SEC Exam Priorities to Focus on MSRB/FINRA

The SEC’s Office of Compliance Inspections and Examinations (OCIE) has published its 2018 examination priorities. To no one’s surprise, it will continue to focus on the protection of retail investors and ensuring that registrants are appropriately disclosing or resolving conflicts of interest. Additionally, the OCIE will pay particular attention to developments in cryptocurrencies, initial coin offerings (ICOs) and the oversight of FINRA and MSRB firms.

The OCIE broke its priorities into five categories, each of which is summarized below.

Compliance and Risks in Critical Market Infrastructure

The OCIE will continue to examine entities that provide services critical to the proper functioning of capital markets. The OCIE will conduct examinations of these firms which include, among others, clearing agencies, national securities exchanges, and transfer agents, focusing on certain aspects of their operations and compliance with recently effective rules.


Retail Investors, Including Seniors and Those Saving for Retirement

The OCIE will continue to conduct exams of investment advisors and broker-dealers that offer services and products to investors with retirement accounts, with exams drilling down on, among other things, investment recommendations, sales of variable insurance products, and sales and management of target date funds.


Shifting some attention away from investment advisory firms, the OCIE plans to examine the MSRB to evaluate its effectiveness of select operational and internal policies, procedures, and controls. The OCIE will also examine FINRA with a focus on the quality of FINRA’s examinations of municipal advisors that are also registered as broker-dealers.


Cybersecurity continues to be a top priority. The SEC’s exam team plans to focus on cybersecurity governance and risk assessments, access rights and controls, data loss prevention, vendor management, training and incident response.

As you may recall, in 2017 the SEC’s Enforcement Division created a new specialized “Cyber Unit” dedicated to investigating violations related to cybersecurity intrusions and breakdowns.

AML Programs

The OCIE will also focus on determining whether firms are adapting their AML programs to address their AML obligations and whether they are filing timely, complete and accurate suspicious activity reports. Examiners will assess whether firms are taking reasonable steps to understand the nature and purpose of customer relationships to comply with their customer due diligence/Know Your Customer responsibilities. OCIE will examine whether financial institutions are conducting timely, robust and independent testing of their AML programs.

Below is a graph that identifies the SEC’s examination priorities for the past three years.

Exam Priority




Anti-Money Laundering (“AML”)  Χ  Χ X
Clearing Agencies  Χ  Χ X
Cryptocurrency, Initial Coin Offerings, Secondary market trading and Blockchain X
Cybersecurity  Χ  Χ X
Disclosure of the Costs of Investing X
Electronic Investment Advice  Χ X
Excessive Trading  Χ
Exchange-Traded Funds (ETFs)  Χ X
Fee Selection and Reverse Churning  Χ
Fixed Income Order Execution X
Liquidity Controls  Χ
Microcap Fraud  Χ
Money Market Funds  Χ
Mutual Finds X
Multi-Branch Advisers  Χ  Χ
Municipal Advisor/Underwriters  Χ  Χ X
National Securities Exchanges  Χ X
Never Before Examined Investment Advisors  Χ  Χ X
Payment for Order Flow  Χ
Private Fund Advisers  Χ  Χ
Private Placements  Χ
Product Promotion  Χ
Public Pension Advisers  Χ  Χ
Recidivist Representatives and their Employers  Χ  Χ
Regulation Systems Compliance and Integrity (“SCI”)  Χ  Χ X
Retail Investors  Χ  Χ
Senior Investors  Χ X
Share Class Selection  Χ
Transfer Agents  Χ  Χ X
Variable Annuities  Χ
Wrap Fee Programs  Χ X