Making a List and Checking it Twice: Year-End Recap and Checklist for Compliance Officers

2020 has been no ordinary year. Amidst a global pandemic, a changing geo-political environment, and increased regulatory scrutiny, firms have had to transform how they conduct business, oversee their compliance programs, and maintain operational resilience. Priorities and projects have shifted, technology adoption has increased, and outsourcing has been embraced as firms navigate turbulent markets, the extended work-from-home environment, and regulatory change.

Peter Driscoll, Director of the U.S. Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE), said during his remarks for the 10th National Compliance Outreach Program, “Compliance officers are on the front lines to help ensure that registrants meet their obligation under applicable securities laws and regulations. We [SEC staff] too are on the front lines and with a similar mission, and in many ways examiners and compliance officers and personnel are two-sides of the same coin. We cannot overstate a firm’s continued need to assess whether its compliance program has adequate resources to support its compliance function. Resources means a lot of different things, including training, automated systems and adequate staff to support firm growth, but perhaps most importantly, it means ‘empowerment.’ Compliance must be integral to an adviser’s business and part of its senior leadership.”

In a recent Risk Alert, OCIE staff observed that advisers had not devoted adequate resources, such as information technology, staff, and training to their compliance programs.

As you look ahead to 2021, here are a few of 2020’s key regulatory and industry highlights that may impact how you prioritize year-end compliance tasks, allocate resources, and plan future initiatives.

COVID-19

The COVID-19 pandemic dominated much of 2020. As the pandemic spread, markets fluctuated, and firms were forced to transition to a work-from-home set-up, regulators and compliance teams alike sprang into action to stay ahead of risk in the ever-changing environment.

COVID-19-related risks are among the highest priorities for regulators globally. The SEC's Division of Enforcement established the Coronavirus Steering Committee to coordinate its efforts with respect to the uncertainties and risks posed by the pandemic environment. In the UK, the Financial Conduct Authority (FCA) has spoken out regarding the need for firms to evolve their surveillance processes alongside the evolving risks of the pandemic.

Firms were forced to quickly evaluate and enact their Business Continuity Plans while regulators issued several alerts highlighting key concerns and issues.

• SEC OCIE Issues Risk Alert on COVID-19-Related Compliance Risks and Issues
• SEC Examination Requests Related to COVID-19 Business Continuity and Operational Resilience
• SEC Relief for Registered Investment Companies
• FCA Business Plan 2020/21: Navigating the COVID-19 Crisis Amidst Longer Term Priorities
• FinCEN Provides Relief and Guidance in Response to the COVID-19 Pandemic
• CFTC and NFA Regulatory Relief for Commodity Pool Operators and Commodity Trading Advisors
• CFTC No-Action Letter: Temporary Fingerprint Card Relief for Principals and Associated Persons

We continue to observe the SEC’s Office of Compliance Inspections and Examinations’ (OCIE) focus on registrants’ response to the pandemic. In certain instances, we have seen OCIE conduct calls with registrants related to the firm’s business continuity, overall COVID-19 response and operational effectiveness, and any known and/or perceived cyber threats or incidents occurring during the pandemic. We have also seen questions on these topics incorporated into more routine exams being conducted by OCIE during the pandemic.

Consequently, we continue to suggest that advisers maintain a COVID-19 operational response log (or matrix) to aid in examination readiness as well as assist in conversations with current and prospective investors. All said, it is important not to neglect other areas of your compliance program as examination teams continue to delve into additional risks unique to each firm.

U.S. Regulatory Rulings, Changes, and Enforcement Actions

Despite the pandemic, regulators have stayed active throughout the year to uphold their mandate to protect investors, maintain fair, orderly, and efficient markets, and facilitate capital formation. In November, the SEC’s Division of Enforcement published their annual report. By the numbers, FY 2020 was a busy year for Enforcement:

• Brought 715 total enforcement actions
  • 405 “standalone” actions
  • 180 follow-on proceedings based on the outcome of other actions by the SEC, criminal authorities, or other regulators
  • 130 proceedings to deregister public companies that were delinquent in their filings
• Individuals were charged in connection with 72% of the 405 standalone enforcement actions
• The SEC brought 17% fewer actions as compared to last year; however, the associated financial remedies were 8% higher than last year and set a new all-time high
  • $3.6 billion in disgorgements
  • $1.1 billion in financial penalties
• Since the start of pandemic-related lockdowns in mid-March, Enforcement opened 640 inquiries and investigations, over 150 of which were COVID-related
• Received approximately 16,000 tips, complaints, and referrals (roughly a 71% increase over the same period last year)

In addition, there were several risk alerts, rules, and enforcement actions that may impact how compliance officers think about their compliance programs in 2021.

SEC

With the issuance of nine Risk Alerts this year through mid-November 2020, OCIE has been remarkably transparent in communicating expectations on various risks. This transparency often poses challenges for compliance teams that feel compelled to evaluate current processes and procedures against the risks identified by OCIE.

As you dig into the risk alerts, you may determine the need for additional policies, disclosures, or testing in an environment where many compliance teams are resource constrained. And not be outdone by OCIE’s frenetic pace of alerts, the Division of Enforcement has also been busy interacting with advisers through public speeches touting data analysis and technology enhancements as well as various new strategies that have been employed to enable staff attorneys to assess facts and make decisions sooner.

• SEC Issues Risk Alert Identifying 6 Areas of Deficiencies in Investment Adviser Compliance Programs
• OCIE Issues Risk Alert Highlighting Observations from Examinations of Investment Advisers with Multiple Branch Offices’ Compliance and Supervisory Practices
• SEC OCIE Warns of Increased Risk of Credential Stuffing
• SEC OCIE Issues Risk Alert on COVID-19-Related Compliance Risks and Issues
• OCIE Risk Alert Warns of Increase in Ransomware Attacks
• OCIE Risk Alert Highlights Private Fund Adviser Deficiencies Related to Conflicts of Interest, Fees and Expenses, and MNPI / Code of Ethics
• LIBOR No More: How Alternatives Managers Should Implement the Transition
• Regulation Best Interest Compliance Date Confirmed by the SEC
• Compliance Deadline Approaching for Regulation Best Interest and Form CRS
• SEC Amends the Accredited Investor Definition
• SEC No-Action Letter: ATS Role in the Settlement of Digital Asset Security
• SEC Announces Settlement with Broker-Dealer for Failure to Retain Text Messages

Commodity Futures Trading Commission (CFTC) registrants and National Futures Association (NFA)

• CFTC Approves Final Rule Amending Form CPO-PQR
• CTA Promotional Material Relief for Eligible Contract Participants and Proposed Updates to Form CPO-PQR

Financial Industry Regulatory Authority (FINRA)

• FINRA Guidance for Retail Communications Concerning Private Placement Offerings
• SEC and FINRA Hold Joint Roundtable on Regulation Best Interest and Form CRS
• New Guidance for Characterizing Certain Broker-Dealers Under the SEC’s Customer Protection Rule
• FINRA Warns of Fraudulent Survey Emails
• FINRA Warns of Fake Agency Website

Office of the Comptroller of the Currency (OCC)

• OCC Fines Bank $85M for Compliance and IT Risk Failures
• OCC Supervision Priorities and Objectives for 2021
• OCC Announces Civil Money Penalty for Vendor Management Control Deficiencies
• Joint Statement Issued About BSA Due Diligence Requirements for Customers

LIBOR Transition Preparedness

The discontinuation of LIBOR is currently expected to occur after 2021. As one of the most widely used reference rates in the financial markets, the discontinuation of LIBOR is expected to have a significant impact on all aspects of financial services firms’ business. While there are still many open questions about exactly how a post-LIBOR world will look, the time to start preparing for the end of LIBOR is now. Firms should begin to inventory all areas in which there is exposure to LIBOR that will continue past 2021 and develop a roadmap for mitigating those risks ahead of the discontinuation.

For firms registered with the SEC, OCIE announced in June an examination initiative focused on LIBOR transition preparedness for SEC registrants, including investment advisers, broker-dealers, investment companies, municipal advisers, and clearing agencies. The announcement included a sample document request list, which firms can use to assess their preparedness for the transition.

Additionally, the SEC and FCA have published numerous other pieces of guidance on this topic, including:

• SEC Staff Statement on LIBOR Transition
• LIBOR No More: How Alternatives Managers Should Implement the Transition
• Next steps for LIBOR transition in 2020: the time to act is now
• Dear CEO: Asset management firms: prepare now for the end of LIBOR
• LIBOR transition – the critical tasks ahead of us in the second half of 2020
• FINRA Shares Practices Firms Implemented to Prepare for the LIBOR Phase-out

No Letup in Regulatory Change for UK Firms as Brexit Draws Near

Although the FCA showed some flexibility during the early stage of the pandemic, it has continued to drive forward the main tenets of its regulatory agenda. Aside from ensuring a smooth transition for financial markets at the end of the Brexit transition on 31 December 2020, its priorities focus on the phasing out of LIBOR by the end of 2021, improving the culture inside financial services with the bedding in of its new Senior Managers & Certification Regime (SMCR), and curbing the exploitation of the UK for financial crime. UK-regulated firms should expect no letup in 2021 as the UK develops a new regulatory agenda separate from the EU.

• FCA Reminds Firms of their New Conduct Rules Reporting Obligations under SM&CR
• Trade and Transaction Reporting: Perfect Storm or Opportunity Knocking?
• FCA Confirms Details of the UK’s Post-Brexit Short-Selling Regime
• FCA Announces 15-Month Transition Period for its Post-Brexit Handbook
• FCA Sets Sights on Private Markets and Portfolio Companies