SEC’s OCIE Announces National Exam Program Priorities

The SEC’s Office of Compliance Inspections and Examinations (“OCIE”) published its National Exam Program Examination Priorities (here). This year’s publication comes in the form of a brochure, much like the one issued by the Division of Enforcement in November 2017, detailing the new focus of the Division as well as the prior fiscal year’s statistics (here).

The 2018 exam priorities are built on five basic principles designed around five “themes,” according to the brochure. Many of the themes are familiar from prior years such as a focus on retail investors (also a key for the Enforcement Division), seniors, fees and in particular wrap fees, compliance systems, cybersecurity, SARs and money laundering. New on the list of exam priorities is cryptocurrencies, focused on products which are securities, a subset of virtual currencies which are not all covered by the federal securities laws (here). Virtual currencies have been a key focus of concern for SEC Chairman Clayton (here).

Key principles on which the OCIE inspection program is built are:

  • Risk based: A central part of the program ties to an analysis of what OCIE calls the “root causes of harm to investors and markets” from which the greatest risks are identified. This analysis informs the priorities of the program in terms of those selected to be inspected and the scope of the exam.
  • Data: Data analysis is a key part of the inspection process. In particular the Quantitative Analytics Unit or QAR of the National Exam Analytics Tool or NEAT is used to facilitate an analysis of trading blotters. Data analysis is also used to identify high risk candidates for examination.
  • Transparent: OCIE is committed to being transparent about the program in order to encourage compliance.
  • Resources: Since the program has limited resources, OCIE focuses on leveraging those assets to maximum effectiveness.
  • Technology: The program embraces the use of new technology in an effort to do more with less while aiding the analysis of various issues.

While OCIE did not give specific examples in support of these principles, the first two – risk and data – are illustrated by recent enforcement actions involving investment advisers. Those actions frequently focused on fee disclosure, undisclosed conflicts of interest, inadequate procedures which directly impacted investors and a detailed data analysis of trading which can show, for example, the manner in which an adviser allocates profitable and unprofitable transactions. The remaining three points highlight the fact that while OCIE has limited resources its reached and program is effectively extended by publishing its exam priorities and using evolving technology.

The five building blocks of the program tie directly to what OCIE calls the “five themes” of the program: retail investors, compliance and risks in critical market infrastructure, the SROs – FINRA and the MSRB — cybersecurity and AML.

Key themes discussed in the OCIE brochure, along with examples of items inspectors will examine include:

Matters of importance to retail investors and seniors: This is a key focus that was also included in last year’s list of exam priorities. Here OCIE intends to focus on higher risk products and technology changes regarding the delivery of investment advice. Key areas include:

  • Cost of investing: Disclosures regarding fees and practices that might create incentives to recommend or use products with higher fees and increased risks; changes in products or the adviser representative; and the manner in which fees are calculated.
  • Electronic investment advice: In this area inspectors will focus on the use of so-called “robo-advisers”.
  • Wrap fee programs: This categor includes recommendations to invest in such a program, conflicts for advisers regarding best execution and the investment associated with executing the trades through another broker-dealer – that is, trading away. OCIE has focused on this area in the past; Enforcement has brought a series of actions centered on these programs.
  • Senior investors and retirement accounts: This area has also been a key priority of the program in the past. Here OCIE intends to focus on the manner in which firms supervise the relation with senior investors. Areas of focus include the ability of the firm to identify these situations to avoid the exploitation of seniors and the firm’s related internal controls.
  • Mutual funds – ETFs: The focus for mutual funds will be on those that performed poorly, have inexperienced advisers or that hold difficult to value securities (valuation issues have long been a key OCIE focus). For ETFs the focus will be on those with little secondary market trading volume and that face a risk of being delisted or may have to liquidate and whether investors were adequately informed of the risks.
  • Fixed income order execution: The central focus here is on the implementation of best execution policies and procedures.
  • Muni advisers: Key in this category is compliance with the registration, recordkeeping and supervision requirements as well as MSRB rules for professional qualifications, continued education and core standards.
  • Cryptocurrency, ICOs: OCIE intends to monitor these products and assess regulatory compliance where they involve securities, an issue which was the subject of an Enforcement Report on Investigation in July 2017 (here).

    Compliance and risks re market infrastructure: This category centers on the inspection of clearing agencies, national securities exchanges and transfer agents as well as Regulation SCI which deals with the technology infrastructure of the markets.

    FINRA and MSRB: For FINRA, OCIE plans to focus on the examination of broker-dealers and municipal advisors that are registered as broker-dealers. For municipal securities firms the inspection staff will examine the effectiveness of select operational and internal polices, procedures and controls.

    Cybersecurity: The inspection program will continue to prioritize this key area, focusing on governance and risk management as well as access rights and controls, data loss prevention, vendor rights, trading and incident response.

    AML: For broker-dealers and investment companies the inspection process will focus on the timely, complete and accurate filing of SARs and whether the firm is conducting adequate, timely and robust tests of its system.

    In publishing these exam priorities OCIE emphasized that they are not exclusive. Perhaps more importantly, as new issues and risks emerge, OCIE may incorporate them into the program. It is thus of critical importance to continually monitor new alerts published by OCIE to keep abreast of additional areas that may be added to the inspection program.