Publications

Staff members from the SEC’s Office of Compliance, Inspections and Examinations (OCIE) in Washington and the Philadelphia District Office spoke recently on the topic of Investment Adviser and Investment Company Regulation at a program sponsored by the Pennsylvania Bar Institute. Their remarks, which provide a template for regulatory priorities in the investment management field, are summarized below.

IA Examination Selection
In the wake of the market timing scandal of the past few years, the SEC staff is emphasizing the examination of “high-risk firms,” which are examined every three years. All other firms are examined on a random selection basis, not a regular cycle, according to these staff members. The criteria for selecting “high risk” firms were informative.

According to the SEC representative, the staff assesses annually the risk presented by each firm in its district or region. Disclosures in the firm’s Form ADV filings form the basis of the staff’s assessment of risk, supplemented by the most recent examination findings. In particular, the staff prepares a “control scorecard” for each firm it examines, which attempts to document how the firm determines and detects violations, identifies its high-risk areas, and evaluates the adequacy of its internal controls.

To the extent the staff concludes that the firm has adequate controls in these areas, it limits its review. Areas of current staff concern include the following:

• Does someone who is not the portfolio manager periodically review the firm’s adherence to client objectives and restrictions and are they periodically updated?
• Is there adequate segregation of duties to prevent fraud or other misconduct?
• Does the firm possess an adequate disaster recovery plan?
• Does the firm properly allocate investment opportunities?
• Does the firm use qualified custodians to store assets and send statements directly to clients?
• Does the firm possess adequate investment planning controls?

Based on its review, the staff assigns an overall risk rating, which determines the frequency of examinations. This risk rating number is for internal use only; it is not disclosed publicly.

Specific Document Requests
The staff always asks the examined firm if there were any material regulatory breaches. Recently, the staff has eased up on its policy requiring reports of such breaches to be in writing. Now the staff will consider the report in any format. The concern of the staff is not that a breach occurred — every firm experiences compliance issues — but that the firm promptly identified and addressed the breach by taking appropriate action.

With the adoption of Rule 38a-1, each mutual fund is required to appoint a Chief Compliance Officer (“CCO”) whose appointment is subject to the approval of the board of directors and who serves at the pleasure of the board. The CCO must report annually to the board on the operations of the compliance department, the fund’s policies and procedures, whether there have been any changes to them since the last report, and whether the CCO recommends any further changes. The staff will routinely request this document.

Sweep Examinations
Risk-targeted examinations (sweeps) are conducted to address areas of great risk or emerging concern. They are not as common now as they were in 2003 and 2004. When conducted, the staff tries to select firms whose activities make them appropriate candidates for the particularized review.

Written Policies and Procedures
With respect to firms’ written policies and procedures, the staff has found that the larger the firm, the more detailed and specific to the firm’s operations the procedures appear to be. On the other hand, the smaller firms (according to the speakers) tend to employ off-the-shelf policies and procedures not specifically tailored to the firm’s operations, which the SEC views as troubling.

Many smaller firms do not appear to have read the policies and procedures they have adopted. For example, they may not have designated a compliance officer as the policies require, or they may include sections that bear no relation to the firm’s business.

In general, the SEC staff believes that whether the firm drafts its own procedures, or uses an off-the-shelf product, firm employees who actually do the work should be given an opportunity to review and modify the policies and procedures to better reflect what the firm actually does, subject to a higher level review to assure consistency.

With respect to testing, the larger firms test more and test more competently, according to the program’s speakers; smaller firms should identify areas where testing is necessary in light of their business model and develop the competence to carry it out.

The best way to approach required policies and procedures is to see them as providing value to the organization; they should be drafted in a way that tells the firm’s staff what to do and how to do it. The policies and procedures should be a living document reflecting the work of the firm and not a dissertation on the securities laws.

Post-Examination Matters
The SEC staff will routinely hold an exit conference with the registrant to discuss the staff’s findings during the examination. In practice, an examination results in either the staff issuing a deficiency letter or a letter of “no further action.” Letters of “no further action” are rarely issued, although a percentage of such occurrences was not provided to the audience.

If the findings warrant, the regulatory staff will refer the matter to the enforcement staff for further review and possible legal action. Such referrals require a serious underlying problem. That is, inadequate controls, supervisory procedures, or written policies and procedures, in and of themselves, without a serious underlying violation or history of non-compliance, will not generally result in a referral to the enforcement staff. Note, however, that unfulfilled promises to the staff to correct deficiencies that are not complied with may, in and of themselves, be considered serious enough to form the basis for the referral to the enforcement staff following a subsequent examination.

When findings are of a more serious nature, but do not rise to the level of an enforcement action, the SEC staff may direct the registrant to appear for a staff conference. Although not specifically stated by the program’s speakers, advisers should be aware that attendance at a staff conference will likely influence the staff’s determination of when to schedule the firm’s next examination.

Finally, the staff observed that firms have become more contentious, disputing findings in deficiency letters. Firms argue that these letters take on a life of their own, often requested by boards of directors, consultants and others, thereby requiring that they clarify in writing matters that they previously would have addressed informally with the staff.

The foregoing summary was prepared by Richard A. Levan and Theodore S. Bloch, both of whom formerly served as members of the SEC’s staff.