At the end of January, the SEC’s Division of Examinations published a Risk Alert to highlight observations from examinations related to Regulation Best Interest. The primary takeaway: generic policies and procedures or those that merely regurgitate the rule do not meet the “reasonably designed” standard under the Compliance Obligation of Reg BI. A firm’s policies should be highly specific to the firm itself, its products, its clients, Further, firms should be taking the next step with their policies and procedures to ensure that policies, procedures, and training materials are providing sufficient guidance to Financial Professionals (FPs) and other staff about how to meet their obligations.
Deficiencies and Weaknesses Highlighted in the Risk Alert
Specific areas which were highlighted as wide-spread weaknesses and deficiencies across policies and procedures:
- Disclosure Obligation
- Not identifying when disclosures should be created or updated and who is responsible for doing so.
- Failing to have a process to demonstrate that disclosure had been provided to retail customers.
- Only posting Regulation Best Interest disclosures on their website or referencing in disclosures in other documents delivered to customers.
- Not having policies and procedures to ensure that FPs with multiple licenses were disclosing their capacity to retail customers prior to or at the time of the recommendation.
- Lacking guidance to FPs about oral disclosures when there were differences between specific FP conflicts and a firm’s standard disclosures – e.g., circumstances requiring additional disclosures and how to maintain a record of making oral disclosures.
- Care Obligation
- Directing FPs to consider reasonably available alternatives and/or costs without providing any guidance how to do so.
- If systems were put in place to allow FPs to evaluate costs or alternatives, firms failed to mandate their use or could not determine if the systems were used.
- Directing FPs to document the basis for their recommendation but without providing instructions as to when it is necessary and what information is appropriate to include.
- Conflict of Interest Obligation
- Policies and procedures did not specify how conflicts of interest are to be identified or addressed. Firms failed to provide a structure to identify and address conflicts (e.g., a conflicts officer or committee or a particular unit within Compliance).
- Generic conflict language (e.g., we have conflicts related to compensation differences) without reflecting all conflicts of interest associated with the recommendations made by a firm or its FPs.
- Inappropriately relying on disclosure to “mitigate” conflicts that appeared to create an incentive for FPs to place their interest ahead of the retail customer without establishing any mitigation measures (i.e., modifying practices to reasonably reduce conflicts of interest) at the FP level.
- Training and Testing
- Relying heavily on surveillance systems that existed before the effective date of Regulation Best Interest without considering whether those systems needed modification in order to effective monitor Reg BI compliance – e.g., failing to consider new obligations regarding rollovers, account recommendations, implicit hold recommendations, and account monitoring (if agreed to).
- Relying on surveillance systems that did not capture hold recommendations or recommendations that are not accepted by the retail customer, which resulted in those recommendations going unreviewed.
- Relying on locally stored documents that limited surveillance regarding Care Obligation to branch examinations.
- Relying on Reg BI training that did not provide employees with the specific tools, methods, or policies and procedures that they could use to comply with Reg BI.
CRC believes that the best approach to regulatory compliance is a proactive one. Staying ahead of the curve by taking note of statements and guidance released by regulators and using them as a barometer to assess the current regulatory climate can help ensure that a firm is prepared for a regulatory exam. Rather than scrambling to rectify issues or meet deadlines, a thorough, active compliance program that considers and incorporates regulatory developments is in a better position to satisfy regulators and preserve operations so they can best serve their clients.
In light of the recent Risk Alert related to Reg BI, as well as the ongoing trend of increased findings and enforcements in this area since its implementation, firms should take this opportunity to assess their existing Reg BI compliance procedures, training materials, and operational processes to ensure that no gaps exist. Firms should pay careful attention to technological solutions deployed to meet the obligations of Reg BI and confirm that such solutions do not implicate the regulatory pitfalls outlined in this most recent Risk Alert.
For more information, please contact:
p. (646) 346-2468
p. (917) 568-6470