The SEC’s 2020 Examination Priorities preview the areas—practices, products, and services—that it believes present potentially heightened risk to investors or to the integrity of the U.S. capital markets. The priorities will drive many of the Office of Compliance Inspections and Examinations’ (OCIE) upcoming examinations; the SEC adds that the scope of individual examinations as well as the selection of registered entities for examination will generally be determined through a risk-based approach. Highlights of the individual priority areas follow.
Retail investors. Examinations will focus on matters of importance related to retail investors, with emphasis on seniors and retirement savers. OCIE will prioritize examinations of 1) intermediaries that serve retail investors, including Registered Investment Advisers (RIAs), broker-dealers, and dually-registered firms, and 2) investments marketed to, or designed for, retail investors, including mutual funds and exchange-traded funds (ETFs), municipal securities, and microcap securities. Examination areas highlighted by OCIE include:
- Disclosures relating to fees and expenses and conflicts of interest, including compensation arrangements. Registered firms must implement controls and systems to ensure disclosures are made and that the firm’s actions match the disclosures.
- Recommendations and advice to 1) seniors, and 2) teachers and military personnel, with a focus on higher risk products, including private placements and securities of issuers in new and emerging risk areas (i.e., complex or non-transparent, high fees and expenses, where the issuer is affiliated with the recommending firm). OCIE will continue to assess whether firms have fulfilled their duties of care and loyalty, as appropriate.
- Practices related to mutual funds and ETFs including financial incentives provided to financial services firms and professionals that may influence the selection of mutual fund share classes, and the disclosure and application of certain fee discounts.
- Broker-dealer trading activity in municipal and corporate bonds, for compliance with best execution obligations, fairness of pricing, mark-ups and mark-downs, commissions, and disclosures.
- Broker-dealer and transfer agent activity in smaller market capitalization companies (under $250 million), including, as appropriate, sales practices, supervision of high risk registered representatives, compliance with certain regulatory requirements (Rule 15c2-11 Exchange Act, Regulation SHO, SAR reporting), and distributions and share transfers.
- Standards of Care related to Regulation Best Interest. OCIE will engage with broker-dealers during examinations prior to the June 30, 2020 compliance date for Regulation Best Interest and the Form CRS Relationship Summary regarding their progress with implementation. After the compliance date, OCIE will assess implementation of Regulation Best Interest, including policies and procedures regarding conflicts disclosures for broker-dealers and RIAs, and content and delivery of Form CRS.
RIAs and Investment Companies. Additional areas of examination focus will include:
- The design, implementation, and maintenance of the compliance program, as well as the effectiveness of that program to address best execution, prohibited transactions, fiduciary advice, or disclosure of conflicts.
- Due diligence practices, policies, and procedures covering third-party asset managers providing investment advice to the RIAs’ clients.
- The activities of RIAs to mutual funds and ETFs, including the use of third-party administrators and RIAs to private funds that also manage a registered investment company with a similar strategy.
- Compliance risks for RIAs to private funds, including controls to prevent misuse of material non-public information and conflicts of interest.
- RIAs and mutual funds and ETFs that have not been previously examined.
Broker-dealers and Municipal Advisors. Additional areas of examination focus will include:
- The safety of customer cash and securities, in accordance with the Customer Protection Rule and the Net Capital Rule.
- Trading and risk management practices, including best execution, controls around the use of automated trading algorithms (as well as the development, testing, implementation, maintenance, and modification of the computer programs that support automated trading).
- Registration and professional qualifications of municipal advisors as well as standards of conduct (fiduciary duty, fair dealing) and disclosure of conflicts of interest.
Information security, including cyber risks. Examinations in all of the SEC’s programs will prioritize information security, focusing on proper configuration of network storage devices, information security governance generally, and retail trading information security.
- Specific to RIAs, examinations will focus on protection of clients’ personal information, including governance and risk management, access controls, data loss prevention, vendor management, training, and incident response and resiliency.
- Third-party and vendor risk management examinations will include cloud-based storage practices as well as controls surrounding online access and mobile applications, and safeguards around disposal of retired hardware.
Fintech and innovation. Examinations will focus on firms’ use of new sources of data—“alternative” data sets—and new technologies to interact with and provide services to investors, firms, and other service providers, including:
- Digital assets. SEC states the rapid growth of digital assets presents risks to retail investors who may not adequately understand the differences between these assets and traditional products. OCIE will continue to identify SEC-registered market participants offering, selling, trading, and managing these products to assess: 1) investment suitability, 2) portfolio management and trading practices, 3) safety of client funds and assets, 4) pricing and valuation, 5) effectiveness of compliance programs and controls, and 6) supervision of employee outside business activities.
- Electronic investment advice. Focus on RIAs providing services to clients through automated investment tools and platforms, including: 1) SEC registration eligibility, 2) cybersecurity policies and procedures, 3) marketing practices, 4) adherence to fiduciary duty, including disclosure adequacy, and 5) compliance program effectiveness.
Anti-money laundering. The OCIE will continue to prioritize examining broker-dealers for compliance with their anti-money laundering (AML) obligations, including establishing appropriate customer identification programs, conducting due diligence on customers, complying with beneficial ownership requirements, satisfying Suspicious Activity Report (SAR) filing obligations, and “conducting robust and timely independent tests of their AML program.”
Critical market infrastructure. Examinations of firms that provide services critical to the functioning of capital markets will focus on:
- Clearing agencies’ compliance with applicable SEC regulations and federal securities laws, timely corrective action in response to prior examinations, and other areas such as liquidity, collateral, investment, and default risk management, cyber security and resiliency, and recovery and wind down procedures.
- National securities exchanges’ operations and reactions to market disruption as well as efforts to protect marketplace integrity from abusive, manipulative, and illegal trading.
- Transfer agents’ transfers, recordkeeping, safeguarding of customer funds and securities, and reporting. The SEC specifically identifies transfer agents that serve as paying agents for issuers, are developing blockchain technology, or are providing services to issuers of microcap securities, private offerings, crowdfunded securities or digital assets, as examination candidates.
- Entities subject to Regulation SCI’s (Systems, Compliance and Integrity) implementation, maintenance, and effectiveness of written policies and procedures, IT inventory management, IT governance, incident response, and third party vendor management, including cloud services.
FINRA and MSRB. The SEC identified select areas and programs of FINRA and the MSRB (Municipal Securities Rulemaking Board) as one of its examination priorities. Such examinations will be based on risk assessments and focused on:
- FINRA operations, and examinations of broker-dealers and municipal advisors
- The effectiveness of MSRB operations, internal policies, procedures, and controls.
Related KPMG Regulatory Alerts include: