Earlier this month, the SEC’s Office of Compliance Inspections and Examinations (OCIE) announced its examination priorities for 2020. Many of the priorities listed are similar to those identified in previous years’ priorities lists. The SEC’s approach in addressing them, however, continues to evolve to keep pace with the changing landscape of financial markets, market participants, products, technologies and risks. This post will address some of the areas that should be of concern to a large percentage of registered investment advisers (RIAs), broker-dealers and other regulated entities.
OCIE reiterated that a significant underpinning of any effective compliance program is the “tone at the top” set by C-level executives and owners. Those firms that prioritize compliance and effectively create a “culture of compliance” tend to be more successful in designing and implementing compliance plans than firms that view compliance as an afterthought or business hindrance. One of the “hallmarks” of a firm’s commitment to compliance is the presence of an “empowered” CCO who is routinely consulted regarding most facets of the firm’s operations. There is nothing new to these concepts, but it is worth noting that OCIE continues to emphasize them year after year. Although not stated in the priorities release, the degree to which a firm demonstrates a commitment to compliance often weighs heavily on decisions OCIE examiners must make regarding how deficiencies will be addressed by the Commission. All other things being equal, firms that have made mistakes but demonstrate the ability to make effective corrections will often be provided an opportunity to implement those corrections and are less likely to become the subject of an enforcement referral.
Not surprisingly, OCIE will continue to prioritize examining RIAs to assess compliance with their fiduciary duty to clients. For examinations of RIAs occurring during the second half of 2020, this will undoubtedly include the proper use of Form ADV Part 3, which RIAs are required to complete, file, and place into use with clients by June 30, 2020. Additionally, broker-dealers will be expected to implement compliance with new Regulation BI, requiring adherence to a best interest standard. The priorities list reiterates that advisers and broker-dealers must eliminate, or at least fully and fairly disclose, all conflicts of interest, as more fully explained in Investment Advisor Release 5248, issued in June of last year.
Among other priorities relevant to RIAs, OCIE also listed the protection of retail investors saving for retirement, information security, anti-money laundering programs and financial technology.
In the area of information security, OCIE will focus on helping firms identify and address security risks, including cybersecurity threats, and will encourage registrants to engage regulators and law enforcement activities with respect to such matters. Among the specific security issues that OCIE expects to examine are the security of network storage devices and their configuration, security regarding trading information, protection of personal financial information of clients, controls relating to network access, prevention of data loss, managing third-party vendors with respect to information security, training of supervised persons and responding to cyber incidents.
In examining RIAs in 2020, OCIE also indicated it will have a particular interest in whether disclosures regarding new types of emerging investment strategies are adequate. Examples include socially responsible or sustainable investing, or environmental social and governance (ESG) investing. OCIE will also continue to prioritize examination of RIAs that have never been examined. These examinations will be risk-based, and for those firms that have been registered for several years, will also focus on whether RIA’s compliance program has evolved and adapted in light of any growth or change in the firm’s business model over time.
The risks considered by OCIE in connection with risk-based examinations include whether the firm offers high-risk products, what types of compensation and funding arrangements exist, the results of prior examination deficiencies or observations, whether the firm or its associated individuals have disciplinary history, whether there have been changes in firm ownership or leadership or other key personnel, and whether the firm has custody of client assets.
Parker MacIntyre provides legal and compliance services to investment advisers, broker-dealers, registered representatives, hedge funds, and issuers of securities, among others. Our regulatory practice group assists financial service providers with complex issues that arise in the course of their business, including compliance with federal and state laws and rules. Please visit our website for more information.