The U.S. Securities and Exchange Commission (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) released its 2018 National Exam Program Examination Priorities. The 2018 priorities highlight areas of emphasis for OCIE, including cryptocurrencies, cybersecurity, anti-money laundering, and issues affecting retail investors (especially seniors and those saving for retirement). While the core areas of focus and many of the priorities for 2018 are similar to those from 2017, there is a clear shift in emphasis that we attribute to the change in leadership at the SEC. Some specific changes also likely stem from OCIE’s 2017 examination findings, recent market developments, and trends in enforcement.
Major changes or particularly notable areas of focus include:
- Like other regulators, the SEC is actively monitoring developments related to cryptocurrencies as their popularity has risen among retail investors, and Commissioners and senior officials at the SEC have made clear that this area will be a focus across the SEC. OCIE noted that its primary role will be to “monitor the sale of these products” and to examine financial professionals for regulatory compliance if they deal in or promote cryptocurrencies that are securities. We believe that OCIE will closely examine and prioritize gatekeepers that offer or sell cryptocurrency-related products or provide cryptocurrency-related investment advice. Although the SEC clearly views some initial coin offerings (“ICOs”) as securities offerings that must be registered or exempt, the SEC has declined so far to regulate trading of cryptocurrencies in the spot market because of questions about whether cryptocurrencies are “securities” (as opposed to “commodities”) and subject to SEC oversight. Nevertheless, the SEC Chairman has stated that the SEC will hold “gatekeepers,” such as broker-dealers, investment advisers, accountants, and exchanges (many of whom are subject to OCIE examination) accountable for fraud, manipulation, and inadequate disclosures related to ICOs. And the Enforcement Division has stated an intention to use its civil enforcement authority where such activity violates securities laws.
- Self-Regulatory Organizations. OCIE added as a priority examining the effectiveness of the Municipal Securities Rulemaking Board’s policies, procedures, and controls. It also stated that it will continue to examine the Financial Industry Regulatory Authority (“FINRA”). Prioritizing broker-dealer and municipal securities broker and dealer self-regulatory organization oversight is a possible result of the 2016 redeployment of OCIE resources toward examination of investment advisers, for which the SEC is sole examining authority.
- Anti-Money Laundering. Anti-money laundering (“AML”) continues to be a focus for OCIE, although not much has changed since the 2015 Financial Crimes Enforcement Network (“FinCEN”) re-proposed a rule that would impose AML obligations on investment advisers. FinCEN has not yet issued a final rule, but we expect continued scrutiny in this area, particularly for investment advisers and investment companies who would be subject to the rules if adopted.
OCIE made only incremental changes to the following priorities:
- Disclosure of Costs. OCIE retained its focus on ensuring all costs and expenses that investors pay are adequately disclosed. Following its risk-based approach, OCIE identified certain categories of practices or business models that create higher risk for undisclosed fees. Notably, OCIE called out private fund advisers that invest for the benefit of retail clients, including “non-profit organizations and pension plans”—investors that often possess a degree of skill and amount of assets under management that make them sophisticated participants in the market—as one of these categories. This emphasized the broad scope with which OCIE views a “retail” investor, including looking through to the ultimate beneficiaries of pooled investment vehicles.
- Mutual Funds and Exchange-Traded Funds. OCIE has continued to focus on funds that are widely available and marketed to retail investors and that serve as a primary vehicle for retail investments. OCIE highlighted mutual funds and exchange-traded funds (“ETFs”) that seek to track custom-built indexes; specifically, OCIE intends to examine for conflicts between the adviser and index provider, signaling a higher level of scrutiny for advisers that play a prominent role in selecting and weighting components of a custom-built index. In addition, OCIE intends to focus on illiquid ETFs and mutual funds that have certain features that may make them more risky, such as low liquidity, inexperienced managers, and hard-to-value assets.
- Transfer Agents. OCIE re-iterated its focus on examining transfer agents, particularly those that service microcap issuers, and added that it will prioritize transfer agents that service crowdfunding issuers. This approach is in line with OCIE’s focus on retail investors, who tend to participate in this relatively new type of capital-raising.
Several of OCIE’s 2018 priorities substantially overlap with FINRA’s 2018 examination priorities for broker-dealers. Overall, FINRA shares OCIE’s general focus on retail investor protection, the products in which they invest, and the markets in which they participate. Both OCIE and FINRA have indicated their concern with core market integrity issues, such as ensuring that broker-dealers comply with their best execution obligations, particularly for fixed income products. In addition, as noted above, FINRA will examine the adequacy of broker-dealer AML programs. Like OCIE, FINRA intends to examine firms’ information controls in light of heightened risk of cyberattacks, and will pay particular attention to broker-dealers underwriting or otherwise participating in ICOs.
As we noted in our review of the SEC Enforcement Division Fiscal Year 2017 annual report, the SEC’s emphasis on protecting retail investors is not incompatible with policing Wall Street. For this reason, OCIE’s 2018 priorities mirror the Enforcement Division’s general focus on products and markets that affect retail investors. With respect to cybersecurity, OCIE and the Enforcement Division will likely coordinate closely to police the adequacy of cyber-policies to protect client information of broker-dealers, investment advisers, and investment companies. In addition, given resource constraints, both OCIE and the Enforcement Division will likely shift from broad sweeps to more targeted approaches, focusing on firms and practices that present the most risk to retail investors, such as the offer and sale of cryptocurrency-related securities.
Finally, OCIE framed their execution of the 2018 priorities as relying on five over-arching principles and four pillars. The five principles are: (1) risk-based, (2) data-driven, (3) transparency, (4) efficiency, and (5) innovation and technology-driven. The four pillars are: (1) promoting compliance, (2) preventing fraud, (3) identifying and monitoring risk, and (4) informing policy. The principles and pillars appear to simply be a new articulation of the mission statements of OCIE and the SEC and reflect longstanding practice and do not seem to indicate any shift in underlying priorities, examination practices, or examiner expectations.
 This blog post was prepared with the assistance of Gregory N. Wolfe.
 The SEC noted in its FY 2019 budget request (released on February 12) that it has provided “technical guidance” to FinCEN in connection with these rules.