SEC to Intensify Probes Into Retirement Planning, Cybersecurity
It seems that what's old is new again.
The SEC is out this week with fresh guidance for what its examiners will be looking for when they visit advisory practices, broker-dealers and other regulated entities in 2016, indicating that the industry has failed to adequately address many longstanding areas of concern.
At the top of the SEC's list of examination priorities are concerns about how advisors work with clients planning for retirement, and the steps firms are taking to safeguard their IT systems and clients' personal and financial data from cyber attacks.
That suggests that, in spite of a transition in the leadership of the SEC's Office of Compliance Inspections and Examinations, "the message still seems to be 'stay the course,'" according to Duane Thompson, senior policy analyst at the fiduciary training firm fi360.
But that's no prescription for complacency, Thompson cautions.
"[T]he new wrinkle to me is that, while OCIE emphasized investment advice to retirement accounts last year and this, it appears to have amped up its review in this area more than might appear from the release," he says.
NEW FORMALIZED REVIEWS
Indeed, while retirement concerns were a centerpiece of last year's exam priorities letter, the commission has taken steps over 2015 to formalize the way it evaluates those issues. In June, OCIE announced the ReTIRE initiative, a multi-year examination program focused on how advisors are working with retail investors saving and planning for retirement.
That effort, Thompson explains, "put teeth into" the commission's focus on retirement advice, calling the ReTIRE initiative "a fairly extensive review of how investment advice is delivered in the retirement space, including rollovers."
In this year's exam guidance, the SEC says that the ReTIRE program will continue throughout 2016, identifying the reasonable basis for advisors' product recommendations, conflicts of interest and marketing and disclosure practices as some of the issues OCIE staffers intend to probe.
And as tens of millions of baby boomers head into retirement, the commission is putting advisors on notice that the scrutiny will continue in the years to come.
"Protecting retail investors and retirement savers remains a priority in 2016, and it will likely continue to be a focus for the foreseeable future," OCIE notes in priorities letter.
The SEC's exam priorities letter closely follows similar guidance that FINRA issued last week. Both of those documents have become an annual January tradition, and are closely scrutinized by advisors and compliance professionals as a marker that each regulator puts down signaling their chief concerns heading into the new year.
Other familiar issues the SEC warns about include supervision of registered reps and the prospect for reverse churning among dual registrants -- the practice of placing a lightly traded account in the fee-based advisory side of the practice to garner a management fee when a commission-based structure would be more appropriate for the client.
Not all of the SEC's 2016 exam priorities are a retread of years past. This year, the commission identified public pension advisors, firms' liquidity controls and ETFs and variable annuities as some of the new targets for enhanced scrutiny. "These new areas of focus are extremely important to investors and financial institutions across the spectrum," SEC Chairwoman Mary Jo White says in a statement.
In broad strokes, OCIE is grouping its exam priorities into the three categories of issues involving retail investors, including the retirement focus, market-wide risks, and data analytics — OCIE's evolving use of sophisticated analysis of the information it collects from the industry to better monitor firms' compliance activities and screen for fraud.
Cybersecurity falls into the category of "market-wide risk," with the commission promising to continue its dedicated exam initiative looking at the controls and compliance mechanisms that advisors and broker-dealers have in place to protect their systems. This year, the commission says that examiners will conduct "testing and assessments of firms' implementation of procedures and controls."
Like retirement planning, cybersecurity is not a new issue for the commission, which along with FINRA has issued repeated warnings about the need for greater vigilance in the face of digital threats. But those warnings took on added gravity in September when the commission announced charges against an investment advisor for failing to protect clients' personal information, a week after issuing a risk alert detailing findings from the first phase of the cybersecurity exam initiative.
"[W]hile cybersecurity has been a common refrain in recent years, the enforcement action last year against an investment advisor in September for a cyberattack and loss of retirement participants' information, and an alert the following week, suggest to me that if advisors are going to look at the priorities that stand out among the others in 2016, it's retirement advice on rollovers and cybersecurity," Thompson says.
"The takeaway to me is that advisors shouldn't look only at the priority list for the new year -- although it is very helpful," he adds. "The new priority list needs to be reviewed in the wake of enforcement actions and other regulatory or investor alerts from 2015 to give it context."