Picture of the SEC building (Photo: Diego Radzinschi/ALM)

The Securities and Exchange Commission is failing to meet its regulatory oversight responsibilities involving registered investment advisors, including bringing timely enforcement actions as well as exam coverage, according to the securities regulator’s internal watchdog.

The Inspector General’s recently released report to SEC Chairman Jay Clayton highlights management and performance challenges the agency faces as fiscal year 2020 begins.

In fiscal 2018, the percentage of first enforcement actions filed within two years of the opening of the matter under inquiry or investigation was 49%, falling below the annual target of 65%, the SEC Inspector General said in a recent statement.

Also, in fiscal 2018, the IG reported, the average number of months between opening a matter under inquiry or investigation and commencing an enforcement action was 25 months, failing to meet the target of 20 months.

To address the issue of timeliness in investigations, the agency’s enforcement division “has again reported ‘taking measures that include emphasizing expediency in quarterly case reviews, promoting best practices regarding efficiencies in various phases of the investigative process, leveraging data analytics capabilities, and conducting training on tools that expedite investigations,’” the IG report states.

The IG office also stated that since 2014, it has “reported as a challenge” the need for ensuring sufficient exam coverage of RIAs by the Office of Compliance Inspections and Examinations.

“It is imperative that management effectively use risk-based processes and … leverage technology and analytics to address its regulatory responsibilities, including those of the examination program,” the IG said.

As to cybersecurity, the IG plans in fiscal 2020 to continue to assess the SEC’s efforts to secure its systems and data.

“Specifically, we will complete an ongoing audit of the SEC’s management of the planning, implementation, and security of its cloud computing services. We also plan to assess the SEC’s mobile device program and controls for protecting information stored and/or processed on such devices, as well as the agency’s firewall security.”

The agency is also assessing ways to further reduce its “attack surface,” the IG report states, and plans “additional actions in FY 2020 to further strengthen its cybersecurity posture” based on recommendations from the agency’s previous assessment.

For fiscal 2020, the SEC seeks resources from Congress to hire three additional staff positions in its Office of Information Technology to “deepen OIT’s expertise in new technologies such as cloud computing, and to expand [its] proactive monitoring of network and systems for malicious activity by cyber threat actors.”