OCIE

Subscribe to OCIE

Earlier this year, the staff of the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) published its annual list of examination priorities, which included firms’ preparation for the transition away from LIBOR as a widely used reference rate for various financial instruments. On June 18, OCIE followed-up with a risk alert that provides additional details about how it evaluates firms’ LIBOR transition preparedness.

On April 14, 2020, the staff of the SEC’s Division of Investment Management (the “Division”) published a Statement on the Importance of Delivering Timely and Material Information to Investment Company Investors (the “Statement”). The Statement gives notice that the Division has a keen eye on prospectus risk disclosure as it continues to monitor the ongoing impacts of the COVID‑19 pandemic on investment companies. “In light of the current uncertainties and market disruptions,” the Division explains, “investors need high-quality financial information more than ever.”

The Statement comes amid other guidance and temporary regulatory relief from the SEC, including public statements by Chairman Jay Clayton and Chief Accountant Sagar Teotia emphasizing the need to assist “Main Street investors” in navigating turbulent markets. Uniquely, the Statement focuses explicitly on how fund complexes might modify existing disclosures.

On April 7, 2020, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (“OCIE”) published two risk alerts intended to provide market participants with advance information regarding (1) upcoming inspections for broker-dealer compliance with Regulation Best Interest (“Regulation BI”) and (2) upcoming inspections for broker-dealer and investment adviser compliance with Form CRS. The compliance date for both Regulation BI and Form CRS is June 30, 2020.

You can find more details in our client alert.

On January 27, 2020, the Office of Compliance Inspections and Examinations (“OCIE”) of the U.S. Securities and Exchange Commission (“SEC”) released observations on cybersecurity and resiliency (the “Observations”). In them, OCIE presented several key cybersecurity issues that industry participants should seek to address such as the construction and implementation of a comprehensive cybersecurity program, the prevention of unauthorized access to systems, the theft of information, responding to cyber incidents, and vendor management. In doing so, OCIE highlighted elements of successful cybersecurity efforts.

My first post discussed the SEC’s Office of Compliance Inspections and Examination’s (“OCIE’s”) recent Risk Alert (the “Alert”) and specific fund categories in its crosshairs. This post will cover the three remaining fund categories and general examination issues identified by OCIE in the Alert.

Recently, the Office of Compliance Inspections and Examinations (“OCIE”) issued a Risk Alert (the “Alert”) identifying six categories of mutual funds and mutual fund advisers it plans to examine: (i) index funds tracking custom-built indexes; (ii) smaller and thinly-traded exchange traded funds (“ETFs”); (iii) funds with aberrational underperformance relative to their peers; (iv) funds with higher allocations to securitized assets; (v) advisers “new” to managing mutual funds; and (vi) advisers who also manage private funds with similar strategies or that share managers with the mutual funds. The Alert provides a list of practices, risk and conflicts for each specific type of fund, but also notes OCIE will also look at standard fund examination topics.

This post reviews the first three specific categories of funds identified in the Alert. A subsequent post will discuss the final three categories, general examination issues mentioned in the Alert and additional considerations for any exam.

Industry professionals have noted that the SEC’s Office of Compliance Inspections and Examination (“OCIE”) was tardy in releasing their priorities list, although recent speeches from SEC officials have provided a preview of the issues in OCIE’s crosshairs. The full priority list was released on February 7.

The SEC’s examination priorities identify practices, products and services that reflect potentially heightened risks to investors and capital markets. As in prior years, the SEC’s priorities are thematic, covering:  retail investors, including seniors and retirement savers; compliance and critical market infrastructure; FINRA and MSRB activities; cybersecurity; and anti-money laundering. The first of these priority areas is summarized below.

This post continues our discussion of the Risk Alert released on August 7, 2017, by the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) regarding conclusions drawn from its yearlong review of the cybersecurity practices of 75 asset management firms and funds.  The sweep, deemed OCIE’s Cybersecurity 2 Initiative, covered broker-dealer, investment adviser, and investment company practices during the period from October 2014 through September 2015. 

On August 7, 2017, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) released a Risk Alert summarizing its conclusions from a year-long review of the cybersecurity practices of a 75 firms — including broker-dealers, investment advisers and investment companies.  The sweep, OCIE’s Cybersecurity 2 Initiative, ran from September 2015 to June 2016 and covered the review period from October 2014 through September 2015.  It follows OCIE’s 2014 Cybersecurity 1 Initiative, during which the staff examined a different group of firms from January 2013 to June 2014.  The Risk Alert that followed the first sweep was released in early 2015.

The focus of OCIE’s second sweep was asset management firms’ written cybersecurity policies and procedures and, critically, their implementation. While the Risk Alert acknowledges that cybersecurity preparedness has improved across the industry since the first sweep exam, it emphasizes that significant deficiencies persist.  The Risk Alert identifies common elements of policies and procedures that the staff regards as robust controls.  The Risk Alert also stresses that, going forward, OCIE will increase its review of firms’ implementation of appropriately-tailored policies; merely having well‑drafted  policies “on the books” but not applied will not suffice.