The SEC’s compliance priorities for 2019 reveal a particular focus on cyber and data security. Our experts share steps compliance officers, corporate executives, and boards of directors should take to see success in their next compliance examinations.
Each year, the United States Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE) and the Financial Industry Regulatory Authority (FINRA) publish their compliance examination priorities that each respective regulator will focus on during compliance inspections and examinations in the coming year. An analysis of the examination priorities provides insight into the regulatory trends and areas of emphasis that may be the focus of examiners’ inquiries. Awareness of these priorities and the expectations of the regulating bodies is instrumental in ensuring that your institution withstands this heightened scrutiny.
This year’s examination priorities discuss both recent areas of regulatory concern and some new ones. Recurring themes from both the OCIE’s and FINRA’s annual priorities include the protection of retirement-age investors, risk-based review of mutual funds and exchange-traded funds, anti-money laundering (AML) programs, duties of best execution, suitability determinations, cybersecurity, market manipulation, and governance of market infrastructure.
Both the OCIE and FINRA continue to prioritize cybersecurity and AML programs as critical compliance program elements. In addition, both OCIE and FINRA indicate that inspections of institutions offering, trading, or investing in digital assets will be an important component to both regulators’ examinations in the coming year.
The OCIE’s 2019 Examination Priorities make clear that it will once again focus on critical market infrastructure and the protection of retail investors. More specifically, the OCIE will promote investor protection by prioritizing reviews of fee, expense, and conflict of interest disclosures, as well as firm marketing of mutual funds and exchange-traded products. The OCIE will also continue to focus on broker-dealers engaged in selling micro-cap securities and their programs for preventing potential market manipulation. Regarding its oversight of critical market infrastructure, the OCIE will review compliance and risk in clearing agencies, technology infrastructure subject to Regulation Systems Compliance and Integrity (Regulation SCI), transfer agents, and national securities exchanges.
FINRA, which regulates all U.S. broker-dealers and their registered representatives, placed a greater emphasis on risk monitoring and new priorities in its 2019 Examination Priorities.
In addition, the FINRA 2019 Examination Priorities focus on various sales practice, operational, market, and financial risks.
Notably, both the OCIE and FINRA explicitly refer to their intention to examine firms’ participation in the digital assets marketplace. The OCIE identifies digital assets as a stand-alone examination priority, citing the significant growth of the digital asset market and the well-known risks involved. Specifically, the OCIE notes that, after identifying firms with digital assets businesses, it will assess the extent of their activities and conduct examinations focused on portfolio management of digital assets, trading, safety of client funds and assets, pricing of client portfolios, compliance, and internal controls.
On the other hand, FINRA’s 2019 Examination Priorities identify the supervision of digital assets in the context of operational risk and request that its member firms notify it if they plan to engage in the digital assets business, despite the absence of any legal or membership requirement to do so. In addition, FINRA states that its reviews will examine compliance with applicable securities laws and regulations and regulated supervisory, compliance, and operational controls to mitigate the risks associated with such activities.
Critical Market Infrastructure and Market Access
Given the SEC’s focus on regulating digital assets that qualify as securities, and FINRA’s close coordination with and oversight by the SEC, firms need to document their processes and decision-making for determining whether a given digital asset qualifies as a security. In instances where the firm offers, trades, or has custody of digital assets that are securities, compliance officers need to be prepared to furnish examiners with documentation of a robust compliance program and appropriate records to evidence compliance with applicable securities laws and regulations.
The OCIE dedicates an entire section of its 2019 Examination Priorities to risk-based examinations of entities that operate critical market infrastructure, such as clearing agencies, Regulation SCI entities, transfer agents and securities exchanges. Generally, examiners will look to see whether critical market infrastructure firms comply with applicable federal laws and adhere to independent audit requirements. In addition, the 2019 FINRA Examination Priorities will focus on the controls and monitoring of broker-dealers that provide market access.
To prepare market access and critical market infrastructure firms for examinations, compliance departments should expect to produce their policies, procedures, and controls for review. In addition, market surveillance technology, as well as policies and procedures for detecting and reporting improper activity should also be reviewed ahead of an exam. Furthermore, compliance officers need to ensure that their firm reviewed and executed any corrective actions identified in previous audits or examinations and that it follows all relevant record-keeping regulations.
Special thanks to contributors Ryan Duval, Benjamin Donat, and Khin Sabae.