Kudos to the SEC. Since 2013 when OCIE first identified its examination priorities for the upcoming year, they have been able to identify those priorities in the second fiscal quarter, but for 2019, OCIE identified those priorities on December 20, 2018, in the first fiscal quarter of the year. That should give us a little more time to get our act together, and then the SEC took a break for 35 days, for a partial government shutdown. Our experience has been that after a government shutdown, the SEC comes back energized, trying to prove that they can complete a year’s worth of work in less than a year. Each region’s examination goal is determined at the beginning of the fiscal year, and the highest rated regions will be those that have exceeded their goals.
From the adviser’s perspective, it would appear that the SEC would have to complete examinations more quickly, and therefore be less thorough, making the exam much more comfortable for advisers. No, No, No. You see, the SEC has a tool that they didn’t have in the past. Now the SEC tells you in advance what their priorities are going to be for the year, and issues Risk Alerts to give you additional information about their priorities and problems identified in the past. So, you already know what they want to see.
After the Shut-Down
“In general, OCIE anticipates resuming examinations, including those that were in-progress prior to, as well as those that were postponed during, the lapse in appropriations.
OCIE also anticipates addressing filings, submissions and requests for staff action based on when an item was submitted, including initial registrations of an entity with the Commission. OCIE generally expects to address matters, particularly new registrations, in the order in which they were received.
OCIE staff members will be communicating with registrants about rescheduling postponed examinations as well as completing in-progress examinations in the coming weeks. OCIE staff members are available to answer questions relating to examinations, filings and other federal securities law matters, but their response time may be longer than ordinary.”
The priorities outlined for 2019 include favorites from the past that OCIE has determined that advisers have not been diligent in resolving.
“These priorities reflect OCIE’s assessment of certain risks, issues, and policy matters arising from market and regulatory developments, information gathered from examinations, and other sources, including tips, complaints, and referrals, and coordination with other regulators.”
RETAIL INVESTORS, INCLUDING SENIORS AND THOSE SAVING FOR RETIREMENT
COMPLIANCE AND RISK IN REGISTRANTS RESPONSIBLE FOR CRITICAL MARKET INFRASTRUCTURE
FOCUS ON FINRA AND MSRB
ANTI-MONEY LAUNDERING PROGRAMS
We have been talking about these topics for years, but many advisers haven’t resolved them, or think that they are not really a priority, and the SEC keeps finding advisers that have not properly addressed these issues. Those failures may be called deficiencies. A large number of these failures, or egregious failures, are sometimes called Enforcement Actions.
Challenges for 2019
From a speech by SEC Chairman Jay Clayton, September 6, 2018:
Standards of Conduct
“Since the April 2018 proposal, we have engaged with Main Street investors across the United States to discuss their experiences. SEC staff organized a series of seven roundtables around the country, providing Main Street investors an opportunity to speak directly with me, my fellow Commissioners and senior SEC staff—all in an effort to improve the proposed rules. It is clear, based on these discussions, that we have the right perspective, namely, that the core obligations of investment professionals—and mandatory plain language disclosures—should match reasonable investor expectations.
The efforts of the SEC staff to deliver for Main Street investors in this important area have been exemplary. In addition to the investor roundtables, we launched a new webpage where investors can view samples of the proposed disclosure form and submit feedback. The SEC’s Office of the Investor Advocate engaged the RAND Corporation to conduct investor testing of the proposed disclosure form and has made the report available for review and public comment. Our staff has been carefully reviewing all of this information, and the more than 6,000 comment letters, as they work diligently to develop final recommendations.”
It is important that investors are sufficiently informed about the material cybersecurity risks and incidents affecting the companies in which they invest.
“From a market oversight perspective, we continue to prioritize cybersecurity in our examinations of market participants, including broker-dealers, investment advisers and critical market infrastructure utilities. In assessing how firms prepare for a cybersecurity threat, safeguard customer information, and detect red flags for potential identity theft, for example, we have focused on areas including risk governance, access controls, data loss prevention, vendor management and training, among others. And given the interconnectedness of our markets, we will continue to work closely with our counterparts at other federal financial regulatory agencies and the international community.
We also are focused on assessing and improving our own cybersecurity risk profile. We now have a Chief Risk Officer to help coordinate our risk management efforts across the agency. We have worked to promote a culture that emphasizes the importance of data security throughout our divisions and offices. The staff has also been engaging with outside experts to assess and improve our security controls. We recognize, however, that no system can be entirely safe from a cyber intrusion, and that there is a lot of work that remains to be done.
From an enforcement perspective, our Cyber Unit is dedicated to targeting cyber-related misconduct in our markets. Among other things—in addition to looking at potential violations in some of the areas I have just described—the Cyber Unit has focused on alleged misconduct involving intrusions into retail brokerage accounts, the submission of false regulatory filings and hacking to obtain material non-public information.”
Nevada Fiduciary Duty
On January 18, 2019, the Nevada Secretary of State’s Office Securities Board of the State of Nevada, released draft Fiduciary Duty Regulations for Broker Dealers and Sales Representatives, Investment Advisers and Representatives of Investment Advisers. Comments may be submitted on or before March 1, 2019.
The SEC has given us a roadmap for investment adviser examinations for FY 2019. There is nothing new here, but new ways of looking at old problems and more emphasis on cybersecurity. Trust us, no one wants to have to notify their clients that their account information has been breached.
Based on Nevada’s Draft Regulation, it appears that some states aren’t willing to wait for the SEC to finalize registrant’s fiduciary obligations.