16 March 2018
If you’re an RIA, this article is for you. Have you taken a peek at the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) National Exam Program Examination Priorities for 2018? (Look for a fun acronym for that once we get through all the good stuff.) Below, we summarize the examination priorities relevant to registered investment advisers and provide tips and solutions to review and update your compliance program in light of this year’s priorities. If we don’t cover something you are curious about, let us know, or for full details and items relevant to Broker Dealers, check out the SEC’s article, 2018 National Exam Program Examination Priorities.
Who’s on the SEC’s radar?
The SEC continues to emphasize their risk-based approach to exams and plans to focus exams on advisers servicing:
- Retail investors
- Retirement savers
- Senior investor
While admittedly, resources are thin, the SEC also wants to increase their focus on:
- “Robo-advisers” (advisers providing advice primarily online)
- Wrap fee programs
- Never-before-examined advisers
- Mutual funds
- Municipal advisers and underwriters
What are they looking for, and how can you prepare?
Fees and Expenses Charged to Clients
The SEC will be focusing on disclosure of fees, fee calculations, expenses, other charges an investor may incur and conflicts of interest related to different fee schedules.
To Prepare, SCS suggests:
- Review your disclosures and advisory agreements regarding your fees. Make sure they are consistent among key documents.
- Include testing in your annual compliance review that compares your advisory fees, as agreed upon with your client, to the client invoices for consistency and accuracy.
- Think about the fees your clients may be charged by other parties, such as the custodian or broker-dealer, and confirm they are disclosed. As an advisor, your decisions have impact on those fees charged to the client (e.g., commissions, brokerage fees, trade away fees) and therefore should be fully disclosed.
- If you offer different fee arrangements and schedules for clients, have procedures and reviews in place to confirm clients paying a higher fee are not being favored. This would include conflicts of interest and disclosures around mutual fund sales loads and distribution fees. If you do offer a fund with higher fees, fully disclose this conflict, so clients can make sound decisions on their investments.
- For wrap fee programs, review for best execution by considering the quantitative (e.g. wrap fees) and qualitative (e.g. research, back office support) aspects of those wrap program in relation to the fees charged to clients and fully disclose all conflicts.
Riskier Business Activities
The SEC will focus on business practices, models, and activities they deem to be riskier for investors. Some examples include:
- Advisers that provide advice through automated or digital platforms
- Cryptocurrencies—initial coin offerings (ICOs) secondary market trading, and blockchain
- Private fund advisers managing funds for retail clients including non-profit and pension plans
- Turnover of personnel
To Prepare, SCS suggests:
- If you participate in cryptocurrencies, ICOs, secondary market trading, and blockchain, the SEC is increasing their attention on these activities. Review your policies and procedures around safeguarding client assets, and review your disclosures surrounding the risks (including liquidity, volatility, risk of loss, and fraud) of investing in such security types. Consider updating your Code of Ethics to require ICO pre-approval and cryptocurrency reporting, in line with other securities reported at your firm.
- If you are a “Robo-Adviser” offering advice through an automated or digital platform, review your policies and procedures and annual review program to make sure it incorporates a review and oversight of computer program algorithms, marketing materials for proper disclosures, investor protection, and proper disclosure of conflicts. Advisers can also refer to the SEC’s Guidance for “Robo-Advisers,” provided in February of 2017: https://www.sec.gov/investment/im-guidance-2017-02.pdf.
- If you experience turnover at the firm, make sure the accounts that were managed by that individual are properly assigned so there is a continuation in oversight for that client account. Determine whether announcement is necessary if it would be a material event (e.g. impact their decision to remain invested with the firm) to that client.
Cybersecurity hit close to home when it extended to the SEC’s systems. The SEC insists they will be looking at a firm’s cybersecurity programs during exams. They will focus on governance, risk assessment, access rights and controls, data loss prevention, vendor management, training and incident response.
To Prepare, SCS suggests:
- Review and inventory critical systems (e.g., client information, proprietary firm information, employee information) and how that information is protected. Use this information to assess the firm’s internal and external risks.
- Review access rights and controls. To reduce risk to exposure, employees should have access based on need. As part of the annual compliance review, confirm those access rights and controls to make sure they are still appropriate. For example, confirm that terminated employees have been removed.
- Have passwords that are complex, not shared, and updated periodically.
- Firewalls should be patched as necessary and virus software up-to-date.
- Conduct some form of penetration testing. Consider whether it makes sense to conduct in-house testing or hire a third party.
- Develop a cybersecurity policy that people can understand and follow. If you have a 60+ page cybersecurity policy covered in IT jargon, the employees in the trenches will most likely not understand what they are supposed to do on a daily basis to protect the firm, its clients, and themselves.
- Train your employees on how their daily actions are critical for protecting the firm. Remind them of phishing scams, which is still the most common form of cybersecurity attacks.
- Have procedures in place for how the firm will respond to a cybersecurity attack, addressing coordination with authorities, communication to affected parties, and remedial actions, among other things.
Anti-Money Laundering Programs
There is no requirement—yet—for investment advisers to have anti-money laundering (“AML”) programs. However, investment advisers, are prohibited from conducting business with people on known terrorist lists. As a CCO, you should be thinking about what the firm can do to better know its clients.
To Prepare, SCS suggest:
- Gather information necessary to “know” your client. This can include driver’s licenses, previous account records, proof of residency, etc.
- Perform OFAC (https://sanctionssearch.ofac.treas.gov/) checks on your clients. Keep a copy of the OFAC check with other client records.
- Understand your clients’ activities. Your client-facing staff and operations/back-office staff who process deposits and withdrawals should be educated and made aware of suspicious activity.
Please note that even OCIE makes it clear that the Examination Priorities do not confirm what they will focus on as the year progresses nor what they will examine when they are on-site. As a general note, keep in mind that you must have policies and procedures that are tailored to your firm, an annual review that confirms the reasonableness and effectiveness of those procedures and an understanding of the requirements you are promulgated under.
That is our quick and dirty on the 2018 SEC OCIE National Exam Program Examination Priorities (SECOCIENEPEP). What a mouthful, no?
One Last Suggestion
If you have never been examined by the SEC or if it’s been years, now is the time to have a Mock SEC Exam completed by an independent expert.
If you feel your policies and procedures or annual review are overcomplicated or may not be in full compliance, then now is the time to have an independent expert come in and assist your compliance team.
If you feel that SEC Compliance Solutions might be the right independent expert for your firm, contact us. We are here to help.