Recently, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) published its annual Examination Priorities report (the “Priorities Report”). As the name suggests, the Priorities Report outlines OCIE’s examination priorities for the coming year and is a must read for all registrants overseen by OCIE, including broker-dealers, registered advisers, municipal advisors, transfer agents and clearing agencies, exchanges and other SROs. While this blog post provides an overview of the Priorities Report, firms are encourage to review all relevant portions of the full Report.
Hallmarks of an Effective Compliance Program. The Report is prefaced by a message from OCIE’s leadership team. This preface begins by stressing the importance of the compliance function and stating that the hallmarks of effective compliance consist of three key attributes. The first is the active engagement of compliance “in most facets of firm operations and [its] early involvement in important business developments, such as product innovation and new services.” The second is a “knowledgeable and empowered chief compliance officer with full responsibility, authority, and resources to develop and enforce policies and procedures of the firm.” The third, and arguably in OCIE’s thoughts, the most important hallmark of an effective compliance program is “a commitment to compliance from C-level and similar executives to set a tone from the top that compliance is integral to the organization’s success and that there is tangible support for compliance at all levels of an organization.” In designing and maintaining their compliance programs, firms are well advised to not only keep these attributes in mind but also to consider how to give them tangible expression in ongoing firm operations.
OCIE 2019 Results. The preface also provided an Overview of OCIE’s 2019 results and activities.
2020 Examination Priorities of Interest to Broker-Dealers. The preface was followed by a discussion of OCIE’s priorities for 2020, which, not surprisingly, looked very similar to OCIE’s priorities of the last several years.
As discussed more fully below, priorities of interest to broker-dealers include:
- Retail Investors, including Seniors and Individuals Saving for Retirement
- Information Security
- Fintech
- Financial Responsibility and Risk Management
- AML
Retail Investors, Seniors and Retirement Savings. As has been true for several years now, OCIE’s 2020 Priority Report begins with an emphasis on retail investors, particularly seniors and persons saving for retirement. With respect to retail investors, OCIE intends to focus on whether firms are providing required disclosures, including as to fees and expenses and conflicts of interest. Another area of focus will be on recommendations and advice and on the handling of higher risk investment products, including private placements and securities that are complex or non-transparent, have high fees and expenses or involve an issuer that is affiliated with the firm making the recommendation. OCIE also intends to supplement its focus on the foregoing with a focus on the supervision of outside business and selling away activities.
Retail-Targeted Investments. The Priority Report also identifies a number of investments that OCIE thought might have elevated risk when marketed to retail investors. These include mutual funds and ETFs, municipal and other fixed income securities, and microcap securities.
With respect to mutual funds and ETFs sold to retail investors, OCIE intends to continue to look at brakepoints and other discounts as well as financial incentives that may influence the sale of funds, share classes, or ETFs.
Areas of emphasis involving municipal and corporate bonds will include best execution, pricing fairness, mark-ups and mark-downs, commissions, and compliance with confirmation disclosure requirements.
As to microcap securities, OCIE will be looking to whether firms may be engaged in, or aiding and abetting pump and dump schemes, market manipulation, and illegal distributions. OCIE will also be looking at supervision of high risk registered representatives, compliance with Exchange Act Rule 15c2-11, which regulates the initiation or resumption of OTC quotations, compliance with the locate requirements of Regulation SHO and firms’ obligations to file suspicious activity reports (SARs).
Regulation Best Interest. After the June 30th compliance date for Regulation Best Interest, OCIE intends to assess firms’ compliance with implementation requirements, including policies and procedures regarding conflicts disclosures and the content and delivery of Form CRS.
Information Security. Another perennial area of concern is information security, including, but not limited to, cyber-security. Information security reviews can be expected to focus on:
- proper configuration of network storage devices;
- information security governance generally; and
- retail trading information security.
The Priorities Report states that OCIE will also focus on oversight practices related to service providers and network solutions, including cloud-based storage solutions. OCIE will also continue to conduct examinations for compliance with Regulations S-P and S-ID. Another area of focus will be on the controls surrounding online access and mobile application access to customer brokerage account information and on safeguards around the proper disposal of retired hardware that may contain client information and potential network information that could create an intrusion vulnerability
Financial Technology. OCIE intends to continue its focus on SEC-registered participants involved in the sale of digital assets. This will include an assessment of:
- investment suitability;
- portfolio management and trading practices;
- the safety of client funds and assets;
- pricing and valuation;
- the effectiveness of compliance programs and controls; and
- the supervision of outside business activities.
Financial Responsibility and Risk Management. OCIE intends to continue to examine broker-dealers, particularly firms that hold customer cash and securities, for compliance with the Customer Protection Rule (Securities Exchange Act Rule 15c3-3) and the Net Capital Rule (Securities Exchange Act Rule 15c3-1). OCIE will also continue to examine firms’ trading and risk management practices. This may include firms’ compliance with applicable requirements involving trading and other activities in “odd lots,” that is, orders under 100 shares. OCIE will also continue to examine for controls around the use of automated trading algorithms by broker-dealers, including the development, testing, implementation, maintenance, and modification of the computer programs that support automated trading activities and controls around access to computer codes. More generally, OCIE will examine broker-dealers’ use of internal procedures, practices, and controls to manage trading risk.
Anti-Money Laundering (AML) Compliance Programs. OCIE intends to continue to prioritize the review of firms’ AML compliance programs. Areas of particular interest will include firms’ compliance with identification requirements with respect to customers and beneficial owners of legal entity customers as well as monitoring for suspicious activity and the filing of SARs where appropriate. Of course, OCIE will also continue to examine for compliance with testing and other AML compliance program requirements under the Bank Secrecy Act.