Email Us 1-866-251-6920

SEC & FINRA Set Exam Priorities; SEC Issues Cybersecurity Tips and FINRA Punishes Firms for UGMA and UTMA Failures: Regulatory Update for February 2020

For Investment Advisers and Broker-Dealers:  SEC, FINRA, and State Actions

OCIE Announces 2020 Examination Priorities. The Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (“OCIE”) released its 2020 exam priorities on January 7, 2020.  OCIE’s priorities haven’t changed much from 2019, and include topics addressed in the 2019 Risk Alerts and the new requirements of Regulation Best Interest, Form CRS (Client Relationship Summary) and the Commission Interpretation Regarding the Standard of Conduct for Investment Advisers.  OCIE’s themes for 2020 mirror those of 2019 and include:

  1. Protection of retail investors, including seniors and those saving for retirement;
  2. Information security, focusing on risk management, access controls, data loss prevention, vendor management, training, and incident response;
  3. Financial technology and innovation, including digital assets and electronic investment advice;
  4. Never-before and not recently examined RIAs, RIA compliance programs, and advisers to mutual funds, ETFs, and private funds;
  5. Compliance and risk management for firms responsible for critical market infrastructure, including clearing firms, securities exchanges, alternative trading systems, and transfer agents; and compliance with Regulation SCI which requires written policies and procedures surrounding technology and systems infrastructure;
  6. Broker-dealer anti-money laundering programs, focusing on whether broker-dealers are filing Suspicious Activity Reports (SARs), independently testing their AML program and identifying suspicious and illegal activities; and
  7. Oversight of FINRA and MSRB.

Similar to 2019, OCIE will continue to focus on disclosure of fees and expenses and conflicts of interest.  Based on the exam priorities, here are my recommendations for RIAs:

  1. If you say it, make sure you do it.  OCIE will be looking at disclosures, especially those discussing fees and expenses and conflicts of interest (clearly a result of 2019’s initiatives).  RIAs that household accounts to offer fee discounts better make sure this happens.  OCIE will continue to look at whether RIAs have fully disclosed to retail clients the risks “associated with fees and expenses, and undisclosed, or inadequately disclosed, compensation arrangements”.  RIAs should also be prepared to show OCIE how they are complying with the new requirements of Regulation Best Interest (applicable to broker-dealers and dual registrants), Form CRS (Client Relationship Summary)(applicable to broker-dealers and investment advisers serving retail clients) and the Commission Interpretation Regarding the Standard of Conduct for Investment Advisers (applicable to all advisers).
  2. Address conflicts caused by financial incentives.  Examiners will be charged with reviewing financial incentives offered by mutual fund and ETF providers that can influence financial professionals to select specific mutual fund share classes.  OCIE will also be looking at whether mutual fund fee discounts are being applied (i.e., breakpoints).
  3. Be able to show how you protect clients’ personal financial information. As indicated by OCIE’s risk alert on Safeguarding Customer Records and Information in Network Storage – Use of Third Party Security Features, “[E]xaminations will focus on, among other things, proper configuration of network storage devices, information security governance generally, and retail trading information security.”   Advisers’ processes for vendor due diligence and management will also be targeted.  And don’t forget about the proper disposal of retired hardware!
  4. Advisers that manage digital assets and use robo-advisers are held to the same compliance standards as other RIAs.  OCIE will be looking at firms that offer digital assets.  Examiners will review how suitability is determined, how the assets are being managed, valued, and custodied, and whether there are sufficient compliance controls in place to supervise the activity.  Similar to its review of all RIAs, the SEC will be reviewing robo-advisers to make sure they are meeting their regulatory requirements and treating clients fairly.
  5. Cover basic compliance blocking and tackling.  The SEC’s exams will continue to focus on compliance program basics, such as custody, best execution, fees and expenses, portfolio management and valuation of client assets.  Dual registrants should expect special attention from regulators on disclosure and management of the conflicts associated with best execution, fiduciary advice, and conflicts of interest.  RIAs that offer investment strategies focused on ESG (environmental, social and governance) factors should expect lots of questions from staff.
  6. Advisers that manage mutual funds, ETFs, and private funds should prepare for SEC examination.  Advisers to investment companies will also be subject to SEC scrutiny per the risk alert from OCIE on Top Compliance Topics Observed in Examinations of Investment Companies and Observations from Money Market Fund and Target Date Fund Initiatives.  OCIE will be looking at RIAs to private funds that also manage mutual funds with a similar investment strategy, and how they ensure that investors in both types of vehicles are treated fairly.  Mutual fund boards should also be aware that exam staff will be taking a closer look at their oversight practices.  Contributed by Jaqueline M. Hummel, Partner and Managing Director.

OCIE’s Latest Best Seller: Tips on How to Improve Cybersecurity.  In a marketing upgrade from its usual risk alert, OCIE has produced Cybersecurity and Resiliency Observations, a ten-page report addressing strategies for investment advisers to manage cybersecurity risks.  The report is chock full of great ideas for managing cybersecurity risk, handling breaches, and maintaining resiliency.  Advisers should review carefully, since by providing this information, OCIE will expect firms to use it.

There are a few areas where I find advisers are particularly vulnerable.  The first is cybersecurity threats from hackers using social engineering techniques to gain access to the firm’s email system.  Hackers are incredibly sophisticated in targeting firms and their clients using methods such as phishing, whaling, and pretexting.  These threats can be combated by frequent training to ensure awareness.  Because hackers are continuously trying new methods, advisers should consider OCIE’s recommendation to continuously re-evaluate and update training based on cyber-threat intelligence.  (And by frequent, I mean quarterly.)  Other areas of vulnerability include access rights and controls, mobile device security, and incident response.  OCIE’s report includes strategies for addressing these vulnerabilities that advisers should seriously consider adopting.  Contributed by Jaqueline M. Hummel, Partner and Managing Director.

Tools for Navigating Form CRS and Regulation Best Interest.

Contributed by Rochelle A. Truzzi, Senior Compliance Consultant.

New Jersey Adopts Safeguarding Against Financial Exploitation Act. New Jersey is the most recent state to adopt mandatory reporting of suspected financial exploitation of an “eligible adult” by “qualified individuals”.  Refer to the following resources for additional information: “Governor Murphy Provides Seniors with Added Protection Against Financial Exploitation”, Bressler Amery & Ross Financial Institutions Law Alert, and “More Seniors Protected Against Fraud by NJ Law”, by Karen DeMasters, Financial News.  Contributed by Cari A. Hopfensperger, Senior Compliance Consultant.

For Investment Advisers:

SEC’s Top Eleven Hits: Investment Adviser Regulatory Review 2019: HCC put together this list of the top regulatory hot buttons from 2019 to help you focus your compliance efforts in 2020.

Investment Advisers Compliance “To Do” List for 2020:  For investment advisers, mutual funds, private and hedge fund managers: a handy list of regulatory deadlines for 2020 for updating your compliance calendar.

Top 10 Hits Regulatory Review Part 1 and Part 2: Hardin’s top 10 recommended areas to address in your compliance program heading into the new year. Both parts are also packed with helpful links to additional resources on each topic.

For Broker-DealersFINRA Actions

Broker-Dealer Compliance “To Do” List for 2020: A similarly handy list of regulatory deadlines for broker-dealers to update your compliance calendar.

Broker-Dealer 2019 Regulatory Year in Review. A high-level summary of notable broker-dealer regulatory developments in 2019.

FINRA Publishes its 2020 Risk Monitoring and Examination Priorities Letter. On January 8, FINRA published its annual Risk Monitoring and Examination Priorities Letter for 2020.  FINRA uses this letter to highlight the specific areas its risk monitoring, surveillance, and examination programs will be focusing on for the coming year.  This year’s letter identified many of the same priorities as in previous years (including sales practice risks, senior investors, order routing, market manipulation, cybersecurity, and AML).   However, there were some new priorities identified by FINRA that are worth reviewing.  Notable New Priorities for 2020:

  1. Regulation Best Interest (Reg BI) and Form CRS
    • For the first half of the year, examiners will be reviewing what steps firms are taking to prepare for the compliance date (June 30) and the challenges they are facing with implementation.
    • After June 30, FINRA will be examining compliance with Reg BI, Form CRS, and all related SEC guidance and interpretations.
  2. Communications with the Public – Private Placements & Digital Channels
    • Examiners will be looking at communications with the public regarding private placements, especially those distributed via an online platform.
    • If digital channels such as texting, online messaging, social media, or collaboration applications are being used by registered representatives to conduct business, examiners will be interested.
  3. Cash Management and Bank Sweep Programs
  4. Digital Assets
    • FINRA is receiving an increasing number of New Member Applications (NMAs) and Continuing Member Applications (CMAs) from firms seeking to engage in business activities related to digital assets.
    • FINRA will be assessing firms to determine how they are dealing with digital assets, whether firms submitted a CMA for the new activity, whether their marketing materials are in line with the Content Standards of the Communications with the Public Rule, and what procedures and controls are in place to support the facilitation of transactions in digital assets.

In addition to the priorities identified in its letter, FINRA also noted that 2020 marks a significant inflection point for FINRA due to the recent integration of their different examination programs into a single framework. In this process, FINRA grouped members into one of the following five peer categories: Retail, Capital Markets, Carrying & Clearing, Trading & Execution, and Diversified. Each of those groups contains several sub-groups to align firms with peers that are conducting similar business activities.  FINRA’s intent is to enhance the effectiveness of its risk monitoring and examination activities and provide firms with resources aligned to their needs.

These are just some of the topics that FINRA addressed in their letter. The letter should be reviewed in its entirety for firms to identify priorities relevant to their business.  FINRA also included a list of practical considerations and questions for each of its priorities to help firms successfully apply the letter to their business.  Contributed by Doug MacKinnon, Senior Compliance Consultant.

For Hedge Fund Managers:  State and Cayman Island Actions

State of Michigan – New Private Fund Registration Exemption. The Michigan Department of Licensing and Regulatory Affairs recently revised its rules interpreting the Michigan Uniform Securities Act, the majority of which became effective in July 2019. One significant change is a new registration exemption created for private fund advisors that took effect on January 3, 2020.  See R 451.4.5.   The registration exemption applies to private and hedge fund advisers domiciled in Michigan, and those that have Michigan residents as investors, so long as the following conditions are satisfied:

  • There are no “bad boy” disqualifying persons affiliated with the investment adviser (and its advisory affiliates); and
  • The adviser electronically files for federal exempt reporting status as an adviser to a 3(c)(1) or 3(c)(7) fund.

Additionally, investors in the private funds must be “qualified clients” under Advisers Act Rule 205-3 or accredited investors under Regulation D of the Securities Act of 1933.  The private fund adviser must electronically file a Form ADV for exempt advisers (under Rule 204-2 of the Advisers Act) with the Investment Adviser Registration Depository (IARD) before Michigan will recognize and apply the state-level exemption. Contributed by Carolyn W. Mendelson, Senior Compliance Consultant.

Cayman Island – Elimination of the “Fifteen Investor Exemption” and New Closed End Requirements. Earlier this month, the Cayman Islands Monetary Authority (CIMA) published two new bills.  First, the Mutual Funds (Amendment) Bill, 2020 withdraws the “Fifteen Investor Exemption”, which has exempted funds with fifteen or fewer investors from registration as a mutual fund.  Although the timeline for action has yet to be confirmed, funds previously relying on the Fifteen Investor Exemption will generally need to register as a mutual fund with CIMA for the first time unless another exemption applies.  Second, the Private Funds Bill, 2020 introduces new registration and regulation requirements for closed end private funds.  Both bills are anticipated to be adopted soon and additional clarification and guidance is expected from CIMA.  Contributed by Cari A. Hopfensperger, Senior Compliance Consultant.

Lessons Learned from SEC and FINRA Cases

UGMA and UTMA Uniform Transfer to Minors Act and Uniform Gifts to Minors Act. FINRA settled with five firms for “failure to reasonably supervise compliance with FINRA Rule 2090, FINRA’s ‘Know Your Customer’ rule.”  As noted in FINRA’s press release, “UTMA and UGMA accounts are custodial accounts that provide a way to transfer property to a minor beneficiary without the need for a formal trust. The custodian makes all investment decisions on the beneficiary’s behalf until the beneficiary reaches the age of majority, at which point the custodian is required by state law to transfer control over the custodial property to the beneficiary.”

The firms sanctioned by FINRA (Citigroup Global Markets Inc.; J.P. Morgan Securities LLC; LPL Financial LLC; Morgan Stanley Smith Barney LLC; and Merrill Lynch, Pierce, Fenner & Smith Incorporated) allowed customers to open UTMA and UGMA accounts, but did not have policies and procedures in place to track or monitor when control over the accounts should have been transferred to the account beneficiaries.  Consequently, the custodians of the account, presumably the parents of the minors for whom the accounts were established, continued to control the accounts months or even years after the beneficiaries reached the age established by statue (18 or 21 in most states).  “The five firms paid combined fines totaling $1.4 million, and agreed to review their policies, systems, and procedures to ensure that they are reasonably designed to supervise custodial accounts and to achieve compliance with FINRA Rule 2090.”  Contributed by Jaqueline M. Hummel, Partner and Managing Director.

Worth Reading

Filing Deadlines and To-Do List for February 2020


  • Form 13F: Form 13F (institutional manager) quarterly filing for Q4 2019 is due within 45 days after the end of the calendar quarter, on February 14, 2020.
  • Form 13H: Form 13H (large trader) annual filing is due for advisers that already have a Form 13H filing obligation by February 14, 2020. (This filing is not required if the quarterly amendment was filed for the fourth quarter.)
  • Schedule 13D and Schedule 13G: Annual amendments are due for advisers that have changes to disclosure information on previously filed 13D or 13G forms, on February 14, 2020.


  • Blue Sky Filings (Form D). Advisers to private funds should review fund blue sky filings and determine whether any amended or new filings are necessary.  Generally, most states require a notice filing (“blue sky filing”) within 15 days of the first sale of interests in a fund, but state laws vary.  Did you know that Hardin Compliance Consulting offers a convenient and economical blue sky filing service to help firms manage this complicated monthly task?  Learn more here and give us a call to discuss your needs further.  Due February 15, 2020.
  • NFA Annual Affirmation for Entities Operating Under an Exemption from CPO or CTA Registration: Annual amendments are due for advisers that have changes to disclosure information on February 29, 2020.
  • Form PF for Large Hedge Fund Advisers.  Large Fund Advisers must file Form PF with the SEC on the IARD system within 60 days of each fiscal quarter-end.  For funds with a December 31 fiscal quarter end, Form PF is due February 29, 2020.
  • Initial Form PF: Hedge Fund Advisers that have reached $1.5 billion regulatory assets under management (“RAUM”) attributable to hedge funds as of December 31, 2019, must make initial filing (the initial quarterly Form PF filing within 60 days of quarter end if an adviser’s hedge fund RAUM exceeds $1.5 billion as of the previous quarter-end). Due February 29, 2020.
  • Reaffirm YOUR CPO and CTA Exemptions: Firms that claim exemptions from Commodity Pool Operator (“CPO”) registration under CFTC Rule 4.5 or CTFC Regulation 4.13(a)(3) (the “de minimis exemption”), or Rules 4.13(a)(1), 4.13(a)(2), 4.13(a)(5), and firms that claimed an exemption from Commodity Trading Adviser (“CTA”) registration pursuant to CFTC Rule 4.14(a)(8) must re-affirm those exemptions annually within 60 days of the calendar year end – by February 29, 2020. As noted by the NFA in Notice to Members I-19-29, “Failure to affirm an active exemption from CPO or CTA registration will result in the exemption being withdrawn on March 1, 2020.  For registered CPOs or CTAs, withdrawal of the exemption will result in the entity being subject to Part 4 Requirements regardless of whether the entity otherwise remains eligible for the exemption. For non-registrants, the withdrawal of the exemption may subject the person or entity to enforcement action by the CFTC.”  NFA Notice I-19-29 also contains guidance FAQs related to this annual affirmation process.


  • Form CTA-PR should be filed with National Futures Association (“NFA”) by registered Commodity Trading Advisors for the year ended December 31, 2019, by February 14, 2020. This filing satisfies the CFTC annual and NFA 4th quarter filing requirements for Form


  • Form N-MFP.  Form N-MFP (Monthly Schedule of Portfolio Holdings of Money Market Funds) reports information about the fund’s holdings as of the last business day of the prior calendar month and must be filed no later than the fifth business day of each calendar month.  Due date is February 7, 2020.


  • Form OBS: For the Quarter ending December 31. Unless subject to the de minimis exception, all clearing, self-clearing, and carrying firms and those firms that have a minimum dollar net capital requirement equal to or greater than $100,000 and at least $10 million in reportable derivatives and other off-balance sheet items must submit Form OBS as of the last day of a reporting period within 22 business days of the end of each calendar quarter via eFOCUS. Firms that claim the de minimis exemption must affirmatively indicate through the eFOCUS system that no filing is required for the reporting period. Due February 3, 2020.
  • Rule 17a-5 Monthly and Fifth FOCUS Part II/IIA Filings: For the period ending January 31, 2020. For firms required to submit monthly FOCUS filings and those firms whose fiscal year-end is a date other than a calendar quarter. Due February 26, 2020.
  • SIPC-7 Assessment: For firms with a Fiscal Year-End of December 31. SIPC members are required to file the SIPC-7 General Assessment Reconciliation Form, together with the assessment owed (less any assessment paid with the SIPC-6) within 60 days after the Fiscal Year-End. Due February 29, 2020.
  • SIPC-6 Assessment: For firms with a Fiscal Year-End of July 31. SIPC members are required to file for the first half of the fiscal year a SIPC-6 General Assessment Payment Form together with the assessment owed within 30 days after the period covered. Due March 1, 2020.
  • SIPC-3 Certification of Exclusion from Membership: For firms with a Fiscal Year-End of January 31 AND claiming an exclusion from SIPC Membership under Section 78ccc(a)(2)(A) of the Securities Investor Protection Act of 1970. This annual filing is due within 30 days of the beginning of each fiscal year. Due March 1, 2020.
  • Annual Audit Reports for the Fiscal Year-End December 31, 2019: FINRA requires that member firms submit their annual audit reports in electronic form. Firms must also file the report at the regional office of the SEC in which the firm has its principal place of business and the SEC’s principal office in Washington, DC. Firms registered in Arizona, Hawaii, Louisiana, or New Hampshire may have additional filing requirements. Due March 2, 2020.
  • Supplemental Inventory Schedule (“SIS”): For the month ending January 31. The SIS must be filed by a firm that is required to file FOCUS Report Part II, FOCUS Report Part IIA or FOGS Report Part I, with inventory positions as of the end of the FOCUS or FOGS reporting period, unless the firm has (1) a minimum dollar net capital or liquid capital requirement of less than $100,000; or (2) inventory positions consisting only of money market mutual funds. A firm with inventory positions consisting only of money market mutual funds must affirmatively indicate through the eFOCUS system that no SIS filing is required for the reporting period. Due March 2, 2020.



Partner with Hardin Compliance

Have a compliance question or want an independent review of your compliance program?  Hardin Compliance can help!  Call us today at 1.724.935.6770, or visit our website at for more information.


Hardin Compliance Consulting provides links to other publicly-available legal and compliance websites for your convenience. These links have been selected because we believe they provide valuable information and guidance.  The information in this e-newsletter is for general guidance only.  It does not constitute the provision of legal advice, tax advice, accounting services, or professional consulting of any kind.

Photo by Garrett Sears on Unsplash