February 20, 2018

The SEC has once again updated its exam priorities for the new year. The length of the document is a little unusual – more than twice as long as last year’s due to a beefed-up introduction where the agency lays out the principles it abides by when executing priorities. Here, the SEC tells us that it is risk-based, data driven, transparent, resource-efficient and embracing technology to “do more with less.”

While the industry is now fully aware of how the SEC is leveraging technology to recognize risk, the concept of transparency at the agency is not as often discussed. The SEC says it has been publishing more information about its exam priorities, findings and risk areas than ever before. It calls out Risk Alerts as a valuable tool and notes that it has made “a concerted effort” to publish them more often so that firms may “sharpen their identification and correction of deficient practices.” A good practice would be to re-read recent Risk Alerts that address issues relevant to your firm and consider areas of your program that you might want to review.

The exam priorities themselves do not depart significantly from those of 2017. While there are five general categories (up from three), the content found there largely reflects ongoing priorities with the largest focus being on protecting retail and retirement investors.  This initiative covers a wider range of practices and considerations, from ensuring proper disclosure and calculation of fees to seeking best execution for fixed income transactions.  New to the list is cryptocurrencies, with a focus on sales of these products, controls to prevent misappropriation, and risk disclosure. While private fund advisers were not singled out as an initiative, we urge you not to read too much into that fact. The issues that the SEC has prioritized are relevant to these advisers and they will face examination much as before. Finally, cybsecurity has been a focus for quite some time now, but it seems the SEC has moved past the information gathering stage of sweep exams as the SEC notes “we will continue to prioritize cybersecurity in each of our examination programs.”  The SEC is particularly focused on governance and risk assessment, access rights, data loss prevention, vendor management, training and incident response. We encourage you to spend a few minutes reviewing the 2018 exam priorities which are linked below and consider them in relation to your ADV Annual Update and annual review for this year.

Resources:OCIE Examination Priorities for 2018