2013 Examination Priorities1

To be forewarned is to be forearmed.  Both the Office of the Comptroller of the Currency (“OCC”) and The National Examination Program (“NEP”) of the SEC have published their examination priorities for 2013 to communicate with investors and registrants about areas that are perceived by their staff to have heightened risk.  The SEC’s mission is to protect investors, maintain fair, orderly, and efficient markets, and facilitate capital formation. Whereas, the OCC’s goal in supervising banks and federal savings associations is to ensure that the banks operate in a safe and sound manner and in compliance with laws requiring fair treatment of their customers and fair access to credit and financial products.

Many large financial institutions are subject to both regulators.  By examining the stated priorities of the regulators, covered financial institutions should consider leveraging this information to help develop a bespoke, logical, and cost efficient compliance response to meet the requirements of both Federal Regulators.

SEC

These priorities, while set by their internal staff rather than by the Commission, are aligned with the SEC’s mission of seeking to improve compliance, prevent fraud, inform policy, and monitor firm-wide and systemic risk.

The NEP’s examination priorities address issues that span the entire market, as well as issues that relate specifically to particular business models and organizations. Specifically, they have identified and expounded upon 4 separate specialized examination programs and listed specific risk areas/topics that they will be conducting this year:
  1. Investment Advisors, Investment Companies exam program(“IA-IC”)
    a. Safety of Assets
    b. Conflicts of Interest
    c. Marketing/Performance
    d. Fund Governance
    e. Dually Registered IA/BD
  2. Broker Dealer Exam Program (“B-D”)
    a. Sales Practices/Fraud
    b. Trading
    c. Capital
    d. AML
  3. Market Oversight Exam Program (for certain Self Regulating Organizations “SRO’s”)
    a. Risk Assessments Exams of Exchanges
    b. FINRA Oversight
    c. Exams of New Registrants
    d. Regulatory Responsibility Exams
  4. Clearance & Settlement Exam Program
    a. Transfer Agent Core Activities
    b. Transfer Agent Safeguarding
    c. Transfer Agent Recordkeeping
    d. Microcap Securities and Private Offerings

For each of the above mentioned programs and risk areas the SEC has identified certain on-site examination activities that they will be specifically conducting this year. The four most significant risk areas that they are expected to concentrate on during their examinations include1:

  1. Fraud Detection and Prevention

    The world’s capital markets run, in large part, on trust. Nothing is more destructive to that trust than loss of investor capital for anything other than knowingly assumed risk, including scams, theft, and other fraudulent conduct. In its risk-based approach to targeting registrants and business practices, the NEP will continue to utilize and enhance its quantitative and qualitative tools and analyses to seek to identify market participants engaged in fraudulent or unethical behavior.
  2. Corporate Governance and Enterprise Risk Management

    The NEP will continue to meet with senior management and boards of entities registered with the Commission and their affiliates to discuss enterprise risk, and in particular, how a firm governs and manages financial, legal, compliance, operational, and reputational risks. This initiative is designed to: (i) understand firms’ approach to enterprise risk management; (ii) evaluate firms’ tone at the top; and (iii) initiate a dialogue on key risks and regulatory requirements.

    This effort provides the NEP with an opportunity to assess overall risk management at certain registrants through discussions with independent board members, senior management, internal audit, key risk and control functions, and leaders of business lines.

    The SEC will also continue to engage in “discovery” reviews and joint monitoring efforts with other regulators.

  3. Conflicts of Interest
    Conflicts of interest, when not eliminated or properly mitigated and managed, are a leading indicator and cause of significant regulatory issues for individuals, firms, and sometimes the entire market. Over the past several years, the NEP has identified conflicts of interest as a key focus of its risk-based strategy, and an integral part of their assessment of which firms to examine, what issues to focus on, and how to examine those areas. Conflicts of interest are a particularly important challenge for large and complex financial institutions. Due to these firms’ extensive affiliations, and the dynamic nature of their businesses, conflicts are constantly arising and changing. The NEP will focus on specific conflicts of interest, steps registrants have taken to mitigate conflicts, and the sufficiency of disclosures made to investors. Their staff will also look at the overall risk governance framework that firms have in place to manage conflicts on an ongoing basis.
  4. Technology
    Capital markets firms have experienced an ongoing revolution in technology over several decades, and the increasing complexity, interconnectedness, and speed fostered by technology is a continual challenge to market participants and regulators. A number of market events over the past two years have underscored how important it is for the Commission and other regulators to stay current on new trading technologies and their implications for maintaining transparent, stable markets that do not give inappropriate advantages to some market participants over others. In 2013, the NEP may conduct examinations on governance and supervision of information technology systems for topics such as operational capability, market access, and information security, including risks of system outages, and data integrity compromises that may adversely affect investor confidence. Among other things, the NEP hopes that these examinations will help the industry and the Commission to better understand operational information technology risks and potential methods to help mitigate and effectively manage those risks.
OCC

OCC Risk Perspective: Policy and Supervisory Actions

Heightened regulation and supervisory standards designed to strengthen the financial sector and to implement legislative mandates are significant, both domestically and internationally. Policy and supervision units within the OCC and other federal financial services regulators continue to focus on the codification and implementation of these changes in bank regulation.
Strategic risk continues to increase and remains high for many banks as management searches for ways to generate acceptable returns.
  • Sound corporate and risk governance processes are among the central elements in planning, prioritizing, and allocating resources effectively in the current operating environment.
  • Banks must address the challenges of carefully identifying alternative sources of revenue, in an effort to prudently diversify balance sheets and revenue sources, and effectively manage their cost structures.
  • New products and services may present unfamiliar risks for which some banks may lack the requisite expertise, management information systems, and appropriate risk controls.
Revenue growth challenges from a slow economy continue to pressure profitability and increase the risk that banks may reach for yield.
  • CCompetition for limited C&I lending opportunities continues to intensify, eroding underwriting standards and reducing pricing for risk. This is especially evident in the leveraged lending market. Market data on syndicated loan underwriting indicate weakening covenant protection and higher leverage. Underwriting standards for middle-market C&I also have shown a sign of slippage as competition has become more aggressive.
Increasingly sophisticated cyber-threats, expanding reliance on technology, and changing regulatory requirements are heightening operational risk.
  • Cyber-threats continue to increase in sophistication and require heightened awareness and appropriate resources to identify and mitigate the associated risks. The effects of cyber-attacks include reduced availability or diminished response times of online banking services, identity theft, fraud, and theft of proprietary information. The costs and resources needed to manage the risks continue to increase as the attacks broaden and intensify. Over time, the effects could expand as the capabilities and tactics of cyber-criminals evolve.
  • Bank Secrecy Act (BSA) and Anti–Money Laundering (AML) risks are increasing as BSA programs at some banks fail to evolve or incorporate appropriate controls into new products and services. In addition, threats are increasing as a result of changing methods of money laundering and an increase in the volume and sophistication of electronic banking fraud. These issues are often compounded by a lack of sufficient resources devoted to BSA/AML risk management in some banks.
  • The pace of new regulatory requirements can challenge the change-management capabilities of some banks and can lead to increased operational and compliance risks if banks do not adequately invest in control processes, systems, or staff.
  • Large and midsize banks with extensive mortgage servicing operations have been making progress in remediating standards and practices, but the financial and reputational costs remain high.
HOW SHOULD BANKS AND FIRMS PREPARE?
The 2 tables below using national aggregate totals illustrate that while the number of penalties has decreased the trend in the aggregate amount of regulatory fines is increasing.  In effect, the costs associated with non-compliance can far out-weigh the development of an effective and efficient program for the preparation and management of the examination process.
OCC
OCC Risk Perspective

Source:  www.occ.gov

SEC

SEC: Improve compliance, prevent fraud, inform policy, and monitor firm-wide and systemic risk

Source: www.sec.gov

Increasingly companies need to consider how they might demonstrate that they have a compliance culture and that their internal control and reporting structure is effective and robust. Some leading practice tips to help ensure an effective and constructive examination include:
  • Forming good impressions during the opening meeting. This can be accomplished by, among other things, anticipating and preparing an initial presentation based on the above mentioned priorities.
  • Performing a recap to address all issues that were raised in the prior report of examination and re-confirm the solution. The designation of a key individual through whom all information and emails flow (to and from the SEC) can better allow for an overview of what is being requested plus it can have the added benefit of ease of use for the SEC examiners.
  • Carrying out a “mock examination” can help identify the materials most likely to be requested and have prepared responses to the topics listed above.
  • Requesting an exit examination is another leading practice that can allow you to state your position on any findings and to more clearly state management’s strategy for future enhancements.
  • Remembering not to over commit. You do not need or want to promise the world, honesty is best. For example, only include IT and or/other solutions which have been funded or are in progress and which have a high degree of probability of being completed in the next 12 months, as appropriate.

    As with so many of today’s challenges, strategically aligning your firm’s strengths with a plan and process to meet a predefined goal is usually best. In this case, it is to help prepare and present your organization in the best possible light, while striving to minimize or eliminate any regulatory fines.

HOW CAN ACCENTURE HELP?

Accenture has dedicated staff members who have numerous years of working/conducting regulatory examinations who could help you prepare for the NEP; support activities could include:

  • Performing mock exams and specific checks on key areas of concern.
  • Supporting you in your efforts to define an approach to managing Regulatory Examinations
  • Support you in your efforts to confirm that past MRA’s have been completed and documented
For additional information on Accenture’s perspectives on this topic, please contact: steven.zunic@accenture.com from the Risk Management Practice.

Foot Notes:

Copyright © 2013 Accenture. All rights reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. This document is produced by Accenture as general information on the subject. It is not intended to provide advice on your specific circumstances. [If you require advice or further details on any matters referred to, please contact your Accenture representative.]

Submit a Comment

Your email address will not be published. Required fields are marked *