This post continues our discussion of the 2018 examination priorities and guiding principles published by the SEC’s Office of Compliance Inspections and Examination (“OCIE”) on February 7.

Priorities

In addition to retail investors, including seniors and retirement savers, during 2018 OCIE plans to focus on the following themes:

Compliance and critical market infrastructure. The SEC will examine clearing agencies designated by FSOC as systemically important, as well as securities exchanges and transfer agents.

  • For clearing agents, examiners will focus on whether the clearing agencies have complied with the standards adopted in 2016, including whether they have taken timely corrective action to address prior deficiencies.
  • For the exchanges, examiners will focus on governance, operations, fees and internal audit processes. OCIE plans to work with the SEC’s Division of Trading and Markets to examine the equities and options consolidated market data plans, focusing on governance, revenue and expense generation and allocation.
  • For transfer agents, examiners will focus on the functions of security transfers, recordkeeping and safeguarding of funds and securities. Transfer agents that are also paying agents, or who serve the micro-cap and crowdfunding issuers are more likely to be examined.

FINRA and MSRB activities. The SEC will continue to review FINRA’s operations and regulatory programs, including how FINRA examines broker-dealers and municipal advisers that are also broker-dealers. The SEC will examine the MSRB to evaluate the effectiveness of select operations and internal policies, procedures, and controls.

Cybersecurity. OCIE now prioritizes Cybersecurity in all exams. The SEC will focus on governance and risk assessment, access rights and controls, data loss prevention, vendor management, training, and incident response.

Anti-Money Laundering. The SEC will look for whether firms are appropriately adjusting AML programs to meet evolving regulatory requirements, as well as how firms comply with customer due diligence obligations, whether firms are properly filing complete and accurate SARS, and whether firms are testing their programs.

Guiding Principles

In its February 7 press release, the SEC said that OCIE would continue to apply five primary guiding principles in executing its priorities:

Risk-Based. The SEC uses ongoing root cause analysis of harm to investors and markets to identify the greatest risks, and that risk identification analysis is incorporated into setting priorities, identifying exam candidates and determining scope of exams.

Data-Driven. The SEC is increasingly using data analytics to analyze regulatory filings and trading activity, and a team of financial engineers assists exam teams with quantitative analysis. The SEC is using data to identify potential fraud, better identify exam candidates and more efficiently analyze information during exams.

Transparency. The SEC intends to share more information gleaned from exams to assist legal, compliance and risk staff at registered entities. OCIE will publish more Risk Alerts to identify deficiencies and observations of industry practices and compliance issues.

Resource Allocation. The SEC continually assesses resource deployment, and relies on data analysis, technology and experienced staff to ensure that resources are deployed to maximize benefit to investors.

Embracing Innovation. The SEC focuses on technology in financial markets and is assessing the potential impact of new business models involving technology to identify how they can harm investors and assist the SEC in adapting to emerging risks and concerns, including in cybersecurity.