05.18.22
What to Expect From the New SEC Examination
by: Takeaways From the FINRA and SEC Exam Letters and Reg BI Solution Webinar
With the release annual examination priority letters from FINRA and the SEC, there have been new policies that sparked several questions.
In a recent webinar, FINRA and SEC Exam Letters and Reg BI Solution, Laxmi Ramanath, founder and CEO of La Meer, Inc., and Ben Marzouk, partner at Eversheds Sutherland, summarized how the new priority letters will affect the regulators’ 2022 examination and enforcement focus.
Here are a few takeaways from that webinar.
1) Reg BI and Form CRS
Firms are going to need more to document that the recommendations actually made with the customer’s best interest at heart. A rep cannot just state or write down that they considered all options. It must be more specific now.
“Like the SEC said time and time again, it doesn’t mean the lowest cost product, but high cost products are certainly getting some scrutiny and added scrutiny,” says Marzouk.
FINRA also issued a regulatory notice after the SEC Exam priority letter. This notice focuses on complex products and how a reassessed standard of care framework may be required. However, there is still not much information on this policy yet, and it is encouraged that firms and broker-dealers should keep an eye on it. Nonetheless, Marzouk speculates that any investment in more complex products is going to have to pass some heightened bar.
“What that bar is, I don’t know,” says Marzouk. “I think that’s where they’re trying to flesh out.”
Firms that are also offering more complex investments are going to be looked at more closely by the SEC, so it is recommended that these firms are extra careful regarding their Reg BI compliance programs.
2) Cybersecurity Aspects: IT Risk Management
While it isn’t a major priority in the SEC letter, vendor diligence is predicted to be important from the broker-dealer side. As technology advances, so do cyber threats. According to the SEC’s Proposal for Cybersecurity Rules and Amendments for Registered Investment Advisers and Funds, it is recommended that firms keep the following in mind when considering solutions:
- Report significant cybersecurity incidents to the SEC on the new Form ADV-C within 48 hours.
- Identify the entities affected, data that was stolen, altered, accessed or used for unauthorized purpose when incidents were discovered, etc.
- Establish IT policies, processes and controls for monitoring.
- Keep inventory of information, sensitivity level and importance to business operations.
Be sure to categorize and prioritize cybersecurity risks based on periodic risk assessments, including those with vendors.
3) Anti-Money Laundering (AML)
Currently, there is still no AML rule for investment advisors. However, there was a focus on the broker-dealer side for it in the examination report. SEC Chair Gary Gensler has proposed several rules, though there have been no pushes for an investment advisor AML rule.
Nonetheless, broker-dealers still have AML obligations. A few of them include:
- Know Your Customer (KYC) – the KYC has origins in FINRA Rule 2090. Broker-dealers need to know the essential facts about each one of their customer accounts.
- Customer Identification Programs (CIP) – a point-in-time and a once-in-time onboarding know your customer requirements. Some exceptions include the account definition, where CIP only extends to anything that is an actual customer account of the broker-dealer.
- Tailoring the risk profile of the broker-dealer – as firms move into the more institutional space, suspicious activity reports continue to be a focus. “A one-size-fits-all approach or prescriptive approach really wouldn’t work, and the regulators acknowledged that,” says Marzouk. “Understand what your high-risk customers are and what your low-risk customers are.”
4) Crypto FinTech
As expected, cryptocurrencies and FinTech continue to be issues. FINRA has issued a series of notices that require broker-dealers to proactively inform FINRA of any digital asset space activity, including cryptocurrencies.
Firms may be required to submit a CMA or materiality console if the guidance isn’t clear on it. Firms may also have to consider what OBAs and PSTs need to be filed, even if their firm does not dabble in the crypto field.
For firms that do engage in cryptocurrencies, however, there is potential to ‘take custody’ of the private key. It is advised that these firms tailor their policies around the risks of taking custody of the private keys.
There is also the presence of “finfluencers”: influencers who share finance advice on social media platforms. These sorts of activities are viewed as an extension of the broker-dealer’s own selling activity, and in some cases these finfluencers are being paid by the firms or are registered reps of the firms to share their advice.
Members are welcome to access a complimentary recording of this FINRA and SEC Exam Letters and Reg BI Solution webinar. Not a member? You can purchase access to the recording. Learn more here.