Skip to main content
Menu Icon Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

SEC exams to focus on ICOs, cybersecurity, and AML programs

Securities Initial Coin Offerings Privacy/Cyber Risk & Data Security Anti-Money Laundering Fintech SARs Financial Crimes

Securities

On February 7, the SEC’s Office of Compliance Inspections and Examinations (OCIE) released its 2018 Examination Priorities, which includes cryptocurrency and Initial Coin Offerings (ICOs) for the first time. According to the document, the OCIE’s 2018 priorities reflect “certain practices, products, and services that OCIE believes may present potentially heightened risk to investors and/or the integrity of the U.S. capital markets.” The document highlights five themes:

  • Retail Investors. Among other retail investor priorities, OCIE states it will focus on high-risk products, including cryptocurrency and ICO markets due to their rapid growth. Exams in this area will review whether there are adequate controls and safeguards to protect against theft and whether appropriate disclosures about the risks associated with the investments are given to investors.
  • Compliance and Risks in Critical Market Infrastructure. OCIE will look at important participants in the market structure, including clearing agencies, national securities exchanges, transfer agents, and entities under Regulation SCI.
  • Review of Other Regulatory Bodies. OCIE intends to review the operations and controls of the Financial Industry Regulatory Authority (FINRA) and the Municipal Securities Rulemaking Board (MSRB).
  • Cybersecurity. OCIE notes that the scope and severity of cybersecurity risks have increased dramatically. According to the document, examinations will continue to focus on, among other things, data loss prevention, governance and risk assessment, and vendor management.
  • AML Programs. Anti-money laundering (AML) program examinations will focus on whether the regulated entities are “appropriately adapting their AML programs to address their obligations.” More specifically, OCIE will look at whether entities are filing accurate Suspicious Activity Reports (SARs) and performing appropriate customer due diligence reviews.
Share page with AddThis