Meeting the OCIE’s New Requirements with VRM

On Jan. 7, the Office of Compliance Inspections and Examinations (OCIE) of the U.S. Securities and Exchange Commission (SEC) announced its 2020 Exam Priorities.

There were a few areas that remain a focus for the OCIE — retail-targeted investments, information security, fintech and innovation, anti-money laundering (AML), and the Financial Industry Regulatory Authority (FINRA) and Municipal Securities Rulemaking Board (MSRB).

One new area of focus is Form CRS and Regulation Best Interest (Reg BI) rules on relationships between retail investors and broker-dealers (BDs) or registered investment advisers (RIAs). This was followed up on April 7, as the OCIE issued two Risk Alerts regarding the nature of initial examinations for compliance with Form CRS and Reg BI.

BDs and RIAs had until June 30, 2020 to be in compliance with these new requirements. The OCIE has also made it clear that it will not extend any deadlines due to the COVID-19 pandemic. What can you do if your reliance on third-party vendors is impairing your ability to meet the OCIE’s new requirements?

Gathering the necessary documentation

While the OCIE’s guidance has no legal force or effect, examination findings do inform the SEC’s rulemaking initiatives, identify and monitor risks, improve industry practices, and pursue misconduct. It’s in the best interest of any BD or RIA to be aware of what’s included regarding third-party vendors in these new Risk Alerts.

The OCIE’s Risk Alert for “Examinations that Focus on Compliance with Form CRS” requires BDs and RIAs to deliver brief summaries of customer and client relationships to retail investors. The requirements for the content include a summary of “how the firm describes its conflicts of interest,” including third-party payments.

Infographic: Guidelines for Effective Vendor Onboarding

Mitigate risk while building strong vendor relationships.

Being properly prepped for OCIE

The Risk Alert “Examinations that Focus on Compliance with Regulation Best Interest” explains how third-party vendor relationships come into play with reviews for Conflict of Interest Obligations. The OCIE may review policies and procedures for:

  • “Conflicts associated with material limitations,” such as products with third-party arrangements.
  • Additional documentation, including a “description of the compensation method used for registered personnel that may be paid by any third party”
  • “A list of any third parties or affiliates with which the Registrant has arrangements for sale of their products to retail customers.”

It’s important to review your policies, procedures, and your vendor risk management (VRM) solution to ensure you’re prepared for these upcoming examinations. Document management functionalities and vendor financial review services should be a part of any solution to meet these new OCIE requirements.

Defend yourself against vendor and enterprise risk

Learn about our best-in-class VRM/ERM solutions.