January 17, 2017: The SEC recently announced 2017 exam priorities with an expansion of 2016 exam priorities to include electronic investment advice (aka “robo-advisers”) and a continuation of the ongoing effort to protect senior investors as the Commission continues to focus upon products and sales practices which target senior investors.
The SEC’s Office of Compliance Inspections and Examinations (“OCIE”) retains primary responsibility along with the Asset Management Unit for examining federally registered investment advisers which include separate account managers, as well as hedge fund and private equity managers. Additionally, the OCIE examines and inspects investment companies, broker-dealers, transfer agents, clearing agencies, private fund advisers, national securities exchanges, and municipal advisors.
The 2017 priorities also reflect a continuing focus on protecting retail investors, including individuals investing for their retirement, and assessing systemic macro risks posed by products and or business practices. In the words of outgoing Chair Mary Jo White: “These priorities make clear we are continuing to focus on a wide range of issues impacting our markets, from traditional areas such as market-wide risks to new forms of technology including automated investment advice. Whether it is protecting our most vulnerable senior investors or those investing in the trillion-dollar money market fund industry, OCIE continues its efficient and effective risk-based approach to ensure compliance with our nation’s securities laws.”
Areas of the SEC’s 2017 examination focus include:
Retail Investors – The concept of protecting investors is referenced in the Securities Exchange Act (which mandated the creation of the Commission) as a founding principle of the Commission’s reason for being. Retail investors are seen to be at particular risk for fraud and their protection remains a priority in 2017. OCIE will continue several 2016 initiatives to assess risks to retail investors seeking information, advice, products, and services. It will also undertake examinations to review firms delivering investment advice through electronic mechanisms, sometimes referred to as “robo-advising,” as well as wrap fee programs in which investors are charged a single bundled fee for advisory and brokerage services.
Senior Investors and Retirement Investments – OCIE is also continuing its focus on public pension advisers and expanding its focus on senior investors and individuals investing for retirement. OCIE is broadening its ReTIRE initiative to include reviews of investment advisers and broker-dealers that offer variable insurance products as well as those advisers that offer and manage target-date funds. OCIE will examine registrant interactions with senior investors, including with respect to identifying financial exploitation.
Market-Wide Risks – To help fulfill the SEC’s mission of maintaining fair, orderly, and efficient markets, OCIE will continue its focus on registrant compliance with the SEC’s Regulation SCI and anti-money laundering rules. New initiatives for 2017 include an evaluation of money market funds’ compliance with the SEC’s amended rules, which became effective in October 2016.
Cybersecurity – OCIE will continue its ongoing initiative to examine cybersecurity compliance procedures and controls, including an evaluation of the implementation and testing of those procedures and controls at broker-dealers and investment advisers.
The OCIE selected the priorities in consultation with the Commission, the SEC’s policy divisions and regional offices, Division of Enforcement, the SEC’s Investor Advocate, and other regulators. These topics are not intended to convey the totality of the Commission’s ongoing focus upon registrant compliance with federal securities statutes.
Registrant Risk Management Perspective
Bearing in mind that the Commission now utilizes a risk-based orientation for targeting examinations and inspections, it is appropriate for investment advisers to heed the information contained in this SEC release. The SEC uses compliance risk analytics to aggregate, correlate and analyze registrant regulatory and risk management data provided by the adviser itself or obtained by examination staff in the field or during “sweep” inspections.
This data is used to great effect by the OCIE and Investment Management Unit to target for examination those firms on either a “for cause” basis (the SEC has knowledge that the firm and/or its personnel are in violation of federal securities statutes) or a red flag basis (the analytics have produced sufficient basis for concern that the firm or its personnel are violating securities statutes). When the Commission provides guidance as to what their analytics are to be focused upon, it is appropriate for firms to assess their business model and examine those aspects of their model which may be congruent with the intended regulatory focus.
In this regard, we advise firms to perform an assessment on the following risk sets:
Retail Investor advertising, products and/or services
In general, the Commission is focusing upon violations of Section 206 of the Investment Advisers Act wherein the antifraud provisions prohibit misstatements or misleading omissions of material facts and other fraudulent acts and practices in connection with the conduct of an investment advisory business. As a fiduciary, an investment adviser owes its clients undivided loyalty, and may not engage in activity that conflicts with a client’s interest without the client’s consent.
In addition to the general anti-fraud prohibition of Section 206, Rules 206(4)-1, 206(4)-2, 206(4)-3, and 206(4)-4 under the Investment Advisers Act regulate, respectively: investment adviser advertising; custody or possession of client funds or securities; the payment of fees by advisers to third parties for client referrals; and disclosure of investment advisers’ financial and disciplinary backgrounds. It is important to remember that “scienter” or prior knowledge of a fraudulent act is not required for the Enforcement Division to find a firm or individual in violation of Section 206.
Advisers are urged to review advertisements, customer communications and disclosures pertaining to conflicts of interest and/or prior disciplinary issues for accuracy and thoroughness.
Senior Investor Advertising, Products and/or Services
Any communication, product or service that is directed to senior investors should be reviewed for full compliance with SEC guidance pertaining to senior investors, see OIEA, SEC Investor Information, “Senior” Specialists and Advisors: What You Should Know About Professional Designations (http://www.sec.gov/investor/pubs/senior-profdes.htm) and FINRA Rules 3110, 3170 (http://finra.complinet.com/en/display/display_main.html?rbid=2403&record_id=15446).
While advisers are not regulated by FINRA, the lack of specific rule making by the Commission in this area is complemented by FINRA supervision rules, which may be helpful for advisers seeing to tighten risk management protocol.
If an investment adviser has not yet conducted a cybersecurity risk assessment, one should be executed as soon as practicable. If an assessment has been completed, ensure that recommendations are fully implemented and the cyber policy of the firm is cross referenced and embedded within the Business Continuity Plan.
Follow this link to read the SEC’s full release: https://www.sec.gov/about/offices/ocie/national-examination-program-priorities-2017.pdf
January 17, 2017