SEC Exams Emphasize Vendor Risk Management

The Securities and Exchange Commission, or SEC, oversees securities transactions, financial professional activity, mutual funds and more to protect investors, prevent fraud and deception and maintain markets. In February 2018, the SEC released their 2018 Examination Priorities which can be found here.

The SEC Places Emphasis on Vendor Risk Management in Exams

The SEC looks at your vendor risk management, and here are two points that emphasize its importance:

1. Within the 2018 exam priorities, there’s a specific statement that says exams will assess vendor risk management. Here’s the excerpt:
   
   “We will continue to examine SCI entities to evaluate whether they have effectively implemented such written policies and procedures. OCIE will also review, among other things, controls relating to how systems record the time of transactions or events and how they synchronize with other systems. Examinations will also assess entities’ readiness and business continuity plan effectiveness, vendor risk management, particularly in cloud environments, and enterprise risk management, including whether these programs cover appropriate business units, subsidiaries, and related interconnected infrastructure.”
   
   
2. There’s a focus in the exam priorities document on cybersecurity and anti-money laundering expectations as these two areas will be prioritized in upcoming examinations and are directly related to vendor risk management.

Cybersecurity protection is critical to operations, especially since cybersecurity risks and threats have increased over the years and can impact your organization, vendors and customers. It’s equally as important to have a strong AML program in place in order to identify customers, perform appropriate due diligence and monitor customer accounts for suspicious activity. It’s safe to say that you can expect both to be heavily evaluated during your next SEC exam.

If you’re not entirely convinced that SEC exams place emphasis on vendor risk management, take a look at a few statistics from the 2018 Examination Priorities:

1. In FY 2017, the SEC achieved examination coverage of approximately 15% of all investment advisers, up from 8% just five years ago.
2. They completed more than 2,100 exams of investment advisers in FY 2017, which is an increase of approximately 46% over FY 2016.
   
   

4 Recommendations to Meet SEC Vendor Risk Management Expectations

Since the SEC is placing so much emphasis on vendor risk management in exams, what can you do to be prepared? Here are some recommendations:

1. Strengthen your oversight of third parties by having a strong vendor risk management program in place.
2. Review your compliance procedures particularly as they relate to senior citizens and retirement accounts.
3. Have well-documented plans in place that match the work product being produced.
4. Continue to stay abreast of regulatory news and enforcement actions as they occur.

Remember, these expectations are for good reason – it’s your responsibility to protect your organization and customers. Increased expectations happen because of increased risks in today’s environments.

Now that you've read about the SEC Examination Priorities - download the complementary eBook now for a helpful reference guide.