Making a List and Checking it Twice: Year-End Recap and Checklist for Compliance Officers
2020 has been no ordinary year. Amidst a global pandemic, a changing geo-political environment, and increased regulatory scrutiny, firms have had to transform how they conduct business, oversee their compliance programs, and maintain operational resilience. Priorities and projects have shifted, technology adoption has increased, and outsourcing has been embraced as firms navigate turbulent markets, the extended work-from-home environment, and regulatory change.
Peter Driscoll, Director of the U.S. Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE), said during his remarks for the 10th National Compliance Outreach Program, “Compliance officers are on the front lines to help ensure that registrants meet their obligation under applicable securities laws and regulations. We [SEC staff] too are on the front lines and with a similar mission, and in many ways examiners and compliance officers and personnel are two-sides of the same coin. We cannot overstate a firm’s continued need to assess whether its compliance program has adequate resources to support its compliance function. Resources means a lot of different things, including training, automated systems and adequate staff to support firm growth, but perhaps most importantly, it means ‘empowerment.’ Compliance must be integral to an adviser’s business and part of its senior leadership.”
In a recent Risk Alert, OCIE staff observed that advisers had not devoted adequate resources, such as information technology, staff, and training to their compliance programs.
As you look ahead to 2021, here are a few of 2020’s key regulatory and industry highlights that may impact how you prioritize year-end compliance tasks, allocate resources, and plan future initiatives.
COVID-19
The COVID-19 pandemic dominated much of 2020. As the pandemic spread, markets fluctuated, and firms were forced to transition to a work-from-home set-up, regulators and compliance teams alike sprang into action to stay ahead of risk in the ever-changing environment.
COVID-19-related risks are among the highest priorities for regulators globally. The SEC's Division of Enforcement established the Coronavirus Steering Committee to coordinate its efforts with respect to the uncertainties and risks posed by the pandemic environment. In the UK, the Financial Conduct Authority (FCA) has spoken out regarding the need for firms to evolve their surveillance processes alongside the evolving risks of the pandemic.
Firms were forced to quickly evaluate and enact their Business Continuity Plans while regulators issued several alerts highlighting key concerns and issues.
- SEC OCIE Issues Risk Alert on COVID-19-Related Compliance Risks and Issues
- SEC Examination Requests Related to COVID-19 Business Continuity and Operational Resilience
- SEC Relief for Registered Investment Companies
- FCA Business Plan 2020/21: Navigating the COVID-19 Crisis Amidst Longer Term Priorities
- FinCEN Provides Relief and Guidance in Response to the COVID-19 Pandemic
- CFTC and NFA Regulatory Relief for Commodity Pool Operators and Commodity Trading Advisors
- CFTC No-Action Letter: Temporary Fingerprint Card Relief for Principals and Associated Persons
We continue to observe the SEC’s Office of Compliance Inspections and Examinations’ (OCIE) focus on registrants’ response to the pandemic. In certain instances, we have seen OCIE conduct calls with registrants related to the firm’s business continuity, overall COVID-19 response and operational effectiveness, and any known and/or perceived cyber threats or incidents occurring during the pandemic. We have also seen questions on these topics incorporated into more routine exams being conducted by OCIE during the pandemic.
Consequently, we continue to suggest that advisers maintain a COVID-19 operational response log (or matrix) to aid in examination readiness as well as assist in conversations with current and prospective investors. All said, it is important not to neglect other areas of your compliance program as examination teams continue to delve into additional risks unique to each firm.
U.S. Regulatory Rulings, Changes, and Enforcement Actions
Despite the pandemic, regulators have stayed active throughout the year to uphold their mandate to protect investors, maintain fair, orderly, and efficient markets, and facilitate capital formation. In November, the SEC’s Division of Enforcement published their annual report. By the numbers, FY 2020 was a busy year for Enforcement:
- Brought 715 total enforcement actions
- 405 “standalone” actions
- 180 follow-on proceedings based on the outcome of other actions by the SEC, criminal authorities, or other regulators
- 130 proceedings to deregister public companies that were delinquent in their filings
- Individuals were charged in connection with 72% of the 405 standalone enforcement actions
- The SEC brought 17% fewer actions as compared to last year; however, the associated financial remedies were 8% higher than last year and set a new all-time high
- $3.6 billion in disgorgements
- $1.1 billion in financial penalties
- Since the start of pandemic-related lockdowns in mid-March, Enforcement opened 640 inquiries and investigations, over 150 of which were COVID-related
- Received approximately 16,000 tips, complaints, and referrals (roughly a 71% increase over the same period last year)
In addition, there were several risk alerts, rules, and enforcement actions that may impact how compliance officers think about their compliance programs in 2021.
SEC
With the issuance of nine Risk Alerts this year through mid-November 2020, OCIE has been remarkably transparent in communicating expectations on various risks. This transparency often poses challenges for compliance teams that feel compelled to evaluate current processes and procedures against the risks identified by OCIE.
As you dig into the risk alerts, you may determine the need for additional policies, disclosures, or testing in an environment where many compliance teams are resource constrained. And not be outdone by OCIE’s frenetic pace of alerts, the Division of Enforcement has also been busy interacting with advisers through public speeches touting data analysis and technology enhancements as well as various new strategies that have been employed to enable staff attorneys to assess facts and make decisions sooner.
- SEC Issues Risk Alert Identifying 6 Areas of Deficiencies in Investment Adviser Compliance Programs
- OCIE Issues Risk Alert Highlighting Observations from Examinations of Investment Advisers with Multiple Branch Offices’ Compliance and Supervisory Practices
- SEC OCIE Warns of Increased Risk of Credential Stuffing
- SEC OCIE Issues Risk Alert on COVID-19-Related Compliance Risks and Issues
- OCIE Risk Alert Warns of Increase in Ransomware Attacks
- OCIE Risk Alert Highlights Private Fund Adviser Deficiencies Related to Conflicts of Interest, Fees and Expenses, and MNPI / Code of Ethics
- LIBOR No More: How Alternatives Managers Should Implement the Transition
- Regulation Best Interest Compliance Date Confirmed by the SEC
- Compliance Deadline Approaching for Regulation Best Interest and Form CRS
- SEC Amends the Accredited Investor Definition
- SEC No-Action Letter: ATS Role in the Settlement of Digital Asset Security
- SEC Announces Settlement with Broker-Dealer for Failure to Retain Text Messages
Commodity Futures Trading Commission (CFTC) registrants and National Futures Association (NFA)
- CFTC Approves Final Rule Amending Form CPO-PQR
- CTA Promotional Material Relief for Eligible Contract Participants and Proposed Updates to Form CPO-PQR
Financial Industry Regulatory Authority (FINRA)
- FINRA Guidance for Retail Communications Concerning Private Placement Offerings
- SEC and FINRA Hold Joint Roundtable on Regulation Best Interest and Form CRS
- New Guidance for Characterizing Certain Broker-Dealers Under the SEC’s Customer Protection Rule
- FINRA Warns of Fraudulent Survey Emails
- FINRA Warns of Fake Agency Website
Office of the Comptroller of the Currency (OCC)
- OCC Fines Bank $85M for Compliance and IT Risk Failures
- OCC Supervision Priorities and Objectives for 2021
- OCC Announces Civil Money Penalty for Vendor Management Control Deficiencies
- Joint Statement Issued About BSA Due Diligence Requirements for Customers
LIBOR Transition Preparedness
The discontinuation of LIBOR is currently expected to occur after 2021. As one of the most widely used reference rates in the financial markets, the discontinuation of LIBOR is expected to have a significant impact on all aspects of financial services firms’ business. While there are still many open questions about exactly how a post-LIBOR world will look, the time to start preparing for the end of LIBOR is now. Firms should begin to inventory all areas in which there is exposure to LIBOR that will continue past 2021 and develop a roadmap for mitigating those risks ahead of the discontinuation.
For firms registered with the SEC, OCIE announced in June an examination initiative focused on LIBOR transition preparedness for SEC registrants, including investment advisers, broker-dealers, investment companies, municipal advisers, and clearing agencies. The announcement included a sample document request list, which firms can use to assess their preparedness for the transition.
Additionally, the SEC and FCA have published numerous other pieces of guidance on this topic, including:
- SEC Staff Statement on LIBOR Transition
- LIBOR No More: How Alternatives Managers Should Implement the Transition
- Next steps for LIBOR transition in 2020: the time to act is now
- Dear CEO: Asset management firms: prepare now for the end of LIBOR
- LIBOR transition – the critical tasks ahead of us in the second half of 2020
- FINRA Shares Practices Firms Implemented to Prepare for the LIBOR Phase-out
No Letup in Regulatory Change for UK Firms as Brexit Draws Near
Although the FCA showed some flexibility during the early stage of the pandemic, it has continued to drive forward the main tenets of its regulatory agenda. Aside from ensuring a smooth transition for financial markets at the end of the Brexit transition on 31 December 2020, its priorities focus on the phasing out of LIBOR by the end of 2021, improving the culture inside financial services with the bedding in of its new Senior Managers & Certification Regime (SMCR), and curbing the exploitation of the UK for financial crime. UK-regulated firms should expect no letup in 2021 as the UK develops a new regulatory agenda separate from the EU.
- FCA Reminds Firms of their New Conduct Rules Reporting Obligations under SM&CR
- Trade and Transaction Reporting: Perfect Storm or Opportunity Knocking?
- FCA Confirms Details of the UK’s Post-Brexit Short-Selling Regime
- FCA Announces 15-Month Transition Period for its Post-Brexit Handbook
- FCA Sets Sights on Private Markets and Portfolio Companies
Accelerated Adoption of Technology
COVID-19-related market volatility and risks posed by employees working from home had regulators on high alert across the globe. The SEC, FCA, SFC, and FINRA called out their continuing focus on detecting and punishing insider trading, market abuse, code of ethics violations, and other misconduct.
These increased risks combined with the need to digitize operations and maintain effective compliance in the remote work environment saw firms turning to technology at unprecedented rates. According to industry analyst Greenwich Associates, 58% of firms invested in third-party surveillance technology in 2020, almost double from the same period in 2019. And given regulators kicked off the year by announcing their plans to invest in technology and data to support their supervisory duties, firms who do not embrace technology will find themselves playing catch-up with today’s rapid pace of technological and regulatory change.
- Revisiting Best Practices for Trade and Market Abuse Surveillance (Downloadable Checklist)
- COVID-19 Has Regulators Homing in on Insider Trading and Market Abuse – Is Your Surveillance Program Ready for Increased Scrutiny?
- RiskMutation™ Strategic Roadmap: Integrating RegTech
- Global Regulators Renew Commitment to Data and Analytics Innovation in 2020
A Focus on Building Operational Resilience
Firms are facing a growing number of operational risks, including global pandemics, natural disasters, geopolitical threats, economic crises, and third-party risks like supply chain disruptions. The ability to manage these risks effectively, efficiently, and promptly determines a firm’s level of operational resilience.
Ensuring that risk and compliance functions are resilient is paramount, as regulators and investors expect firms to operate and function as required during these conditions and thereby help the financial system absorb and adapt to them. Private equity firms face similar concerns when acquiring portfolio companies.
In a Risk Alert regarding deficiencies in investment adviser compliance programs, OCIE staff observed that firms had not devoted adequate resources to maintaining or establishing reasonably designed written policies and procedures that would help to ensure operational resilience. As a result, weaknesses and deficiencies were found across due diligence processes, third-party oversight, marketing, surveillance of trading practices, cybersecurity, and client safeguards for privacy. Additionally, advisers also had not tested their Business Continuity Plans (BCP) and did not update their BCPs to reflect new contacts and responsibilities for each area.
- RiskMutation™ Strategic Roadmap: Building Operational Resilience
- SEC Examination Requests Related to COVID-19 Business Continuity and Operational Resilience
- California Approves CPRA, Which Amends CCPA
- CCPA Enforcement leads to Multiple Class-Action Lawsuits
- European Union Court Strikes Down Key EU-U.S. Data Sharing Agreement
- Lessons Learned from the Scariest Cyber Breaches of 2020
- Treasury Department Issues Advisories Related to Ransomware
The 2020 GIPS® Standards
The effective date to claim compliance with the 2020 Global Investment Performance Standards (GIPS) is December 31, 2020. Throughout the year, many firms have worked to implement the new standards which represent the most significant changes since the 2010 edition of the GIPS standards went into effect on January 1, 2011.
- FINRA Leverages the GIPS Standards for Standardizing Private Placement Performance Marketing
- Countdown to 12/31/2020 – Is Your Firm Compliant with the 2020 GIPS Standards?
- The 2020 GIPS Standards: Explanation of the Provisions for Firms – Sections 1 and 3
- The 2020 GIPS Standards: Explanation of the Provisions for Firms – Section 2
- The 2020 GIPS Standards: Explanation of the Provisions for Firms – Section 4
What You Can Do
Compliance Officer Year-End Checklist
With the above and other upcoming developments in mind, it’s time to make your year-end checklist (and check it twice!) as you work to meet your 2020 obligations and head into 2021 with confidence. Download our checklist below to use as a guide to ending the year strong.
Download U.S. Checklist Download European Checklist
Tune in to Our Upcoming Webcasts
Implications of the Election on the Regulatory Agenda
December 8, 2020 | 11:00 AM EST / 4:00 PM GMT
With the upcoming change in political leadership there is likely to be a shift in policies and priorities. Join ACA Compliance Group Chief Services Officer, Carlo di Florio and several guest speakers as they take a look at the currently proposed policy shifts, the implications of those policies on financial services firms, and what firms should know and prepare for in the year ahead. Register here.
Compliance Year in Review
December 15, 2020 | 11:00 AM EST / 4:00 PM GMT
Join us for our annual Compliance Year in Review webcast on December 15, 2020 at 11am ET. ACA Compliance Group's Michael Abbriano, Director, Michelina Cuccia, Director, and Ian Rivera, Senior Principal Consultant will share SEC compliance developments from 2020, and discuss what to expect in 2021. Register here.
Questions?
If you have questions about these updates or would like more information about how ACA can help enhance or strengthen your compliance program in 2021, please reach out to your ACA consultant or contact us here.