators finally come walking through that front door.  

For more ideas on how you can continue to enhance your compliance program, please contact us at area code 619.278.0020, or email us at info@corecls.com 

contact core compliance