Every year, the financial industry keenly awaits the annual priorities set down by the U.S. Securities and Exchange Commission (SEC) as they set the tone for the year’s risk considerations, while being the beacon for global regulatory updates. This year was no different: the recently released guidelines stress on some of last year’s priorities and introduce some new ones.
Organizations approach a new year with a plan that focuses on achieving various targets. If you are in Compliance Risk Assessment, then complying with priorities prescribed by regulators should be the primary focus area. Hence, we examine the priorities set by the Office of Compliance Inspections and Examinations (OCIE) for 2020.
TOTAL FINES ORDERED (in $million)
Source: 2019 enforcement annual report
Key 2020 priorities
From navigating the financial crisis to understanding and interpreting regulatory changes, compliance has become an integral part of a firm’s decision making process. Similar to a business setting its revenue targets, the compliance function is also required to set out its goals and achieve them within a given timeframe. So, what do we mean by goals in the context of compliance? They are a series of actions that help address certain risks and provide solutions, such as surveillances, policy updates, and thematic reviews, such as forensic to understand and mitigate any potential risk to the firm.
We observe that regulators narrow down on focus areas depending on the current industry environment and the happenings of the previous year. A few key trends and focus areas for 2020 are:
Use of third-party service providers and vendors by registrants
Information security and resiliency risks
Industry’s transition away from LIBOR
Approximate number of exams conducted by OCIE
Source: 2020 OCIE examination priorities
Getting down to details
While the OCIE’s website provides the complete list of priorities for 2020, we would like to discuss in detail a few key points that caught our attention:
The SEC 2020 examination priorities will focus on:
Registered Investment Advisers (RIA) Compliance Programs & Never-Before and Not Recently-Examined RIAs
Mutual Funds and ETFs for retail investors
RIAs to Private Funds
Information and Cyber Security
Anti-Money Laundering (AML) Programs
FinTech and Innovation
All things retail
In 2019, regulators worldwide focused on protecting retail investors; this seems to have gathered steam in 2020. There are numerous themes where the SEC has highlighted its examination priorities for this year, emphasizing on consumer protection, especially the protection of retail consumers.
Retail investors, including seniors and individuals, saving for retirement: The SEC has time and again made it clear that the most vulnerable sections of investors that need additional and clear information before making a decision are retail investors, senior citizens (especially members of the retirement communities), teachers, and military personnel. Any high-risk products sold to them, which may include complex private placements, non-transparent products, and funds with high fees and expenses, will need clear, descriptive, and easily understandable disclosures. This year’s theme has a strong focus on preventing fraud, inappropriate sales and marketing practices, and conflict of interests.
Registered Investment Advisers (RIA) Compliance Programs and Never-Before and Not Recently-Examined RIAs: The OCIE will continue to review the compliance programs of RIAs. The review will include checking whether the programs and their policies and procedures are reasonably designed, implemented, and maintained. Additionally, the OCIE will continue to conduct risk-based examinations of RIAs that have never been examined. These will include newly registered RIAs and RIAs registered for several years that have yet to be examined.
Retail-targeted investments: These include products that can pose elevated risks when marketed or sold to retail investors, whether as a result of the characteristics of those products, dynamics in the markets, or due to the significant amount or concentration of assets retail investors have invested in a product.
Mutual funds and ETFs for retail investors: The OCIE will examine financial incentives provided to financial services firms and professionals that could influence the selection of particular mutual fund share classes. It will also review mutual fund fee discounts that should be provided to investors as a result of policies, contractual or disclosed breakpoints, such as discounts provided based on achieving managed investments of a specific size.
RIAs to private funds: The OCIE will continue to focus on RIAs to private funds that have a greater impact on retail investors, such as firms that provide services for separately managed accounts along with private funds. The OCIE will review RIAs to private funds to assess compliance risks, including controls to prevent the misuse of material, non-public information and conflicts of interest, such as undisclosed or inadequately disclosed fees and expenses, and the use of RIA affiliates to provide services to clients.
Standard of Care
The SEC has dedicated a separate section on Standard of Care, where it emphasizes on Regulation Best Interest. Firms are expected to act in the best interest of the client, especially retail investors, when making recommendations for investment or trading, and are cautioned against placing their financial interests ahead of the client’s. The regulation now also extends to RIAs as Interpretation Regarding Standard of Conduct for Investment Advisers. Post the compliance date of June 2020 for the implementation of Regulation Best Interest and Form CRS, the OCIE will be conducting an examination of the implementation, which will also include RIAs under the IAIC exam program.
FinTech and innovation
We are living in an era of significant technological advancements and it is not surprising that the SEC is taking a view on areas of fintech and digital innovation. The focus areas for this year are alternative data, which the SEC plans to examine more closely, digital assets of a firm, and electronic investment advice.
In terms of digital assets, the priorities have, once again, been narrowed down to retail investor protection and revolve around themes such as suitability, trading practices, supervision and governance, and effectiveness of compliance programs. RIAs have become a focal point for electronic investment advice, where the SEC would be examining practices of investment advice being doled out via robo-advisers, along with a firm’s marketing practices and fiduciary duties.
Global average total cost of a data breach measured in US$ millions
Source: IBM Cost of a Data Breach Report 2019
Information security is the backbone of an organization’s operations; however, we are now also seeing a growing focus on cybersecurity, with increased advancements in the use of various online platforms to conduct businesses. Risks associated with cyberattacks and a firm’s resilience towards them have been brought up as one of the areas that the SEC will focus on this year.
In the five examinations slated to be conducted in 2020, information security and steps taken by firms to advance their cybersecurity protocols and mitigate such risks are being prioritized by the OCIE. Themes to look out for are supervision and governance, trainings, access controls, incident response, and third-party and vendor risk management.
To comply with The Banking Secrecy Act, the OCIE will be prioritizing AML-related programs as part of its 2020 examination. This will include a vast spectrum of themes that the industry is already familiar with, such as due diligence, SAR filings, fraudulent behavior, market manipulation, conflict of interests, and politically motivated or terrorist financing activities; the goal will be to test the robustness of a firm’s AML program and application thereof.
What should be your next steps?
Given that all focus areas discussed in the SEC document will not be applicable to your firm, the first step should be to carry out a risk assessment.
Start by placing these risk against business aspects that they may be aligned to
Try to understand why this can become a risk. So, it would be advisable to review historical cases and risk alerts issued by the SEC to understand the reported cases
If you determine the risk is applicable, then identify if a policy governs the risk outlined and if it requires any modifications
Once the policy has been created, you will need to decide if it requires continued monitoring or an ad-hoc review based on the risk assessment and impact analysis
If you are still not able to ascertain the risk applicable, perform a forensic review on the risk to see if it yields any results and if there needs to be continued monitoring based on the results
Acuity Knowledge Partners’ solution
Acuity Knowledge Partners’ solution is to create an approach that cultivates an ecosystem of controls that are dynamic, robust, and proficient. In this approach, we aim to address risks at all levels of the firm. We plan to review and identify gaps in compliance programs, address requirements of regulators, and create unique solutions with our state-of-the-art technology teams.
With our focused set of offerings in the areas of Corporate Compliance, Forensic Analysis, Compliance Testing, Monitoring Programs, Risk Trend Analysis, and Risk Mitigation, we customize and design reviews dedicated to your firm’s risks, keeping latest regulatory expectations in mind. A well thought-through approach – from initial analysis to end documentation and recommendation – will provide you with a holistic view of your business’s risks and build its resilience to any threat.
Acuity's AML and Financial Crimes practice offers solutions to assist financial services firms in addressing financial crimes-related threats and regulatory concerns. These include AML, Bank Secrecy Act, Foreign Corrupt Practices Act (FCPA) and Anti-Bribery.
Acuity’s Investment Compliance services help clients monitor investment policy goals and guidelines effectively and provide the transparency and control needed to support their governance and risk management practices.
What's your view?
Thank you for sharing your Comments
About the Authors
Tanya heads Corporate & Forensic Compliance practice. She has nearly 14 years of experience in the financial services industry. Prior to joining Acuity Knowledge Partners, she worked at Goldman Sachs as Vice President; GSAM Compliance as team manager - Bangalore, line compliance officer for the India businesses, and lead for forensic and marketing compliance initiatives. Tanya has also handled marketing strategy and communications at GSAM and market research at Thomson Financial. Tanya holds a Bachelor of Business Management, PGD in Psychology from University of Oxford, PGD in Social Media Marketing from Northwestern University.
Manish is the delivery manager and subject matter expert for the forensic compliance practice. He has over 10 years of experience in the financial services industry. Prior to joining Acuity Knowledge Partners he worked as an associate with Goldman Sachs - GSAM Compliance. He was part of the global forensics team and was part of the marketing and portfolio management compliance team. Manish was also part of the controls management team for the asset & wealth management team at JP Morgan and was part of the HSBC KYC remediation team for multiple lines of business.
Regulatory scrutiny of WhatsApp use for business....
While it would seem convenient to share information with just the click of a button rather....Read More
Digital operational resilience for the financial....
Introduction Digital Innovation is transforming financial services. With innovation in fi....Read More
SEC Division of Examinations – 2022 examinatio....
Introduction: Following the recent release of the SEC’s 2022 priorities, we aim to summ....Read More
A summary of the FCA business plan and Annual
The UK Financial Conduct Authority (FCA) recently published its business plan for 2021/22 ....Read More
Compliance rule deficiencies and weaknesses i
The latest risk alert published by SEC points out the compliance issues highlighted by OCI....Read More
A view into what we call “forensics”
The term “forensics compliance” came to light in 2006/07 in a letter sent by the US Se....Read More
Like the way we think?
Next time we post something new, we'll send it to your inbox