SEC 2019 examination priorities
SEC 2019 examination priorities
Insight

SEC 2019 examination priorities

The 2019 Examination Priorities of the SEC’s Office of Compliance Inspections and Examinations (OCIE) include: Critical market infrastructure, Cybersecurity, Digital Assets, Anti-money laundering and Retail investors.

Key points

  • The 2019 Examination Priorities of the SEC’s Office of Compliance Inspections and Examinations (OCIE) include:
    • Critical market infrastructure
    • Cybersecurity
    • Digital Assets
    • Anti-money laundering
    • Retail investors
  • The SEC notes that it is increasingly leveraging technology and data analytics to help identify areas of risk, firms that present heightened risk of noncompliance, and activities that may harm investors.

The SEC’s 2019 Examination Priorities preview the areas – practices, products, and services – that it believes present potentially heightened risk to investors or to the integrity of the U.S. capital markets. The priorities will drive many of the OCIE’s upcoming examinations; the SEC adds that the scope of individual examinations as well as the selection of registered entities for examination will generally be determined through a risk-based approach. Highlights of the individual priority areas follow.

Critical market infrastructure. Examinations of firms that provide services critical to the functioning of capital markets will focus on:

  • Clearing agencies’ compliance with applicable SEC regulations and federal securities laws as well as timely corrective action in response to prior examinations. 
  • National securities exchanges’ internal audit and surveillance programs.
  • Transfer agents’ transfers, recordkeeping, safeguarding of customer funds and securities, and reporting. The SEC specifically identifies transfer agents that serve as paying agents for issuers, are developing blockchain technology, or are providing services to issuers of microcap securities, private offerings, crowdfunded securities or digital assets, as examination candidates.
  • Entities subject to Regulation SCI’s (Systems, Compliance and Integrity) implementation and effectiveness of written policies and procedures, controls for software development, internal audit programs, inventory management, and threat management capabilities.

Cybersecurity. Examinations in all of the SEC’s programs will prioritize cybersecurity and emphasize storage, information security governance, and the security of retail trading information. Examinations of investment advisers, in particular, will focus on investment advisers with multiple branch offices as well as governance and risk assessment, access rights and controls, data loss prevention, vendor management, training, and incident response

Digital Assets. Market participants in digital assets include broker-dealers, trading platforms, and investment advisers. Where the products are securities, the OCIE states it will examine for regulatory compliance. “Through high level inquiries, OCIE will take steps to identify market participants offering, selling, trading, and managing these products or considering or actively seeking to offer these products and then assess the extent of their activities.” For firms activity engaged in the digital assets market, the OCIE will conduct examinations focused on portfolio management, trading, safety of clients’ funds and assets, pricing of client portfolios, compliance, and internal controls.

Anti-money laundering. The OCIE will continue to prioritize examining broker-dealers for compliance with their anti-money laundering (AML) obligations, including implementing policies and procedures to reasonably identify suspicious activity and illegal money laundering activities, meeting Suspicious Activity Report filing obligations, implementing all elements of their AML program, and “robustly and timely conducting independent tests of their AML program.”

Retail investors. Examinations will focus on matters of importance related to retail investors, including:

  • The accuracy and consistency of fees, expenses, and other charges with related disclosures and client agreements. The SEC states that firms with practices or business models that may create increased risks of inadequately disclosed fees, expenses, or other charges will be selected for examination. 
  • Conflicts of interest associated with the use of affiliated service providers and products, securities-backed non-purpose loans and lines of credit, and borrowing funds from clients.
  • The portfolio recommendations of investment advisers. The OCIE will assess suitability based on an investor’s objectives and risk profile, consistency with disclosures, and discernible shifts toward riskier products. 
  • Broker-dealer compliance with the Customer Protection Rule, including the safeguarding of customer assets and reporting accuracy.
  • Identification of the financial exploitation of seniors, and the appropriateness of products/services offered to seniors and other retirement investors.
  • Registration and professional qualification requirements of municipal advisers, as well as standards of conduct and conflicts of interest disclosures. 
  • Industry practices related to mutual funds and exchange-traded funds, including risks related to funds that track custom-built or bespoke indexes, have limited secondary market trading volume, or have aberrational underperformance relative to peers.

The SEC identified select areas and programs of FINRA and the MSRB (Municipal Securities Rulemaking Board) as a sixth examination priority. Such examinations will be focused on:

  • FINRA operations, and examinations of broker-dealers and municipal advisors.
  • The effectiveness of MSRB operations, internal policies, procedures, and controls.

The SEC’s 2019 Examination Priorities are consistent with its previously released Four-Year Strategic Plan (see KPMG’s Regulatory Alert), which describes using examination resources to bolster regulatory requirements and protect investors as a “core principle”.

SEC 2019 Examination Priorities

The SEC notes that it is increasingly leveraging technology and data analytics to help identify areas of risk, firms that present heightened risk of noncompliance, and activities that may harm investors.