On January 7, the Securities and Exchange Commission’s (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) released its list of examination priorities for fiscal year 2020 (the “Priorities”). This annual publication is invaluable, for it highlights those areas which the staff will be focusing their examination efforts, highlights areas of concern and showcases those areas which OCIE places high importance.
For SEC registrants, the examination priorities list may help them to prioritize those areas that they should turn their attention to, particularly to assess the effectiveness of their compliance program, consider risk mitigation efforts and analyze the internal control structure in light of guidance provided by the staff.
While many of the 2020 examination priorities are similar to those of 2019, there are several differences which we are highlighting below in this month’s Risk Management Tip.
1. Focus on Retail Investors Remains at the Forefront. OCIE will continue to focus on its perpetual mission of protecting retail investors. This priority lines up with this year’s roll out of Regulation Best Interest and Form CRS. OCIE has placed further emphasis on protecting senior investors and those saving for retirement as well as other focus groups such as teachers and military personnel. In particular, examinations will focus on:
- Fraud, Sales Practices, and Conflicts – OCIE will be paying close attention to the disclosures provided by registered firms to ensure that, among other things, conflicts relating to fees and conflicts of interest are clearly communicated to clients. Further, the priorities detail a 2020 focus on disclosures and advice provided to specific groups, such as senior communities. OCIE also is dedicating attention specifically to high-risk products, such as those from affiliated issuers or those with high fees, to ensure that conflicts are appropriately disclosed to clients. In addition to assessing these disclosures for adequacy, examinations will be assessing the disclosure for accuracy. It is of paramount importance that the operations of a firm are accurately reflected in its external as well as internal documents.
Notably, the Priorities note a high attention to the duties that RIAs have, including fiduciary duties to clients embodied in their duty of loyalty and duty of care. As stated on page 4 of the Priorities, “duty of care concerns may arise when an RIA does not aggregate certain accounts for purposes of calculating fee discounts in accordance with its disclosures.” Consequently, the staff will continue its focus on advisory fees and expenses, and particularly as disclosed in client agreements and in Form ADV Part 2A, to ensure that client accounts are properly aggregated to achieve the lowest appropriate breakpoint; and when necessary, having fees rebated when inappropriately calculated and charged.
- Retail-Targeted Investments – In its protection effort, OCIE will continue focusing on products historically sold to retail investors, such as mutual funds, ETFs, municipal securities, and microcap securities. This will include reviews of incentive programs, application of discounts, and compliance with best execution obligations.
For smaller market-cap companies, OCIE will be reviewing to identify pump and dump schemes, market manipulation, and illegal distributions of securities. Consequently, those who trade significantly in unlisted securities or who make markets in unlisted securities may find themselves the subject of an examination.
2. For Five Years, Information Security Tops the List. The reliance of the financial markets on information security cannot be overstated. The impact of a data breach can have deep repercussions that impact clients, affects the reputation of a business, increases regulatory scrutiny and exponentially increases costs as the firm detects, responds and recovers from the cyber incident. Thus, OCIE remains focused on identifying and remedying potential weaknesses in registrants’ information security environment. Expect examination areas to focus on proper configuration of network storage devices, information security governance, retail trading information security and administrative, technical and physical safeguards. With regard to an adviser’s protection of client personal information, examinations will focus on:
- Governance and risk management;
- Access controls;
- Data loss prevention;
- Vendor management;
- Training; and
- Incident response and resiliency.
Within this priority OCIE will focus on the oversight practices (i.e., due diligence) as it pertains to the use of firm’s network and service solutions, including cloud-based options. As online access and mobile application usage grows in the industry, so does the risk of a cyberattack or security breach. Examinations will also further focus on the proper disposal of retired hardware that may contain client sensitive information, which may be an area of vulnerability for firms.
3. Financial Technology and Innovation Remain a Focus. OCIE is committed to remaining on the front line with respect to new technologies in order to curb any exploitation before it happens. Accordingly, examinations will focus on registrants’ use of technological innovations and the use of data and technology in service offerings. Examples include:
- Digital Assets – OCIE examinations will assess the investment suitability, portfolio management and trading practices, safety of client funds and assets, pricing and valuation, effectiveness of compliance programs and controls and supervision of employee outside business activities with respect to the digital assets market.
- “Robo-Advisers” – A carryover from prior years, automated investment tools and platforms will remain a priority for OCIE in 2020. Examinations will focus on use of technology for the platform, marketing practices, fulfillment of fiduciary duties, and SEC registration eligibility.
4. RIA and Investment Company Focus Areas. RIAs and Investment Companies can expect to have the strength and effectiveness of their compliance programs assessed during an examination. This includes reviewing the registrant’s policies and procedures for effectiveness and customization in design and implementation. The staff also will be targeting the following firm-types:
- Dual-registrants. Dual-registrants will be heavily vetted especially in areas of risk pertaining to best execution, third party due diligence, fiduciary advice and disclosures of conflict in relation to those who have arrangements with a broker-dealer.
- Never-Before or Not Recently-Examined RIAs. Firms that have never been examined or have not been examined for several years should take time to revisit and reassess their own compliance program, particularly as the business continues to grow and evolve. As the business changes, so too should the compliance program evolve.
- RIAs to Private Funds. OCIE’s focus will continue to be on side-by-side management concerns, related conflicts of interest, and the use of affiliates for servicing clients.
- Mutual Funds and ETFs. Expect examinations to c concentrate on the evaluation and use of third-party administrators to sponsor such funds and on RIAs that advise a private fund that also manage a registered investment company with a similar investment strategy.
5. Broker-Dealers, Municipal Advisors and More. 2020 examinations of broker-dealers will focus on how the broker-dealer is safeguarding client assets in accordance with the Customer Protection Rule and Net Capital Rule. The staff will also focus on best execution practices and odd lot trading (i.e., small orders totaling less than 100 shares) for retail investors.
Municipal Advisors can expect examinations to focus on whether registration and continuing education requirements have been met. OCIE also will check for compliance with MSRB Rule G-40 as it relates to advertising requirements.
Further, OCIE will be conducting reviews of the anti-money laundering (AML) programs of broker-dealers and investment companies to assess whether such firms are keeping up with Suspicious Activity Reporting, customer due diligence, and beneficial ownership requirements and have established an adequate customer identification program.
6. What Are New Considerations for 2020?
It was clear from the Priorities that the duty of care is at the top of OCIE’s agenda. As the effective dates for Regulation Best Interest/Form Client Relationship Summary (“Form CRS”) approaches, firms should focus their attention on client disclosures, strength of their compliance programs and overall fiduciary obligations.
The Form CRS should be delivered whenever:
· When a client opens a new account that differs from an existing account;
· When a firm recommends a R/O;
· When a firm recommends a new RIA service or investment;
· Within 30 days of a client’s request; and/or
· Within 60 days of making a material amendment.
As firms complete their Form CRS (aka Form ADV Part 3), be sure that disclosures are complete and capture material information that a client would want to know. Operationally, consider your internal controls to ensure that new and prospective clients receive the Form CRS on or before June 30, 2020 and existing clients on or before July 30, 2020. Consider developing a “checklist” for delivery points that include the following:
As registrants review and analyze the Priorities, it is imperative to assess whether the firm’s current compliance program adequately addresses these areas of interest by the SEC. Be sure to review the Priorities frequently, consider OCIE’s recent Risk Alerts, and educate others within your organization on SEC focus areas as this will help to create a dynamic compliance program and further foster a culture of compliance.
Jacko Law Group, PC (“JLG”) assist firms and individuals prepare for SEC Examinations, including mock regulatory examinations. For more information on the 2020 OCIE Examination Priorities, please contact us here or at (619) 298-2880.
Authors: Aimee Lastrella and Michelle Jacko, Jacko Law Group, PC. JLG works extensively with investment advisers, broker-dealers, investment companies, private equity and hedge funds, banks and corporate clients on securities and corporate counsel matters.
The information contained in this article may contain information that is confidential and/or protected by the attorney-client privilege and attorney work product doctrine. This email is not intended for transmission to, or receipt by, any unauthorized persons. Inadvertent disclosure of the contents of this article to unintended recipients is not intended to and does not constitute a waiver of attorney-client privilege or attorney work product protections.
The Risk Management Tip is published solely based off the interests and relationship between the clients and friends of the Jacko Law Group P.C. (“JLG”) and in no way be construed as legal advice. The opinions shared in the publication reflect those of the authors, and not necessarily the views of JLG. For more specific information or recent industry developments or particular situations, you should seek legal opinion or counsel.
You hereby are notified that any review, dissemination or copying of this message and its attachments, if any, is strictly prohibited. These materials may be considered ATTORNEY ADVERTISING in some jurisdictions.