As 2020 comes to a close, it’s a good time for firms to wrap up key compliance initiatives and plan for the new year. Regulators have done as much, finding time to issue their year-end reports that both laud their efforts and catalog the results from their examination and enforcement activities.
Regulators hope—and increasingly expect—organizations to use their observations and findings in these reports to evaluate their compliance programs. The reports do this by providing insights into the practices that organizations have succeeded or failed in implementing to address various risks. These insights also provide a heads-up on regulatory focus areas that can help a legal and compliance staff better focus limited resources, especially during the current pandemic.
Using what you read, see, and hear from regulators about compliance controls (good and bad) can be extraordinarily helpful, especially if you are strapped for time or resources.
When I worked in-house, I relied on the invaluable exam priorities and other year-end reports to plan compliance priorities for the upcoming year. I have selected a few recent examples, summarized below. While these reports are not inclusive of all regulatory activities and focus areas, they are a good starting point for financial firms to flag regulatory expectations and help launch the priorities-setting exercise for their compliance program.
SEC Annual Enforcement Report
On Nov. 2, the SEC’s Division of Enforcement staff published its annual enforcement report for fiscal year 2020. The report indicates that the Commission brought 405 standalone cases in 2020, down 23% from 526 cases in 2019.
Despite the decrease in the number of cases, outgoing SEC chair Jay Clayton touted the Commission’s enforcement results as a record-breaking year in monetary remedies. All told, these actions resulted in a total of $3.589 billion in disgorgement and $1.091 billion in penalties, a total $331 million higher than in fiscal year 2019.
The report also highlights the following as critical considerations or accomplishments in 2020:
• The impact of Covid-19 was significant for the Enforcement Division both in terms of its agenda and its operations.
• The division’s enforcement focus covered familiar areas (including financial fraud and issuer disclosure, market integrity threats, abusive trading, and misconduct by investment professionals) and key priorities of combatting financial fraud and policing the adequacy of issuer disclosures.
• Interactions with retail investors will remain an enforcement focus.
• The Commission’s whistleblower program had a record year, with awards totaling approximately $175 million.
Looking ahead to 2021, don’t expect the adjustment to remote regulation to impact the SEC’s enforcement activities. A new administration will most likely mean that the SEC will step up its rulemaking agenda and its enforcement and inspection programs.
OCC Semi-Annual Risk Perspectives Report
On Nov. 9, the Office of the Comptroller of the Currency released its semi-annual report on the current nationwide risk environment for banks. The report sets out four pandemic-related risk themes and concerns for banks: credit, strategic, operational, and compliance. Considering that the agency issued significant fines this year for ongoing failures to correct longstanding compliance and risk management deficiencies, I found two areas of note:
Cybersecurity. The OCC cites cybersecurity threats as a crucial driver of the heightened operational risk environment. Banks may have adequate cybersecurity systems, but the agency notes concerns regarding information technology systems, change management, and information security. These concerns are primarily attributable to increasing ransomware attacks, compelling banks to ensure adequate cybersecurity controls.
Compliance. The report also elevates compliance risk due to a combination of altered work environments and the requirement to quickly implement new federal, state, and proprietary programs designed to support businesses and consumers.
CFTC Annual Enforcement Report
On Dec. 1, the CFTC’s Division of Enforcement issued its fiscal year 2020 report, detailing the agency’s most active enforcement year, which included the most enforcement actions filed in one year (113) and the most retail fraud actions taken in a year (56).
The report also identifies priorities for the agency in 2021, which include:
Preserving market integrity. Efforts will include uncovering misconduct—fraud, manipulation, spoofing, and other forms of disruptive trading—that can undermine the markets’ integrity.
Protecting consumers. Efforts will include historical areas of focus in “precious metals, forex, and binary options,” but will expand to cover digital assets and other new products.
Promoting individual accountability. Efforts will include holding supervisors and other management types accountable for failures.
Coordinating with other regulators and authorities. Efforts will include coordination with enforcement counterparts on matters of mutual interest—similar to what we saw in the Interactive Brokers matter, a trendsetting three-part joint action involving the agency and the SEC and FINRA.
Lessons from the Covid-19 Pandemic
Just this week, on Dec. 16, FINRA issued a request to member firms for help in building on lessons learned from the pandemic.
I applaud FINRA for seeking this information, recognizing that the widespread use of remote offices and alternative work arrangements will not disappear any time soon. While it is not a typical year-end report, firms should not miss this opportunity to let FINRA know of any issues or challenges they may want to consider in 2021.
As a start, FINRA noted the following potential areas to help garner feedback:
Rules assessment. Are there FINRA rules or rule sets that would benefit from an assessment based on stakeholders’ experiences during the pandemic? If yes, FINRA wants to know how those rules and processes have worked—or haven’t worked—during the pandemic, and whether there are opportunities based on learnings from the pandemic to make those rules or processes more effective or efficient.
Business continuity. Based on the experiences during the pandemic with business continuity planning, should FINRA amend its requirements to address any issues?
Office definitions. Should FINRA reconsider its office definitions due to the greater use of remote offices and alternative work arrangements?
Communications. Have the pandemic conditions highlighted the need for further changes to FINRA’s communication processes, methods of engaging with member firms, or related procedural requirements?
How to Start?
Financial firms can use these reports by reviewing them with key stakeholders (e.g., legal, compliance, risk, finance, systems, and business lines) to flag any focus areas or concerns. Identifying these areas can be done by asking questions such as:
• What are the regulators focusing on (products, activities, customer types, etc.)?
• Considering that regulators at times will use examples of identified noncompliance to alert organizations to what they should avoid, what compliance issues or challenges did regulators frequently note in their reports?
• What effective practices did regulators identify for compliance requirements based on their reviews?
• Considering that regulators will reference checklists and guides to support compliance with certain critical issues or requirements, what references and tools are noted or available to help define or enhance compliance controls?
In the end, the importance of thinking strategically, and not just reactively, is critical to maintaining and updating your compliance program—even amid the distractions and challenges presented by an unprecedented pandemic.
Bloomberg Law subscribers can find related content on our Regulatory Exam Checklist resource.
If you’re reading this on the Bloomberg Terminal, please run BLAW OUT <GO> in order to access the hyperlinked content.