Exam priorities for financial services firms in 2018

The Securities and Exchange Commission (SEC) and Financial Industry Regulatory Authority (FINRA) recently released their annual examination priorities for 2018.  Although the regulators independently develop their areas of focus, there are five overlapping priorities that securities firms may want to address in the near term.

The SEC’s priorities are organized around five thematic areas: (1) compliance and risks in critical market infrastructure; (2) matters of importance to retail investors, including seniors and those saving for retirement; (3) FINRA and the Municipal Securities Rulemaking Board (MSRB); (4) cybersecurity; and (5) anti-money laundering (AML) programs.

FINRA’s priorities fall into six main categories: (1) fraud, (2) high-risk and firms and brokers, (3) operational and financial risks, (4) sales practice risks, (5) market integrity, and (6) new rules.

Our detailed review reveals five priorities shared by the SEC and FINRA:

  • Cybersecurity – In 2014, the SEC launched an initiative to perform examinations of broker dealers’ and investment advisers’ compliance and controls. In 2018, the SEC will “continue to prioritize cybersecurity in each of [its] examination programs.”  Specifically, it will focus on, among other things, governance and risk assessment, access rights and controls, data loss prevention, vendor management, training, and incident response.  Similarly, FINRA will “evaluate the effectiveness of firms’ cybersecurity programs to protect sensitive information, including personally identifiable information, from both external and internal threats.”  In addition, it will review firms’ preparedness, technical defenses, and resiliency measures, among other things.
  • AML – The SEC will continue to focus a portion of its resources on examining whether the entities it regulates are “appropriately adapting their AML programs to address their obligations.” For example, its reviews will cover the customer due diligence requirement and will seek to determine whether these entities are “taking responsible steps to understand the nature and purpose of customer relationships and to properly address risks.”  In addition, the SEC will assess whether these entities are filing timely, complete, and accurate suspicious activity reports (SARs).  FINRA will also assess the adequacy of firms’ AML programs.  Noting that it has observed situations where firms “do not monitor, or may monitor less closely, accounts opened for an affiliate,” FINRA underscores that firms “should also confirm that their AML surveillance programs cover accounts used in connection with securities-backed lines of credit (SBLOCs) and aggregate activity across accounts when they use multiple accounts to receive and disburse funds in connection with an SBLOC.”
  • Cryptocurrencies and initial coin offerings (ICOs) – For the first time, the annual examination priorities lists include cryptocurrencies and ICOs. The SEC emphasizes that these markets “have grown rapidly and present a number of risks for retail investors.”  Accordingly, it will “continue to monitor the sale of these products, and where the products are securities, examine for regulatory compliance,” focusing on whether financial professionals maintain adequate controls and safeguards to protect these assets from theft or misappropriation, and whether financial professionals are providing investors with disclosure about the associated risks.  Similarly, FINRA notes that it may review the mechanisms (e.g., supervisory, compliance, and operational infrastructure) firms have put in place to ensure compliance with relevant federal securities laws and regulations and FINRA rules.
  • Best execution – Stressing that one of the key investor protection requirements in the fixed income secondary market is the best execution of customer orders, the SEC will conduct examinations to “assess whether broker-dealers have implemented best execution policies and procedures, consistent with regulatory requirements, for both municipal bond and corporate bond transactions.” Notably, FINRA is “expanding [its] equity best execution surveillance program to assess the degree to which firms provide price improvement when routing customer orders for execution or when executing internalized customer orders.”  Once the new surveillance pattern is in production, FINRA will systematically review both the frequency of price improvement, as well as the relative amount of price improvement obtained or provided when compared to other routing or execution venues.  In addition, FINRA notes that it will “expand [its] review of execution quality and fair pricing in fixed income securities” (e.g., by implementing surveillance patterns that focus on fair pricing and best execution in US Treasury security transactions).
  • Senior Investors – Following the June 2015 launch of its “ReTIRE” initiative, which focuses on the services offered by registered investment advisers and broker-dealers to investors with retirement accounts, the SEC will “continue to conduct examinations of investment advisers and broker-dealers that offer services and products to investors with retirement accounts.” In 2018, the SEC will focus on, among other things, investment recommendations, sales of variable insurance products, sales and management of target date funds, and facilitation and involvement in retirement vehicles that primarily serve state and local government employees and non-profit employees, including 403(b) and 457 plans.  As in past years, FINRA will focus on protecting senior investors from fraud, abuse, and improper advice, specifically as such advice pertains to speculative or complex products.  FINRA emphasizes that firms should focus on compliance with recently effective rules in this area, including Rule 2165 (Financial Exploitation of Specified Adults).

The fact that these priority areas are being targeted by both the SEC and FINRA suggests they are especially important and should likely be a top priority for securities firms as well.

In a statement accompanying FINRA’s 2017 priorities letter, FINRA President and CEO Robert Cook noted that FINRA will “continue to implement more changes” to its operations in 2018.  For example, it intends to improve its examination program as it “continue[s] to implement a risk-based framework designed to better align examination resources to the risk profile of [its] member firms.”  Specifically, FINRA expects to (1) add or strengthen measures to increase information sharing with firms during examinations, (2) improve processes for making examination information requests, and (3) enhance examiner training.

In addition, although the full compliance date for the Department of Labor’s “Conflict of Interest Rule” on fiduciary investment advice has been delayed until July 1, 2019, FINRA indicated that it will examine rollovers and recommendations to enter fee-based accounts.

The full 2018 examination priorities can be found on the SEC and FINRA websites.

For a broader perspective on key regulatory trends in the securities and investment management industries, refer to the recently released Deloitte reports entitled “Navigating the year ahead: Securities regulatory outlook for 2018 and “Navigating the year ahead: Investment management regulatory outlook for 2018.”

Contacts

Maria Gattuso
Principal | Deloitte Risk and Financial Advisory
Deloitte & Touche LLP

Karl Ehrsam
Principal | Deloitte Risk and Financial Advisory
Deloitte & Touche LLP

Bruce Treff
Managing Director | Deloitte Risk and Financial Advisory
Deloitte & Touche LLP

Gina Greer
Partner | Deloitte Risk and Financial Advisory
Deloitte & Touche LLP

Gaby Huaman
Managing Director | Deloitte Risk and Financial Advisory
Deloitte & Touche LLP

Felicia Sokalski
Partner | Deloitte Risk and Financial Advisory
Deloitte & Touche LLP

Josh Uhl
Senior Manager | Deloitte Risk and Financial Advisory
Deloitte & Touche LLP

Alex LePore
Senior Consultant | Deloitte Risk and Financial Advisory
Center for Regulatory Strategy, Americas
Deloitte & Touche LLP

This publication contains general information only and Deloitte is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This publication is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte shall not be responsible for any loss sustained by any person who relies on this publication.

As used in this document, “Deloitte” means Deloitte & Touche LLP, a subsidiary of Deloitte LLP. Please see http://www.deloitte.com/us/about for a detailed description of our legal structure. Certain services may not be available to attest clients under the rules and regulations of public accounting.

Copyright © 2018 Deloitte Development LLC. All rights reserved.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s