Timothy M. Simons, CFA, CIPM, CSCP
Focus 1 Associates LLC
November 30, 2017
Two things I want to talk about, the November 15, 2017 Division of Enforcement Annual Report for FY 2017 (“Report”), and the speech that Peter Driscoll, Director of the SEC Office of Compliance Inspections and Examinations (“OCIE”) gave at the GIPS® Standards Annual Conference on September 14, 2017.
In June of this year, SEC Chairman Clayton appointed Stephanie Avakian and Steven Peikin as Co-Directors of the Division of Enforcement, with over 1200 staff members. In addition to working in the private sector, Avakian has prior SEC experience, including as the Deputy Director and Acting Director of the Division, and Peikin as an Assistant U.S. Attorney in the Southern District of New York.
The Report, in addition to talking about the accomplishments of the Division in the last fiscal year, identifies the core principles that will guide the Division in its quest to protect investors, deter misconduct, and punish wrongdoers:
Principle 1: Focus on the Main Street Investor
Continue to address the misconduct that has traditionally affected retail investors: accounting fraud, sales of unsuitable products and the pursuit of unsuitable trading strategies, pump and dump frauds, and Ponzi schemes.
OCIE formed a Retail Strategy Task Force to develop effective strategies to address potential harm to retail investors. The task force will work closely with the Commission’s examination staff, as well as the Office of Investor Education and Advocacy, and use data analytics to identify areas of risk to retail investors.
Continue to vigorously pursue cases against financial institutions and intermediaries. OCIE’s oversight of Wall Street is most effective, and protects those who need it most, retail investors.
Principle 2: Focus On Individual Accountability
Common sense and experience teach that individual accountability more effectively deters wrongdoing. The vigorous pursuit of individual wrongdoers must be the key feature of any effective enforcement program. We must protect investors by barring serious wrongdoers and recidivists from our markets.
Principle 3: Keep Pace With Technological Change
Technology has dramatically transformed our markets and the ability of wrongdoers to engage in cyber-enabled misconduct. To combat that ability, OCIE formed a specialized Cyber Unit to consolidate its substantial cyber-related expertise including experts in cyber intrusions, distributed ledger technology, and the dark web.
Principle 4: Impose Sanctions That Most Effectively Further Enforcement Goals
Sanctions include: obtaining monetary relief; barring wrongdoers from working in the securities industry; and, when appropriate, obtaining more tailored relief, such as specific undertakings, admissions of wrongdoing, and monitoring or other compliance requirements.
Principle 5: Constantly Assess the Allocation of Our Resources
The volume of potential securities violations reflects the multi-trillion-dollar size of our markets. Last year, Commission personnel reviewed more than 16,000 tips, largely from the general public, and more than 20,000 reports of suspicious activity filed by broker-dealers and other entities.
For noteworthy cases and statistics, Click here for the report
After receiving a sense of direction that the Division of Enforcement has set for itself, it is worthwhile to identify the goals that OCIE has set for itself.
Driscoll has 15 years of experience at the SEC, including time as an examiner and Branch Chief (always a plus to lead OCIE), and he is both an accountant and an attorney. Driscoll has served as OCIE’s Acting Director since January 2017, and named Director on October 26th.
“Our mission is to protect investors, ensure market integrity and support responsible capital formation through risk-focused strategies. OCIE fulfills this mission in four primary ways: (1) improving compliance; (2) preventing fraud; (3) monitoring risk; and (4) informing policy. We refer to these as the “four pillars” of our mission. To execute on these pillars, OCIE is committed to being risk based, data driven and transparent.”
In FY2016 as well as FY2017, OCIE has redeployed some of its staff from the broker-dealer examination program to the investment adviser (IA) examination program, resulting in an increase in the number of IA examinations completed. Driscoll cautions us,
“(T)he number of examiners and exams completed takes a back seat to our focus on the quality of the exams we are conducting. This is our main priority and we are not going to sacrifice quality for quantity. Moreover, increases or decreases in exam numbers alone do not tell the entire story of our program, as exam numbers alone do not speak to quality or the breadth of our work. Beyond examining registrants, OCIE has continued to spend considerable time and effort during the last few years on enhancing its risk assessment and surveillance capabilities to ensure that the program is spending its limited time and resources on those firms presenting the highest risk. As part of these efforts, the staff has spent significant resources to develop technological tools that allow us to collect and analyze data filed by registrants, not just those that are chosen for examination. The program has also conducted thousands of internal desk reviews to help ensure that the more time-consuming on-site visits we make are spent addressing higher risk firms and activities. The results of these efforts help to ensure that we utilize our resources in the most effective and efficient way.”
OCIE has tried to provide more transparency about exams through publications. OCIE has published its Exam Priorities each year for the last several years. OCIE’s 2017 priorities are organized around three thematic areas: (1) examining matters of importance to retail investors; (2) focusing on risks specific to elderly and retiring investors; and (3) assessing market-wide risks.
Knowing what OCIE is prioritizing may help registrants focus their own internal compliance reviews. It may also help facilitate the ability to anticipate and preemptively solve common compliance issues.
OCIE staff has consistently published Risk Alerts over the past few years. Based on feedback from industry and compliance professionals, they have been working on issuing more detailed Risk Alerts that summarize common exam findings across an array of topics. They believe the transparency in these types of risk alerts provide CCOs with clear information about common compliance issues and the advisers they work for will use this information to improve compliance in these areas and that investors are better protected as a result.
So far this year the OCIE staff has published four risk alerts.
Advertising Risk Alert
OCIE staff observed advertisements that: contained misleading performance, including performance results that did not deduct advisory fees; compared results to a benchmark but did not include disclosures about the limitations inherent in such comparisons; and contained hypothetical and back-tested performance results, but did not explain how these returns were derived and did not include other potentially material information regarding the performance.
Staff also observed advertisements that contained misleading claims of compliance with voluntary performance standards, such as GIPS®, when the performance results in fact did not adhere to the performance standards’ guidelines. Cherry-picked stock selections also made the top-five.
With respect to using third-party rankings or awards, staff observed advisers who published potentially misleading advertisements containing references to awards or rankings conferred by third parties that failed to disclose material facts about such awards or rankings, such as payments made in exchange for the ranking or the fact that the ranking or award was many years old and no longer applicable.
Clients, particularly retail clients, often rely on the information presented in an adviser’s advertisements to evaluate the adviser’s capabilities and experience.
Top Five Deficiencies Risk Alert
The five common compliance topics addressed for investment advisers are deficiencies or weaknesses involving various rules under the Advisers Act, including:
(1) The Compliance Programs Rule;
(2) Required regulatory filings;
(3) The Custody Rule;
(4) The Code of Ethics Rule; and
(5) The Books and Records Rule.
Cybersecurity 2 Initiative Risk Alert
Recently, OCIE staff published two risk alerts about cybersecurity. In August, OCIE staff published a risk alert summarizing observations from OCIE’s Cybersecurity 2 Initiative. This risk alert highlighted issues OCIE believes firms would benefit from considering when assessing and improving their policies, procedures, and practices relating to cybersecurity. OCIE observed that adviser information protection policies and procedures appear to have issues, including policies and procedures that were not reasonably tailored because they provided employees with only general guidance. The staff also observed Regulation S-P-related issues among firms that did not appear to adequately conduct system maintenance.
Cybersecurity Ransomware Alert
OCIE staff published a risk alert concerning the widespread ransomware attack, known as WannaCry, which impacted numerous organizations across the world. OCIE encouraged broker-dealers and advisers to review a publication by the United States Department of Homeland Security and evaluate whether applicable system patches had been properly and timely installed.
OCIE would like to do better. Driscoll is asking registrants to provide feedback on these risk alerts. Have they been helpful? What could OCIE do to be more helpful? What additional risk areas would you like to see OCIE address? And even more broadly, are there other things you would like to know from us that you believe would improve and promote compliance and ultimately better protect the investing public?
Click here for the Driscoll Speech
It appears that the Enforcement program will continue to be the gorilla in the room for the near future and certainly in the press, and the Examination program does not appear to be interested in headlines (although an occasional one would be okay). I really like the idea of the examination program becoming more transparent, concentrating on education for those advisers trying to do the best they can for their clients, and willing to refer a registrant to enforcement who is not working for the client’s best interest.
Meanwhile, the SEC is still short two Commissioners; perhaps the Congress could provide them with the additional leadership they need to accomplish their mission.