Inside the National Exam Program in 2016

Marc Wyatt, Director, Office of Compliance Inspections and Examinations

Keynote Address: National Society of Compliance Professionals 2016 National Conference, Washington, D.C.

Oct. 17, 2016

Thank you for that very kind introduction and for inviting me to speak today.  Before I start, I must provide our standard disclaimer that the views I express today are my own and do not necessarily reflect the views of the Commission, the Chair, other Commissioners, or my colleagues on the Commission staff.[1]

It is hard to believe that it’s been just under a year since I was named as the director of the Office of Compliance Inspections and Examinations, or what we affectionately call “OCIE,” in November 2015 and 18 months since I began serving as OCIE’s Acting Director.  Now that I have served in the role for a while, I’d like to share my perspective on the National Exam Program (“NEP”) and give some thoughts about measuring OCIE’s impact.  Along the way I hope to give you some insights into the program (the “inside baseball” if you will) so you have a better understanding of OCIE and the tremendous team I am fortune to work with every day.

My Perspective

We all view the world through the lens of our own experiences.  So, let me first share a bit about my personal background.  I have been involved in the capital markets since 1990 on both the “buy side” and the “sell side.”  Most recently I was a partner and senior portfolio manager at a global multi-strategy hedge fundIn that role, I invested in a wide variety of asset classes such as traditional equity and credit products as well as evolving instruments such as dividend swaps, carbon credits, and longevity bonds.  I also gained experience in asset allocation and risk management as I developed a methodology to assess the upside or downside to various positions or scenarios.  Prior to that — for the sins of my youth — I spent roughly 12 years as an investment banker both in the U.S. and in the U.K.

The political response to the financial crisis made clear to me that regulation and regulatory frameworks were going to shape the landscape of the financial industry for years to come.  When I worked in the industry, I heard a lot of talk about financial regulators, including the SEC.  Candidly, much of that talk was negative and often uninformed.  Watching industry grapple with the evolving regulatory agenda motivated me to seek a position within the SEC and do my part to apply my experiences in OCIE.

So in 2012, I joined the SEC as a senior specialized examiner (“SSE”), focused on hedge funds and private equity.  I worked on the early examinations of private funds during the Presence Exam initiative and co-founded OCIE’s Private Funds Unit.

I am honored now to have the opportunity to serve as the Director for OCIE.  In fact, I am the fourth Director of OCIE and enjoy the unique status of being the first OCIE director to have come from the ranks of the exam program.  While I am not the first OCIE director to have worked in the asset management industry, I am the first one that has directly managed assets as a portfolio manager.  Finally, I am the first OCIE director who is not a lawyer.  (As an aside, a majority of the OCIE staff are not lawyers.  They are accountants, quants, and industry experts.)

With this background, I come to my current role very focused on identifying risk to investors, optimizing allocation of OCIE’s resources to address those risks, and measuring OCIE’s impact.  I’ll discuss each of these things today.

OCIE and our Risk Portfolio

I think of OCIE as the “eyes and ears” of the Commission.  We support the SEC’s mission by (1) improving compliance, (2) preventing fraud, (3) monitoring risk, and (4) informing policy.  (I call these our “Four Pillars.”)  We do NOT make policy, and we are NOT Enforcement.  That said, we view the SEC’s policy and enforcement divisions, along with the Chair, the Commissioners, and other SEC divisions and offices, as customers of our examinations.  As Chief Compliance Officers (“CCOs”) and compliance personnel, you are also OCIE stakeholders.  OCIE and CCOs share a mutual interest in promoting compliance, which in turn protects investors.  As such, you are the first line of defense against compliance violations materializing into harm to investors, and OCIE views you as a key partner that we aim to inform and support.

2016 represents a milestone for OCIE as the National Exam Program turns 21 years old.  Since OCIE was founded in 1995, our ‘portfolio’ has expanded as our population of regulated entities has grown in type, number, size, and complexity.  In OCIE’s inaugural year, investment advisers managed approximately $10 Trillion in assets, and the mutual fund industry had $2.7 Trillion in assets under management (“AUM”).  That year, OCIE conducted 1,075 adviser exams, and those firms managed $876 billion.  In contrast, today, OCIE might cover over $3 trillion in AUM in one exam of a single investment adviser.  In 1995, the largest IPO was Netscape and it was also the largest Internet company with a market capitalization of $4.5 billion.  Today we have several Internet companies with market capitalization in excess of $500 billion and we have several pre-IPO companies with valuations of $30 billion or more.  One last 1995 factoid: of the top ten IPO underwriters in 1995 only three exist today.  The capital markets are increasingly complex and the technological innovations are changing the competitive landscape on a daily basis.  As one of my favorite poets wrote “changes aren’t permanent.  But change is.”

Not only has the registrant base evolved dramatically in the last 21 years, but OCIE’s designated responsibilities have also significantly expanded.  Today, OCIE has examination responsibility for over 28,000 registrants, including

  • more than 12,000 investment advisers,
  • approximately 11,000 mutual funds and exchange-traded funds,
  • over 4,000 broker-dealers,
  • over 650 municipal advisers,
  • more than 400 transfer agents.
  • 18 national securities exchanges,
  • FINRA,
  • the MSRB,
  • the Securities Investor Protection Corporation,
  • the PCAOB, and
  • eight active clearing agencies.

In addition, recent legislative changes enacted in the Dodd-Frank Act and the JOBS Acts have further expanded our responsibilities to include examinations of, among others, major security-based swap participants, securities-based swap execution facilities, and crowdfunding portals.

OCIE is responsible for examining this complex, growing and evolving registrant base with our team of approximately 1,000 staff in the home office and 11 regional offices.  To put this in context, some financial services firms have compliance staffs that are multiples of this size, not including consultants.  Granted, many of these firms are overseen by a myriad of regulatory bodies, but the comparison in resources is dramatic.  To meet our responsibilities and fulfill our mission, OCIE has to effectively allocate our resources.  We also need to provide our talented examiners with tools that optimize their skills.

Evolving as a Risk-Focused Organization

My experience as a portfolio manager has taught me to view the world through a capital-allocation and risk-based framework.  At the end of the day, we are all asset allocators.  That asset could be money, time, or worry (mindshare).  Through this lens, my primary task is organizing and mobilizing OCIE in a way that puts us in the best position to address the greatest risks among our registrant populations.  Over the past year in particular, I believe we have evolved as an office to more optimally allocate our valuable resources.  These changes became effective the first day of this Fiscal Year 2017.

            Addressing the Growing Number of Investment Advisers

First, we bolstered staffing in the investment adviser/investment company (“IA/IC”) examination program by roughly 20%.  The SEC is the sole regulator for the vast majority of SEC-registered investment advisers, which constitute one of our fastest growing groups of registrants.  Over the past two years, over 2,000 new advisers registered with the SEC, joining OCIE’s examination pool.  Unlike our broker-dealer registrant population, there is no self-regulatory organization over investment advisers.  We want to make sure OCIE is doing our utmost to expand our reach into this key population, and I believe our recent redeployment of staff puts us in in the best position to do that.

            Enhanced Focus on FINRA

Of course, there is no free lunch.  As OCIE devotes more resources to one program area, those resources are reallocated from another part of the NEP.  Specifically, a significant number of these new IA/IC examiners transitioned from our broker-dealer examination program.  We are NOT forgetting about the registered broker-dealer population.  However, we are optimizing our oversight of these important registrants.  First, OCIE will maintain a significant presence overseeing registered broker-dealers nationwide, including in market centers such as New York and Chicago.  We want to ensure we have the capabilities to mobilize to address key risks in this population across the country, including those brought to our attention through tips, complaints, and referrals (or “TCRs”).

FINRA and the SEC together have historically examined approximately 50% of broker-dealers each year, and this broad presence has served to identify risks and protect investors.  As a result of OCIE’s resource allocation, OCIE is working to enhance our oversight of FINRA because we will be somewhat more dependent on them for broker-dealer exams in the first instance.  We are doing this by establishing a dedicated FINRA inspection team focused on assessing FINRA’s operations in terms of its core mission of regulating its member broker-dealers, including with respect to its regional examinations of broker-dealers.  And, as always, we will continue to coordinate with them on examination initiatives in order to minimize duplicative efforts as well as leverage their regulatory reach into the broker-dealer industry.

             Investing in Technology and Data Analytics

As the financial industry has continued to grow in its use of “big data” and cutting-edge technology, so too has OCIE.  Chair White said it best when she described how the SEC will protect the investing public: “Hard work and hard data.”[2]  We have developed an impressive arsenal of data within the SEC, and various groups within OCIE have been continually building the technological capabilities to utilize that data for both industry surveillance and examination work.  This year, we consolidated these offices within our newly created Office of Risk and Strategy (“ORS”).

My time as an examiner showed me that exam experience is critical in developing tools to leverage data in ways that drive OCIE’s Four Pillar mission.  Any new analytical tool designed to enhance productivity must justify its utility to the examiner during an exam.  Pete Driscoll, a seasoned member of OCIE’s senior staff, was chosen to lead the ORS based on his leadership abilities and his experience in the IA/IC exam program.  Under this new office, we are integrating the work of our quants with our staff that has direct exam experience to develop tools to identify risks among our registrant populations, both with respect to registrants and the products and services they provide to investors.  Pete and his team are meeting with risk teams from industry and other regulators to understand how others are monitoring and mitigating emerging risks in the marketplace.

As the number and complexity of our registrants grows, our ability to conduct industry surveillance is increasingly important.  Although every firm is not examined every year, the total population of registered entities and their activities provide inputs to the development of our risk-based strategy.  OCIE’s critics have cited OCIE’s 10% coverage rate in the investment adviser industry and wrongly assume the other 90% of the firms are not reviewed at all — I can assure you that is not the case.  If a fund holds the stocks of 100 companies, would you assume that the portfolio manager conducted due diligence on only those 100 companies?  No.  Most people would rightly think that the portfolio manager and their teams refined the investable universe by applying various screening methodologies based on their investment criteria.  The team then, presumably, would conduct further analysis and due diligence on hundreds or perhaps thousands of companies to arrive at a portfolio which best reflects their investment thesis.  The same is true for OCIE’s examination program.  We analyze data from our entire registrant population, apply various screening methodologies, and arrive at the list of firms we believe expose investors to the most significant risks.  It is imperative that OCIE continually try to improve our ability to identify risks and to incorporate new information and technology into this process, and that we assimilate new insights and learn from the exams we perform.

Specialized Expertise

A key component of our risk-based strategy is having staff with specialized expertise.  A common myth I heard before I joined the Commission was that examiners were not knowledgeable and did not understand the businesses they examined.  When I first arrived in OCIE, I found this was not the case.  I was awed by the knowledge of the OCIE staff.  Many of my new colleagues had an encyclopedic knowledge of the federal securities laws, which they gained from working many years at the Commission and/or in the private sector.  We are complementing this experience and knowledge by bringing in industry and technical experts to advise us on the most current market developments in the industries we oversee and help us develop exam modules to more efficiently identify risks.

The SEC has recruited specialized staff in derivatives, valuation, options, prime brokerage, trading, and quantitative analytics, to name just a few areas.  For example, in 2015 OCIE hired a fixed income trader with over 20 years of experience trading a multitude of fixed income products at one of the largest mutual fund complexes.  We hired a professional geoscientist with a background in geophysics, geochemistry, and reservoir evaluation who has assisted in examinations involving the energy sector.  By leveraging these experts’ knowledge in particular exams, larger examination initiatives, and program-wide training, OCIE stays current on industry trends and practices and improves its capabilities and examination efficiency.  We organize these experts into working groups focused on key areas of the market such as Fixed Income and Municipals, Microcap Fraud and New and Structured Products.

Another area where we have supplemented our expertise is the Technology Controls Program (“TCP”).   TCP focuses primarily on examining entities covered by Regulation SCI (“Reg SCI”), such as clearing agencies and the national securities exchanges.  Since November 2015, Reg SCI has required these registrants to have comprehensive policies and procedures for their technological systems, including business continuity plans, to review annually their automated systems, and to take appropriate corrective action when system issues occur.  These entities must also file notifications and reports with the Commission about system disturbances, known as “SCI events” under the regulation, which include systems disruptions, compliance issues, and security intrusions.  Examining for compliance with Reg SCI, as well as monitoring and responding to registrants’ reports requires a unique skill set and extensive training.  The TCP team is comprised of technologists, cybersecurity experts, and information technology consultants.  In addition to their Reg SCI mandate, this team also serves as a resource for adviser and broker-dealer examination teams when they confront issues involving technology at the firms they examine.

Behind-the-Scenes of an Exam

I’d be remiss in describing OCIE’s risk-based strategy without stating that OCIE is not only judicious in deciding WHO we examine, but also we are careful in selecting WHAT we examine once an exam candidate has been chosen.  One of my early observations upon joining OCIE was the amount of work that takes place prior to an exam.  Once a registrant is identified as an exam candidate, the team will typically pour over filings and other data to determine the appropriate scope for that exam based on the risks inherent in the business model.  The team may reach out to one of our industry experts which I mentioned earlier.  Once the scope is determined, the team will work to divvy up responsibilities for risk areas and will customize exam toolkits and modules for the scope areas.  All this takes place prior to us making any contact with the registrant and sending our document request list.  Once on site, the staff may request the key principal provide an overview of the firm.  Some registrants mistakenly assume this introduction is the first time the staff is learning about the firm.  I can assure you, that is not the case.  These risk­-based exams and pre-exam work allow our staff to draw on their vast pattern recognition to focus their time on the areas which represent the biggest risks to investors.

Making an Impact

Now that I’ve described critical components of OCIE’s strategy to execute on our mission, a key question is: how does one measure the impact or success of OCIE?

 “I’m not a number” – Bob Seger, 1978

OCIE’s success is most often judged by the number of exams we do in a year.  While I’m proud of our accomplishments, I think it’s important to convey what this single metric reflects and why I do not see exam numbers, in and of themselves, as the sole or best measure of OCIE’s impact.  In fiscal year 2016, we completed over 2,400 examinations across all our program areas.  This is a more than 20% increase over 2015, which was itself a six-year high.  We will continue to optimize our resources and investment in technology in order to keep pace with the growth, complexity and innovation of the capital markets and our registrant base.

To fully appreciate the exam number metric, it is important to keep in mind that all exams are not created equal, and that there is a significant amount of work done before an exam team ever shows up at a registrant.  Holistically OCIE strives to strike an optimal balance among a variety of key variables, including number, type, scope, and depth of exams.  The number of exams conducted in any given period reflects the diverse types of registrants we examined, risks inherent in the current market environment and the various initiatives we have undertaken.  As our registrants vary in size and complexity — from a small adviser operating out of a house to a huge global firm — so do our exams vary in scope and length, depending on the risk being targeted.  Exams also vary in purpose, as we use exams to fulfill each part of our Four Pillar mission.  Thus, a single exam included in this total number could reflect a highly targeted review for compliance with a single focus area at a small newly registered firm conducted by a small exam team, or it could reflect a complex analysis that took months to complete at a large, global entity, by a large exam team, with input from highly specialized experts across our program.  In either example, the goal of the exam is to deliver on our Four Pillars.

Measuring the Impact and Success of the NEP

To more fully evaluate the success of the NEP, one needs to define a successful exam.  Some of you may define a successful exam as any exam that does not include your firm — fair enough, from your perspective, but that benchmark doesn’t work for OCIE.  What does OCIE view as an effective exam?  Is an effective exam only one that results in an enforcement referral or in a registrant voluntarily remediating deficiencies that our examiners identify?  Is effectiveness measured by the number of deficiencies an exam team finds?  Is an examination effective if no deficiencies are found?  What if that exam was used to inform the Commission or its policy-making Divisions about an emerging risk or new industry practice?  In my view, the outcome of an exam does not determine its success.  While an exam that results in a deficiency being identified or an enforcement referral is more directly successful to some, an exam that identifies areas needing policy guidance or updated rulemakings is, in my opinion, equally successful.  So, while an exam may not identify any compliance deficiencies (and, yes, there are such things as “no comment” letters from OCIE), the information our examiners collect in the course of the exam is invaluable as it may empower compliance staff at a registrant, it may identify a new risk, or it may assist our efforts to inform policy.

Simply put, I measure the impact and success of an examination, and OCIE’s influence and impact as a whole, using the Four Pillars of OCIE’s mission: (1) Improve Compliance, (2) Prevent Fraud, (3) Monitor Risk, and (4) Inform Policy.  And, we must strike the right balance among these metrics.  As I mentioned earlier, you as CCOs have a stake in this, and in each of these areas OCIE is aiming to engage with you and leverage your influence.

Improving Compliance

The first pillar is “Improving Compliance.”  While I believe all of OCIE’s Four Pillars are important (and similar to my four children, I do not have a favorite), “Improving Compliance” has an impact on each of the other pillars (and as such, may get the bigger bowl of ice cream for dessert).

Clearly, improving compliance in today’s capital markets is not easy to measure quantitatively or qualitatively.  There is no traded index measuring compliance (and if there was, I’d hope your codes of ethics would prevent compliance officers from trading it).  In addition to the very tangible but bespoke benefits to a registrant subject to an examination, I believe OCIE can help improve compliance by providing registrants (and you, as their compliance officers) with information so they can assess their own compliance programs based on their unique business model and undertake steps to develop solutions which address any potential gaps.  For example, for the last four years, OCIE has published an annual public statement of examination priorities to inform investors and registrants about areas that the staff believes present heightened risk.[3]  We hope that you will use this information to evaluate your own firm’s practices in these risk areas and make any needed improvements.

OCIE also publishes Risk Alerts with descriptions of some of our larger upcoming initiatives such as the Supervision Initiative[4] and exams focusing on cybersecurity.[5]  These sometimes even include specific risk areas and sample document request lists that firms can use as tools in their own compliance programs.[6]  After conducting examinations, OCIE often shares descriptions of areas where examiners have identified potential compliance issues across firms so that you can assess whether your firms may be facing similar challenges.[7]  CCOs can use the information to promote compliance by reinforcing the need for additional compliance resources if needed, or by highlighting emerging business practices in need of review.

In addition to publications, OCIE regularly hosts outreach events, and OCIE staff speak at numerous industry-focused events such as this.  For example, in 2016, OCIE conducted over 150 outreach conferences with the industry and securities regulators, both regionally and nationally, and OCIE staff appeared at roughly 150 events in order to promote transparent communications and coordination among industry participants and regulators.  In this way, we aim to improve compliance by sharing with you what we are seeing, including potential areas of improvement.

While you, as compliance officers, are OCIE’s main audience, our speeches, priorities, risk alerts, and outreach should be consumed by more than just CCOs.  The principals at your firms should understand that they have a vested economic interest in improving compliance.  The financial services industry is founded on trust — investors need to trust the people who are handling their money.  Compliance with the Federal securities laws is a huge part of building and preserving that trust.  Some stakeholders may view compliance solely as a cost center for their firms; some may even calculate how little they can get away with investing in compliance based on a perceived low probability that their firms might get singled out by the SEC and have to pay a fine.  From my perspective, these people are severely underestimating the potential loss that would likely follow from a compliance failure.  It’s much more than just legal fees and a fine.  If an adverse compliance event were to materialize, in the form of an SEC action or monetary loss to investors, I believe the loss of trust that would naturally follow could devalue a business far beyond anyone’s predictions.

Preventing Fraud

The second pillar of our mission is to “Prevent Fraud.”  There are some quantitative measures for this objective, but like the monolithic number of exams we perform each year, the statistics do not tell the entire story.  One metric is the number of examinations we refer to Enforcement.  This number has typically hovered around 10%.  This year, our examinations have resulted in several notable enforcement actions.

For example, OCIE had a big impact with respect to wrap fee accounts, or those accounts where a single fee typically covers all of the management, brokerage and administrative expenses for the account.[8]  The Commission settled three cases, which were referred from OCIE, involving transaction costs paid by wrap fee account advisory clients.  Specifically, these cases related to the practice of “trading away,” or using a broker other than the sponsoring broker to execute trades in which a commission is charged, in addition to the wrap fee, to the client.  These cases show that wrap advisers must have policies and procedures to track and provide information to wrap fee clients about the amount of trading away costs have been charged to the clients.  Additionally, the cases highlight the importance of disclosing to clients when a wrap adviser or sub-adviser is trading away, so that those investors can make more informed choices about the costs they’re incurring.

OCIE has also helped to shed light on the practices of two of the largest operators of dark pools.[9]  Earlier this year, the Commission charged Barclays Capital Inc. and Credit Suisse Securities (USA) LLC with violating federal securities laws while operating alternative trading systems known as dark pools.  Both firms settled the charges, which alleged misrepresentations and disclosure failures among other things, and agreed to pay penalties to the Commission of $35 million and $30 million respectively.

Beyond referrals to Enforcement, I believe OCIE exams also are successful when registrants proactively address compliance issues revealed in the course of an exam and take steps to remedy the situations.  I have been on exams where a registrant has acknowledged an inadequate compliance policy and instituted a remedy before the exit call.  In addition, OCIE examinations have resulted in millions of dollars being returned to investors.  These are voluntary payments returned to investors by registrants after undergoing an OCIE examination — not amounts or penalties recovered through the involvement of the SEC’s Division of Enforcement.

One relatively new approach I’d like to highlight with respect to preventing fraud in the investment adviser population are exams designed to assess whether a newly registered adviser has the compliance capabilities to meet its obligations under the federal securities laws.  Over the past two years, several of our regional offices have piloted a program of conducting focused examinations of new advisers that have recently registered with the SEC.  Based on the feedback from the exam staff and industry, I believe this “New Registrant Initiative” has helped in preventing fraud.  These examinations allow examiners to quickly assess whether the new registrant is well informed in the responsibilities that they assume as a fiduciary and as a registered entity, and to provide the firm and its staff with exposure to its regulator.  Today, in all of our regions, when a new investment adviser registers with the Commission, OCIE staff will endeavor to conduct an examination of the firm to gain insight into its compliance culture and assess if additional risks should be examined to prevent fraud.

Monitoring Risk

“Monitoring Risk” is the third pillar of our mission.  I devote a lot of time to this part of our program.  Given our role as the “eyes and ears” of the Commission, I want to ensure we optimally employ the intelligence and data which we gather in the course of our exams to inventory emerging risk in the industry.  Every exam gives the NEP an opportunity to gain unique insight into the markets.  The recent changes I described earlier have centralized our risk function and improved collaboration efforts with divisions and offices throughout the SEC.  This risk identification and inventory process ensures emerging business practices or innovative products and services are identified, monitored, and, if necessary, are addressed in an effective manner.

A recent example of where these efforts bore fruit involves the U.K.’s “Brexit” vote.  In the months leading up to June 23, OCIE’s Large Firm Monitoring (“LFM”) program, which is part of our Office of Risk and Strategy, coordinated a team of SEC staff and staff from other regulators to monitor how our nation’s largest broker-dealers were managing and preparing for the risks associated with a potential “leave” vote.  The LFM team conducted outreach to the largest broker-dealers to understand their contingency plans and assess their operational risk, liquidity risk management, and effectiveness of their control functions.  On June 23, when the “leave” vote was confirmed, market commentators discussed the upheaval in the financial markets and many forecasted potential contagion across various asset classes.  Our LFM team, however, had been in constant contact with many of the global market’s largest participants and was able to provide real-time updates to the Commission about the measures taken by these key registrants.

OCIE also regularly coordinates efforts and utilizes data produced by the Risk and Examinations Office in the Division of Investment Management (Investment Management) and the Division of Economic and Risk Analysis to identify and address higher risk firms and activities. We share information about examination trends, findings, and industry observations with other SEC offices in order to identify mutual areas of interest and concern.

OCIE’s participation in outreach events also informs our risk inventory.  For example, we meet regularly with industry participants outside the context of an exam to understand what key risks they see in the marketplace and what business practices give them cause for concern.  In my meetings, I am comforted by recent feedback from the industry leaders that OCIE is focused on the appropriate risks.  That said, we are constantly reviewing our exam data and surveying the industry for emerging trends and risks, and I encourage you to let us know what you are seeing as you are on the front-lines along with us.

Informing Policy

OCIE’s final pillar is to “Inform Policy.”  As the SEC’s “eyes and ears” in the field, OCIE strives to use our perspective to provide support to the rule-making process and inform other guidance issued by the SEC, and its Divisions and Offices.  We aim to share our observations in a neutral way — as Joe Friday would say, “just the facts.”  Based on our exams, we provide our rule-writing colleagues information about the evolution of market practices and the most common exam observations.  In certain circumstances, staff from the policy divisions will accompany OCIE staff on site to supplement their industry insight on current market practices.

OCIE is an active participant in Commission-wide working groups, where we provide substantial input into the rule-making process.  In this process, OCIE brings its real world perspective to the table to provide feedback on the impact of rules and suggestions to enhance policy development.  In the past year alone, OCIE interfaced with the policy divisions on over 20 rule-making initiatives, including the proposing rules relating to use of derivatives by registered investment companies and the advance notice of proposed rulemaking, concept release and request for comment relating to transfer agent regulations.

OCIE exams also may directly inform guidance provided by the SEC’s rulemaking divisions.    For example, in 2015 OCIE conducted a series of examinations focused on mutual fund advisers’ payments to financial intermediaries for services characterized as non-distribution related (including sub-accounting fees).  Based on our examiners’ observations, the Division of Investment Management published guidance to the industry in January 2016, the first staff guidance on this topic in several years.[10]  In the broker-dealer examination program, examiners had conducted several examinations of broker-dealers that engaged in a high number of unregistered transactions for securities issued by microcap companies.  These examinations influenced guidance issued by the staff of the Division of Trading and Markets, reminding broker-dealers of their obligations when they engage in such transactions on behalf of their customers.[11]

Conclusion

In sum, I do not believe any one metric truly reflects the impact and success of OCIE.  Just as a portfolio manager would not evaluate the quality of her portfolio based solely on a price/earnings ratio, I believe the success of the NEP is best measured through multiple quantitative and qualitative elements.

I am proud of the strides OCIE has made to fulfill our Four Pillar mission, but we are not resting on our laurels.  While my assessment of OCIE’s influence and impact is shaped by my perspective inside the program and my experience before joining the SEC, you can offer a different perspective.  As compliance officers, you are also customers of our services as several of our Four Pillars involve helping you do your job.  In improving compliance, we aim to arm you with tools to assess your own firms and leverage your efforts inside your organizations.   In preventing fraud, we aim to help root out bad actors from the industry before they tarnish the prospects of other firms.  In monitoring risk, we want to hear your perspectives about the risks you see your firms facing, so that we can complement our own perspectives and get a fuller picture.  Finally, your input in exams helps us to inform policy, as we can relay your experiences directly to the policy divisions.

Thank you for having me here today.  I wish you a thoughtful and productive conference.


[1] The Securities and Exchange Commission, as a matter of policy, disclaims responsibility for any private publication or statement by any of its employees. The views expressed herein are those of the author and do not necessarily reflect the views of the Commission or of the author’s colleagues on the staff of the Commission.

[2] Chair Mary Jo White, “Chairman’s Address at SEC Speaks – Beyond Disclosure at the SEC in 2016” (Feb. 19, 2016), https://www.sec.gov/news/speech/white-speech-beyond-disclosure-at-the-sec-in-2016-021916.html.

[3] See, e.g., OCIE “Examination Priorities for 2016,” January 11, 2016,https://www.sec.gov/about/offices/ocie/national-examination-program-priorities-2016.pdf.

[4] OCIE Risk Alert, “Examinations of Supervision Practices at Registered Investment Advisers,” Sept. 12, 2016, https://www.sec.gov/ocie/announcement/ocie-2016-risk-alert-supervision-registered-investment-advisers.pdf.

[5] See, e.g., OCIE Risk Alert, “OCIE’s 2015 Cybersecurity Examination Initiative,” Sept. 15, 2015, available at: https://www.sec.gov/ocie/announcement/ocie-2015-cybersecurity-examination-initiative.pdf.

[6] See, e.g., OCIE Risk Alert, “OCIE’s 2015 Cybersecurity Examination Initiative,” Sept. 15, 2015, available at: https://www.sec.gov/ocie/announcement/ocie-2015-cybersecurity-examination-initiative.pdf.

[7] See, e.g., OCIE Risk Alert, “Broker-Dealer Controls Regarding Customer Sales of Microcap Securities,” Oct. 9, 2014, available at: https://www.sec.gov/about/offices/ocie/broker-dealer-controls-microcap-securities.pdf

[8] In the Matter of Robert W. Baird & Co. Incorporated, Release No. 4526 (Sept. 8, 2016) (settled matter), https://www.sec.gov/litigation/admin/2016/ia-4526.pdf; In the Matter of Raymond James & Associates, Inc., Release No. 4525 (Sept. 8, 2016) (settled matter),https://www.sec.gov/litigation/admin/2016/ia-4526.pdf; In the Matter of RiverFront Investment Group, LLC, Release No. 4453 (July 14, 2016) (settled matter),https://www.sec.gov/litigation/admin/2016/ia-4453.pdf.

[9] See “Barclays, Credit Suisse Charged with Dark Pool Violations,” (Jan. 31, 2016),https://www.sec.gov/news/pressrelease/2016-16.html.

[10]  IM Guidance Update, “Mutual Fund Distribution and Sub-Accounting Fees” (Jan. 6, 2016),https://www.sec.gov/investment/im-guidance-2016-01.pdf.

[11]  SEC Division of Trading and Markets, “Responses to Frequently Asked Questions about a Broker-Dealer’s Duties When Relying on the Securities Act Section 4(a)(4) Exemption to Execute Customer Orders” (Oct. 9, 2014), https://www.sec.gov/divisions/marketreg/faq-broker-dealer-duty-section4.htm