Memo #
32131

The SEC Publishes Its 2020 Examination Priorities
| Print

[32131]

January 8, 2020 TO: ICI Members
Investment Company Directors
ICI Global Members
Chief Compliance Officer Committee
International Internal Audit Advisory Committee
SEC Rules Committee
Transfer Agent Advisory Committee SUBJECTS: Anti-Money Laundering
Compliance
Cybersecurity
Exchange-Traded Funds (ETFs)
Fixed Income Securities
Investment Advisers
Operations RE: The SEC Publishes Its 2020 Examination Priorities

 

Overview of OCIE’s 2020 Priorities

For the eighth year in a row, the SEC’s Office of Compliance Inspections and Examinations (OCIE) has published its examination priorities for the coming year.[1] OCIE’s priorities for 2020 are grouped into the following eight areas:

  • Retail investors, including seniors and individuals saving for retirement;
  • Information security;
  • Financial Technology and innovation, including digital assets and electronic investment advice (i.e., “robo advisers”);
  • Registered investment advisers and investment companies;
  • Broker-dealers and municipal advisors;
  • AML programs;
  • Market infrastructure; and
  • FINRA and MSRB.

The 2019 Priorities in these areas that are relevant to mutual funds and their investment advisers are briefly summarized in Part III of this memo. Before discussing each of these areas, the Priorities have a “Message from OCIE’s Leadership Team” that, in part, discusses OCIE’s 2019 statistics and SEC rulemaking and industry trends impacting its work. 

Message from OCIE’s Leadership Team

The Message from OCIE’s Leadership Team begins by noting that compliance programs, chief compliance offices, and compliance staff “play critically important roles at firms” and “culture and tone from the top are key” to effective compliance. In OCIE’s view, one hallmark of a firm with effective compliance “is a knowledgeable and empowered chief compliance officer with full responsibility, authority, and resources to develop and enforce policies and procedures of the firm.”

OCIE’s Statistics

In terms of OCIE’s statistics, according to the Priorities:

  • In the last five years, the number of registered investment advisers (RIAs) OCIE oversees has increased from 11,500 to 13,475 and the advisers’ assets under management have increased from approximately $62 trillion to $84 trillion;
  • There are more than 3,700 RIAs that each manage over $1 billion in assets. More than 60% of RIAs are affiliated with other financial industry firms and approximately 12% provided advisory services to a mutual fund, exchange-traded fund, or other registered investment company;
  • In FY 2019, OCIE completed 3,089 examinations. While this is a decrease of 2.7% from the previous fiscal year, during FY 2019 OCIE’s operations were suspended for one month due to the government shutdown;
  • The percentage of RIAs examined is up from 10% in 2014;
  • Examinations of RIAs “remained strong at approximately 2,180, covering 15% of the population;” 
  • Examinations of investment companies were up by approximately 12%, to over 150;
  • OCIE issued more than 2,000 deficiency letters in 2019;
  • OCIE verified assets in over 3.1 million investor accounts, totaling $1.5 trillion; and
  • While the number of OCIE examinations has been increasing, according to the Examination Priorities, “OCIE’s coverage rates will likely not keep pace with the continued growth in the population and complexity, without corresponding staffing increases.”

Rulemaking Impacting OCIE: Regulation BI and Form CRS2

The Messages portion of the Examination Priorities discusses the “Anticipated Impact of Significant Rulemaking.” Prominent in this discussion is Regulation Best Interest and the new Form CRS Relationship Summary, which will be an examination priority for OCIE. According to the Priorities:

OCIE recognizes that these new rules will require various market participants to make changes to their operations, including to required disclosures, marketing materials and compliance programs. In order to assist firms with planning for compliance with these new rules, the SEC established an inter-Divisional Standards of Conduct Implementation Committee – of which staff across OCIE are members.  We encourage firms to actively engage with OCIE and other SEC staff as they plan for implementation.

Regulation BI is again discussed later in the document under its discussion of OCIE’s focus on retail investors, including seniors saving for retirement:

To further assist broker-dealers before the June 30, 2020 compliance date for Regulation Best Interest and Form CRS, OCIE will engage with broker-dealers during examinations on their progress in implementing the new rules and questions they may have regarding the new rules. After the compliance dates, OCIE intends to assess implementation of the requirements of Regulation Best Interest, including policies and procedures regarding conflicts disclosures, and for both broker-dealers and RIAs, the content and delivery of Form CRS. Moreover, OCIE has already integrated the Interpretation Regarding Standards of Conduct for Investment Advisers into the [Investment Adviser/Investment Company] examination program.

Industry Trends Impacting OCIE’s Examinations; OCIE’s Data Security Efforts

Under the heading of “Risk, Technology, and Industry Trends,” the Priorities note that, in addition to continuing to focus on third-party risk management during FY 2020, OCIE “will also closely track and evaluate the impact of several major risk themes affecting its registrant population.” These risk themes include information security and resiliency risks, geopolitical events, and the industry’s transition away from LIBOR. OCIE’s focus in these areas will be on assessing their impact and any compliance challenges that arise.

This section of the Examination Priorities also discusses OCIE’s continued use of technology and data analytics in its examinations. The Institute is pleased that, according to OCIE, it “is mindful of its responsibility to ensure that information requested during an examination is appropriately calibrated . . . and protected.” With respect to what this means for registrants, OCIE explains as follows:

During an examination, staff may request certain books and records that include sensitive information such as customer transactions, communications and other personal data to assess whether firms are complying with the federal securities laws.  OCIE strives to appropriately tailor its request for data and encourages dialogue with staff where a registrant may have a preferred or alternative data solution that would meet examination objectives.

To our knowledge, this is the first time that OCIE has publicly expressed its interest in working with registrants to address registrants’ concerns with OCIE protecting investors’ non-public personal information the OCIE seeks access to during an examination. We welcome such engagement with registrants.

OCIE’s Outreach Efforts

The last section of OCIE’s Message discusses OCIE’s outreach efforts, which it considers to be a part of its mission to promote compliance and further the effective and efficient allocation of OCIE’s examination resources. These efforts include the more than 100 national and regional compliance seminars that OCIE conducts annually and the Risk Alerts that it publishes to raise awareness of compliance and industry trends. During 2019, OCIE published a total of eight Risk Alerts, which is the most it has published in any year since it started publishing them in 2011.[3] 

OCIE’s 2020 Examination Priorities

As noted above, OCIE’s 2020 examination priorities are grouped into eight categories. The categories that would be relevant to the Institute’s members are briefly summarized below.[4]

Retail Investors, Including Seniors and Individuals Saving for Retirement

This category is one that has long been included in OCIE’s annual list of priorities. For the coming year, OCIE will prioritize examinations of (1) intermediaries that service investors – including RIAs, broker-dealers, and dually-registered firms; and (2) investments marketed to or designed for retail investors, “such as mutual funds and exchange traded funds, municipal securities and other fixed income securities, and microcap securities.” These examinations will focus on recommendations and advice given to retail investors and, in particular, to retail investors that are seniors, teachers, and military personnel. In addition, OCIE will focus on “risks associated with fees and expenses and undisclosed, or inadequately disclosed compensation arrangements.” As explained in the Priorities:

Fee and compensation-based conflicts of interest may take many forms, including revenue sharing arrangements between a registered firm and issuers, service providers, and others, and direct or indirect compensation to advisory personnel for executing client transactions. In addition, duty of care concerns may arise when an RIA does not aggregate certain accounts for purposes of calculating fee discounts in accordance with its disclosures. These potential breaches of fiduciary duty may adversely impact portfolio management costs, reduce investor returns, and inappropriately influence investment decision-making.

As with OCIE’s 2019 priorities,[5] this year’s priorities include a discussion of mutual funds and ETFs.[6] While last year OCIE’s focus was on ETFs with bespoke indexes and little secondary market trading volume, this year’s focus will be on financial services firms and professionals that may influence the selection of particular fund classes. OCIE also plans to review mutual fund fee discounts that should be provided to investors as a result of policies or contractual or disclosed breakpoints.

Information Security

Again this year, OCIE will prioritize information security in its examinations. The Priorities’ discussion of this topic is almost identical to that in OCIE’s 2019 priorities. In particular, OCIE will again focus on: proper configuration of network storage devices; information security governance generally; retail trading information security; governance and risk assessments; access rights and controls; data loss prevention; vendor management; training; and incident response. Other areas of focus this year include: oversight of certain service providers and network solutions, including cloud-based storage vendors; assessing registrants’ compliance with Regulations S-P and S-ID; the proper disposal of retired hardware that may contain client information; and potential network information that could create and intrusion vulnerability.  

FINTECH and Innovation, Including Digital Assets and Electronic Investment Advice

OCIE is interested in keeping abreast of registrants’ use of alternative data that may drive investment decision making. Its interest will be drive OCIE’s review of registrants’ use of these data sets and technologies to interact with and provide services to investors, firms, and other service providers and assess the effectiveness of related compliance and control functions. With respect to electronic investment advice, OCIE will continue to focus on robo-advisers and these examinations will focus on: SEC registration eligibility; cybersecurity policies and procedures; marketing practices; adherence to fiduciary duty, including the adequacy of disclosures; and effectiveness of compliance programs. 

Additional Focus Areas Involving RIAs and Investment Companies

The Priorities include additional areas of focus for OCIE relating to RIAs and investment companies. These additional areas are:

  • RIA Compliance Programs, which will involve reviewing whether RIAs’ compliance programs and their policies and procedures are reasonably designed, implemented, and maintained.
  • Dually-registered RIAs, which will focus on reviewing best execution, prohibited transactions, fiduciary advice, and disclosure of conflicts.
  • The Accuracy and Adequacy of Disclosures, which will focus on disclosures RIAs provide to clients when offering new types of emerging investment strategies, “such as strategies focused on sustainable and responsible investing, which incorporate environmental, social, and governance (ESG) criteria.”
  • Never-Before and Not Recently-Examined RIAs, in which OCIE “will also prioritize examinations of RIAs that were previously examined but have not been examined for a number of years to focus on whether the RIAs’ compliance programs have been appropriately adapted in light of any substantial growth or change in their business models.”
  • Mutual Funds and ETFs. These examinations, which will include a review of both the activities of the funds’ RIA and board of directors, will focus on: RIAs that use third-party administrators to sponsor the mutual fund they advise or are affiliated with; mutual funds or ETFs that have not previously been examined; and RIAs to private funds that also manage a registered fund with a similar investment strategy.

AML Programs

As in previous years, OCIE will continue to prioritize examining broker-dealers and investment companies for their compliance with the AML obligations in order to assess whether they have established appropriate customer identification programs and are: satisfying their SAR filing obligations; conducting due diligence on customers; complying with beneficial ownership requirements; and conducting robust and timely independent tests of their AML programs.  Overall, OCIE is interested in ensuring that registrants have adequate policies and procedures in place that are reasonably designed to identify suspicious activity and illegal money-laundering activities. 

Transfer Agents

As in previous years, during 2020, OCIE “will continue to examine transfer agents’ core functions, including: the timely turnaround of items and transfer, recordkeeping and record retention, and safeguarding of funds and securities.” It will also focus “on the requirement for transfer agents to annually file a report by an independent accountant concerning the transfer agent’s system of internal accounting controls, as well as compliance with obligations to search for lost securityholders and provide notice to unresponsive payees.” Candidates for these examinations will include those transfer agents that serve as paying agents for issuers, those that use blockchain technology, and those that provide services to issuers of microcap securities, private offering, crowdfunded securities, or digital assets. 

Conclusion

This year’s Priorities concludes by welcoming comments and suggestions regarding how OCIE can better fulfill its mission to promote compliance, prevent fraud, identify and monitor risk, and inform SEC policies. It also encourages persons who suspect or observe activity that may violate the federal securities laws, or otherwise operate to harm investors, to notify the SEC staff.

 

Tamara K. Salmon
Associate General Counsel

 

endnotes

[1] See 20209 Examination Priorities, Office of Compliance Inspections and Examinations, US Securities and Exchange Commission (January 7, 2020) (the “Priorities”), which is available at: https://www.sec.gov/about/offices/ocie/national-examination-program-priorities-2020.pdf 

[2] Interestingly, while the Priorities discuss OCIE rulemaking impacting OCIE’s examinations this year, the Priorities do not mention as a 2020 priority a review of registrants’ liquidity risk management programs.

[3] These eight are: (1) Investment Adviser Compliance Issues Related to the Cash Solicitation Rule; (2) Risk-Based Examination Initiatives Focused on Registered Investment Companies; (3) Observations from Investment Adviser Examinations Relating to Electronic Messaging; (4) Transfer Agent Safeguarding of Funds and Securities; (5) Investment Adviser and Broker-Dealer Compliance Issues Related to Regulation S-P – Privacy Notices and Safeguard Policies; (6) Safeguarding Customer Records and Information in Network Storage – Use of Third Party Security Features; (7) Observations from Examinations of Investment Advisers: Compliance, Supervision, and Disclosure of Conflicts of Interest; and (8) Investment Adviser Principal and Agency Cross Trading Compliance Issues.

[4] Omitted from this summary is the discussion in the Priorities relating to Digital Assets, Broker-Dealers, Municipal Advisors, Clearing Agencies, National Securities Exchanges, Regulation Systems Compliance and Integrity, FINRA, and the MSRB.  

[5] See 2019 Examination Priorities, Office of Compliance Inspections and Examinations, US Securities and Exchange Commission (December 20, 2018), which is available at: https://www.sec.gov/files/OCIE%202019%20Priorities.pdf.

[6] See, also, the Additional Focus Areas Involving RIAs and Investment Companies section this memo for additional areas of focus for OCIE this year relating to RIAs, mutual funds, and ETFs.