The SEC has been on a white-hot examination streak, upping its number of audits by a remarkable 137% over the last six years, but a combination of factors seem primed to slow the commission’s roll through 2019 and beyond.
Despite all the talk of deregulation and the rolling back of the Department of Labor’s fiduciary rule, the SEC’s Office of Compliance Inspections and Examinations audited 2,312 firms — approximately 17% of all SEC-registered investment advisory firms — according to the SEC's recently released
While that may appear a relatively low figure, it's a significant increase from 2012 when the audit rate was only 8%. From 2012 to 2018, the total number of federally registered investment advisors grew 13% while the number of audits more than doubled from 974 to 2,312 during the same time period.
Still, as I
In a positive for the RIA industry, even as the volume of audits has increased over time, the percentage of firms with compliance issues has been trending lower. The percentage of audits resulting in one or more deficiencies has remained relatively steady or has decreased in recent years. In 2018, for example, 69% of all SEC audits resulted in a deficiency. In both 2016 and 2017, 72% of audits resulted in a deficiency. Compare that to 2011 when 82% of audits led to a deficiency. Similarly, 20% of audits conducted in 2018 resulted in a significant finding, compared to 42% during the 2011 fiscal year.
There has yet to be a meaningful uptick in the number of RIA enforcement actions — but that could soon change. While the percentage of examinations referred to the SEC Enforcement Division declined from its peak of 13% in 2013 to 6% in 2018, on a volume basis the number of firms referred to enforcement is increasing over time. With 964 examinations performed in 2013, a 13% enforcement referral rate equates to approximately 125 firms. On the other hand, with 2,312 examinations conducted in 2018, a 6% enforcement referral rate equals approximately 139 firms.
It’s possible this increased enforcement trend could accelerate as the SEC zeroes in on cybersecurity issues.
This observation is confirmed by the recently released
Historically, there haven’t been a lot of such actions related to investment advisors. But here’s the wild card: It’s possible this increased enforcement trend could accelerate as the SEC zeroes in on cybersecurity issues. Last year, the SEC took its first action charging violations of Regulation S-ID. This regulation, known as the Identity Theft Red Flags Rule, is designed to protect clients from the risk of identity theft.
In its annual report, the SEC Enforcement Division noted it has more than 225 ongoing cyber-related investigations. While that figure includes all types of regulated entities under the SEC’s purview, it seems highly unlikely that there will not be more forthcoming cybersecurity-related actions against investment advisors in 2019 and beyond. Considering the plethora of regular guidance and risk alerts SEC staff has issued in recent years, it’s safe to say that gone are the days when a firm can plead ignorance as a defense when it comes to cybersecurity.