Bates Research - 02-14-18
Tough Choices for Regulators: OCIE Sets 2018 Exam Priorities
In the sixth annual publication of examination priorities, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) identified four “pillars” of their mission to protect investors and ensure the integrity of the U.S. capital markets: (i) promoting compliance, (ii) preventing fraud, (iii) identifying and monitoring risk, and (iv) informing policy. The 2018 OCIE priorities are consistent with these pillars and do not reflect a significant new direction for OCIE (see year-to-year Priorities Comparison chart below). Beyond the specific highlights, however, there is a clear concern about limited regulatory resources and a corresponding enthusiasm for the use of data, technology and analytics.
2018 Approach to Examinations
Repeatedly referring to constraints on resources that necessitate “hard choices” and “tradeoffs” in the context of the significant growth and complexity of the financial markets, OCIE leadership articulated the following approach to choosing this year’s exam priorities. First, OCIE will continue to employ a “risk-based strategy” to analyze root causes of harm to investors and markets and to identify risks. Second, OCIE will continue to use data and analytics for risk assessment and exam scoping, planning, and execution. (Specifically, OCIE lauded their Quantitative Analytics Unit as being able to identify non-compliance with securities laws and detect fraudulent behavior.) Third, OCIE will provide greater transparency by sharing information obtained from examination findings (including cybersecurity examinations) to provide more risk alerts to investors. Fourth, OCIE will deploy their subject matter experts and leverage their technology to strengthen risk assessment and examination processes. Finally, OCIE will “embrace” new technology to enhance their analytic efforts.
The overall OCIE approach reflects a greater reliance on data, analytics, technology and innovation than in the past. As Bates Group’s Director of Institutional and Complex Litigation Alex Russell notes:
As described by OCIE, developments in the use of data are seen as a way to benefit investors through lower costs, more information, better financial advice and wider access. They are also seen as the answer to improving identification of risk to investors, cyber-monitoring and combatting cybersecurity attacks.
2018 Examination Priorities
OCIE priorities “reflect certain practices, products, and services” that “may present potentially heightened risk to investors and/or the integrity of the U.S. capital markets.” This year OCIE has prioritized (i) retail investor protection for seniors and retirement savers, (ii) compliance and risk in critical market infrastructure, (iii) FINRA and MSRB rulemaking, (iv) cybersecurity, and (v) anti-money laundering programs. OCIE cautioned that additional priorities may be added in light of market conditions or as OCIE identifies emerging risks and trends.
Here is a brief review of OCIE’s top concerns:
Seniors and Retirement Savers:
OCIE will continue its long-standing efforts to protect retail investors in general, in particular senior investors and those with retirement accounts. Consistent with recent FINRA rule amendments (see Bates Group review here), OCIE stated that it will examine investment advisor and broker-dealer disclosures regarding fees, expenses and other charges; internal controls and supervision over the selling of products and services (specifically, the sale of variable insurance products and the trading in mutual funds and exchange traded funds (“ETFs”) that may subject retail investors to increased risk); and the execution of customer orders in fixed income securities. OCIE also stated that it will review internal controls on, and disclosures by, financial professionals regarding cryptocurrencies, initial coin offerings (“ICOs”), secondary market trading in these products and Blockchain technology.
Compliance and Risk in Critical Market Infrastructure
OCIE will prioritize examination of entities that provide services critical to the functioning of the capital markets. This includes clearing agencies, national securities exchanges and transfer agents. The focus of the examinations would include, among other things, recordkeeping and safeguarding of funds and securities by transfer agents, compliance with corrective action required by prior examination, and governance around expense and revenue allocations of national securities exchanges.
FINRA and MSRB
OCIE will prioritize the review of the operations, internal policies, procedure and controls of the key self-regulating organizations (“SROs”) FINRA and the MSRB. In addition, OCIE will review the quality of FINRA’s examinations of broker-dealers. Given FINRA’s recently announced examination priorities (see Bates Group’s review here), OCIE’s announcement was expected. OCIE will also examine municipal advisers registered as broker-dealers.
OCIE will examine firms for six areas of cybersecurity including governance and risk assessment, access rights and controls, data loss prevention, vendor management, training, and incident response.
OCIE will examine firms to determine whether their anti-money laundering (“AML”) programs are in compliance with their regulatory obligations, specifically those required by the Financial Crimes Enforcement Network’s (“FinCEN”). OCIE will examine for customer due diligence, the filing of accurate and timely Suspicious Activity Reports (“SARs”) and verifying that firms are conducting “robust” independent testing of their programs.
BATES GROUP'S YEAR-TO-YEAR COMPARISON OF OCIE EXAMINATION PRIORITIES
Source: OCIE 2018 National Exam Program Examination Priorities (Compiled by Alex Russell, Bates Group LLC)
The 2018 OCIE priorities do not reflect a significant new direction for OCIE. The announced emphasis on retail investors, critical infrastructure, the operations of the SROs, AML and cybersecurity follows a fairly consistent course from prior years.
That said, the issue raised by OCIE leadership concerning the size and complexity of the market, expanded responsibilities and limited resources—reinforced by similar language in the SEC’s most recent budget request—is important. Also notable is the clear shift in the level of reliance by OCIE on data and analytics to solve market issues and protect investors. Whether increased reliance on data and analytics will solve the limited resources concern is an open question. Bates will continue to keep you apprised of new developments.
For additional information and assistance, please follow the links below to Bates Group's Practice Area pages: