The SEC Office of Compliance Inspections and Examinations ("OCIE") set out their 2020 examinations priorities in an annual report issued last week. The report reminds registered entities that all its priorities are within the SEC’s mandate to protect investors, facilitate capital formation, and maintain fair, orderly and efficient markets. The report is, in effect, a notice to the industry and chief compliance officers to address potential vulnerabilities in compliance programs and practices in order to minimize retail investor and market risks.
This year, OCIE leaders highlighted a wide variety of continuing and emerging concerns. Bates Group tracks these risks and articulated priorities from year to year (see chart below).
© 2020, Bates Group LLC
Source: OCIE 2020 National Exam Program Examination Priorities (Compiled by Alex Russell, Bates Group LLC)
OCIE explained that these priorities should be viewed in light of the rapidly changing registered investment adviser market, the recently adopted rules on broker-dealer and investment adviser conduct standards (Regulation Best Interest) and other significant financial technology and market developments. A good portion of the report is dedicated to explaining this context. Here’s what OCIE had to say.
OCIE leadership explained that examination coverage for RIAs was increasingly imperative, given (i) that the OCIE is “the primary, and often only, regulator responsible for supervising this segment of financial firms;” (ii) that the number of RIAs it supervises is now 13,475, up from 11,500 five years ago; and (iii) that RIAs now have $84 trillion in assets under management, up from $62 trillion five years ago. Examinations of RIAs constituted 2,180 of the 3,089 examinations OCIE completed in FY 2019. By contrast, OCIE examined 350 broker-dealers, 110 securities exchanges, 90 municipal advisors and transfer agents and 15 clearing agencies. These numbers do not include OCIE examinations of the Financial Industry Regulatory Authority (FINRA).
Notably, the OCIE pointed out that its examination coverage rates over registered investment advisers (RIAs) may suffer in 2020 due to perennial staff shortages. However, the Office made clear that it prioritizes keeping pace with year-over-year increases in examination rates for RIAs. In FY 2018, OCIE’s examination coverage of RIAs was 17 percent, and in FY 2019 it was 15 percent. OCIE made a point of noting that the decline in the past year was the result of a 35-day lapse in appropriations, and that examinations of RIAs actually increased by 10 percent over a five-year period.
Compliance with Regulation Best Interest (Reg BI) interpretations related to the standard of conduct for investment advisers and the new Client Relationship Summary (Form CRS) are major 2020 examination priorities. The OCIE reminded firms that the compliance date for Reg BI and Form CRS is June 30, 2020, and to expect that OCIE will “engage” during its examinations on firms’ progress toward implementation of the new rules. This is significant, in part, because the SEC continues to clarify Reg BI obligations (see e.g. the revised FAQs just issued by the Division of Trading and Markets).
OCIE stated that it has already “integrated” the Reg BI interpretations into its examination program for RIAs. Beyond the compliance implementation date, its examinations will include an assessment as to a firm’s actual Reg BI implementation, “including policies and procedures regarding conflicts disclosures, and for both broker-dealers and RIAs, the content and delivery of Form CRS.”
OCIE restated past examination priorities as they relate to retail investors. (See Comparison Chart above.) These include a focus on certain complex products and vulnerable investors. Consistent with its Reg BI focus, OCIE stated that its 2020 examinations will look at disclosures relating to fees, expenses and conflicts of interest and the “controls and systems [intended] to ensure those disclosures are made as required and that a firm’s actions match those disclosures.” This includes supervision of outside business activities and “any conflicts that may arise from those activities.”
For RIAs, OCIE plans to examine whether they have fulfilled their fiduciary duties of care and loyalty. The OCIE relayed that it “has a particular interest” in the accuracy and adequacy of disclosures provided by RIAs concerning offers to clients on new and emerging investment strategies, such as strategies focused on sustainable and responsible investing, which incorporate environmental, social, and governance (ESG) criteria.
For broker-dealers, OCIE highlighted that examinations will focus on transfer agent handling of microcap distributions and share transfers, sales practices, and supervision of high-risk registered representatives. More generally, OCIE emphasized that it will assess recommendations and advice given to (i) seniors and “those targeting retirement communities” and (ii) teachers and military personnel. In conjunction with Reg BI compliance issues, OCIE said it will focus on higher-risk products like private placements, as well as on non-transparent products such as mutual funds and ETFs, municipal securities and other fixed income and microcap securities.
The theme of information technology risk cited in the report is broad. OCIE will be “monitoring industry developments and market events” to assess broad risks and consequences for both firms and retail investors.
For registered entities, OCIE said it will examine the use of technology by third-party vendors and information security in general, including proper configuration of network storage devices and retail trading information security. The OCIE also emphasized that it will examine for (i) SEC registration eligibility, (ii) cybersecurity policies and procedures, (iii) marketing practices, (iv) adequacy of disclosures, and (v) the effectiveness of compliance programs. For RIAs in particular, OCIE said it will focus on the protection of clients’ personal financial information including on governance and risk management, access controls, data loss prevention, vendor management, training, and incident response and resiliency.
As to retail investors, on digital assets and electronic investment advice, OCIE will be examining for (i) investment suitability, (ii) portfolio management and trading practices, (iii) safety of client funds and assets, (iv) pricing and valuation, and (v) supervision of employee outside business activities.
OCIE leaders acknowledged the resource challenges to fulfilling its mandate and said that it will continue to invest in expertise, technology tools and data analytics to “identify potential stresses on compliance programs and operations, conflicts of interest, and … issues that may ultimately harm investors.” OCIE implied that it will use these tools to determine how to select firms for examinations and remarked that “broker-dealers may be selected for examination based on factors such as employing registered representatives with disciplinary history, engaging in significant trading activity in unlisted securities, and making markets in unlisted securities.”
For RIAs, OCIE said it would look at selecting firms that have never been examined or have not been examined for years in order to determine whether compliance programs “have been appropriately adapted in light of any substantial growth or change in their business models.” In addition, OCIE stated that it will “prioritize examinations of RIAs that are dually registered as, or are affiliated with, broker-dealers, or have supervised persons who are registered representatives of unaffiliated broker-dealers.” It will examine compliance programs to address best execution risk, prohibited transactions, fiduciary advice, and conflict disclosures related to these arrangements. OCIE will also examine firms that use third-party asset managers to advise clients in order to consider the extent of these RIAs’ due diligence practices, policies, and procedures. OCIE promises to be diligent about narrowly targeting and protecting the investor information it collects and noted some of the cross-border compliance issues it faces in covering almost a thousand off-shore RIAs that manage over $10 trillion in assets.
The OCIE also emphasized that it will be examining for the following:
In its report, OCIE leadership deliver several messages to the firms it examines, including identifying the hallmarks of effective compliance. Most importantly, they underscore that the people and compliance programs play a critical role and really do matter. Effective compliance requires (i) establishing a culture of compliance for the firm; (ii) a commitment by firm executives that compliance is “integral” to firm success: and (iii) “tangible” support for compliance in all operations and throughout all levels of the firm. They stress that the chief compliance officer must be fully empowered with the “responsibility, authority, and resources to develop and enforce policies and procedures of the firm.” And, finally, they remind firms that compliance should be “incorporated” into firm operations and business developments, including product innovation and new services.