2020 SEC priorities : retail, cybersecurity, fintech, RIAs – Are you ready for the year ahead?

Published on January 13, 2020 by Tanya Raj and Manish Mohan Raj

Every year, the financial industry keenly awaits the annual priorities set down by the U.S. Securities and Exchange Commission (SEC) as they set the tone for the year’s risk considerations, while being the beacon for global regulatory updates. This year was no different: the recently released guidelines stress on some of last year’s priorities and introduce some new ones.

Organizations approach a new year with a plan that focuses on achieving various targets. If you are in Compliance Risk Assessment, then complying with priorities prescribed by regulators should be the primary focus area. Hence, we examine the priorities set by the Office of Compliance Inspections and Examinations (OCIE) for 2020.

TOTAL FINES ORDERED (in $million)

Source: 2019 enforcement annual report

Key 2020 priorities

From navigating the financial crisis to understanding and interpreting regulatory changes, compliance has become an integral part of a firm’s decision making process. Similar to a business setting its revenue targets, the compliance function is also required to set out its goals and achieve them within a given timeframe. So, what do we mean by goals in the context of compliance? They are a series of actions that help address certain risks and provide solutions, such as surveillances, policy updates, and thematic reviews, such as forensic to understand and mitigate any potential risk to the firm.

We observe that regulators narrow down on focus areas depending on the current industry environment and the happenings of the previous year. A few key trends and focus areas for 2020 are:

• Use of third-party service providers and vendors by registrants

• Information security and resiliency risks

• Geopolitical events

• Industry’s transition away from LIBOR

Approximate number of exams conducted by OCIE

Source: 2020 OCIE examination priorities

Getting down to details

While the OCIE’s website provides the complete list of priorities for 2020, we would like to discuss in detail a few key points that caught our attention:

The SEC 2020 examination priorities will focus on:

• Registered Investment Advisers (RIA) Compliance Programs & Never-Before and Not Recently-Examined RIAs

• Retail-Targeted Investments

• Mutual Funds and ETFs for retail investors

• RIAs to Private Funds

• Information and Cyber Security

• Anti-Money Laundering (AML) Programs

• FinTech and Innovation

All things retail

In 2019, regulators worldwide focused on protecting retail investors; this seems to have gathered steam in 2020. There are numerous themes where the SEC has highlighted its examination priorities for this year, emphasizing on consumer protection, especially the protection of retail consumers.

Retail investors, including seniors and individuals, saving for retirement: The SEC has time and again made it clear that the most vulnerable sections of investors that need additional and clear information before making a decision are retail investors, senior citizens (especially members of the retirement communities), teachers, and military personnel. Any high-risk products sold to them, which may include complex private placements, non-transparent products, and funds with high fees and expenses, will need clear, descriptive, and easily understandable disclosures. This year’s theme has a strong focus on preventing fraud, inappropriate sales and marketing practices, and conflict of interests.

Registered Investment Advisers (RIA) Compliance Programs and Never-Before and Not Recently-Examined RIAs: The OCIE will continue to review the compliance programs of RIAs. The review will include checking whether the programs and their policies and procedures are reasonably designed, implemented, and maintained. Additionally, the OCIE will continue to conduct risk-based examinations of RIAs that have never been examined. These will include newly registered RIAs and RIAs registered for several years that have yet to be examined.

Retail-targeted investments: These include products that can pose elevated risks when marketed or sold to retail investors, whether as a result of the characteristics of those products, dynamics in the markets, or due to the significant amount or concentration of assets retail investors have invested in a product.

Mutual funds and ETFs for retail investors: The OCIE will examine financial incentives provided to financial services firms and professionals that could influence the selection of particular mutual fund share classes. It will also review mutual fund fee discounts that should be provided to investors as a result of policies, contractual or disclosed breakpoints, such as discounts provided based on achieving managed investments of a specific size.

RIAs to private funds: The OCIE will continue to focus on RIAs to private funds that have a greater impact on retail investors, such as firms that provide services for separately managed accounts along with private funds. The OCIE will review RIAs to private funds to assess compliance risks, including controls to prevent the misuse of material, non-public information and conflicts of interest, such as undisclosed or inadequately disclosed fees and expenses, and the use of RIA affiliates to provide services to clients.

Standard of Care

The SEC has dedicated a separate section on Standard of Care, where it emphasizes on Regulation Best Interest. Firms are expected to act in the best interest of the client, especially retail investors, when making recommendations for investment or trading, and are cautioned against placing their financial interests ahead of the client’s. The regulation now also extends to RIAs as Interpretation Regarding Standard of Conduct for Investment Advisers. Post the compliance date of June 2020 for the implementation of Regulation Best Interest and Form CRS, the OCIE will be conducting an examination of the implementation, which will also include RIAs under the IAIC exam program.

FinTech and innovation

We are living in an era of significant technological advancements and it is not surprising that the SEC is taking a view on areas of fintech and digital innovation. The focus areas for this year are alternative data, which the SEC plans to examine more closely, digital assets of a firm, and electronic investment advice.

In terms of digital assets, the priorities have, once again, been narrowed down to retail investor protection and revolve around themes such as suitability, trading practices, supervision and governance, and effectiveness of compliance programs. RIAs have become a focal point for electronic investment advice, where the SEC would be examining practices of investment advice being doled out via robo-advisers, along with a firm’s marketing practices and fiduciary duties.

Global average total cost of a data breach measured in US$ millions

Source: IBM Cost of a Data Breach Report 2019

Cybersecurity

Information security is the backbone of an organization’s operations; however, we are now also seeing a growing focus on cybersecurity, with increased advancements in the use of various online platforms to conduct businesses. Risks associated with cyberattacks and a firm’s resilience towards them have been brought up as one of the areas that the SEC will focus on this year.

In the five examinations slated to be conducted in 2020, information security and steps taken by firms to advance their cybersecurity protocols and mitigate such risks are being prioritized by the OCIE. Themes to look out for are supervision and governance, trainings, access controls, incident response, and third-party and vendor risk management.

AML programs

To comply with The Banking Secrecy Act, the OCIE will be prioritizing AML-related programs as part of its 2020 examination. This will include a vast spectrum of themes that the industry is already familiar with, such as due diligence, SAR filings, fraudulent behavior, market manipulation, conflict of interests, and politically motivated or terrorist financing activities; the goal will be to test the robustness of a firm’s AML program and application thereof.

What should be your next steps?

Given that all focus areas discussed in the SEC document will not be applicable to your firm, the first step should be to carry out a risk assessment.

• Start by placing these risk against business aspects that they may be aligned to

• Try to understand why this can become a risk. So, it would be advisable to review historical cases and risk alerts issued by the SEC to understand the reported cases

• If you determine the risk is applicable, then identify if a policy governs the risk outlined and if it requires any modifications

• Once the policy has been created, you will need to decide if it requires continued monitoring or an ad-hoc review based on the risk assessment and impact analysis

• If you are still not able to ascertain the risk applicable, perform a forensic review on the risk to see if it yields any results and if there needs to be continued monitoring based on the results

Acuity Knowledge Partners’ solution

Acuity Knowledge Partners’ solution is to create an approach that cultivates an ecosystem of controls that are dynamic, robust, and proficient. In this approach, we aim to address risks at all levels of the firm. We plan to review and identify gaps in compliance programs, address requirements of regulators, and create unique solutions with our state-of-the-art technology teams.

With our focused set of offerings in the areas of Corporate Compliance, Forensic Analysis, Compliance Testing, Monitoring Programs, Risk Trend Analysis, and Risk Mitigation, we customize and design reviews dedicated to your firm’s risks, keeping latest regulatory expectations in mind. A well thought-through approach – from initial analysis to end documentation and recommendation – will provide you with a holistic view of your business’s risks and build its resilience to any threat.

Acuity's AML and Financial Crimes practice offers solutions to assist financial services firms in addressing financial crimes-related threats and regulatory concerns. These include AML, Bank Secrecy Act, Foreign Corrupt Practices Act (FCPA) and Anti-Bribery.

Acuity’s Investment Compliance services help clients monitor investment policy goals and guidelines effectively and provide the transparency and control needed to support their governance and risk management practices.

Source

https://www.sec.gov/about/offices/ocie/national-examination-program-priorities-2020.pdf

---

---