SEC’s 2018 Exam Priorities
As has been the case for the last couple of years, cybersecurity compliance and protecting investments of seniors have been two of the top concerns and priorities for the Securities and Exchange Commission’s (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”). According to industry experts, 2018 will not be any different.
It is expected that cybersecurity will be an expanded OCIE priority in 2018, as regulators concentrate and spend more time ensuring that cybersecurity policies, procedures and controls are in place to protect personal information. With the recent high profile data breaches at Equifax and Edgar, there’s no question that cybersecurity will be front-and-center going forward.
James Fanto, a professor at Brooklyn Law School, agrees, saying, “There is simply so much activity in the cybersecurity space with the Equifax hack and the SEC’s own hack that they can’t ignore this subject. And there is always the worry that customer assets will be hacked into and taken.”
SEC’s new Chairman, Jay Clayton, has stated that he views cybersecurity as a critical part of the infrastructure underlying the capital markets. This emphasis will be reflected in OCIE’s priorities, and broker-dealers and advisers must be prepared.
Confidence in Cybersecurity Compliance
National Regulatory Services (“NRS”) offers a full cybersecurity solutions package to assist broker-dealers and advisers in this growing and expanding area of concern. NRS’ services include a maturity assessment of a firm’s cybersecurity program, cybersecurity policy and procedures development and improvement, support, review and testing, as well as due diligence review and monitoring of a firm’s vendors/service providers. Find out more here.
Broker-Dealers! Do Your Supervisory Procedures Stack Up?
Broker-Dealers are required to test the effectiveness of their supervisory system at least annually, under FINRA Rule 3120. NRS reminds firms that the annual review is a critical tool to identify and mitigate risks within the firm’s business activities and supervisory structure. In conducting a 3120 review, firms can identify potential areas of concern, evaluate procedures and practices which require updating or amending, and determine areas which may require additional training for associated persons.
One of the more difficult tasks is identifying which areas of business the firm should be testing. In determining testing, firms could look at factors such as:
- New and/or top revenue producing business activities;
- Previous procedural deficiencies;
- Previous customer complaints; and
- Regulatory “hot topics”
The testing and evaluation of the firm’s activities should consist of reviewing what the supervisory procedures indicate should be occurring, interviewing employees to identify what is actually taking place, and reviewing evidence which documents the activities taking place.
As Supervisory Controls Testing continues to be a FINRA exam priority, firms must conduct comprehensive reviews that include the “hot topics” in today’s regulatory environment. For example, FINRA is focusing on cybersecurity, senior investors, and social media supervision, among other topics this year. Firms must ask themselves, do we have written supervisory procedures which cover these and other “hot topics”? Are those procedures being tested? Are you finding that the controls in place are adequate in supervising the activity and mitigating risk?
The big question is whether your firm has the resources to execute your responsibilities. Some firms don’t. Given the constant movement in the industry, we recommend that firms utilize consultants who are exposed to the ever-changing and expansive regulatory environment. Find out how we can help by going here.
Tackling Oversight in a Technology Focused Compliance Regime
FINRA and the SEC are honing in on firms via the data provided by the firm through regulatory filings like the Form ADV and the Forms U4 and U5. FINRA will be keeping a more watchful eye on representatives who have disciplinary history and the SEC continues to utilize data sets to determine risky firms.
Technology is one way to make the process of oversight less time-consuming and more efficient for busy compliance officers.
In 2017, FINRA issued almost a 1,000 disciplinary actions for failing to disclose or conflicts of interest regarding outside business activities. Recently, FINRA imposed a $1.25 million fine for failing to fingerprint associated persons. Registered rep oversight by regulators is increasing. In order for firms to maintain the supervision required, technology should be employed which more efficiently automates the process of outside business activity review and registered rep registration and licensing requirements.
FINRA also made over 400 referrals to the SEC regarding insider trading in addition to the insider trading cases the SEC investigates on their own. Firms should have a Code of Ethics in place that includes strict guidelines for personal trading, gifts and entertainment and political contributions. All access persons should attest to these at least annually and firms should utilize technology to track trading, gifting, political contributions and the required attestations.
Increase Efficiency and Decrease Risk
Manually accomplishing any of these tasks is inefficient and time-consuming. Implementing technology solutions provides quicker oversight, information to spot additional supervision requirements and easy access to reporting when a regulator visits the firm. NRS ComplianceGuardian and ComplianceMax provides solutions that provide efficient oversight to these common exam deficiencies. For more information, go here or call (860) 596-0990.
What Are Your Continuing Education Needs for 2018?
As 2017 draws to a close, we at FIRE Solutions are working to meet the needs of our Firm Element Continuing Education clients in 2018.
We recently conducted an in-depth industry analysis to determine the most pressing issues facing our regulators and clients. As a part of this analysis, our internal experts reviewed current events, regulatory notices, and client feedback and used this information to create a list of the most pressing topics facing our industry in the next year. These topics surfaced as those most relevant to our industry in this current regulatory climate and potentially to your 2018 Firm Element Continuing Education needs. Because we would like to fine-tune these topics, we developed a very short 2018 Firm Element CE survey (please click the URL link below).
Our goal with this survey is to collect information to ensure that the topics we’ve identified are relevant to your business needs. Please take a few minutes to fill out the survey. At the end of the survey, we also give you an opportunity to identify any other topics that would be more relevant to your specific business needs.
All specific feedback will be kept confidential. Results will be compiled anonymously and an outline of the proposed new courses will be shared with all participants.
Access the survey here, and please contact us with any questions or concerns regarding this survey, or other product offerings.