Each year, both the United States Securities and Exchange Commission (SEC) and the Financial Industry Regulatory Authority (FINRA) issue guidance concerning their regulatory priorities for the coming year. FINRA's 2019 Annual Regulatory and Examination Priorities Letter can be found here, and the SEC Office of Compliance Inspections and Examinations (OCIE)'s 2019 National Exam Program Examination Priorities can be found here.
Set forth below are topics on which the SEC's and FINRA's concerns overlap. Notably, FINRA took a unique approach this year in that its letter begins with materially new topics, then discusses areas of ongoing concern, with an emphasis on aspects of those topics not covered in prior letters. Unlike in previous years, FINRA declined to use its priorities letter to repeat topics that have been "mainstays" of its focus over the years. The SEC also took a new approach, emphasizing how it increasingly leverages technology and data analytics to fulfill its mission and citing its recently adopted Strategic Plan, which reiterates the importance of examinations to bolster regulatory requirements and protect investors.
This year, both of the annual priorities letters address a large number of diverse topics. Accordingly, in order to provide additional insight into the evolution of the SEC's and FINRA's regulatory and examination priorities, we have prepared detailed comparisons of FINRA's priorities between 2007 and 2019 and the SEC's priorities between 2013 and 2019. The comparison of the SEC's priorities is available here. The comparison of FINRA's priorities is available here.
Cybersecurity: The SEC places a particular emphasis on cybersecurity this year and states that it will continue to prioritize cybersecurity in each of its five examination programs. Specific to investment advisers, the SEC will emphasize cybersecurity practices at investment advisers with multiple branch offices, including those that have recently merged with other investment advisers. The SEC will also continue to focus on, among other areas, governance and risk assessment, access rights and controls, data loss prevention, and incident response.
FINRA also retains its emphasis on cybersecurity, although it does so primarily through its focus on regulatory technology or "RegTech." FINRA will engage with firms to understand how they are using a variety of innovative RegTech tools to make their compliance efforts more efficient and how they are addressing related risks, challenges, or regulatory concerns, including supervision and governance systems, third-party vendor management, safeguarding customer data and cybersecurity. MORE