Compliance Outreach and OCIE Observations

The SEC’s Office of Compliance Inspections and Examination launched a lot info last week. It livestreamed a National Investment Adviser/Investment Company Compliance Outreach and published a Risk Alert on notable compliance issues identified by OCIE related to Rule 206(4)-7.

Peter Driscoll, Director of OCIE, started off the program highlighting three words that should be applicable to your firm’s CCO: Empowered, Seniority, and Authority. He wants firms to think of compliance and the CCO as an essential component to running and advisory business and not just a box to be checked. CCOs should be routinely included in strategy discussions and brought into decision-making early-on for their meaningful input.

Then he mentioned that OCIE was publishing a risk alert right then on compliance programs.

Mr. Driscoll moved the Outreach program to a panel with Dalia Blass from Investment Management and Marc Berger from Enforcement. In discussing private funds, they highlighted the usual hot spots:

  • Valuation
  • Undisclosed conflicts
  • custody rule
  • allocation of expenses

In discussing upcoming regulatory changes, Ms. Blass mentioned the proposed Advertising Rule changes. Sounds like it’s still in process. No mention of a timeline. She also mentioned that there may be some upcoming regulatory changes around valuation and custody.

The second panel was on resiliency, information security and business continuity. This is even more important with so many firms and their employees working remotely.

The second panel focused on undisclosed conflicts. One panelist expressed grave concern over the use of the word “may” when describing conflicts. If there is an actual conflict, “may” is not the right word to use. If a firm always takes a fee, “may” is not the right word to use.

The panelists raised the issue of disclosing PPP loans. It was noted that taking a PPP loan was an indication of financial distress that likely should be disclosed to clients.

Turning to the new risk alert, the focus is the structure of compliance programs. It starts right off with a failure to have adequate compliance resources to support a robust compliance program. That includes having a CCO who devotes adequate time to compliance and is knowledgeable about the Advisers Act. One special note was for firms that had grown in size or complexity, but had not increased their compliance resources accordingly.

The Risk Alert emphasizes the importance of the annual review and documenting the annual review. As it’s coming up to year-end, it’s a good check list as you may be starting to work on your annual review.

Sources:

The Supervision Initiative

In 2017, the SEC’s Office of Compliance Inspections and Examination conducted exams of investment advisers that previously employed, or then currently employed, any individual with a history of disciplinary events. According to a just released Risk Alert, this was the Supervision Initiative.

The initiative examined over 50 advisers, with a total of $50 billion in assets and 220,000 clients, most of who were retail investors. The firms were selected based on disclosures of disciplinary events. The Supervision Initiative was announced as part of the 2016 Examination Priorities.

With credit to OCIE, they use the results of these initiatives to guide firms on how to improve their compliance programs. This Risk Alert has five suggestions for firms that have an employee with disciplinary histories.

1. Adopt written policies and procedures that specifically address what must occur prior to hiring supervised persons that have reported disciplinary events. Those procedures should trigger investigations of the disciplinary events and ascertain whether barred individuals were eligible to reapply for their licenses.

2. Enhance due diligence practices when hiring to identify disciplinary events. Conducting background checks on employment histories, disciplinary records, financial background and credit information. Conducting internet and social media searches.

3. Establish heightened supervision practices when overseeing supervised persons with disciplinary histories. The staff found that advisers with written policies and procedures specifically addressing the oversight of supervised persons with disciplinary histories were far more likely to identify misconduct by supervised persons than advisers without these written protocols.

4. Adopt written policies and procedures addressing client complaints related to supervised persons. The staff observed that advisers with written policies and procedures addressing client complaints related to their supervised persons were more likely to have reported the receipt of at least one complaint related to their supervised persons. In addition, these advisers were consistently more likely to escalate matters of concern raised in these complaints than advisers without written protocols.

5. Include oversight of persons operating out of remote offices in compliance and supervisory programs, particularly when supervised persons with disciplinary histories are located in branch or remote offices. Don’t let out of sight mean out of mind.

Sources:

What SEC Registration Means for Hedge Fund Advisers

Earlier this month Norm Champ, Deputy Director, Office of Compliance Inspections and Examinations at the SEC, addressed the New York City Bar and gave a preview of what the SEC has in mind for private fund advisers. I thought this tied nicely with the speech given by Norm’s boss, Carlo V. di Florio, at PEI’s Private Fund Compliance Forum.

First, some statistics:

  • As of early April, there were approximately 4,000 investment advisers that manage one or more private funds registered with the Commission
  • 34% (more than 1,350) registered since the effective date of the Dodd-Frank Act.
  • This represents a 52% increase in registered private fund advisers
  • 32% of all advisers currently registered with the Commission report that they advise at least one private fund.
  • Of the registered private fund advisers, approximately 7% (284) are domiciled in a foreign country; most of these (136) are in the United Kingdom.
  • Registered private fund advisers report on Form ADV that they advise approximately 30,000 private funds with total assets of $8 trillion, which is 16% of total assets managed by all registered advisers.
  • Based on available information, 48 of the 50 largest hedge fund advisers in the world are now registered with the Commission.
  • Fourteen of these largest hedge fund advisers are new registrants.

It sounds like fund advisers should expect a visit from the SEC this fall.

“Our strategy for these new registrants will include (i) an initial phase of industry outreach and education like today (sharing our expectations and perceptions of the highest risk areas), (ii) followed by a coordinated series of examinations of a significant percentage of the new registrants that will focus on the highest risk areas of their business and help us to risk rate the new registrants, and (iii) culminating in the publication of a series of “after action” reports, reporting to the industry on the broad issues, risks, and themes identified during the course of the examinations.”

This is exactly what Mr. DiFlorio described as the upcoming SEC strategy. Given the current staffing, it would seem that the SEC visit would need to be brief in order to reach a substantial portion of the 1,350 new registrants in a short period of time.

Champ ends with Ten Suggested Takeaways for Registered Advisers to Hedge Funds

  1. Review your control and compliance policies and procedures annually.
  2. Assess and prepare for Form PF requirements.
  3. Identify risks.
  4. Enhance your expertise.
  5. Verify client assets.
  6. Get rid of any silos, identify conflicts.
  7. Provide clear, complete, and accurate disclosure in performance and advertising.
  8. Verify portfolio management compliance.
  9. Address your complaints.
  10. Check your IT security.

We know the SEC is coming and what they are looking for. It’s time for newly installed CCOs to put the work in to make the SEC happy when they appear on your doorstep.

Sources:

Hot Topics for SEC Exams

As part of the SEC’s new National Exam Program Overview, OCIE highlights six areas of focus for Investment Advisers:

“[T]he Program has identified specific strategic areas on which to focus when examining firms…. In FY2012, focus areas include the following priorities, among others:

Complex Entities. Staff will examine for the risks and practices associated with the SEC’s rapidly growing complex registrant population. Review areas may include:

(i) Newly registered, private fund advisers that may be unfamiliar with the Federal securities laws.

(ii) Complex relationships in the private equity space.

(iii)Model risk of quantitative investment decision, order routing, and trade execution models utilized by various industry participants.

Sales Practice of New or Risky Products. The staff will review for the sale or recommendation of inappropriate investments by advisers. Among the areas of concern:

(i) The retailization of complex investments and smaller, niche-type products (e.g., structured products, reverse convertibles bonds, alternative mutual funds, leveraged ETFs).

(ii) Aggressive marketing of retirement/senior products and investments marketed as being “safe.”

(iii)Portfolio management activities that may increase the risk of investor loss or harm.

(iv) Lack of due diligence performed on underlying investment vehicles/managers and any undisclosed conflicts and/or fee arrangements.

(v) Valuation practices and any conflicts that exist in the pricing process.

Fund Governance. The NEP will evaluate practices or oversight weaknesses that may increase the risk of shareholder loss or harm, such as:

(i) Mutual funds investing in a manner that is inconsistent with fund disclosures or engaging in activities that may pose higher risk.

(ii) Directors failing to satisfy fiduciary duties.

(iii) Systemic compliance breaches and processing issues that may have a significant impact on fund investors.

Compliance, Supervision, and Risk Management. The NEP will assess the appropriateness of compliance programs and risk management processes relative to business operations to identify potential weaknesses that raise investor protection concerns, such as:

(i) Effects of cost-cutting, mergers and acquisitions, and aggressive business strategies to make up for losses and revenue cuts.

(ii) Lack of oversight of outside business activities and weak compliance of remote locations, branch offices, and independent contractor representatives.

(iii)Dual and affiliated registrants transitioning broker-dealer customers into advisory clients.

(iv) Ineffective compliance and risk management with respect to complex investments and/or investment strategies.

Fraudulent Activities/Safety of Assets. The NEP continues its initiative to identify fraudulent, abusive, and manipulative activities surrounding the safety of client assets. Areas of focus include:

(i) Custody arrangements that increase the potential for misappropriation of assets.

(ii) Ponzi schemes or ponzi-like schemes.

(iii)Manipulative activity, such as front-running and insider trading.

(iv) Cyber security risks associated with malicious hacking and fraudulent schemes.

 Performance and Advertising. The NEP will assess performance characteristics and marketing practices that have been associated with an increased risk of misrepresentations and investor harm. For example:

(i) Aberrational performance that may be indicative of abusive valuation.

(ii) The use of solicitors to attract new clients, particularly when non-cash compensation is used by advisers.

SEC’s National Exam Program Overview

The SEC’s Office of Compliance Inspections and Examinations (“OCIE”) mission is to protect investors through its nationwide examination and inspection program. Examiners in Washington DC and in the SEC’s 11 regional offices conduct examinations of the nation’s registered entities. Besides investment advisers, OCIE also examines broker-dealers, transfer agents, investment companies, the national securities exchanges, clearing agencies, the nationally recognized statistical rating organizations, SROs (Financial Industry Regulatory Authority and the Municipal Securities Rulemaking Board), and the Public Company Accounting Oversight Board. That’s a lot of ground to cover.

OCIE recently released its National Exam Program Overview (.pdf). The first 23 pages ramble on about the statutory and regulatory framework. The good stuff starts on page 24 with a description of the inspection and examination process.

  1. Overview
  2. Scope
  3. Scheduling Fieldwork
  4. Entrance Interviews
  5. Document Requests
  6. Questions
  7. Exit Interviews/Exit Conference Calls
  8. Results

The staff may identify compliance deficiencies or internal control weaknesses. If this is the case, the staff generally will provide the registrant with a deficiency letter identifying the problems, asking the registrant to take remedial steps, and requesting that the registrant provide a written response. Examinations often conclude with a deficiency letter.

It’s a good roadmap to help prepare your firm for when the SEC inevitably comes knocking on your door.

Sources:

Report on SEC Referrals to Enforcement

For a registered investment adviser, it’s okay to have the SEC’s Office of Compliance Inspections and Examinations visit you. It’s a big problem if the enforcement division visit. OCIE will issue a deficiency letter asking you to fix any deficiencies it finds. If your noncompliance is serious or the examiners think investor funds are at risk, OCIE can refer the case to the enforcement division.

We get to see how well this referral process works as part of a recent Inspector General Report: OCIE Regional Offices’ Referrals to Enforcement (.pdf)

This report was triggered by the fallout from the Stanford case. “The OIG found that the SEC’s Fort Worth regional office had been aware since 1997 that Robert Allen Stanford was likely operating a Ponzi scheme. The investigation also discovered that after a series of OCIE examinations of Stanford Group Company (Stanford’s registered investment advisor) in which each examination concluded that the likelihood of a Ponzi scheme or similar fraud existed, the SEC’s Fort Worth Enforcement unit did not take significant action to investigate or stop such expected fraud until late 2005.” The allegation against the Fort Worth enforcement office is that they were being judged on the number of cases they won. They wanted to stay away from Stanford because is would consume lots of resources and had an uncertain outcome. The OIG claims there was perception that they only wanted “quick-hot” or “slam-dunk”cases.

The OIG report’s objective was to determine “whether and to what extent OCIE examiners were frustrated in matters other than Stanford where Enforcement did not pursue cases identified by examiners in the SEC regional offices.”

One highlight was that the OCIE staff identified thethe SEC’s Asset Management Unit as having significantly assisted with the acceptance rate of referrals.

They also highlight the the different missions and focuses of OCIE and Enforcement: “OCIE focuses its efforts on assessing whether SEC registrants are in compliance with securities laws, while Enforcement’s mission is to protect investors and the markets by investigating potential violations of securities laws and litigating the SEC’s enforcement actions.”

SEC Inspector General Testifies In Congress

SEC Inspector General H. David Kotz In the first Congressional hearing since the Madoff scandal broke in December, Mr. Kotz said his agency’s handling of the Madoff case may be a symptom of more widespread problems with how the agency handles its examinations and investigations.

Kotz testified on the subject of “Assessing the Madoff Ponzi Scheme.”

Frankly it sounds like the SEC will spend as much time and energy investigating themselves on the Madoff matter as they will actually investigating the Madoff matter itself.

See also:

Open Letter to CEOs of SEC-Registered Firms

sec-sealThe SEC’s Office of Compliance Inspections and Examinations has published an letter to CEOs of SEC Registered Firms about the importance of compliance programs during this time of “financial and market turmoil.”

December 2, 2008

Dear CEO of SEC-Registered Firm:

During this time of financial and market turmoil, the Office of Compliance Inspections and Examinations of the Securities and Exchange Commission reminds leaders of SEC-registered firms, including broker-dealers, investment advisers, investment companies and transfer agents, of the critical role played by your firm’s compliance programs in helping to meet your obligations under the securities laws. Your firm’s compliance function is critical to assure that your operations comply with the law and rules for industry participation and to ensure that the interests of your customers, clients and shareholders are protected. Moreover, compliance is a vital control function that helps to protect the firm from conduct that could negatively impact the firm’s business and its reputation.

While many firms are considering reductions and cost-cutting measures, we remind you of your firm’s legal obligation to maintain an adequate compliance program reasonably designed to achieve compliance with the law. As SEC Chairman Cox noted recently, “[E]xperience has taught us again and again that giving short shrift to regulatory compliance subjects a company’s investors, employees, management, directors, and every other stakeholder to unacceptable risks….[C]ompliance programs have made huge strides in recent years in becoming more formalized and more robust…. Now more than ever, companies need to take a long-term view on compliance and realize that their fiduciary responsibility requires a constant commitment to investors. That means sustaining their support for compliance during this market turmoil, and beyond it as well.” http://www.sec.gov/news/speech/2008/spch111308cc.htm

Firms must be vigilant and proactive in preventing, detecting and correcting problems that could occur. Firms should pay attention to ensuring that their interactions with investors meet high standards, that sales and trading practices are appropriate, that financial, valuation and risk controls are followed, and that all disclosure obligations are met — as well as meeting all other obligations in conformity with the securities laws.

By fulfilling their obligations, regulated firms in the financial services industry can help to restore and bolster public confidence in the fairness and integrity of our markets and market participants. Providing adequate resources to compliance programs and functions and ensuring that CCOs and compliance personnel are integrated into the activities of the firm are essential to that process.

Thank you for your focus on this important matter.

Very truly yours,

Lori A. Richards
Director

http://www.sec.gov/about/offices/ocie/ceoletter.htm

Core Initial Request for Information from Investment Advisers

sec-sealThe SEC’s Office of Compliance Inspections and Examinations has published its Core Initial Request for Information for Investment Adviser Examinations.

The initial phase of an examination includes a review of the firm’s business and investment activities, its organizational affiliations and its corresponding compliance policies and procedures. The staff will request information and documents and speak with the firm’s employees to ensure an understanding of the firm’s business and investment activities and the operation of its compliance program. Using the information obtained, the staff will assess whether the firm’s compliance policies and procedures appear to effectively address the firm’s compliance risks. This work includes testing the firm’s compliance program in particular areas.

The following points provide an overview of the core information the staff requests:

  • Certain general information to provide an understanding of the firm’s business and investment activities, including organizational charts, demographic and other data regarding advisory clients, and a record of all trades placed for its clients (trade blotter).
  • Information about the compliance risks that the firm has identified (e.g., an inventory of compliance risks) and the written policies and procedures the firm has established and implemented to address each of those risks to provide an understanding of the firm’s compliance risks and corresponding controls.
  • Documents relating to the results of and output from the various transactional (quality control) and period (forensic) testing conducted to provide an understanding of how effectively a firm has implemented its compliance policies and procedures. This includes the results of any compliance reviews, quality control analyses, surveillance, forensic or transactional tests the firm has used to determine if activities have been performed as expected and to identify activities or transactions that have fallen short of or breached related policies and procedures.
  • Information regarding the results of any tests and follow-up actions taken by the firm to address shortfalls or breaches revealed by such tests to provide an understanding of steps taken by the firm to address the results of compliance reviews, quality control, forensic or transactional tests conducted. This information might include, for example, warnings to or disciplinary action of employees, changes in policies or procedures, redress to affected clients, or other measures.
  • Information to perform testing for compliance in various areas.

http://www.sec.gov/info/cco/requestlistcore1108.htm