Originally published inLaw360, New York

Over the past two years, the U.S. Securities and Exchange Commission's Office of Compliance Inspections and Examination (OCIE) has increased its examination efforts and, some commentators surmise, has morphed into a powerful tool for the SEC's Division of Enforcement. As the role of OCIE seems to have shifted away from a preventative and sometimes prudential function to a more aggressive, investigative function aimed at finding violations to report to Enforcement, broker-dealers and investment advisers (particular firms that have not been examined previously, such as newly registered hedge funds) must exercise caution in their interactions with OCIE examiners. This brief piece provides some background on OCIE and its examination program for registered entities, and provides some practical advice when faced with an OCIE examination.

Introduction

The SEC's Office of Compliance Inspections and Examinations is located at the SEC's headquarters in Washington, D.C., and in 11 regional offices throughout the country.1 OCIE is responsible for administering the SEC's nationwide examination program for registered entities. Prior to OCIE's establishment under Chairman Arthur Levitt, the Division of Market Regulation (now known as the Division of Trading and Markets) examined broker-dealers, and the Division of Investment Management examined investment advisers. The commission created OCIE to be a stand-alone office that had some level of independence from the divisions.

OCIE examinations of registered entities generally fall into one of four categories: 1) a routine exam that occurs according to a schedule based on a firm's risk profile; 2) a "for cause" exam after receiving information about a potential problem at a particular firm; 3) a "sweep" where OCIE conducts an investigation of a particular set of business practices across a number of firms in the market; and 4) an oversight exam, typically used for broker-dealers that have been recently examined by the Financial Industry Regulatory Authority.

In response to SEC Chairwoman Mary Jo White's pledge to bring more enforcement actions, even based on minor violations (the so-called "broken-windows" approach),2 OCIE has been utilized as a powerful investigative tool of the Enforcement Division to identify potential violations of securities laws. White even

remarked, "I would like to see [the SEC's rate of examination of investment advisers] go up as high as it can."3 Indeed, the SEC has plans to greatly increase the number of OCIE examiners.4

In light of the increase in the number of examinations and their significance to the Enforcement Division, this piece identifies 10 best practices for interacting with OCIE examiners to ensure the most positive experience, to foster the most goodwill with the staff and to protect the firm.

1.Be Truthful and Forthcoming from the Inception and Maintain that Level of Trust Throughout the Examination

It is absolutely critical to develop a relationship of trust and candor from the outset and to maintain that trust throughout the entire examination process. Nothing can start an OCIE exam off on the wrong foot faster than being evasive with the examination team or trying to "spin" the facts. Firms must remind their employees that the purpose of the exam is to ensure that the firm is conducting business in the proper manner. Not being truthful during an examination is the most surefire way to increase the likelihood of a deficiency letter or, even worse, a referral to the Division of Enforcement.

Employees of a firm should not approach OCIE as an adversary, even under the more aggressive examination program. Treating OCIE as an adversary likely will result in the firm being treated in kind. That means that meetings with OCIE examiners should not be treated as depositions but instead as open-ended dialogues designed to help the examiners understand all relevant aspects of the business. Employees of a firm should never omit information that is relevant simply because an OCIE examiner asked a poorly phrased question. If OCIE examiners discover the omitted information later on in the process, they likely will involve the Division of Enforcement, resulting in additional cost and potential liability for the firm.

Keeping in mind that an OCIE exam is not a deposition does not mean that firm employees should speculate or guess at answers to questions for which they do not confidently know the answers. Employee speculation can have the same devastating effect as leaving out details.

2. Understand OCIE's Priorities as Applicable to Your Firm

When preparing for an OCIE examination, it is important to understand OCIE's current exam priorities. It is no surprise that fraud detection and prevention have been a focus for a number of years5 and continues to be a significant initiative.6 The SEC brought numerous fraud cases in 2013 based on referrals from OCIE exams that ranged from "boiler room" schemes,7 to fraudulently raising money, to making material misrepresentations and omissions relating to unregistered hedge funds.8

On April 15, 2014, OCIE issued a risk alert ("alert") announcing its plan to conduct examinations to assess cybersecurity preparedness in the securities industry. One of the main goals of these examinations is to gather information about the industry's recent cyber threats with the end goal of protecting the integrity of market systems and customer data. Included among the areas OCIE plans to review include: (a) the protection of firm networks and information, (b) risks associated with remote customer access and funds transfer requests, (c) risks associated with vendors and other third parties and (d) the detection of unauthorized activity.9

With the release of OCIE's cybersecurity initiative, it is clear that cybersecurity preparedness will be a high priority for the SEC going forward and a likely focus during annual inspections and examinations. Furthermore, the breadth and detail of the inquiries identified in the sample request for information appended to the alert should put compliance professionals at registered broker-dealers and investment advisers on notice of the type of cybersecurity programs expected by the SEC to combat current threats. Registered entities whose existing cybersecurity programs fall short of the details highlighted in the alert should use this opportunity to enhance their programs accordingly.

Since the Madoff scandal, custody of assets remains a major priority for OCIE for investment advisers and investment companies, with particular emphasis on instances where advisers fail to realize they have custody and "therefore inadvertently fail to comply with the requirements of the Custody Rule."10 In one instance, an SEC investigation following a referral by OCIE examiners found that Further Lane Asset Management (FLAM), despite "maintaining custody of assets of hedge funds managed by FLAM" failed to arrange an annual surprise examination to verify the funds' assets.

Additionally, FLAM and its CEO acquired a promissory note from another entity that the CEO owned without informing investors in writing that the fund might acquire such notes or "otherwise materially deviate from its fund-of-funds investment strategy." FLAM was ordered to pay disgorgement of $347,122, and its CEO was fined $150,000 and suspended from the industry for one year.11

In addition to continued focus on fraud and custody of assets and the new focus on cybersecurity, the exam staff has begun to pay particular attention to conflicts of interest.12 OCIE has indicated that, with respect to investment advisers, it will focus on situations where registrants engage in behavior that puts "their own interests ahead of their clients in contravention of their fiduciary duty and existing laws, rules, and regulations." Exams will specifically focus on five areas associated with conflicts of interest:

1. Compensation arrangements, particularly undisclosed compensation arrangements and their effect on recommendations to clients;

2. Allocation of investment opportunities;

3. Controls and disclosure regarding side-by-side management of performance-based and purely asset-based fee accounts;

4. Risk controls and disclosure; and

5. Higher risk products or strategies targeted to retail (especially retired or elderly) investors.13

3. Be Wary of Potential Conflicts and How Your Firm Handles Them

As mentioned above, a recent point of emphasis for OCIE exams is conflicts of interest, especially with regard to firms that are both broker-dealers and investment advisers, and thus provide brokerage services to advisory clients. Firms must be careful in these instances to act in a transparent manner and make accurate representations. This was evident during a 2013 enforcement action involving disclosure and compliance failures by Goelzer Investment Management (GIM).

According to the SEC, Goelzer inappropriately directed advisory client trades through itself as broker-dealer without considering other options for executing the trades, such as utilizing unaffiliated broker-dealers.14 These acts allegedly were in direct contrast to statements in GIM's Form ADV that indicated GIM would conduct comparative analysis of other brokerage firm commission rates prior to recommending itself as broker for its clients. In addition, GIM allegedly misrepresented to its clients that using GIM as a broker would result in lower commission costs as a result of aggregating the client's trades.15

These types of conflicts create exposure for both firms and their employees. According to the SEC, GIM's chief executive officer and chief compliance officer was responsible for the false information contained in the Form ADV that established policies and procedures for the firm to conduct best-execution reviews. As a result, both GIM and GIM's CEO were censured and ordered to cease and desist any current or future violations. In addition, GIM was ordered to pay disgorgement of $309,994.

Another OCIE exam priority related to conflicts of interests involves undisclosed arrangements and their effect on recommendations made to clients. For example, the SEC accused J.S. Oliver Capital Management Co. and its president, Ian Mausner, with engaging in a "cherry-picking" scheme in which the firm awarded the most profitable trades to specific hedge funds, particularly those in which Mausner and his family had invested. At the same time, the firm allocated less profitable trades to other clients resulting in harm of approximately $10.7 million. Additionally, the SEC accused J.S. Oliver and Mausner of misusing soft dollars16 to pay for personal expenses that in no way benefited clients.17 The SEC's investigation is ongoing.

Another priority related to conflicts of interest is higher risk strategies targeted at groups such as the elderly. For example, the SEC accused employees of Advanced Equity Partners LLC of targeting seniors and other investors in an effort to sell them unregistered company stock.18 According to the SEC, the employees misrepresented to investors that their money would be used by a company called Thought Development Inc. (TDI) to develop laser-line technology that would be used by the National Football League (NFL) to more accurately and quickly determine first downs during the Super Bowl. Instead, the employees retained almost three quarters of the money or paid it to sales agents through undisclosed commissions and fees. Additionally, TDI had no agreements with the NFL or any team to use its technology during football games, let alone the Super Bowl.19 The SEC's investigation is ongoing in this matter.

4. Consult External Counsel Before, During and After Examinations

An OCIE exam is a critical matter for a firm and demands significant thought and preparation prior to the exam. Failing to prepare for an OCIE exam could lead to a more extensive and lengthy examination, or give the impression that the firm does not view the exam as a serious matter. Additionally, failure to prepare for the exam can increase the likelihood of further correspondence from OCIE regarding potential deficiencies.

Information related to a deficiency finding or a need for corrective action may be requested by current and prospective clients as part of their due diligence process when selecting an investment adviser.20 Thus, it is crucial that a firm consult outside counsel prior to an OCIE exam to ensure that the necessary precautionary steps have been taken prior to OCIE's arrival on-site.

Engaging outside counsel early allows for effective preparation for an OCIE examination. Outside counsel (or a firm hired by outside counsel to maintain privilege) can be utilized to conduct a mock exam that better prepares the firm for the actual exam and maintains an attorney-client privilege of issues found during the mock exam. Preparing for an exam does not mean that outside counsel will be scripting answers for employees to use, but rather counsel will familiarize them with the process and limit the surprise to the type of questions asked and requests made by OCIE.

Consulting outside counsel is crucial during the exam process. Numerous firm employees may be answering questions from OCIE staff. Having counsel available for consultations — behind the scenes — during the process can be invaluable. Additionally, by consulting counsel during the process, the firm may address any concerns or questions raised by OCIE before the end of the examination. Addressing issues with OCIE examiners prior to their departure from the firm creates the opportunity to convince OCIE to dismiss potential concerns prior to the completion of the examination. Changing OCIE examiners' preliminary findings prior to their completion of the examination prevents those issues from being identified in writing in a formal letter to the firm.

After an OCIE exam, it is very likely that there will be further communication with OCIE staff, either through supplemental requests, or deficiency letters. It is critical to consult outside counsel in this process — again, behind the scenes — as counsel can prove to be the difference between a completed exam and a referral to enforcement. External counsel can be instrumental in making strategic decisions regarding how to respond to OCIE, as well as regarding what information to share with OCIE examiners and the timing of such disclosures. Although in some instances, such as where serious deficiencies have been alleged, external counsel may need to interface directly with OCIE staff, external counsel generally should not insert themselves into the dialogue with OCIE staff.

5. Avoid Waiver of the Attorney-Client Privilege or Work-Product Protection

The SEC does not require a firm to waive the attorney-client privilege or work-product protection. Nonetheless, in the context of regulatory examinations, there are pitfalls that can result in a partial or complete waiver of attorney-client privilege or the work-product protection. Firms often conduct mock exams by their internal compliance team prior to an OCIE exam without realizing that the information learned during the mock exam may not be privileged. Firms should consult outside counsel prior to their exam and prior to any exercise associated with an upcoming exam.

An important aspect of this issue occurs when the firm's general counsel is also the firm's chief compliance officer. When a general counsel also operates as a CCO, firms must be mindful of whether compliance communications constitute business or legal advice, as only those involving legal advice are protected by the attorney-client privilege. At least one court has held that communication between a firm and its general counsel, who also served as the CCO, that was "primarily [for] a business or administrative purpose as opposed to providing legal advice is a communication not protected by the attorney-client privilege."21

Items such as in-house counsel's notes that did not contain legal advice or legal strategy and communications not made for the purpose of legal advice that copied the firm's in-house counsel were deemed to be not privileged.22 This can be particularly important in the context of gathering information in preparation for an OCIE exam or in the context of assessing the firm's existing compliance program.

Even if the general counsel and CCO are different officers, firms should be mindful that communications between employees and the CCO that are deemed to constitute business advice likely will not be privileged. This is the case even if the CCO is acting on behalf of the legal department as this alone does not guarantee that the attorney-client privilege will apply.23 At least one court has held that the privilege would apply only if the meetings were part of an internal legal investigation by the firm and all employees present for the meeting were aware that the CCO was acting as an official representative of the legal department.24

The practical application of this area of law is that firms need to be careful what type of information is discussed between firm employees and the CCO, even if the CCO is also the general counsel. Where the general counsel is separate from the CCO, firms should be careful about using the CCO to conduct legal-related tasks to which the firm wants and expects the attorney-client privilege to apply. Often, the most prudent course of action may be to engage external counsel and make clear that the CCO is acting at the behest of or in conjunction with that counsel, as the privilege is much more likely to apply in those situations.25

6. Guard Your Intellectual Property

While being forthcoming with the OCIE examiners is critical, firms must be careful to protect their sensitive intellectual property. OCIE examiners now have access to the Quantitative Analytics Unit, a team of specialists in fields such as computer science and mathematics that are able to evaluate risks in the algorithms, models and software used by firms.26 Proprietary items such as the current quantitative trading models and algorithms should not be shared with examiners in a format that could reveal critical trading strategies because there is no assurance that examiners will not use knowledge gained during the examination after they leave OCIE.

Withholding from an examiner the firm's intellectual property can be difficult. In consultation with outside counsel, firms should identify what information could be provided to OCIE examiners and what must be withheld. In some instances, examiners have been willing to review a firm's prior models and algorithms instead of those currently being used. In situations where examiners insist on seeing current proprietary information, firms usually can negotiate the format and manner in which information is displayed.

7. Understand Your Employees' Roles and Responsibilities

In preparation for an OCIE exam, it is imperative that senior management and any employees who will be interacting with OCIE understand their roles and responsibilities. Any unclear or inconsistent answers regarding which employees are responsible for certain tasks will be red flags for OCIE examiners. The employee tasked with liaising with OCIE examiners must be well-versed on the roles and responsibilities of employees and the relevant dates of service.

The SEC's recent enforcement effort (and a failed one, fortunately) in the Theodore Urban matter is a warning for management on the importance of understanding and carefully defining roles of responsibility.27 Legal or compliance officers, despite not having a direct reporting relationship with the employee, may become in some instances a "supervisor" if they have "responsibility, ability, or authority to affect the conduct of the employee whose behavior is at issue."28 This can prove to be particularly relevant when a legal or compliance officer has dual roles and acts as an executive officer, which is often the case with smaller firms, or when the legal or compliance officer engages in activities considered to be supervisory, such as hiring and firing employees.

8. Document, Catalog and Present All Compliance Trainings

Prior to the arrival of examiners, a firm should compile and catalog all compliance trainings in an organized fashion. Being able to proactively demonstrate a consistent and lengthy practice of conducting compliance-related trainings is crucial to establishing the right tone with OCIE examiners. While OCIE examiners may provide critiques of how the process could be improved or areas where the trainings may have been lacking, proactively demonstrating a culture of compliance will aid a firm in its interactions with OCIE examiners and reduce the risk that examiners will refer minor violations to Enforcement.

9. Pick Your Battles Wisely and Don't Sweat the Small Stuff

Exams are meant to be constructive exercises. Firms should not bicker with the OCIE examiners over minor points. If a firm disputes every point, the firm often will lose credibility with OCIE examiners, and OCIE may be less persuaded by legitimate arguments made regarding more significant points.

That said, given the SEC's focus on punishing even minor violations, it is also important to politely dispute points during an exit interview where the examiners may be clearly misinterpreting the facts and circumstances. An exit interview with the OCIE examiners gives a firm advanced notice of any potential deficiency findings and is often the most effective venue for voicing disagreements with those findings in a constructive manner. External counsel can provide assistance with formulating the appropriate responses.

10. Know that OCIE May Be Closely Coordinating with Enforcement

Any OCIE examination, even one part of a regularly scheduled cycle, has the potential to escalate into an enforcement action. As mentioned above, White has warned that minor violations will not be ignored because "the smallest infractions are very often just the first step toward bigger ones down the road."29 White referenced an article titled "Broken Windows," which argued the premise that a broken window left unfixed is a sign that disorder will be tolerated.30 The premise of the theory is that fixing broken windows and prosecuting those who broke them — or, in the context of an OCIE exam, not overlooking minor violations — sends the message that even the smallest indiscretions will not be tolerated and fosters a culture of compliance with existing laws.

White also has explained that the examination program "gives [the SEC] a real-time look into developing industry practices that may sometimes constitute violations that warrant further investigation and enforcement action." The practical result is that the Division of Enforcement has been coordinating closely with OCIE in order to identify new areas of violations.31 Coupled with the fact that the SEC will "strive for settlements that have a deterrent effect, and where appropriate, the added measure of public accountability that an admission often brings" and "continue to aggressively seek monetary penalties," financial services firms must be extremely careful in their interactions with OCIE.

Conclusion

OCIE examinations are growing in importance and will continue to do so in the coming years. Now more than ever, firms must be cautious in their interactions with OCIE examiners and must ensure that the exam goes as smoothly as possible.

Footnotes

1 OCIE has exam authority over registered investment advisers, registered broker-dealers, investment companies, transfer agents and self-regulatory organizations. More information about OCIE can be found at http://www.sec.gov/ocie (last visited Aug. 18, 2014).

2 At the Securities Enforcement Forum on Oct. 9, 2013, White warned: "I believe it is important to pursue even the smallest infractions. Retail investors, in particular, need to be protected from unscrupulous advisers and brokers, whatever their size and the size of the violation that victimizes the investor .... [We are] ensuring that we pursue all types of wrongdoing. Not just the biggest frauds, but also violations such as control failures, negligence-based offenses, and even violations of prophylactic rules with no intent requirement ...."

3 Remarks of Chair Mary Jo White at the Securities Industry and Financial Markets Association Annual Conference on Nov. 12, 2014.

4 One of the SEC's top priorities in fiscal year 2014 is to hire an additional 250 examiners and increase the percentage of advisers examined each year. FY2014 Congressional Budget Justification available at http://www.sec.gov/about/reports/secfy14congbudgjust.pdf .

5 See, e.g., National Exam Program: Office of Compliance Inspections and Examinations, Exam Priorities for 2014 (Jan. 9, 2014); National Exam Program: Office of Compliance Inspections and Examinations, Exam Priorities for 2013 (Feb. 21, 2013); Examinations by the SEC's Office of Compliance Inspections and Examinations (Feb. 2012).

6 NEP Exam Priorities, 2014.

7 See, e.g. SEC v. Advanced Equity Partners LLC (S.D. Fla. Sept. 26, 2013)(No. 0:13-cv-62100).

8 See, e.g. SEC v. OM Investment Management LLC (S.D. Fla. Sept. 27, 2013)(No. 1:13-cv-23486).

9 Office of Compliance Inspections and Examinations, National Exam Program Risk Alert (April 15, 2014), available at www.sec.gov/ocie/announcement/Cybersecurity+Risk+Alert+ +%2526+Appendix+-+4.15.14.pdf.

10 Exam Priorities 2014. "Given the importance of this requirement for a fiduciary, the staff will continue to test compliance with the Custody Rule and confirm the existence of assets through a risk-based asset verification process."

11 In re Further Lane Asset Management LLC, Exchange Act Release No. 70759 (Oct. 28, 2013). Also noted by the SEC was the fact that the funds' investors did not receive quarterly account statements from a qualified custodian as required by the Custody Rule.

12 Exam Priorities 2014.

13 NEP Exam Priorities, 2014.

14 In re Goelzer Investment Management, Exchange Act Release No. 70083 (July 31, 2013).

15 GIM also failed to disclose in its Form ADV that its advisory fees were negotiable, as required by the Form ADV.

16 Soft dollars are defined as credits or rebates from a brokerage firm on commissions paid by clients for trades executed in the investment adviser's client accounts. Soft dollars may be legally retained by investment advisers if (1) properly disclosed; and (2) used to pay for legitimate expenses such as brokerage and research services that benefit clients.

17 Expenses included paying the president's ex-wife under a divorce agreement and maintenance and other fees related to the president's personal timeshare.

18 See SEC v. Advanced Equity Partners LLC. (S.D. Fla. Sept. 26, 2013) (No. 0:13-cv-62100).

19 Id.

20 See, e.g., In re CapitalWorks Investment Partners LLC, Investment Advisers Act Release No. 2520 (June 6, 2006).

21 Leazure v. Apria Healthcare Inc., 2010 WL 3397685 at *4 (E.D. Tenn. Aug. 26, 2010).

22 See, e.g., Id. at *4.

23 See U.S. ex rel. Parikh v. Premera Blue Cross, 2006 WL 3733783 at *3-4 (W.D. Wash Dec. 15, 2006).

24 Id. at *1.

25 See Geller, 2011 WL 5507572 at *3 (communications during interviews taken by corporate compliance officer protected by attorney-client privilege because corporate compliance officer acted as agent of firm's outside counsel during litigation against firm.)

26 NEP Exam Priorities, 2014.

27 Theodore W. Urban, SEC Administrative Proceeding File No. 3-13655, Initial Decision Release No. 402 (Sept. 8, 2010), dismissed by Exchange Act Release No. 66359 (Jan. 26, 2012).

28 In re John Gutfreund, Exchange Act Release No. 34-31554 (Dec. 3, 1992).

29 Mary Jo White, Chairwoman, SEC, Remarks at SEC Enforcement Forum (Oct. 9, 2013).

30 See George L. Kelling and James Q. Wilson, "Broken Windows," The Atlantic, March 1, 1982, available at http://www.theatlantic.com/magazine/archive/1982/03/broken-windows/304465.

31 White also stated, "As I have said, we are casting our nets wider, and using nets with smaller spaces, paying attention to violations and violators regardless of size." Mary Jo White, Chairwoman, SEC, Remarks at SEC Enforcement Forum (Oct. 9, 2013).

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.