I’m attending a conference sponsored by IA Watch: Coping with Regulatory Change. These are my brief notes.
Marc Wyatt, Director, SEC’s Office of Compliance Inspections and Examinations, gave his perspective on the priorities that lie ahead for OCIE. Marc Wyatt Named Director of the Office of Compliance Inspections and Examinations last week.
He emphasized that OCIE does not want to be a “gotcha” regulator. OCIE’s job is deterrence. That is why OCIE publishes its exam priorities each year. OCIE wants to empower CCOs to be able to focus limited resources on issues. It’s not that OCIE only gets to 10% of registered advisers. OCIE wants to use the exams to deter other firms from doing bad things. Exams are very much risk-based and data driven.
Cybersecurity will be on the list for a long time. Retirement accounts and senior investors will also be on the list.
OCIE tries to be incremental. For cybersecurity, the first round was mostly information gathering. The next level is more testing. He was not willing to say how many firms OCIE is visiting. He wants it be statistically significant.
The pool of registrants is growing. There were 500 new registrants last year. The SEC is trying to specialize and get the skills for the new pool of registrants (private equity, hedge funds, etc.)
OCIE feels it is getting better aligned with institutional investors. Investors are doing much more due diligence and taking a deeper dive.
The vetting process for which firms to exam is also a set of data for the exam process. Of the two out of ten firms that examined, reviewing the other eight helps OCIE understand the risks.
How to avoid getting examined? These are red flags for the risk-based analysis:
- A big swing in AUM?
- Changes in key personnel
- Aberrational performance
- Areas for better understanding (OCIE wants to better understand a time of investing style, or there is a rule in process)
How to get exam staff out once they come:
- Be efficient on document production
- Question the exam staff about unclear document requests
- Get clarification if a question is unclear.
- Don’t dump documents trying to overload examiners
- Make sure exam staff has access to key people
- Day One presentation with CCO, being candid about risks, highlighting key people for follow-up meetings
In response to lowering risk rating, Mr. Wyatt was not willing to share criteria that would reduce. He pointed out there is a never-before examined exam initiative.
He pointed out the out-sourced CCO risk alert. Use that to look at your in-house CCO program.