Where Firms Should Concentrate Compliance Efforts
In the past few months, both the SEC and FINRA issued guidance concerning their regulatory priorities for the coming year. Both of the agency’s annual priorities letters address a large number of diverse topics. Experts from Baker Donelson discuss where the SEC’s and FINRA’s concerns overlap, what they have indicated their areas of focus and why it may be prudent for firms to place additional emphasis on these areas throughout 2018.
with co-author Matthew White
Each year, both the United States Securities and Exchange Commission (SEC) and the Financial Industry Regulatory Authority (FINRA) issue guidance concerning their regulatory priorities for the coming year. This year, FINRA issued its 2018 Annual Regulatory and Examination Priorities Letter on January 8, and the SEC Office of Compliance Inspections and Examinations (OCIE) issued its 2018 National Exam Program Examination Priorities on February 7.
Set forth below are some of the topics where the SEC’s and FINRA’s concerns overlap. Because both agencies have indicated that they intend to focus on the topics identified below, it may be prudent for firms to place additional emphasis on these areas throughout 2018.
This year, both of the annual priorities letters address a large number of diverse topics. Accordingly, in order to provide additional insight into the evolution of the SEC’s and FINRA’s regulatory and examination priorities, we have also prepared detailed comparisons of FINRA’s priorities between 2007 and 2018 and the SEC’s priorities between 2013 and 2018. The comparison of the SEC’s priorities is available here. The comparison of FINRA’s priorities is available here.
Areas of Common Focus
As they have for the past few years, both FINRA and the SEC continue to focus on their oversight of issues affecting senior investors. These agencies indicate that seniors and those saving for retirement are increasingly reliant on returns from their investments and can be particularly vulnerable to misconduct. The SEC will focus on firms’ oversight of interactions with senior investors and the ability of firms to identify financial exploitation of seniors. They will also focus on evaluating firms’ internal controls designed to supervise their representatives advising senior investors and the sales of products and services directed at senior investors. The SEC will also continue to conduct examinations of firms offering services to investors with retirement accounts and will focus on investment recommendations; sales of variable insurance products; and sales and management of target date funds. In addition, the SEC will examine firm facilitation and involvement in retirement vehicles that primarily serve state and local government employees and nonprofit employees.
FINRA’s focus on protecting senior investors runs throughout its annual priorities. It will focus on protecting senior investors from fraud, high-pressure sales tactics, high-risk firms and brokers and unsuitable products. FINRA also notes that there are two new rules that became applicable early in 2018 and are intended to protect senior investors: (1) Rule 2165 – permitting members to place temporary holds on disbursements of funds or securities from the accounts of specified customers where there is a reasonable belief of financial exploitation of these customers; and (2) Amendments to Rule 4512 – requiring members to make reasonable efforts to obtain the name of and contact information for a trusted contact person for a noninstitutional customer’s account.
Protecting senior investors will remain a “top priority” for these regulators in 2018.
Recognizing the dramatic increase in the scope and severity of cyber threats that firms face, both the SEC and FINRA have identified cybersecurity as one of the most significant risks many firms face. Therefore, in 2018, both agencies will continue to scrutinize cybersecurity programs and firms’ implementation of risk management procedures and controls (including governance and risk assessment, access rights and controls, data loss prevention, vendor management, training and incident responses). Both agencies will evaluate how firms protect sensitive information, including personally identifiable information, from both internal and external threats. FINRA also reminds firms that they must have policies and procedures in place to assess whether to file a suspicious activity report (SAR) when they identify a cybersecurity event.
Cryptocurrencies and Initial Coin Offerings
Significant media, public and regulatory attention has been devoted to digital assets (such as cryptocurrencies) and initial coin offerings (ICOs) in the last year. Both the SEC and FINRA will focus on protecting investors from the increased risks associated with the rapid growth of these markets. The SEC will continue to monitor the sales of these products, and where there are securities, examine for regulatory compliance. Areas of the SEC’s focus will include whether adequate controls and safeguards are in place to protect these assets from theft or misappropriation and whether investors are provided adequate disclosure about the risks associated with these investments. Similarly, FINRA will review the supervisory, compliance and operational infrastructure firms have in place to ensure compliance with relevant federal securities laws and regulations, as well as FINRA rules. Firms will need to monitor developments in these rapidly evolving areas.
Both agencies emphasized their continued assessment of the adequacy of firms’ anti-money laundering programs. These agencies will pay particular attention to whether firms are appropriately adapting their AML programs to address their obligations. For example, the SEC will review whether firms are taking reasonable steps to understand the nature and purpose of customer relationships and to properly address risks; whether entities are filing timely, complete and accurate SARs; and whether firms are conducting robust, timely and independent tests of their AML programs. Similarly, FINRA will assess the adequacy of firms’ policies and procedures to detect and report suspicious transactions, resources for AML monitoring and the sufficiency of independent testing. FINRA also refers firms to its 2017 Report of FINRA Examination Findings for further identification of areas of concern and best practices.
In light of these shared interests, firms should assess their compliance and supervisory programs in the context of these key risk areas. Firms must also evaluate their sales practices, as well as their policies and procedures with respect to these areas, in order to ensure they are in compliance with all applicable rules and securities laws.