During January, the SEC and FINRA published their 2017 examination priorities letters (click here for SEC letter and click here for FINRA letter). These are the top exam priorities enumerated by both agencies.
- Cybersecurity: Both regulators are scrutinizing cybersecurity. They will review compliance policies and procedures, policy implementation, information security, data storage formats, password controls, physical security, and service provider oversight. They also mentioned cybersecurity controls at branch offices, particularly independent contractor branch offices, and record retention requirements. Records must be preserved in a non-rewriteable, non-erasable format, commonly known as write once read many (WORM) format. FINRA recently announced enforcement actions against 12 firms for, among other things, failure to preserve broker-dealer and customer records in WORM format.
- High Risk Brokers: Both regulators are targeting firms that retain and/or hire high risk/recidivist brokers. The regulators will review supervision as well as hiring and training practices. FINRA recently established a dedicated examination unit to identify and examine brokers who may pose a high risk to investors. This group will rigorously review these brokers’ interactions with customers, including their compliance with rules regarding suitability, know-your-customer, outside business activities, private securities transactions, commissions and fees. The regulators will continue to use analytic capabilities to identify individuals with a track record of misconduct and examine the firms that employ them.
- Electronic Communications: FINRA will review firms’ compliance with their supervisory and record-retention obligations with respect to social media and other electronic communications. Under U.S. Securities and Exchange Commission (SEC) and FINRA record-retention requirements, firms must ensure the capture of business-related communications regardless of the devices or networks used. A firm must capture and maintain all business-related communications in such a way that the firm can review them for inappropriate business conduct.
- Suitability: The SEC expressed significant concern about mutual fund share classes and FINRA will look at rep training and over-concentration of high-risk products. FINRA will evaluate firms’ ability to monitor for short-term trading of long-term products—such as open- and closed-end mutual funds, variable annuities and unit investment trusts (UITs)—on a short-term basis. The regulators will continue reviewing conflicts of interest and other factors that may affect registrants’ recommendations to invest, or remain invested, in particular share classes of mutual funds
- Senior Investors: Both regulators will focus on sales practices to, and products for, senior investors. The regulators are concerned with suitability especially related to high-yield products, target-date funds, and variable insurance products. OCIE is also broadening its ReTIRE initiative to include reviews of investment advisers and broker-dealers that offer variable insurance products to investors with retirement accounts as well as those advisers that offer and manage target-date funds. FINRA will focus on microcap fraud schemes, especially those targeting the elderly.
- Public Plans: The OCIE staff will scrutinize how advisers to public pension plans fulfill their fiduciary duties. The staff also plans to examine pay-to-play practices.
- Branch Offices: Both regulators will examine how firms supervise branch locations. These exams will include reviews of client communications, and outside business activities, supervision of account activity; advertising and communications, including the potential use of unapproved email addresses for business; communications with customers, including h the use of social media, seminars, radio shows or podcasts; registered representatives’ websites; outside business activities; the use of consolidated account statements; and operational activities such as distribution of funds and changes of address or investment objectives.
- Anti-Money Laundering: Both regulators expressed concern about AML compliance. They will test suspicious activity reporting, independent testing, automated trading, money movement, and foreign currency transactions. New initiatives for 2017 include an evaluation of money market funds’ compliance with the SEC’s amended rules, which became effective in October 2016. They are looking for gaps in firms’ automated trading and money movement surveillance systems caused by data integrity problems, poorly set parameters or surveillance patterns that do not capture problematic behavior such as suspicious microcap activity. Firms may perform anti-money laundering suspicious activity monitoring using the same trading surveillance they use for supervisory purposes, but that surveillance must also include alerts tailored to the firm’s anti-money laundering red flags.
- Robos: The SEC will focus on compliance programs, suitability, data protection, and algorithm oversight.
- ETFs: The SEC wants to ensure compliance with exemptive relief conditions. The staff also promised reviews of the creation/redemption processes and sales practices. They will also focus on sales practices and disclosures involving ETFs and the suitability of broker-dealers’ recommendations to purchase ETFs with niche strategies.
- Private Funds: The SEC will be reviewing firms for conflicts of interest, disclosure and fees.
- Wrap Fee Programs: The SEC will be looking at wrap account suitability, effectiveness of disclosures, conflicts of interest, and brokerage practices, including best execution and trading away.
- FINRA Oversight: The SEC will also enhance their oversight of FINRA, will continue conducting inspections of FINRA’s operations and regulatory programs, and focus resources on assessing the examinations of individual broker-dealers. In addition to continuing to conduct inspections of FINRA’s operations and regulatory programs, the SEC will focus resources on assessing the quality of FINRA’s examinations of individual broker-dealers.
Are you confidant your firm is ready for its next exam? Red Oak Compliance Solutions is here to help you if you need it.