By Ed Wegener, Sarah Sutton, Evan Rosser and Jeffrey HillerShare Article
Turning Exam Priorities Into Action Items
Each year industry regulators produce what are generally known as Exam Priorities. In this podcast Oyster Consulting’s Governance, Risk and Compliance experts Ed Wegener, Sarah Sutton, Evan Rosser and Jeffrey Hiller talk about them – where they come from, how they’re used by the regulators and how you can use them to assess your compliance program.
Libby Hall: Hi, and welcome to today’s Oyster Stew podcast. Each year, industry regulators produce what are generally known as Exam Priorities. In this podcast, we’re going to talk about them – where they come from, how they’re used by the regulators and how you can turn them into action items for your compliance program. With me today are some of Oyster’s Governance, Risk and Compliance experts, Ed Wegener, Sarah Sutton, Evan Rosser, and Jeffrey Hiller. Today Ed will be leading our discussion, Ed.
Ed Wegener: Thanks, Libby! Hi, everyone and welcome to our first of a series of podcasts that we’re doing on regulatory priorities for 2022. I’m Ed Wegener, and I am the practice lead for Governance, Risk and Compliance here at Oyster. In this first installment, we’re going to talk about regulatory priorities in general, where they come from, how regulators use them, and how firms can use them to assess their compliance and supervisory systems. And I’m very fortunate today to have with me a great group of Oyster consultants to talk about the topics. Jeffrey Hiller is a former senior SEC regulator who has worked as a chief compliance officer for large financial services firms. Evan Rosser previously worked in FINRA’s enforcement department before joining Oyster, and he serves in a CCO role for both RIAs and broker dealers, and Sarah Sutton, who has held several senior roles at broker dealers and investment advisors. Thanks to all of you for joining us today. So maybe a good place to start is to get an understanding of where regulator priorities come from, and maybe Evan and Jeffrey, we can start with you. From your experience with FINRA and the SEC how do regulators determine what’s going to be a priority in a given year? Why don’t we start with you, Evan?
Evan Rosser: Thanks, Ed. Well, they come from enough different places. A lot of them come from exam findings. What FINRA is seeing throughout their exam program, through their both special exam, cause examination and their cycle examinations. You can expect any new rule that has come out, particularly those rules that are important for customer protection. You will no doubt see some of those on the exam priorities. Some of the areas will be SEC priorities, where the SEC has found an area that they want to pursue and their priorities. And they will work with FINRA to make sure that they’re looking at those same areas as well. Some of it comes from the priorities of the leadership of FINRA and the SEC. What are their particular interests and where do they see vulnerabilities in the regulatory landscape? So it comes from a number of different areas. It might come from enforcement actions. Usually though enforcement actions, there’s a certain lag time. They’re kind of lagging indicators because those enforcement actions are usually the result of exams that were conducted much earlier, but they’ll come from a number of different places and all the departments within FINRA. I can’t speak for the SEC, but I would assume it’s the same there, too. They’ll have input. So enforcement member regulation, market regulation, advertising, they’ll all have some input as to what they feel the exam priorities should be for the upcoming year.
Ed Wegener: So, Jeffrey, from your experience at the SEC, was it similar?
Jeffrey Hiller: Very much so. They rely on exams and tips, sweeps, complaints, whistle blowers. What surprised me when I was at the SEC was one way they got their cases was to be the first one, either in California or New York to get a copy of the Wall Street Journal and see if there’s any explosive information there. And if there was, they would immediately, some kind of fraud or from a state, they would immediately follow up on that and open a matter under investigation. So there’s no single way that they do it. But they listen to the industry as they’re doing their exams. They find very similar faults or exceptions.
Ed Wegener: Yeah, my experience was similar when I was with FINRA and the examination program. I would say probably around July, August timeframe, we would get a reach out from somebody who was collecting input in terms of what areas we thought should be included. And usually it was a pretty long list that came out from the different areas, and then they would claw through it and really prioritize those and identify which of the areas would be considered priorities. So there’s a lot of thought that goes into what areas for a particular year might be a priority. So thanks very much for that. And I guess the next logical question is, okay, so they’ve gone through that process, and they’ve identified what the priorities are going to be for the given year. How do they use that? What happens with a priority? Do they just put it out there and leave it out there? Or how do they follow up on things that they’ve identified as priorities? Maybe Jeffrey, we’ll start with you from the SEC perspective.
Jeffrey Hiller: The priorities manifest themselves in many ways, but I would say the most important driver would be the chairman of the SEC. And I think that Chairman Gary Gensler right now is showing that through many of the things he says in his speeches, things he talks about. One of the things, the SEC brings cases they think they can win. And then they think that they have a lot of public publicity. So it’ll discourage others. And one thing they always do, custody. If any funds transfer or touch a client, any client funds, they’re going to look at that routinely.
Ed Wegener: Now that makes a lot of sense. Evan from your perspective and from the FINRA perspective, how have you seen FINRA use the priorities as part of their programs, um, in the, in a particular year?
Even Rosser: Well, one thing FINRA does obviously is publicize their priorities so that the, uh, the membership, the broker dealers are on notice as to what FINRA deems to be important. Um, so that’s probably a big part of how they use these is putting the industry on notice, and you can be sure that if they have an item on their exam priorities for the year, they are working those priorities into their schedules, their exam schedules, their exam modules. So they’re, they’re really working these into the process. Some of these might be the might result in sweep or targeted investigations, targeted examinations, where they’ll go out to certain firms to gather on these topics. So, as you know, FINRA has five categories of firms and not all of their priorities apply to each firm. Some are trading firms, some are investment banking firms with few of any retail customers. So your firm can look at these and say, which of these apply to us. I can assure you that there are priorities that will be specific to some types of firms, but there are going to be priorities, be it outside business, cyber security, AML that will apply to virtually all broker dealers.
Ed Wegener: No, that makes a tremendous amount of sense. And, you know,
Jeffrey Hiller: There’s a good example that we’re look, oh, I’m sorry, Ed.
Ed Wegener: No, please, go ahead.
Jeffrey Hiller: There’s a good example, to follow up on what Evan said, and that would be ESG Disclosures. People are talking about the governance and compliance and all of these matters, and they say that they’re doing ESG investing. And now the SEC is going out and saying, we’re confused about ESG, the governance part, you can get, but explain to us how you’re disclosing this. And if you’re doing it, prove to us that your facts are right. So a lot of companies are way over their skis in terms of bringing up, or accurately portraying this.
Ed Wegener: And I know, Jeffrey, we’ve seen our clients that are in that space have examinations by the SEC where they were asking those specific questions.
Jeffrey Hiller: Absolutely. And the SEC, as I’ve been talking with them, and I interact with them, and having been there, a lot of it is disclosure, accurate disclosure, do what you say you’re doing.
Ed Wegener: And just following up on Evan’s point with respect to the examination focusing – we’ve talked a lot in previous podcasts about how the regulators are moving to be much more risk based in terms of both determining the frequency of the examinations that they conduct and the scope of those examinations. And one of the things that informs both the frequency, and the scope of examinations are priorities in a given year. So when they’re planning out their examination programs, if firms are involved in the areas that are covered by priorities, that’s going to be a factor that they consider in determining whether they’re going to do an exam for that firm in a given year. It’s also going to help drive the scope of the examinations, so you can anticipate that if you are involved in an area that’s been identified as a priority, on your exam, like Evan said, that they’re likely going to look at it. Which leads to the next question for firms, is the priorities are out. We have a good sense of what the regulators are going to do with them and how they’re going to assess this. What should firms be doing in order to use the priorities to assess their programs? And Sarah, let’s turn to you first from your position as both a businessperson and a compliance officer at broker dealers and investment advisors, how would you recommend that firms utilize procedures when assessing their programs?
Sarah Sutton: I think the first thing is to really just identify the priorities that are listed to see if they’re the same priorities of the company and of the firm. Do those risks align with what the regulators are looking at? In most cases, I would say a lot of the things that you have on your agenda are also on your regulator’s agenda, but that’s a good thing to just kind do a comparison. Then once you’ve done that, really working with the department heads and the different individuals that are in charge of the areas that might have additional scrutiny, identify the gaps that you see, and really assess where the firm is at. On an annual basis, your firm should be going through a risk assessment and more than likely it would be another opportunity for you to kind pull that out and say, hey, is this an area that we don’t have a strong compliance program on? Are we still building it out?
We don’t have IT experienced enough folks, really kind of looking at where your firm has gaps. And the earlier you identify them, the more attention you can give it in time, you can give it to either delegate or really look to see what you need to do as a firm as a solution. And always knowing the due date, even though they might change. It’s always good to know what the due date is. And keeping that in mind too, it helps time of the year. Tax season always makes everybody busy, but that can’t always be an excuse every March, April. But at the same time, you want to make sure that you feel comfortable with the timeframe that you have to make sure you have the processes and procedures in place.
Ed Wegener: No, absolutely. Those are all great ideas. And, you know, one of the things that I I’ve considered as I, as I’ve looked at them is not just to concern myself with the, the current years priorities, because just something just because something wasn’t a priority this year, if you look back over the last five years and see areas in our priorities, it very well could be an area that the regulators are going to come in and look at. So look at the ones in the current year, but then also take a look back and see are there, are there past priorities that I need to make sure that we’re covering Evan and Jeffrey in terms of your ex experiences with firms? Are, are, is that the approach that you took or did you take different approaches
Jeffrey Hiller: Very similar in terms of identifying what issues are the most important thing is to listen to the SEC, because they’ll tell you through speeches and other things about their concerns. The other thing I do is when they find a violation from contacts in the industry, people will say, immediately look to see if they’re doing it and fix it, or talk to each other and say, hey, you know this is what happened with ESG, recently, you may want to look at your disclosure. So there’s a lot of industry conferences. There’s a lot our firm provides of forefront of knowledge and information. But I also, everything Sarah said I would agree with.
Sarah Sutton: I think one additional item that I would add, too, is when you see something, say something. I think it’s very important for your executive team to know what gaps and concerns you may have, especially as a leader of a firm. The more they know the more they can prioritize. And when they’re looking at budgets and technology and what’s coming down the pike, their job is to be strategic and forward thinking and moving the firm in a direction that their employees and their stockholders want it to go in. But at the same time, they may not know. Maybe they didn’t read an email that you get or something in the Wall Street Journal. For one person it’s difficult to disseminate through all of the information. I think one thing, too, that’s very important is to make sure your senior leadership is very much in the know about what you think is important in front of us.
Jeffrey Hiller: That is absolutely that’s. I fully agree with that. And my experience as a compliance officer, but major firms was 1) I had to have act access to the CEO or whoever was heading up compliance to make sure that I had an independent voice that I could use. The other thing is – anytime they had a town hall meeting or something like that, I would write some stuff for the CEO and have him bring up the compliance topic, just saying it’s important. And then two other things. One is, if someone, and it happened many times in my career, where somebody brought me some information that turned out to be a violation. I would go to the CEO and ask that that person would have that put in their performance appraisal, and that they get a bonus for that. And on the flip side, if somebody does something wrong, there should be sanctions. That’s the tone at the top, as far as I can see.
Ed Wegener: I completely agree with that. And I think, Sarah, to your point, one of the first groups that there should be communicated to is the senior business leadership for a couple of reasons. One is to make sure that they understand where the regulator’s priorities are as they consider decisions, right? And so it informs their decision making. But then also, so that you can let them know the types of things that you need to work on from a compliance perspective. So you can get the resources that you need as a compliance person to be able to address those areas. So that’s critical. Evan, any other thoughts?
Evan Rosser: I would just recommend that firms read the priorities and read them closely. And compare the FINRA priorities to the SEC priorities, because where there’s an overlap, you can be assured that there will be a focus on that area. As Ed mentioned, I would go back and read last year’s because these priorities don’t expire, and you’ll find that there is great consistency year to year in the FINRA priorities. You’re going to find cybersecurity. You’re going to find AML. With the new rules, you’re going to find CAT reporting, you’re going to find reg BI. If we wanted to, I think we could probably predict that most of the priorities that both regulators are going to have. But when you see them appear year in and year out, you can be assured that they are areas that regulators have a regular consistent focus, and you can expect them to review you on those topics.
Jeffrey Hiller: I would add one more thing. And that is to make your own priority list. If you had been examined five years earlier and gotten a deficiency letter, which most firms do, I would put that on my list of things to review and topics to be important for the life of my program, because you don’t want to have repeat violations. They’ve told you what’s wrong. Fix it and make sure it stays fixed.
Ed Wegener: Well, that’s absolutely the case, Jeffrey. I think that, to Evan’s point, just like priorities don’t expire, the priorities letters also aren’t the only place where priorities are identified by regulators. And some of the other areas that I look to, like you said, Jeffrey, past examinations, and examination findings. Another thing is just keeping an eye on what’s going on in the news, because that’s going to be an indicator of things that might be areas for them to review. A great place to keep an eye on, are what regulators are saying in speeches. Somebody had mentioned how it’s really the senior leadership of the regulators that drive the priorities. And if you’re watching what the chair of the SEC or the commissioners are saying in their speeches or the CEO at FINRA, those are going to give you a real good sense of what are the areas that are important to them.
Because if it’s important to them, it’s going to be important to their organizations. Another great place to look at are regulatory conferences. Each of the regulators will sponsor their own regulatory conferences or round tables and they’ll have topic areas that they cover there. Those topic areas, they’re there for a reason, because they’re important to the regulators. And those could end up being something that is an area that they’re focusing on in their regulatory programs. But I think it was a great idea to talk about predictions. You know, I think we could do a pretty good job of predicting what’s going to be coming this year. I’m a big fan of college game day. At the end of every college game day, they go through everyone and ask, who’s going to win each game. And then on the next one, they see how they did. So why don’t we do that? I’m really curious from the panel, what areas do you think the regulators are going to be focused on in 2022 when we come back and do future podcasts? After we receive the priorities letters, we can go back and take a look and see how well we did. So, yeah, go ahead, Jeffrey.
Jeffrey Hiller: If it was me, I think there’s going to be disclosure in ESG and how and calculation of these at private investors when the brokerage turned to free brokerage, but they make money in a different way that kind of disclosure to their clients to make sure that they understand what their fees are and what they’re paying for. Those are my two, Evan.
Evan Rosser: Well, certainly topics like cybersecurity, AML will always be on the list because they’re never going away. They’re always evolving. They’re always going to be on the list. They’re never going to solve those problems. And then you look at the major initiatives of FINRA and the SEC. It’s going to be reg BI, which has a direct impact on retail investors and has actually superseded a FINRA rule 2111. So you can be assured they’re looking at that. They’re going to look at CAT reporting, a major initiative, variables, annuities, sales. I’m pretty confident you’re going to see all of those on this year’s priorities.
Sarah Sutton: One thing that I think that hasn’t actually been mentioned is the new advertising rules we have. There are a lot of changes and I know a lot of folks are looking at it and did they, or did they not read the several hundred-page document? And there’s a lot of changes that were for the better I think, for us as an industry, but at the same time it may be a little overwhelming in just looking at what specifically you can do, or what further restrictions you have that are different from before. But I would say that’s going to be one. I agree with Evan, regulation, best interests. I think that is going to be on the on everyone’s agenda or checklist for the next few years. But those, I think, are my top two.
Ed Wegener: Well, absolutely new rules are always an area that you can expect to be in the priorities. And one of which I think will likely be on there is the Department of Labor’s fiduciary prohibited transaction exemption rule. The implementation phase is sort of drawn out throughout 2022, so it’ll be interesting to see how that applies. But interestingly, the SEC did say in their outreach last winter, I think it was in December, that they plan to review firm’s compliance with the DOLs rules, especially with respect to rollover transactions and that they were going to coordinate closely with the DOL on reviewing that. So I’m sure they’re going to look at it both from through the lens of reg BI, but then also what the requirements are that the DOL has with respect to things like rollover recommendations. So it’ll be very interesting to see when we get the, the priorities in the next coming weeks, you know, how we did there, but just based on the things that you guys talked about, I, I I’m sure we did. We did fantastic. So I really appreciate you all joining today. We’re going to come back as soon as the priorities have been released and we’ll do a deeper dive into specific priorities. So thanks for joining us.