Last week the staff of the Office of Compliance Inspections and Examinations (OCIE) of the SEC announced its 2018 examination priorities. The 2018 examination priorities include five thematic areas: (i) compliance and risks in critical market infrastructure; (ii) matters of importance to retail investors, including seniors and those saving for retirement; (iii) oversight of FINRA and the MSRB; (iv) cybersecurity; and (v) anti-money laundering programs. According to the SEC's budget request for fiscal year 2019 released this week, the agency oversees more than 12,000 registered investment advisers, approximately 15% of which were examined last year. Private fund advisers constitute 37% of this total.
This year's edition of the exam priorities begins with a new three-page message from the OCIE leadership team noting several items:
OCIE will continue to use a risk-based strategy based on data to select exam candidates;
OCIE increasingly will use data analytics to analyze consistency or discrepancy across regulatory filings such as Form ADV, Form BD, Form U-4, Form D and Form PF; and
OCIE will continue to use outreach initiatives as sources of compliance guidance, echoing comments by then-Acting Director of OCIE Pete Driscoll on September 14, 2017 before the CFA Institute's GIPS Standards Annual Conference. In this regard, the announcement notes that in Fiscal Year 2017, the SEC's National Examination Program issued six Risk Alerts and held four compliance outreach programs.
The examination priorities reflect a continued focus on a number of issues identified in prior years, with added emphasis on ensuring investor protections in the retail market. As we noted in our 2017 Annual Review and Outlook, SEC Chairman Jay Clayton repeatedly had stated in 2017 that the SEC's analysis of its own mission "starts and ends with the long-term interests of the Main Street investor." To that end, a number of identified topics of interest draw from the retail segment of the securities industry:
Disclosure of the Costs of Investing – As we have previously discussed, fee and expense disclosure has been a frequent topic in the area of private investment funds over the past several years. The 2018 announcement notes a continued focus on private fund advisers that manage funds with a high concentration of investors investing for the benefit of retail clients, including nonprofit organizations and pension plans. However, the 2018 announcement also prominently highlights a focus in this area for products and services offered to retail investors. On February 12, 2018, the SEC launched its Share Class Selection Disclosure Initiative whereby the SEC's Division of Enforcement will agree not to recommend financial penalties against investment advisers who self-report violations of the federal securities laws relating to certain mutual fund share class selection issues and promptly return money to harmed clients.
Electronic Investment Advice – The 2018 announcement repeats the focus from 2017 on electronic investment advice, or "robo-adviser" programs. While the OCIE staff notes its interest in "the oversight of computer program algorithms that generate recommendations," we had previously noted a proposed House Bill H.R.3948, the "Protection of Source Code Act." This bill would amend provisions of the federal securities laws to prohibit the SEC staff from obtaining algorithmic trading source code without a subpoena.
Cryptocurrency and Initial Coin Offerings – As the market for virtual currency expands, regulators will continue to adapt and evolve. In 2018, participants in virtual currency transactions subject to SEC jurisdiction can expect that the staff will focus on whether financial professionals maintain adequate controls and safeguards to protect these assets from theft or misappropriation, and whether financial professionals are providing investors with disclosure about the risks associated with these investments, including the risk of investment losses, liquidity risks, price volatility and potential fraud. We also have noted Chair Clayton's recent warning to attorneys advising issuers of virtual currency.
Cybersecurity: The 2018 announcement also articulates an expanded focus in the area of cybersecurity. This follows a series of OCIE publications most recently cumulating in a risk alert released on August 7, 2017, entitled Observations from Cybersecurity Examinations. We also have provided guidance to our clients in 2017 on steps investment firms can take against potential cyberattacks.
AML: Finally, the announcement notes that anti-money laundering (AML) programs will be an area of focus. Many entities subject to SEC oversight (e.g., broker-dealers and investment companies) are required to implement and maintain AML policies and procedures. Additionally, rules proposed by U.S. Financial Crimes Enforcement Network (FinCEN) on August 24, 2015, would require investment advisers registered with the SEC to establish AML programs and report suspicious activity to FinCEN under the U.S. Bank Secrecy Act of 1970. While the comment period on the proposed rule ended in November 2015, on March 8, 2017, FinCEN indicated that the agency still plans to move forward with the proposal.
In conclusion, the staff's 2018 announcement sets forth a basic roadmap that entities subject to SEC oversight should expect during exams. SEC exams are occurring today with greater frequency (OCIE noted that 15% of all advisers were examined last year, up from 8% five years ago) and, in our experience, greater intensity. Registered entities with operations in the identified areas should devote time and resources to assessing and assuring their preparedness in these areas.