To be forewarned is to be forearmed. Both the Office of the Comptroller of the Currency (“OCC”) and The National Examination Program (“NEP”) of the SEC have published their examination priorities for 2013 to communicate with investors and registrants about areas that are perceived by their staff to have heightened risk. The SEC’s mission is to protect investors, maintain fair, orderly, and efficient markets, and facilitate capital formation. Whereas, the OCC’s goal in supervising banks and federal savings associations is to ensure that the banks operate in a safe and sound manner and in compliance with laws requiring fair treatment of their customers and fair access to credit and financial products.
Many large financial institutions are subject to both regulators. By examining the stated priorities of the regulators, covered financial institutions should consider leveraging this information to help develop a bespoke, logical, and cost efficient compliance response to meet the requirements of both Federal Regulators.
These priorities, while set by their internal staff rather than by the Commission, are aligned with the SEC’s mission of seeking to improve compliance, prevent fraud, inform policy, and monitor firm-wide and systemic risk.
- Investment Advisors, Investment Companies exam program(“IA-IC”)
a. Safety of Assets
b. Conflicts of Interest
d. Fund Governance
e. Dually Registered IA/BD
- Broker Dealer Exam Program (“B-D”)
a. Sales Practices/Fraud
- Market Oversight Exam Program (for certain Self Regulating Organizations “SRO’s”)
a. Risk Assessments Exams of Exchanges
b. FINRA Oversight
c. Exams of New Registrants
d. Regulatory Responsibility Exams
- Clearance & Settlement Exam Program
a. Transfer Agent Core Activities
b. Transfer Agent Safeguarding
c. Transfer Agent Recordkeeping
d. Microcap Securities and Private Offerings
For each of the above mentioned programs and risk areas the SEC has identified certain on-site examination activities that they will be specifically conducting this year. The four most significant risk areas that they are expected to concentrate on during their examinations include1:
- Fraud Detection and Prevention
The world’s capital markets run, in large part, on trust. Nothing is more destructive to that trust than loss of investor capital for anything other than knowingly assumed risk, including scams, theft, and other fraudulent conduct. In its risk-based approach to targeting registrants and business practices, the NEP will continue to utilize and enhance its quantitative and qualitative tools and analyses to seek to identify market participants engaged in fraudulent or unethical behavior.
- Corporate Governance and Enterprise Risk Management
The NEP will continue to meet with senior management and boards of entities registered with the Commission and their affiliates to discuss enterprise risk, and in particular, how a firm governs and manages financial, legal, compliance, operational, and reputational risks. This initiative is designed to: (i) understand firms’ approach to enterprise risk management; (ii) evaluate firms’ tone at the top; and (iii) initiate a dialogue on key risks and regulatory requirements.
This effort provides the NEP with an opportunity to assess overall risk management at certain registrants through discussions with independent board members, senior management, internal audit, key risk and control functions, and leaders of business lines.
The SEC will also continue to engage in “discovery” reviews and joint monitoring efforts with other regulators.
Conflicts of Interest
Conflicts of interest, when not eliminated or properly mitigated and managed, are a leading indicator and cause of significant regulatory issues for individuals, firms, and sometimes the entire market. Over the past several years, the NEP has identified conflicts of interest as a key focus of its risk-based strategy, and an integral part of their assessment of which firms to examine, what issues to focus on, and how to examine those areas. Conflicts of interest are a particularly important challenge for large and complex financial institutions. Due to these firms’ extensive affiliations, and the dynamic nature of their businesses, conflicts are constantly arising and changing. The NEP will focus on specific conflicts of interest, steps registrants have taken to mitigate conflicts, and the sufficiency of disclosures made to investors. Their staff will also look at the overall risk governance framework that firms have in place to manage conflicts on an ongoing basis.
Capital markets firms have experienced an ongoing revolution in technology over several decades, and the increasing complexity, interconnectedness, and speed fostered by technology is a continual challenge to market participants and regulators. A number of market events over the past two years have underscored how important it is for the Commission and other regulators to stay current on new trading technologies and their implications for maintaining transparent, stable markets that do not give inappropriate advantages to some market participants over others. In 2013, the NEP may conduct examinations on governance and supervision of information technology systems for topics such as operational capability, market access, and information security, including risks of system outages, and data integrity compromises that may adversely affect investor confidence. Among other things, the NEP hopes that these examinations will help the industry and the Commission to better understand operational information technology risks and potential methods to help mitigate and effectively manage those risks.
OCC Risk Perspective: Policy and Supervisory Actions
- Sound corporate and risk governance processes are among the central elements in planning, prioritizing, and allocating resources effectively in the current operating environment.
- Banks must address the challenges of carefully identifying alternative sources of revenue, in an effort to prudently diversify balance sheets and revenue sources, and effectively manage their cost structures.
- New products and services may present unfamiliar risks for which some banks may lack the requisite expertise, management information systems, and appropriate risk controls.
- CCompetition for limited C&I lending opportunities continues to intensify, eroding underwriting standards and reducing pricing for risk. This is especially evident in the leveraged lending market. Market data on syndicated loan underwriting indicate weakening covenant protection and higher leverage. Underwriting standards for middle-market C&I also have shown a sign of slippage as competition has become more aggressive.
- Cyber-threats continue to increase in sophistication and require heightened awareness and appropriate resources to identify and mitigate the associated risks. The effects of cyber-attacks include reduced availability or diminished response times of online banking services, identity theft, fraud, and theft of proprietary information. The costs and resources needed to manage the risks continue to increase as the attacks broaden and intensify. Over time, the effects could expand as the capabilities and tactics of cyber-criminals evolve.
- Bank Secrecy Act (BSA) and Anti–Money Laundering (AML) risks are increasing as BSA programs at some banks fail to evolve or incorporate appropriate controls into new products and services. In addition, threats are increasing as a result of changing methods of money laundering and an increase in the volume and sophistication of electronic banking fraud. These issues are often compounded by a lack of sufficient resources devoted to BSA/AML risk management in some banks.
- The pace of new regulatory requirements can challenge the change-management capabilities of some banks and can lead to increased operational and compliance risks if banks do not adequately invest in control processes, systems, or staff.
- Large and midsize banks with extensive mortgage servicing operations have been making progress in remediating standards and practices, but the financial and reputational costs remain high.
- Forming good impressions during the opening meeting. This can be accomplished by, among other things, anticipating and preparing an initial presentation based on the above mentioned priorities.
- Performing a recap to address all issues that were raised in the prior report of examination and re-confirm the solution. The designation of a key individual through whom all information and emails flow (to and from the SEC) can better allow for an overview of what is being requested plus it can have the added benefit of ease of use for the SEC examiners.
- Carrying out a “mock examination” can help identify the materials most likely to be requested and have prepared responses to the topics listed above.
- Requesting an exit examination is another leading practice that can allow you to state your position on any findings and to more clearly state management’s strategy for future enhancements.
- Remembering not to over commit. You do not need or want to promise the world, honesty is best. For example, only include IT and or/other solutions which have been funded or are in progress and which have a high degree of probability of being completed in the next 12 months, as appropriate.
As with so many of today’s challenges, strategically aligning your firm’s strengths with a plan and process to meet a predefined goal is usually best. In this case, it is to help prepare and present your organization in the best possible light, while striving to minimize or eliminate any regulatory fines.
Accenture has dedicated staff members who have numerous years of working/conducting regulatory examinations who could help you prepare for the NEP; support activities could include:
- Performing mock exams and specific checks on key areas of concern.
- Supporting you in your efforts to define an approach to managing Regulatory Examinations
- Support you in your efforts to confirm that past MRA’s have been completed and documented