Each year, both the United States Securities and Exchange Commission (SEC) and the Financial Industry Regulatory Authority (FINRA) issue guidance concerning their regulatory priorities for the coming year. FINRA's 2019 Annual Regulatory and Examination Priorities Letter can be found here, and the SEC Office of Compliance Inspections and Examinations (OCIE)'s 2019 National Exam Program Examination Priorities can be found here.
Set forth below are topics on which the SEC's and FINRA's concerns overlap. Notably, FINRA took a unique approach this year in that its letter begins with materially new topics, then discusses areas of ongoing concern, with an emphasis on aspects of those topics not covered in prior letters. Unlike in previous years, FINRA declined to use its priorities letter to repeat topics that have been "mainstays" of its focus over the years. The SEC also took a new approach, emphasizing how it increasingly leverages technology and data analytics to fulfill its mission and citing its recently adopted Strategic Plan, which reiterates the importance of examinations to bolster regulatory requirements and protect investors.
This year, both of the annual priorities letters address a large number of diverse topics. Accordingly, in order to provide additional insight into the evolution of the SEC's and FINRA's regulatory and examination priorities, we have prepared detailed comparisons of FINRA's priorities between 2007 and 2019 and the SEC's priorities between 2013 and 2019. The comparison of the SEC's priorities is available here. The comparison of FINRA's priorities is available here.
Areas of Common Focus:
Senior Investors: As both have done for the past few years, FINRA and the SEC will continue to focus on issues affecting senior investors. These agencies indicate that seniors and those saving for retirement are increasingly reliant on returns from their investments and can be particularly vulnerable to misconduct. The SEC will focus on firms' oversight of interactions with senior investors and the ability of firms to identify financial exploitation of seniors. It will also focus on evaluating firms' internal controls designed to supervise their employees and independent representatives advising senior investors and the sales of products and services directed at senior investors. The SEC will continue to conduct examinations of firms offering services to investors with retirement accounts and will focus on investment recommendations, sales of variable insurance products, and sales and management of target date funds. In addition, the SEC has committed to focus on conflicts of interest that may exist when advisers utilize services provided by an outside affiliate, receive a financial incentive for recommending that investors use securities in their brokerage accounts as collateral to obtain a loan, or borrow funds from clients.
FINRA's focus on protecting senior investors runs throughout its annual priorities. Specifically, it will assess firms' supervision of accounts for which registered representatives serve in a fiduciary capacity, including holding a power of attorney, acting as a trustee or co-trustee, or having some type of beneficiary relationship with a non-familial customer's account. FINRA remains concerned that registered representatives will use their role as a fiduciary to take control of trusts or other assets and direct funds to themselves. FINRA will also review controls regarding firms' obligations, pursuant to FINRA Rule 4512, to make reasonable efforts to obtain information about trusted contacts for non-institutional accounts, and pursuant to FINRA Rule 2165, to the extent that firms anticipate placing temporary holds on disbursements when exploitation is suspected. FINRA would like to see that firms have clearly defined policies and procedures or practices in these areas.
As in 2018, protecting senior investors remains a "top priority" for regulators in 2019.
Cybersecurity: The SEC places a particular emphasis on cybersecurity this year and states that it will continue to prioritize cybersecurity in each of its five examination programs. Specific to investment advisers, the SEC will emphasize cybersecurity practices at investment advisers with multiple branch offices, including those that have recently merged with other investment advisers. The SEC will also continue to focus on, among other areas, governance and risk assessment, access rights and controls, data loss prevention, and incident response.
FINRA also retains its emphasis on cybersecurity, although it does so primarily through its focus on regulatory technology or "RegTech." FINRA will engage with firms to understand how they are using a variety of innovative RegTech tools to make their compliance efforts more efficient and how they are addressing related risks, challenges, or regulatory concerns, including supervision and governance systems, third-party vendor management, safeguarding customer data and cybersecurity.
Digital Assets: Significant media, public, and regulatory attention has been devoted to digital assets (such as cryptocurrencies and initial coin offerings (ICOs)) over the last two years. Both the SEC and FINRA continue to focus on protecting investors from the increased risks associated with the rapid growth of these markets. The SEC will continue to monitor the sales of these products, and, where they are securities, examine them for regulatory compliance. For firms actively engaged in the digital asset market, the SEC will conduct examinations focused on, among other things, portfolio management of digital assets, trading, safety of client funds and assets, pricing of client portfolios, compliance, and internal controls. Similarly, FINRA has announced that it intends to work closely with the SEC to determine whether a particular digital asset is a security and whether firms have implemented adequate controls and supervision over compliance with rules for digital assets, as well as AML/Bank Secrecy rules and regulations. Firms will need to monitor developments in these rapidly evolving areas.
In light of these shared interests, firms should assess their compliance and supervisory programs in the context of these key risk areas. Firms must also evaluate their sales practices, as well as their policies and procedures with respect to these areas, in order to ensure they are in compliance with all applicable rules and securities laws.