On December 20, 2018, the Office of Compliance Inspections and Examinations (“OCIE”) of the U. S. Securities and Exchange Commission (“SEC”) released its 2019 examination priorities. These priorities provide a preview of key areas where OCIE intends to focus its limited resources, but they do not necessarily encompass all of the areas that will be covered in their examinations. For those investment advisers that perform a risk assessment to help guide their annual 206-4(7) review, these priorities should be listed as a high risk given the SEC’s emphasis, and should be reviewed thoroughly. Overall, OCIE completed 3,150 examinations in fiscal year 2018, which is an increase of 10% over fiscal year 2017, and is an increase of 17% for registered investment advisers and 45% for investment companies. The examination priorities show that the SEC will continue its examination focus from prior years with an additional emphasis on digital assets. The priorities are organized in the six general categories below:
1. Retail Investors
The concerns prevalent with retail investors, including senior and others saving for retirement, continue to be first on the list. OCIE expects there will be adequate disclosure of the costs of investing and of conflicts of interest, and will closely look at the impact on the client from any such conflicts. OCIE will continue to review whether the services and products offered to seniors are appropriate and are under supervision by the firm. OCIE will also focus on newly registered or never-before-examined investment advisors based on a risk-based assessment. Mutual funds and exchange traded funds (“ETFs”) made the list and OCIE provided the following risks that will be examined: 1) index funds that track custom-built indexes; 2) ETFs with little secondary market trading volume; 3) funds with high allocations to securitized assets; 4) funds that are underperforming relative to their peers; 5) funds managed by advisers that are relatively new to the ’40 Act; and 6) advisers that provide services to both mutual funds and private funds with similar strategies. The Announcement further provides that OCIE will continue to conduct select examinations of municipal advisers that have never been examined, of select broker-dealers that hold customer cash and securities, and of broker-dealers that are involved in selling microcap securities.
2. Compliance and Risk in Critical Market Infrastructure
OCIE will focus on clearing agencies that the Financial Stability Oversight Council has designated as systematically important. National security exchanges, transfer agents, and regulation systems compliance and integrity (“SCI”) entitles fall within this focus area.
3. FINRA and MSRB
OCIE will continue to monitor FINRA regarding the quality of its operations and regulatory programs, as well as how the agency examines the entities within its purview. OCIE also will examine the MSRB to evaluate the effectiveness of certain operational and internal policies, procedures and controls.
4. Digital Assets
Digital Assets, which consist of cryptocurrencies, coins, and tokens, is the new category this year and for good reason given the rapid growth and risks to retail investors. Due to the significant growth and risks presented in this market, OCIE will continue to monitor the offer and sale, trading, and management of digital assets, and where the products are securities, examine for regulatory compliance. This focus is not surprising and is in line with the Commission’s Enforcement Division’s “Annual Report for Fiscal Year 2018,” which notes the prevalence of cryptocurrency offerings, and the concern that some of the offerings are simply outright frauds.
Cybersecurity is an ongoing priority for OCIE. The Announcement notes that examinations will focus on, among other things, proper configuration of network storage devices, information security, and policies and procedures related to retail training information security. Specific to investment advisers, OCIE’s examination program will emphasize governance and risk assessment, access rights and controls, data loss prevention, vendor management, training, and incident reporting.
6. Anti-Money Laundering Programs
AML Programs are also an ongoing priority for OCIE, and examinations will focus on whether regulated entities are appropriately adapting their AML programs to address their obligations and are making timely filings (suspicious activity reports).
The OCIE priority list gives registered entities a “heads-up” as to the likely focus of OCIE during their examinations. Compliance departments of potential audit candidates would do well to analyze their compliance policies and practices to ensure that their firms are adequately addressing risks and areas that are high on the Commission’s list.