GRC hot topics
OCIE Issues Risk Alert Highlighting Deficiencies in Compliance, Supervision, and Disclosure of Conflicts of Interest
The SEC's OCIE issued a Risk Alert detailing compliance issues noted during examinations of advisers who hire or employ individuals with a history of disciplinary events.
On June 5, 2019, the U.S. Securities and Exchange Commission issued the Standard of Conduct for Investment Advisers interpretation to reaffirm and clarify the SEC’s views of the fiduciary duty that investment advisers owe to their clients under the Investment Advisers Act of 1940.
Mirabella Group, the regulatory hosting arm of ACA Compliance Group, announced that it has enhanced its hosting services in Malta by adding a Tied Agent solution to its existing alternative investment fund manager (AIFM) service. This new solution helps non-European Economic Area (EEA) firms to interact with their EEA clients using MiFID passporting.
Whilst the FCA’s priorities appear, for the time being, to be on understanding the nature and scale of reporting data errors and how they are addressed, failings under MiFID I moved it to take several high-profile enforcement actions. It is imperative that firms get to grips with their MiFID II transaction reporting processes and data quality checks as soon as possible.
- Trade & Transaction
On June 17, 2019, The Institute of Internal Auditors (the IIA) released an Exposure Draft (the Draft) on a study being conducted to review and modernize the Three Lines of Defense Model (3LoD). The Draft has been released for public comments from June 20, 2019 and September 19, 2019 and reflects the thoughts and analysis of a working group, chaired by Jenitha John, Vice Chairman of The IIA Global Board of Directors; and Chief Audit Executive, FirstRand Ltd.
- AML and Financial Crime
On July 16, the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) issued an update to the September 6, 2018 advisory, "Advisory to Financial Institutions on E-mail Compromise Fraud Schemes." The updated advisory indicates a sharp rise in business email compromise (BEC) fraud across financial services and other industries.
The Lei Geral de Proteção de Dados (LGPD) is a sweeping data privacy regulation that goes into effect on February 15, 2020. Download our FAQs to find out what you need to know and how the law applies to your company.
The Senior Managers and Certification Regime (“SM&CR”) is new set of requirements that will affect all firms regulated by the Financial Conduct Authority in the UK. This includes US firms (and those based elsewhere) who have some presence in the UK. And because SM&CR touches on the way firms are governed, it has potential implications for senior managers and some other staff in such firms including, in some cases, those located in the US parent.
ACA Compliance Group and the Investment Adviser Association release the results from their 2019 Investment Management Compliance Testing Survey. For the sixth year in a row, cybersecurity remains the biggest compliance concern at registered investment adviser firms – with 83 percent of survey respondents identifying cybersecurity as the “hottest” compliance topic and 70 percent indicating that their firms increased compliance testing in this area over the past year.
Regulatory Cyber Alert: Cyber Incidents Reported to the FCA by UK Financial Services Firms Increased by 1,087% in 2018
A recent Freedom of Information request to the UK’s Financial Conduct Authority (FCA) by accounting firm RSM revealed that 819 cyber incidents were reported to the FCA during 2018 – almost a 12-fold