The SEC’s OCIE and FINRA recently released their 2020 exam priorities. Episode three of inSecurities will explore what the priorities tell us.



Related Links




[00:00:01.15] SPEAKER 1: This program is brought to you by the Practising Law Institute, a nonprofit learning organization dedicated to keeping attorneys, professionals, and accountants at the forefront of knowledge and expertise.

[00:00:13.14] [MUSIC PLAYING]

[00:00:15.91] KURT: The Securities and Exchange Commission's Office of Compliance, inspections, and examinations and FINRA's Risk Monitoring and Examination Programs have published their 2020 Examination Priorities. The reports flag key compliance issues for financial services firms. We'll give you the highlights today on inSecurities.

[00:00:34.62] [MUSIC PLAYING]

[00:00:42.59] CHRIS: Hello, and welcome to inSecurities, a new podcast from PLI, the Practising Law Institute I'm CHRIS. And I'm here, as always, with my co-host, KURT.

[00:00:51.92] KURT: Good to be with you, CHRIS.

[00:00:53.30] CHRIS: On each episode of the podcast, we'll get you up to speed on hot topics and trends in the securities regulatory world, offering a practitioner's perspective on the rules, regs, and cases you should be following. Today, we're focusing on two regulators announcing their exam priorities for the year 2020, the SEC's OCIE and FINRA have both put out reports regarding what they'll be looking for this year. And for those of you following along on the acronym bingo, we'll be covering those acronyms in a later episode, along with a whole host of others.

[00:01:25.79] [MUSIC PLAYING]

[00:01:33.21] KURT: Before we dive into the exam priorities, CHRIS, let's touch on a couple noteworthy regulatory developments. You want to tell us a little bit about auditor independence rules?

[00:01:41.82] CHRIS: I'd love to. For those of you who've been in the legal and accounting world for a significant period of time, at least dating back to the early 2000s, auditor independence has been a developing field with the Sarbanes-Oxley act of 2002, following many of the financial accounting and audit scandals of the early 2000s, auditor independence became a focus point, both for accounting firms as well as audit committees, and publicly-traded companies, and other SEC filers. Over the past few weeks, the SEC has contemplated and provided a proposal to limit the rules around auditor independence. This may appear a little bit contrary to popular opinion about auditor independence, in weakening the rules and regulations related to accountants and the relationship they can and may have with specific clients, but the SEC in their proposal is very cognizant to only focus on those issues that are technical violations of the current compliance rules around independence but, in fact, do not present a substantial threat to an actual auditor's independence.

[00:02:45.81] The example they bring up in the proposal relates to an audit firm that audits a lender, and another partner joins that firm, not working on the audit for the lender, not engaged in any way to do work on a lender. But if that second partner comes into the firm and actually owes student loan debt to that lender, technically that would be a conflict. So it seems, from the SEC's perspective that such a scenario would be, in fact, a violation of an independence rule that stands today and does not actually present a substantial risk of violating independence in the Commission's mind. So this proposal goes to respond to many of those issues, as they come up.

[00:03:24.93] KURT: So it would be oversimplifying to say that the rule proposal is designed to smooth over some technical conflict issues that have existed under the existing regulatory framework in order to let people do business in situations where there's no real or substantive conflict?

[00:03:41.79] CHRIS: That's right. And the commission also made a point to say that they want to limit the time that audit committees have to spend contemplating independence rules that they feel may not be substantive conversations that the committee itself is having. So other examples of changes in the proposal include, we talked about de minimis consumer loans, some of the definitions-- currently the phrase "substantial stockholder" is listed in the rules, and that's really not well defined. So they've elected to or proposed to change that to "beneficial owners with significant influence," which would be a little bit easier to interpret from an audit committee perspective, as well as from the audit perspective.

[00:04:21.01] [MUSIC PLAYING]

[00:04:23.82] KURT: Certainly an interesting development, CHRIS. Also interesting that one of the issues that's being flagged up by this rule proposal is one of definition. And that brings us to the second development that we're going to talk about today before we switch to our main topic, and that is an SEC rule proposal to change the definition of, quote, "accredited investor," unquote.

[00:04:44.25] The definition of an accredited investor determines who can invest in private companies. And there has been chatter, for the past several years, about whether the definition of accredited investor should be broadened to allow more investors to invest in private companies. The rule proposal that the SEC put forth in December would do just that and would have the effect of expanding private offerings to new investors.

[00:05:09.87] In the past, the accredited investor definition has revolved largely around things like the net worth of an investor.

[00:05:17.28] CHRIS: That's right.

[00:05:18.57] KURT: Under the proposed definition, they would consider other factors, like the investors level of sophistication. And the SEC thinks that it's a good idea to encourage more people to participate in the capital markets. And, to the extent that they want to participate in private offerings, to pull down barriers that in the past have prevented them from being able to participate in those offerings.

[00:05:42.68] So we'll see what happens with the rule proposal. It's getting mixed reviews, as you as you might imagine. Those who are on the financial services firms or the industry side of the house like it, because, potentially, they can expand the pool of potential investors that they can solicit or to whom they can recommend offerings. The investor advocacy side of the house says, we really didn't want to expand the definition of accredited investor. They, perhaps, would have advocated to narrow the definition of accredited investor.

[00:06:13.58] So as we've seen with so many rule makings over the last year or a year and a half, there's a very serious divide in opinions from industry participants about what is the best path forward. We'll see what happens, but it's certainly something to keep an eye on in 2020, as we get into and through the comment period, look forward to a final rule and see what the SEC actually puts in place.

[00:06:39.20] [MUSIC PLAYING]

[00:06:42.97] All right, CHRIS. Well, I think it's always good to take a couple of minutes to think about some important regulatory developments that maybe don't make their way into our main topic of discussion. But let's segue and move into what we came here to talk about today, which are OC's and FINRA's exam priorities for 2020.

[00:06:59.84] [MUSIC PLAYING]

[00:07:05.71] CHRIS: At the beginning of each year, the SEC's Office of Compliance Inspections and Examinations puts out its list of exam priorities for the coming year. Along with those exam priorities, OC focuses the readers of its exam priorities on a variety of different issues and results from the prior year. And 2019 seem to be a great year for OC, in terms of their activity, their statistics, and their seeming ability to overcome what we've continued to talk about and probably will for at least a few more months, that 35-day government shutdown. Which, I appreciated their euphemism here of just using the phrase "lack of appropriations." I thought that was a artful way to describe what we felt here in DC during that period.

[00:07:51.05] So the statistics and everything along with the OC report, you guys can definitely take a look at. But interested in Kurt's discussion of those stats of some of the background, as well as as we get into those specific exam priorities.

[00:08:03.82] KURT: At the beginning of each year, OC and FINRA publish their exam priorities for the coming year to give regulated entities and the markets a heads-up about what they're going to focus on in examinations throughout the year. What they're trying to do is identify key areas of risk, both existing and emerging, that the commission and FINRA expect regulated entities to identify and mitigate. That is, to communicate where the agencies see the potential for risk to firms or harm to investors.

[00:08:32.98] I want to walk first through the SEC's stated priorities for 2020 and then talk for a minute about FINRA's priorities. And then let's kind of see how they compare and contrast. Because, I think, sometimes, that's where the most interesting analysis is. I mean, you can walk through the SEC's road map, you can walk through FINRA's road map. But I think if what we're thinking about is from a broader securities regulatory perspective-- what is important to the regulators-- you can kind of see where do they gel, where do they overlap. And that gives you, I think, a more comprehensive picture of the things that financial services firms ought to be thinking about as they approach exam season and they build out their compliance programs.

[00:09:11.71] CHRIS: Before we get into the details, Kurt, it seems to me this is a little bit the teacher giving away the test to the students before the pop quiz. Is this a leading exercise in which not only the regulators are signaling what they're interested in, but almost giving a nod for firms to get ready and prepare this documentation, say, before they even show up? Or am I thinking a little bit too critically about telling your constituents how you're going to examine them?

[00:09:36.16] KURT: No. I think that's absolutely what they're doing. And I think we have to think about the function of OC or FINRA's exam team very differently than we would think about enforcement, for example. I mean, here, they want firms to pass this, quote, "test," right? And if you look at the exam priorities year-over-year, they tend to build on one another or sometimes repeat one another. And what you'll see is some of the things that were in the findings from last year's exam cycle may have fallen off the radar this year or they may be highlighted again this year.

[00:10:09.58] They're also building in to the exam priorities for the year things that they learned from the last exam cycle. So last year, I think, OC, for example, examined over 3,000 registered firms. They will have taken away from those examinations some weak points that they identified in the market. And what they're trying to do, rather than play a gotcha game that results in everybody getting a deficiency letter, what they want to do instead is say, hey, heads up, here are some things that we found that people weren't doing particularly well or maybe just things where we think that firms need to do a little bit better. If we come knocking on your door, we expect that you read our findings, that you've read our exam priorities for the year, and that you're addressing those issues, to the extent that you're not quite up to snuff.

[00:10:53.95] CHRIS: Yeah. And OC, it's proud of this issue in its exam priorities report, as it points out that for many of the firms that it issued deficiency letters for in fiscal '19, those firms have taken direct corrective action in response to the letters, including amending compliance policies and procedures or a regulatory filing, enhancing their disclosures, or even returning feedback to investors. So the regulators are definitely, to your point, Kurt, on the side of firms and want them to be up to snuff to meet that benchmark, so that they're operating effectively and working to help investors.

[00:11:25.60] KURT: Absolutely. And frankly, if you're a regulated entity, this is the way that you want to resolve a potential compliance shortcoming.

[00:11:31.78] CHRIS: Definitely.

[00:11:32.80] KURT: Through an exam, you'd prefer not to get a deficiency letter. But if you do, that is well below the enforcement action. It's something that you can potentially resolve collaboratively with the exam staff or other divisions at the commission as necessary. Fix it and move on. And hopefully it doesn't ever get to the point where the exam staff feels like they need to make a referral to enforcement or otherwise call in enforcement for a consult.

[00:11:59.29] You know, we hear people talk an awful lot about regulation by enforcement. This is a really good way to avoid it. I think a lot of firms develop a good rapport with the examiners that they see time and again. And this is a very healthy way, I think, for firms and their regulator to engage in a dialogue, to work through existing or emerging risks that they face and resolve compliance issues that are identified.

[00:12:25.51] So I think it's a good thing. I think that the way OC and FINRA handle it by listing their exam priorities and later in the year reporting on their findings-- a really good way to communicate with regulated entities.

[00:12:38.87] [MUSIC PLAYING]

[00:12:41.53] CHRIS: All right, let's not hold out any longer, Kurt. What are the details we've got for our exam priorities?

[00:12:45.04] KURT: All right, let's jump in. OC lays out four pillars for its exam program that I think apply equally to the SEC's exam program and FINRA. And they are-- promoting compliance, preventing fraud, identifying and monitoring risk, and informing policy. And I think that those play out through the dialogue that we were talking about, CHRIS.

[00:13:05.92] Let let's talk a little bit about what the SEC Is looking for in 2020. First, I think it's important to note that the SEC's national exam program is broken into five constituent parts or sub-programs. They have the investment advisor investment company examination program, that's one. Second is the broker-dealer and exchange examination program. Three is the clearance and settlement examination program. Four is the FINRA and Securities Industry Oversight or FSIO-- some more acronym bingo-- examination program. And last is the technology controls program.

[00:13:42.82] The SEC's exam priorities do not, however, break out cleanly into those five constituent programs.

[00:13:49.55] CHRIS: Of course, of course.

[00:13:50.36] KURT: On the other hand, they're sort of organized thematically, not necessarily intuitively. And if you read through the 2020 exam priorities, which weighs in at about 24 or 25 pages, I think you'll find that there are some redundancies-- I hesitate to say inconsistencies. But certainly, the same topic crops up in different contexts a few times throughout.

[00:14:15.67] CHRIS: And spoiler alert, we might see that with the FINRA exam programs as well.

[00:14:19.37] KURT: Yeah. I think we might, although it's generally-- at least in my way of thinking, FINRA lays theirs out in a somewhat more under systematic fashion.

[00:14:26.05] CHRIS: Understood.

[00:14:26.98] KURT: What I want to do today is not walk through all 26 pages page-by-page, but just hit the high points and think about looking across the exam program, what are the things that the SEC or OC are focusing on? First, we talk about it every week it seems like, CHRIS.

[00:14:44.55] CHRIS: Yep.

[00:14:44.89] KURT: Retail investors-- that's number one. A lot of the focus on retail investors has to do with the disclosures that firms, whether you're in IA or BD, are making to investors. Are they adequate? Are you explaining the fees? Are you explaining your relationship? Are you making enough information available about the particular products?

[00:15:06.14] The second thing that OC Is focusing on with respect to retail investors is particular sales practices and particular products. I think, increasingly, over the last several years, what we're seeing, both from OC and on the other side of the house in the enforcement division, are focus on products. I think they're still interested in sales practices, but it feels, to me, at least, those programs were driven more by sales practices in the past.

[00:15:31.01] CHRIS: Yeah.

[00:15:31.21] KURT: Now, we're looking at particular products. So they're looking at mutual fund share classes. We just had the big self-reporting initiative built around that. It's something they're going to look at again in 2020. They're interested in ETFs, particularly new kinds of ETFs, like some of the non-transparent, actively managed ETFs. They're looking at muni bonds. They're looking at micro caps.

[00:15:51.64] And finally, with respect to retail investors, OC is going to look at standards of care. And we're going to circle back to it, but, again, another one we talk about almost every week, regulation best interest-- reg BI. CHRIS, it comes back again. And the interpretation regarding the standard of conduct for investment advisors-- it's something that OC is going to be looking at throughout the year and 2020.

[00:16:12.64] Second big topic for OC is information security. This is where you're going to find cybersecurity, compliance frameworks built around reg SP, and other state or federal laws that would require you to have information security governance and risk management policies and procedures, policies and procedures for data loss prevention, vendor management, training, incident response and resiliency-- all of the things that you would put under the information security or information governance bucket.

[00:16:46.52] All right, number three for OC-- fintech and innovation, including digital assets and electronic investment advice. I think, here, what OC is acknowledging is that there have been tremendous advancements in financial technology and the way that financial services firms are delivering services, through applications or through online platforms. And what they want to do is a sort of look behind the curtain a little bit to make sure that the firms have the right kind of policies and procedures in place, to make sure that where they are now relying on some financial technology or innovation to manage their services, that they're still covering the nuts and bolts-- things like suitability analysis, your standard of care, and what have you.

[00:17:28.61] CHRIS: This is actually one of my favorite viewpoints on the exam priorities. At least in certain circles, fintech, digital assets, robo-advisors, those are the buzzwords that get all the attention. And it's coming at the level that's in the same vein as retail investors, right? So although you might be reading kind of the financial press and seeing some of these more interesting and intricate stories about financial complexities from a technological perspective, the commission's looking at this the same way they look at the mom and pop investor, or at least on the same level of significance. So be sure to follow along with some of those stories I'm sure we'll be talking about in the coming weeks, but it's always much more fun to say robo-advisor than investor A in terms when we're talking about individuals.

[00:18:09.28] KURT: Absolutely. And we're going to talk a little bit about robos again later in the episode. I think you're right. On some level, we could think about all of these exam priority areas through a retail investor lens. And, I think, increasingly, that's what the SEC is doing. But we've broken them out--

[00:18:24.83] CHRIS: You got it

[00:18:25.39] KURT: --as has OC. So here we go. Next are AML programs and infrastructure. And this is really just making sure that regulated entities have in place customer identification programs and policies and procedures to allow them to satisfy their SAR-- S-A-R-- filing requirement obligations.

[00:18:45.07] Market infrastructure is another category that OC's focusing on. And here, this is not so much when they're looking at investment advisors or broker-dealers, but here we're talking about clearing agencies, exchange's, transfer agents. And what they want to make sure that they're doing are taking the right steps, both technologically and from a policies and procedures supervision and monitoring standpoint, to satisfy their regulatory obligations.

[00:19:12.97] CHRIS: This is the plumbing of the marketplace.

[00:19:14.60] KURT: Absolutely.

[00:19:15.43] CHRIS: You never think about it when it's working. But when it doesn't work, it's top-of-mind for everybody. So knowing that the commission's taking a focus on that is good to see.

[00:19:22.17] KURT: Yep. The last two categories are things that we're going to circle back to a little bit, but these are more industry segment focused. OC has set out some priorities that relate specifically to investment advisors. Those include things like, they're going to look at your compliance program, they're going to look at the disclosures that you have in place around new and emerging investment strategies, things like ESG criteria, they're going to look at the products you're selling and how you're selling them. And, interestingly, this year, there's a little bit more of a focus, I think, on investment advisors to private funds-- what exactly are the services that you're offering, how are you doing things like valuing the products that you're recommending to private funds.

[00:20:05.20] And last, broker-dealers. And here there's always some overlap with FINRA.

[00:20:10.31] CHRIS: Of course.

[00:20:10.70] KURT: FINRA is the primary regulator for broker-dealers, but SEC has regulatory authority in that space too, and they have a dedicated unit within OC that look specifically at broker-dealers. Those folks, this year, are going to be looking at what they call financial responsibility. These are a little bit nuts and bolts kind of things here. I think we'll find that FINRA is a little bit focused more on client-facing issues-- sales practices, we'll come onto it in a minute. But for purposes of SEC OC, what they're worried about are things like the customer protection and net capital rules, essentially making sure that firms are holding cash and securities appropriately and in compliance with securities regulations.

[00:20:51.29] They're also going to look at trading and risk management. Again, a little bit nuts and bolts-- how are you routing orders? How are you handling odd lots-- orders for under 100 shares? Some of those more, to use your, "plumbing" types of issues.

[00:21:06.78] CHRIS: Yeah. Not really market-moving activities, but really making sure your shop is in order. And I really appreciated, from the SEC's report, their layout of what a good compliance program looks like. I always like when an examiner can come in and say, hey, guys, we told you so. Some of the things they talked about are early involvement in business development, such as product innovation and new services, having a stalwart chief compliance officer. It's always great to see a dedicated individual to those issues that has full responsibility and authority to do what they need to do. So unlike the popular show Billions, where the compliance officer is put in a corner and never spoken to again, someone who actively participates.

[00:21:46.99] And then, obviously, as you know us in the forensic accounting profession and fraud risk from a financial reporting side always see, the tone at the top. How is the executive management and the leaders at the firm approaching compliance? Is it something that's put in a corner or is it that's something that's focused on?

[00:22:02.87] KURT: Yeah, I agree. I picked up on the same thing when I was reading the exam priorities, CHRIS. I thought it was very helpful how OC laid out some of the hallmarks of a good compliance program. It's a roadmap of sorts. It's not all you have to do.

[00:22:18.86] CHRIS: Of course.

[00:22:19.61] KURT: But I think--

[00:22:20.18] CHRIS: Facts and circumstances, Kurt, we use often, right?

[00:22:22.44] KURT: But they are certainly building blocks, right? So if OC comes in and you haven't sort of done those fundamental things right, you're going to be more likely, I think, to have a deficiency letter coming your way.

[00:22:33.17] CHRIS: Right.

[00:22:33.86] KURT: Especially now that they've put in--

[00:22:35.15] [INTERPOSING VOICES]

[00:22:35.84] CHRIS: Homework. You'll have follow-up.

[00:22:36.77] KURT: Absolutely.

[00:22:37.79] [MUSIC PLAYING]

[00:22:41.39] Let's switch and talk a little bit about FINRA's exam priorities for 2020. Interestingly, like the SEC, FINRA's exam program is grouped into five business models. This is particularly interesting, because they've just completely reconfigured their examination program and the teams that work in their examination program as part of the FINRA 360 reboot.

[00:23:04.16] CHRIS: That's right.

[00:23:04.94] KURT: The way that they've restructured it is to build their exam program around what they call "business models." And the five that they came up with are retail, capital markets, carrying and clearing, trading and execution, and diversified. With respect to each of those five, there may be subgroups or subunits that focus on more niche aspects of those models. But, generally, what they've tried to do is something similar to what the SEC did, which is create dedicated teams that know a space within the market that FINRA regulates.

[00:23:39.78] So with that background, what are the priorities for FINRA's exams staff in 2020? Again, I think that these are grouped, at least as I read them, more around risk categories or risk areas. I will say the throughline for all of these are that FINRA is focused on your policies and procedures and your supervision and monitoring.

[00:24:03.30] I mean, look, it's something that FINRA always talks about. It's something that almost every single FINRA disciplinary action includes in their AWC, where they talk about a firm's policies and procedures of supervision. There's often a charge tacked on in the enforcement context, where they say, you didn't quite either design or implement your policies and procedures effectively to make sure that you didn't have this problem.

[00:24:25.71] So I'm not going to, for every one of these categories, say, hey, policies and procedures. But just know that's the throughline. For every single one of these categories, they're going to be looking at the policies and procedures and see, who are your supervisors, how are they doing their job, how are you supervising the supervisors?

[00:24:39.27] But here are the risk categories that I pick up when I read FINRA's exam priorities for 2020. First, sale practices and supervision. At the top of that list, reg BI--

[00:24:50.32] CHRIS: You got it.

[00:24:51.28] KURT: --and form CRS. How our broker-dealer satisfying their standard of care? How are they communicating with clients about the nature of the relationship-- fees, conflicts, et cetera? Second, under sales practices, are communications with the public. I would think of this as sort of advertising for lack of a more clear term.

[00:25:13.87] Obviously, over at the SEC, we've talked about how they have an advertising rule proposal that was going to apply to investment advisors. Here, it looks like FINRA is going to be drilling down on the broker-dealers advertisements. And similar to what we saw in the SEC's rule proposal for investment advisors, FINRA's particularly interested in what they called digital channels, which are electronic messages, social media, and how firms are using mobile applications.

[00:25:39.52] CHRIS: It sounds like, as we talked about in a prior episode, this update will probably not last the 60-year term of the previous [LAUGHS] marketing role from the SEC.

[00:25:48.19] KURT: I think that's right.

[00:25:48.79] CHRIS: Thinking critically about how they the environment will change in the future, I think, is why they chose that phrase to talk about messaging and digital ads, instead of just tweets. Because I don't know if I'll be talking to each other with investment advice on TikTok soon, but those are other kind of social media avenues that will be developed over the coming years.

[00:26:05.14] KURT: Absolutely. I mean, I'd like to get my investment advice in 30 seconds or less. I feel like that's robust and--

[00:26:11.47] CHRIS: Maybe short on disclosures, but you'll get it.

[00:26:14.44] KURT: Who knows. [LAUGHS] All right, sticking with sales practices and supervisions for two more points-- FINRA's going to be looking at the sales of IPOs. They're going to focus, in particular, on how firms are monitoring for flipping. And they're going to be looking at trade authorizations. I think that FINRA is constantly concerned about making sure that broker-dealers have appropriate authorization to trade in clients accounts, to make sure that they have the discretion that is required, that they're not churning or making unnecessary trades. So authorizations is always something that FINRA is going to focus on.

[00:26:47.65] All right. So the first risk category was sales practices and supervision, second is market integrity. Similar to the SEC, I think they want to make sure that the market is sound, that it's safe for investors who want to participate in our capital markets. Here, they're talking about reporting requirements, things like TRACE, and OATS, and the CAT, which is going to come online in April, more alphabet bingo. Market access-- this is particularly important, as a lot of firms are adopting automated or high-speed trading platforms. They want to make sure that the firms have in place adequate policies and procedures so that they know who is using these online trading platforms and that firms aren't inadvertently allowing people to access our capital markets that shouldn't be for one reason or another.

[00:27:34.90] Best execution is another category under market integrity. They're looking at things like routing, odd lots-- how are they pricing and executing options traits? Category three, financial management-- and this is, really, I think, about how the firms are doing their business. A little bit of a less technical focus, sort of like the nuts and bolts mechanics-- the technical systems-- but this is more from a policies and procedures standpoint. They're thinking about how are firms thinking about and managing the sale of digital assets.

[00:28:08.89] Again, we're talking about things like cryptocurrency. So if you are a firm that's operating as a secondary trading platform or if you're otherwise facilitating the sale or trading of cryptocurrencies, they want to know how you're thinking about that from a management perspective. They want to know how you're thinking about liquidity management. Again, how are you thinking about holding customer cash or securities appropriately? And they're thinking about how firms are preparing to wean off the LIBOR, which is going to exist no more at the end of 2021.

[00:28:41.05] So we've got sort of a long off-ramp. But firms really should be thinking about the alternatives that they're going to use to the LIBOR or how they're going to build their programs around it going forward. So that's category three.

[00:28:52.33] The last category is firm operations, and these are a little bit more of the technical aspects of how a firm runs. We're looking at things like AML programs and software, cybersecurity, and technology governance. And there, what they're thinking about from technology governance-- because that's sort of an empty phrase. Let me put a little meat on that bone. They're talking about customer-facing activities, trading, operations, your back office and compliance programs-- how are they built out?

[00:29:20.29] How are you governing them? What kinds of, again, policies and procedures, supervision, and monitoring apparatus do you have in place? And how are you, as a business, focusing on compliance with rules around business continuity and supervision? So those are relatively quickly the SEC's and FINRA's exam priorities for 2020.

[00:29:41.11] CHRIS: I think everybody listening along can definitely hear a lot of overlap. And, I think, especially talking about with kind of the relaxing things like the definition of accredited investor, it sounds like they're making a move to be cognizant of the priorities they need to have out in the market, so that when, say, a lot more investors get involved with trading or even just become interested in the markets, there's programs in place that are looking to shore-up the firms, and the BDs and the IAs, they're acting in that market to protect those investors.

[00:30:10.02] KURT: Absolutely. I agree. There's a ton of overlap when you read the agency's exam priorities side-by-side. A few things jumped out at me as areas where I think there's either tremendous overlap or where I think there is an increased focus-- or maybe some things that are new. We've talked about it-- we bang this drum all the time-- retail investor.

[00:30:31.70] CHRIS: Yep.

[00:30:32.20] KURT: The SEC and FINRA are very, very focused on how firms are building compliance policies and procedures around investor-facing elements of the business. How are you recommending and selling products? How are you making disclosures? What disclosures are you making to retail investors? How are you dealing with things like conflicts of interests and fees?

[00:30:55.45] I mean, even if we think about some of the nuts and bolts things like trade execution, these are really all designed to protect retail investors. So for me, that, across both of the agencies exam priorities, is the thing that captures everything.

[00:31:12.61] CHRIS: That's right. And it's been talked about by commissioners and speakers on behalf of the regulators for probably five or six years, as a new trend, and obviously covered in previous episodes where we talked about trends we saw last year and this year.

[00:31:25.75] KURT: Absolutely. Number two, for me, the second biggest thing that kind of runs through both agency's set of exam priorities is, no surprise, regulation best interest. They both talk about it extensively. They actually both, helpfully, laid out some of the particular things that they're going to be looking with respect to your reg BI compliance.

[00:31:47.26] FINRA, in particular, has several questions bulleted that are the types of things that they think broker-dealers should be thinking about as they prepare to comply with the rule. I think that it's going to be an interesting year from an exam perspective, relating to regulation best interest. Because as we sit today, regulation best interest, the compliance deadline is June 30.

[00:32:07.81] CHRIS: That's right.

[00:32:08.20] KURT: So for firms, whether it's OC and you're an investment advisor being examined through the IA exam program or a BD being examined through OC's BD exam program or whether you're on the FINRA side of the house, if you are the subject of an examination in the first half of this year, what they're really going to be looking at is your preparedness. How are you building out, or maybe just tweaking or improving your existing compliance infrastructure so that you're ready to be reg BI compliant on July 1?

[00:32:44.02] If you have an exam scheduled for July 1 or in the second half of the year, I think the focus is going to be a little bit different. We're past preparedness, and we're now into, how are you actually complying with your obligations under reg BI? I think the things that they're going to be looking at most immediately are things like form CRS. Because that's something that every firm is going to have to do. What are you disclosing to clients in form CRS about the nature of your relationship, about your fee structure, about conflicts of interest? It's sort of low-hanging fruit.

[00:33:16.78] What's going to be interesting to see is how the exam programs handle what they perceive to be deficiencies in reg BI compliance. I think that, at least on the SEC side, when the directors of enforcement talk about it, they say, hey, look, we're not we're not trying to knock heads immediately. If your exam is on July 7, we're not going to-- probably, I mean, you can imagine a horror story-- bring an enforcement action against you because you did something technically wrong from a reg BI perspective,

[00:33:51.44] I think, in keeping with our conversation earlier about the philosophy of the exams staffs, they're going to help try to bring firms along and make sure that they're thinking about reg BI the right way, that they're putting in place the right policies and procedures, the right supervisory procedures, and that they're doing things to get it right. I could be wrong, but I'm guessing we're not going to see reg BI enforcement actions in 2020.

[00:34:17.25] CHRIS: And just from kind of a market perspective, I know, on the accounting side, division of corporate finance, corpfin, always the drumbeat that they hit on at every public engagement and speaking event they do is come talk to us. If you've got a question, ask. Don't sit behind the wall and hope that you don't get inspected or you don't get a comment letter from us.

[00:34:35.44] And that extends to the regulators, obviously the SEC, as well as FINRA in this case. The atmosphere is much more collaborative and learning together than it is that kind of "gotcha" enforcement or inspection results coming from these programs.

[00:34:48.04] KURT: Absolutely. A couple more things that I think apply in both sets of exam priorities-- we won't spend as much time talking about them, but I do think they're important to note. One is cybersecurity.

[00:34:58.78] CHRIS: Yes.

[00:34:59.26] KURT: They've been beating this drum for years. As we said earlier, the exam priorities or the creation of the exam priorities is sort of an iterative process, where they're looking at, what have we seen in the past, where did we identify weak spots in the market. Cybersecurity seems to keep popping up in the exam priorities year after year after year. And I think it's equal parts firms haven't quite figured it out or built out those programs yet. I think firms are dealing with a patchwork of cybersecurity regulations that includes different expectations in different states.

[00:35:34.18] For firms that are doing business cross-border, they have very different regulatory compliance expectations in, let's say, Europe than they do even in New York, which has a relatively strict standard. So I think what they're trying to do is just signal to the market, hey, you've got to sort of be staying on top of this. Know the rules. Whether you're thinking about reg SP or whether you're thinking about New York's cybersecurity regulation, you need to have those systems in place.

[00:36:00.96] CHRIS: I think that's important to note, too, is it's not just the firms and the regulated entities that might be thinking about where they are on the maturity spectrum related to cybersecurity. The regulators, too, are working through that kind of patchwork, as you described, for what would apply and what regulations are meaningful and helpful to the regulated entities, and to the retail investors, and those that they interact with from a cybersecurity perspective.

[00:36:22.21] KURT: Absolutely. Digital assets or cryptocurrencies that are securities-- it's another thing that pops up in both agency's exam priorities. And I think here, what they're really focused on, it's an evolving space. So I think that the focus will continue to shift and move over time.

[00:36:43.57] Right now, I think that, at least with respect to digital assets that are or are likely to be deemed securities, they want to know, are you registered? Whether that's as an investment advisor with the SEC or as a broker-dealer with FINRA, did you take the steps that you need to to have the appropriate registration status? If you are recommending those securities to investors or if you're soliciting investors for digital assets or cryptocurrencies that are securities, how are you dealing with suitability issues? How are you taking steps to satisfy the duty of care with respect to recommendations that you're making to investors who may not understand the digital asset space?

[00:37:27.57] I mean, if you think that OC and SEC enforcement are concerned about ETFs, some of which are pretty vanilla, this is much more complex. So how are you thinking about suitability? How are you thinking about recommendations? What are the disclosures around them?

[00:37:43.92] And then you know a host of other sort of more nuts and bolts types of issues you need to think about, like how are you safeguarding your clients assets, how are you pricing or valuing the digital assets that you're recommending, and how are you supervising your RIAs or your reps who are recommending these securities? Because it's a little bit different, right? I mean I think that most firms have a pretty good framework around recommending what I would call sort of run-of-the-mill securities. But this is different, so you might need to think about it a little bit differently from a monitoring or supervision perspective.

[00:38:19.86] The last thing that I want to plug-- and this gets a little bit more play in the SEC's exam priorities than it does in FINRA's, but it has to do with electronic investment advice. And these are sort of the robo-advisors that you were talking about earlier, it's something that has sort of come on and off the radar in recent years, and it's very much back on the radar this year.

[00:38:44.10] And I think what we're going to see going forward is-- and this is a prediction that I've made privately to some-- I think that there is--

[00:38:54.18] CHRIS: It's going to be out there for everybody now, Kurt.

[00:38:55.50] KURT: Yeah, exactly. I think that there is going to be a coming together of reg BI and online advisory platforms.

[00:39:03.69] CHRIS: I knew he was going to say it.

[00:39:04.80] KURT: Because the standard of care or some of the disclosure requirements, whether it's reg BI itself or form CRS, don't necessarily align with the way robo-advisors are operating currently or have operated in the past. And so I think that robo-advisory firms, especially if you are only a robo-advisory firm, but even some of the larger houses that have a side business or a sub that's doing robo-advisory work or managing that kind of platform, you just need to think about how are you satisfying your reg BI compliance obligations with respect to that type of service or tool, because it's a little bit different.

[00:39:46.66] So for me, as I said at the top, I always think it's interesting to sit with these documents side-by-side and try to pick out the common themes that apply to both OC and FINRA. For me, this year, it's retail investors, it's reg best interests, it's cyber security, it's cryptocurrencies, and it's electronic investment advice or robo-advisor platforms.

[00:40:10.98] CHRIS: I think that's a good recap of where things come from the compliance perspective. I know, from the accounting side, the one topic that's really been hit on hard in terms of major financial institutions, regulated entities, others are interested and nervous about is tat LIBOR transition. For so long-- and we could do many hours of discussions about LIBOR and the scandal, and rate rigging, and everything along those lines-- having to take an entire book of business that has been based on a single metric or tied in some way to that metric and doing away with that metric, not only impacts the services that the institution or the investment advisor or others could provide, but also the way that it's accounted for. When you're representing certain elements on your books and records that are tied to a LIBOR figure and that figure obviously denotes value related to that that service or that product, that all needs to change.

[00:40:59.22] And so I know the CPA world and the accountants working with firms that are dealing with LIBOR issues are definitely really spinning up those operations. Because 2021, although it is early 2020 here, Kurt, is right around the corner.

[00:41:11.58] KURT: It is. It is indeed.

[00:41:13.29] [MUSIC PLAYING]

[00:41:15.21] All right, CHRIS. Well, I think that was a helpful conversation about OC's and FINRA's exam priorities for 2020. If you want to learn more, we're going to put some helpful information up on the website. Or feel free to reach out to us on social media.

[00:41:28.80] CHRIS: You can find me at @ekimoffcpi on Twitter.

[00:41:32.11] KURT: And you can find me at @enforce_update.

[00:41:35.53] CHRIS: And in the early days of our podcast, guys, we'd love to hear from you, whether you liked the episodes, didn't. If you'd like to hear about specific topics, if you really want to get Kurt going on reg BI-- if you haven't heard enough already. We really want and participate and provide you guys with stuff here you're looking to hear from a practicing attorney and an account here. So please reach out and let us know. We'll be happy to respond.

[00:41:53.28] KURT: Please remember to use the hashtag #insecuritiespod. We'll be monitoring the hashtag, and we'll be happy to get back to you.

[00:42:00.67] CHRIS: We've got a lot of fun episodes coming up, looking at some deep-dives into things like digital assets, whistleblower issues, potentially Ponzi schemes, as well as finally hitting on all those acronyms that you hear us say with no issue to help you guys understand what we're talking about.

[00:42:14.28] KURT: Don't sleep on the alphabet soup bonus episode.

[00:42:16.99] CHRIS: Thanks for listening, guys, and we'll be back with you shortly.

[00:42:18.72] KURT: See you next time.

[00:42:20.47] [MUSIC PLAYING]

[00:42:31.56] SPEAKER 1: Thanks for listening to inSecurities, a podcast from PLI. The Practising Law Institute. PLI is a non-profit provider of authoritative professional services training and continuing education. In an increasingly complex business environment where intricate corporate structures reign, inSecurities can help you make sense of it all. A special thanks goes to the producer of inSecurities, Daniel Paintiz, as well as host CHRIS and KURT.

[00:42:57.57] For more information about PLI's SEC Institute or to view hundreds of hours of fresh and relevant on-demand programming covering changes within the security sector, visit and sign up for a privileged membership. These recorded materials are designed for educational purposes only. This podcast does not constitute legal, audit, tax, consulting, business, financial, investment, or other professional advice, and it does not create an attorney-client relationship. Please consult a qualified professional advisor before taking any action based on the information herein.

[00:43:30.28] Furthermore, the views and opinions expressed in this podcast are solely those of the individual participants. PLI, Troutman Sanders, and RSM do not make any representations or warranties, express or implied, regarding the contents of this podcast. Sealy and CPE credit are not offered for listening to this podcast. Users of this podcast may save and use the podcast only for personal or other non-commercial educational purposes. No other use, including without limitation, retransmission, or editing of this podcast may be made without prior written permission from PLI.

[00:44:00.87] [MUSIC PLAYING]