From The Expected To The Surprises: Highlights Of SEC OCIE's 2020 Priorities
On January 7, 2020, the U.S. Securities and Exchange Commission ("SEC") Office of Compliance Inspections and Examinations ("OCIE") released its 2020 Examination Priorities ("2020 Priorities"). While at first blush the themes appear consistent with and predictable from their 2019 priorities, on closer read OCIE has provided some new insights and some unexpected focus areas. The themes for the 2020 Priorities are: retail investors, information security, financial technology ("Fintech") and innovation (including digital assets and electronic investment advice), several areas covering registered investment advisers and investment companies, anti-money laundering, market infrastructure (clearing agencies, national securities exchanges, alternative trading systems, transfer agents), and oversight of the Financial Industry Regulatory Authority and Municipal Securities Rulemaking Board programs and policies. OCIE also stressed the challenges it faced in light of last year's government shutdown and resource constraints, as the Division of Enforcement did in its 2019 Annual Report (see our analysis here), and the challenges in examining non-U.S. advisers due to limits that foreign data protection and privacy laws may place on cross-border information transfers. In this post, we analyze the highlights in and our takeaways from the 2020 Priorities.
Investment Adviser Focus Area: Never Before and Not Recently Examined Advisers. The 2020 Priorities stressed that OCIE will focus on examinations of advisers that have never been examined, including new registrants, and advisers whose last examination was a number of years ago. Whether this is more than a shot across the bow for these advisers remains to be seen, since the only area identified for exam focus was whether compliance programs have been appropriately adapted in light of any substantial growth or change in business model. One area highlighted in the investment adviser theme that could be ripe for exams is disclosure practices around environmental, social and governance (ESG) investment strategies.
Information Security. Cybersecurity remains a focus for OCIE, but as part of a broader priority of information security, including information security governance and retail trading information security. Particular focus areas will include: governance and risk management, access controls, data loss prevention, vendor management (particularly with respect to cloud-based storage providers), staff training, incident response and resiliency, which OCIE highlighted in a risk alert last year on SEC's Regulation S-P (see our analysis here).
Within its themes, OCIE indicated it will continue to focus on several expected areas: disclosure of fees and expenses, custody, mutual funds and exchange-traded funds, transfer agents, Regulation SCI entities and anti-money laundering. Finally, OCIE listed the eight risk alerts it published since issuing its 2018 priorities, which cover: cash solicitation, RICs, electronic messaging, transfer agent custody, Regulation S-P, safeguarding customer records and information in network storage, advisers' disclosure of conflicts and principal and agency cross trading issues. We would expect to see these areas pursued in enforcement investigations in the coming year as a result. Similarly, OCIE noted that examinations led to more than 150 enforcement referrals in the prior fiscal year, and anticipates more to come. We take these statistics to serve notice of continued active coordination between OCIE and the Enforcement Division. READ