This year, broker-dealers, investment advisers, fund complexes and others regulated by the SEC can expect areas of focus during examinations to include heightened scrutiny on advice and programs that impact individual (retail) investors. In its exam priorities document, OCIE also indicated its intention to look more closely at practices and policies that apply specifically to elderly or retiring investors and to review issues impacting investment markets as a whole.
For Chief Compliance Officers and executives responsible for their organizations’ regulatory compliance programs, the annual list of priorities can help SEC-regulated firms by providing a road map of sorts. Of course, the list of exam priorities does not mean that the SEC will not review or focus on other areas within the firms it examines. However, firms that take the time to review and adjust their internal policies and controls for OCIE’s focus areas may find themselves better prepared if (when) they receive notice of an upcoming examination.
With these stated initiatives in mind, firms of any size (but perhaps particularly smaller firms without large budgets for regulatory compliance initiatives) should consider how they can leverage technology to help meet their compliance requirements.
Given that the SEC’s mission is first and foremost to protect investors, it’s hardly surprising that OCIE’s efforts year after year are focused on making sure the firms the SEC regulates are doing just that.
As in previous years, OCIE intends to include never-before examined investment advisers on its exam roster. Those firms, whether newly registered or not, would do well to devote sufficient resources to reviewing their compliance program to ensure compliance with not only those areas included on OCIE’s list but also with the general regulatory requirements for investment advisers.
Broker-dealers and advisers providing electronic investment advice, those that offer wrap fee programs, exchange-traded funds and the firms and representatives offering ETFs will also find those programs and products under the microscope in 2017. Firms and ETFs need to make sure their marketing, sales programs and practices and overall compliance programs are reasonably designed to prevent, detect and correct violations.
Federally-registered advisers with more than one location and advisers who employ representatives who have previously been subject to regulatory actions or sanctions will also need to ensure their compliance controls are sufficient to protect against the unique risks that come with those situations.
Seniors and Retiring Investors
Many senior citizens lack experience with, and knowledge of, sophisticated investment products, and there’s evidence that seniors may be more vulnerable to fraudulent schemes and scams. With a staggering number of baby boomers retiring every day – estimates are that about 10,000 people are retiring daily, a number that is expected to remain fairly constant for the next decade – OCIE’s focus on helping protect seniors and their retirement savings is understandably important.
For the past several years, OCIE examinations have included evaluations of firms’ tools and controls for products and advice directed at senior citizens, and that’s not expected to change for 2017. Firms should continue to be prepared to demonstrate how they manage potential conflicts of interest and other risks, including policies and controls around pay-to-play rules and gifts and entertainment.
OCIE’s list of 2017 priorities also includes areas that impact the broader investment market, including firms’ best execution obligations, anti-money laundering initiatives and programs, and money market fund compliance.
Recognizing that OCIE’s oversight extends beyond investment advisers, broker-dealers and their personnel, the examination priorities list also specifically includes clearing firms, national securities exchanges, FINRA and SCI entities.
Finally, cybersecurity continues to be a hot-button item across industry lines. Every organization under the SEC’s oversight needs to have operational and regulatory controls in place to help protect investors and firms from cybersecurity fraud. Firms without robust data privacy and security measures in place are at risk of not only regulatory sanctions, but they also face the very real threat of significant financial losses and reputational risk.
The Case for FinTech
Some SEC-regulated firms resist implementing technology, assuming that manual processes will be sufficient to meet their compliance obligations. As with any technology or human resource, there are upfront and ongoing expenses associated with FinTech tools. Firms may recognize the efficiencies they could achieve by adopting FinTech resources but assume the status quo will continue to serve them well. Unfortunately, firms that decide not to use technology tools like automated workflows can find themselves saddled with headaches and increased cost later on.
Tracking things like gifts and entertainment, political contributions, policy acknowledgments and marketing materials by using documents, spreadsheets or homegrown databases creates enormous potential for user error. Data loss and data integrity are also real threats when information is stored locally. If that’s not bad enough, collaborating is difficult at best in such situations, and managing various approvals and steps in the process can be nearly impossible. Reporting on manually-captured data and processes means even more time spent creating reports and verifying information.
As is true of any other business, most firms in the investment world have the intention and goal of growing over time. A firm whose regulatory compliance program is haphazard or is made up of manual processes can quickly find itself unprepared to meet the demand and volume that can come with onboarding more employees or acquiring more clients.
The common thread running through all of the focus areas identified on OCIE’s 2017 examination priority list is that SEC-regulated organizations must have adequate compliance controls and processes in place. While using FinTech by itself will not guarantee against charges of non-compliance, automating processes can help firms develop and maintain robust compliance programs.
Compliance and Policy Initiatives
It’s important to work with a FinTech firm that understands the risks SEC-regulated entities are facing. Choose a company that has designed workflows and systems that can be tailored to your firm’s needs, and that can remove your reliance on labor-intensive and error-prone manual processes.
To learn more about how Integrify can help firms maintain regulatory compliance while freeing up valuable resources that can be used for other initiatives, call (888) 536-9629 or fill out this easy online contact form today.