SEC Examination Priorities In 2016: How They May Impact Your Compliance Program

Last month, the Office of Compliance Inspections and Examinations ("OCIE") of the U.S. Securities and Exchange Commission ("SEC") issued its examination priorities for 2016.¹ This letter, issued annually as part of the SEC's National Exam Program, allows registrants the opportunity to focus its compliance program efforts on those areas of particular interest to the staff. This month's Legal Tip will highlight some of the most notable areas that could impact the compliance programs of investment advisers, investment companies, broker-dealers, and advisers to private funds. At the conclusion of this summary, will provide certain risk management tips for firms to consider when advancing their compliance programs in 2016.

Notable Examination Priorities for 2016

In formulating the examination priority areas for 2016, the SEC concentrated on three thematic areas: protection of retail investors, market-wide risks and data analytics to identify potentially problematic registrants. Within each of these thematic areas, there are numerous sub-categories. For purposes of this Legal Tip, we are focusing on those sub-categories that we believe may have the broadest impact on our client base. The following list is not all-inclusive, and therefore, JLG strongly encourages you to review the SEC's examination priority letter in its entirety.

1. Protection of Retail Investors

As the staff has identified, now, more than ever, retail investors are making independent investment decisions, particularly for retirement. As a result, the SEC believes that additional steps should be taken to help protect such retail investors. Examination initiatives this year will include evaluation of:

a. Retirement-Target Industry Reviews (also known as "ReTIRE"), which focus on the suitability of recommendations made to consumers, conflicts of interest, supervision and marketing practices;

b. Exchange-Traded Funds, and specifically sales tactics, disclosures, trading practices, suitability and adherence to regulatory requirements

c. Fee Selection and related conflict of interest disclosures, including whether clients who trade infrequently are being appropriately placed in a fee-based account (versus a commission-based account) or in other account types which may not be in the best interest of the consumer;

d. Conflicts of Public Pension Advisers, including undisclosed gifts and entertainment and pay-to-play considerations; and

e. Branch Office Exams, and methodologies employed by the firm to supervise branch office activities, including potentially inappropriate trading.

2. Market-Wide Risks

To help maintain a fair, orderly, efficient market, the SEC expects registrants to take proactive steps to identify and mitigate against structural risks. To that end, OCIE will be examining the following areas in 2016:

a. Cybersecurity - Based on guidance provided for the past two years from the SEC and the Financial Industry Regulatory Authority ("FINRA") on regulatory expectations for developing a dynamic cybersecurity program,² the staff will review what tests and assessments are employed by the registrant to implement procedures and controls; and

b. Liquidity Controls - For those registrants that have exposure to potentially illiquid fixed income securities or have become a liquidity provider, the staff will review controls implemented for valuation, trading, market risk management and liquidity management.

3. Data Analytics to Identify Potentially Problematic Registrants

Data analytics serves as a strong tool to identify trends and patterns that exist which can indicate a potential problem within an industry sector or internal control structure. Specifically, the staff uses data analytics to evaluate the risk profiles of its registrants. Based on risk mapping, examinations in 2016 will focus on the following areas:

a. Recidivist Representatives, and those firms who are employing individuals with a track record of misconduct, to see whether supervisory controls are in place for effective monitoring;

b. Anti-Money Laundering, and whether registrants are filing suspicious activity reports, as necessary, fulfilling independent testing obligations and adopting where applicable controls to mitigate against terrorist financing risks;³ and

c. Product Promotion, for new, complex and high risk products. Notably, one of the initiatives mentioned with this release includes private placement products, including Regulation D offerings made pursuant to the EB-5 Immigrant Investor Program and related suitability and regulatory obligations. JLG will be providing additional guidance and highlighting regulatory considerations for EB-5 programs in an upcoming monthly Legal Tip.

Conclusion

From the above-list, it is clear that OCIE is expanding its examination program to review systemic risks within the securities industry. To help registrants evaluate how their compliance programs can address these areas, consider the following analytics, which may help identify gaps within existing internal controls:

1. Consider whether the firm has adopted a surveillance system for evaluating suitability of retirement investment recommendations, including conflicts of interest related to such recommendations.
2. Evaluate the types of ETFs being offered to clients and whether adequate disclosures, particularly related to the risk of niche or leveraged/inverse ETFs are provided.
3. Assess whether the firm has provided training and examples to sales personnel as to when it is and is not appropriate to transition a client to asset-based fees, hourly fees, wrap fees and commissions.
4. Evaluate pay-to-play policies to ensure that they are effective in identifying conflicts of interest (and the appearance of potential conflicts of interest) that may exist as a result of undisclosed gifts.
5. Consider how the firm currently is supervising and evaluating product and securities transactions in branch offices for appropriateness, and assess whether such efforts comprehensive enough to detect inappropriate trading.
6. Determine if the firm has developed an effective plan as to what will happen if a cyberattack occurs (i.e., what is the communication plan with clients, staff, law enforcement, etc.) and test by questioning firm members as to what they would do.
7. Evaluate the strength of the firm's liquidity controls, including the overall process of liquidity management.
8. Assess whether compliance and human resources are working together prior to the point of hire to address potential risks of hiring advisors with a track record of misconduct.
9. Determine if AML controls are evolving with risks facing the financial system, including terrorist financing risks.
10. Consider if the types of products being promoted by the firm, and particularly complex or alternative investments, have characteristics which require sales practice training and enhanced compliance oversight.

For more information on this topic, including assistance with evaluating your firm's internal controls, please contact us at (619) 298-2880 or at info@jackolg.com. 

Author: Michelle L. Jacko, Esq., Managing Partner, Jacko Law Group, PC. JLG works extensively with investment advisers, broker-dealers, investment companies, hedge funds, banks and corporate clients on securities and corporate counsel matters.

This article is for information purposes and does not contain or convey legal advice. The information herein should not be relied upon in regard to any particular facts or circumstances without first consulting with a lawyer.

¹ See https://www.sec.gov/about/offices/ocie/national-examination-program-priorities-2016.pdf.

² For more information, please refer to https://www.sec.gov/ocie/announcement/ocie-2015-cybersecurity-examination-initiative.pdf; https://www.sec.gov/ocie/announcement/Cybersecurity-Risk-Alert--Appendix---4.15.14.pdf; http://www.sec.gov/about/offices/ocie/national-examination-program-priorities-2015.pdf;https://www.sec.gov/about/offices/ocie/cybersecurity-examination-sweep-summary.pdf;https://www.finra.org/file/report-cybersecurity-practices.

³ In its 2016 examination priorities notification letter to members, FINRA also identified suspicious activity monitoring as one of its initiatives. For more information, see http://www.finra.org/industry/2016-regulatory-and-examination-priorities-letter.