More On Legal & Compliancefrom The Advisor's Professional Library
- The Custody Rule and its Ramifications When an RIA takes custody of a clients funds or securities, risk to that individual increases dramatically. Rule 206(4)-2 under the Investment Advisers Act (better known as the Custody Rule), was passed to protect clients from unscrupulous investors.
- RIAs and Customer Identification Just as RIAs owe a duty to diligently protect their clients privacy and guard against theft, firms also play a vital role in customer identification. Although RIAs are not subject to an anti-money laundering rule, securities regulators expect advisors to address these issues in their policies and procedures.
As uncertainty remains in the debate over whether a self-regulatory organization (SRO) should oversee advisors—and a new option of using outside auditors for advisor exams in lieu of an SRO was recently thrown into the mix by a Georgetown professor—changes are afoot within the Securities and Exchange Commission’s exam division.
While those in the advisory world—including trade groups that are lobbying heavily against an SRO for advisors—agree that oversight of the advisory industry needs to improve, the question remains exactly how this “improvement” will occur and whether legislation calling for an advisor SRO to boost the effort will actually come to fruition.
The former associate director and general counsel at OCIE, John Walsh, gave me some telling insights into what he thinks may occur. Walsh, who lived through the Madoff years at OCIE and is now a partner with the law firm Sutherland Asbill & Brennan in Washington, told me that the SEC staff study under Section 914 of Dodd-Frank summed up the SEC’s examination shortfalls really well. As the study noted, he said, “there’s a serious mismatch between the requirements that the [SEC] exam program is expected to meet and the resources that are available to it.” Looking at the current situation at OCIE, he said, “there probably is some role for self-regulation” of advisors via an SRO because “raising the money needed for user fees or [boosting] the SEC’s budget is going to be problematic in the current [political] environment.”
The bottom line, Walsh said: “Something has to be done, that’s pretty clear.”
Yet another insightful comment on the SRO debate came to me recently from David Tittsworth, executive director of the Investment Adviser Association (IAA) in Washington, who says that he expects the House Financial Services Committee to consider “in the near future” SRO legislation proposed by the committee’s chairman, Rep. Spencer Bachus, R-Ala. Bachus’ bill would shift oversight of advisors to the Financial Industry Regulatory Authority (FINRA) or another private regulator, except for certain advisors whose assets under management are concentrated in mutual funds, private funds or large clients.
As it stands now, “there does not appear to be any current appetite” for mandating third-party compliance audits of advisory firms, as put forth in a recent white paper by James Angel, the Georgetown University professor who studied the issue with backing from TD Ameritrade, Tittsworth says. Rather, the main alternatives being debated on Capitol Hill are increasing the SEC’s resources or expanding FINRA’s jurisdiction to investment advisors.
The Letter and Spirit of Compliance
Given its lack of resources, however, OCIE is moving forward with enhancements to its examinations program. Carlo di Florio, director of OCIE, laid out at a recent conference some central components to OCIE’s new National Exam Program (NEP). Di Florio said that because ethics is fundamental to securities laws, “ethical cultural objectives should be central to an effective regulatory compliance program.”
That’s why when NEP staff examines an advisor’s adherence to its fiduciary obligations or a broker-dealer’s effective development, maintenance and testing of its compliance program, examiners are assessing “how well firms are meeting both the letter and spirit of these obligations,” he said. What’s more, OCIE examiners also “examine specific requirements for ethical processes, such as business conduct standards.”
The “ethical environment” within an advisory and BD firm is also central to OCIE’s new emphasis on risk-based examinations, di Florio said. “How we perceive a registrant’s culture of compliance and ethics informs our view of the risks posed by particular entities.” In this regard, he said, OCIE has begun meeting boards of directors, CEOs and senior management to share perspectives on the key risks facing the firm, how those risks are being managed and the effectiveness of key risk management, compliance, ethics and control functions. This, he said, “provides us an opportunity to emphasize the critical importance of compliance, ethics, risk management and other key control functions, and our expectation that these functions have sufficient resources, independence, standing and authority to be effective in their roles.”
Dialogues with boards of directors and CEOs also gives OCIE examiners an opportunity “to assess the tone at the top that is shaping the culture of compliance, ethics and risk management in the firm,” di Florio said. “If we believe that a firm tolerates a nonchalant attitude toward compliance, ethics and risk management, we will factor that into our analysis of which registrants to examine, what issues to focus on, and how deep to go in executing our examinations.”
Internal Compliance for the SEC
OCIE isn’t just making sure advisory firms are adhering to these “ethical” compliance behaviors. OCIE, di Florio said, has created its own internal compliance program, with a dedicated team focused on strengthening and monitoring how effectively OCIE adheres to its own standards. Di Florio also said OCIE is finalizing its first “Exam Manual,” that details all of the exam division’s key policies and standards.
Compliance professionals are weighing the ramifications of news regarding the coordination of efforts by the SEC’s Enforcement Division and OCIE.
For example, these compliance professionals say that apparently several of the SEC’s regional offices have developed a program whereby Enforcement personnel serve on an OCIE team for six months and OCIE personnel serve on an enforcement team for the same period of time.
Compliance professionals are wondering what this collaboration means and are asking questions such as:
- Is this a formal program to be instituted across all SEC offices?
- Is it utilized in every examination or only a percentage? (What is the percentage?)
- What are the objectives and goals of this program?
- Does participating enforcement staff identify itself to firms undergoing an examination?
Schapiro on Enforcement
SEC Chairman Mary Schapiro said in an early November speech that “stronger teamwork and collaboration” between OCIE and the enforcement division “both led to an increase in referrals by OCIE to Enforcement and allowed the SEC to move more swiftly to protect investor assets when irregularities were discovered.”
Working with the SEC’s Division of Risk, Strategy and Financial Innovation, Schapiro said that the NEP is creating and continuously improving metrics that allow OCIE to target firms that pose higher risk. For instance, she noted the recently established Office of Risk Analysis and Surveillance unit within OCIE that “guides that targeting strategy across different program areas and sharpens focus on registrants and practices that pose the greatest risk to investors and market integrity.”
Working with filings and public information, OCIE targets firms registered with the agency that show unusual patterns of activity, like claiming investment returns that are consistently high, for example, even when the markets are down or are mixed, Schapiro said. Other discrepancies that can serve as red flags, Schapiro said, include overstatement of assets, non-disclosure of affiliates or misrepresenting custodial arrangements, and even something as simple as a tip that an individual is lying about their college degree. Another red flag, she said, would be a broker claiming a Ph.D. in finance who cannot answer basic technical questions—this can trigger additional scrutiny, particularly if a registrant emphasizes those credentials in promotional material.