This week we are launching our new Oyster Stew podcast mini-series, Regulators – Behind the Scenes. Join former regulators Patrick M. Dennis, Jeffrey Hiller, Bill Reilly, Evan Rosser and Ed Wegener as they share their experiences and perspectives as former state and federal regulators around regulatory exams and issues. Some things you just won’t learn from a textbook, like managing your relationship with the regulators, what to expect during an exam, handling violations and document production during an exam, and escalation, to name a few. Listen and learn as our former CCOs and Regulators share their insight and experience.
Transcript provided by Temi transcript services
Oyster: Welcome to the Oyster Stew podcast, where we discuss what’s happening in the industry based on what we see as we work with regulators and clients. Oyster consultants are industry practitioners; we aren’t career consultants. We’ve done your job and we know the issues you face. You can learn more about Oyster Consulting and the value we can add to your firm by going to our website – oysterllc.com.
Patrick Dennis: Welcome to “Regulators – Behind the Scenes,” an Oyster podcast mini-series. I’m Patrick Dennis, General Counsel of Oyster Consulting, and with me are other former regulators who are now working for Oyster: Jeffrey Hiller, former SEC Enforcement Senior Counsel, COO and CCO of several national advisory firms including Merrill Lynch and Morgan Stanley; Ed Wegener, who spent over 20 years at FINRA (and left about nine months ago) as Senior Vice President and Regional Office Manager for FINRA’s Midwest Region; Evan Rosser, also a former FINRA regulator for over 20 years; and Bill Reiley, a State of Florida regulator for over 30 years. I, Patrick Dennis, was at the SEC in Washington as well in both Court FIN and the Division of Enforcement for eight and a half years. You may have already listened to our “CCO – Behind the Scenes” podcast with Jeffrey Hiller. We thought we would share with you some behind the scenes looks at what regulators consider when they come in to do exams, look at document productions, request documents, and many other topics. As with being a CCO, as you know, there’s more to compliance than just what’s in the books. Let’s jump in. Help us out in terms of letting people know what to do. One of the things we know is, you know an exam is coming. You don’t necessarily know when, but sooner or later so nobody is going to come in, whether it’s the SEC or FINRA, that’s going to come in and examine you. Obviously the SEC on the RIA side and maybe on the BD side, and FINRA on the BD side. But let’s talk a little bit about what you should expect from regulators and, from our previous experience, what we think we can help people out with by what to expect. So let’s start with Jeffrey Hiller if you want to tell us your thoughts on this.
Jeffrey HIller: Sure. One of the things the SEC and FINRA both do is put out a list of their sort of top 10 areas where they find most violations and may put out a list of their priorities. As I said , the first thing is, on an ongoing basis to incorporate the items that SEC notes, whether there’s supervision, custody , or whatever it may be, to include those into your compliance calendar and include them into your ongoing review, so that if they came in, they would see that you have their priorities within your own set of priorities, in terms of what you want to review and make sure that the firm is compliant about.
Patrick Dennis: Thanks, Jeff . I think it’s true that certainly both FINRA and the SEC come out with their top 10 lists every year. They come out the first, usually the first week or so of the year. It’s surprising the number of people that don’t pay any attention to that, I think, and there’s often a lot of repeat topics, things you’ll see year after year. Evan do you have any thoughts on that?
Evan Rosser: I think the one thing firms can also anticipate from regulators, be it the SEC or FINRA, they’re often looking at new rules, new products, new regulations. I think the regulators are not immune from the press, and if there’s an issue in the financial world that is getting public attention, there’s a good chance that the regulators will be looking at it to see how your firms responding to it.
Patrick Dennis: Yeah. I think certainly certain topics keep coming up year after year. For example, on the RIA side fee calculations is always a topic. On the BD side, we know there’s always discussions about variable annuities. Valuation seems to be a recurring topic, but there’s a number of them. Ed , any thoughts?
Ed Wegener: Yeah. You know, in addition to these sort of broader topics about things that are going on externally, and sort of the broad topics that the regulators are looking at, what I’ve found is that they’re also getting much better at having a better look into specific unique issues and risks at firms, and I can speak to FINRA specifically. Over the last several years, one big driving factor of what they look at on exams are the risk assessments that are done by the risk analysts. We used to be called regulatory coordinators. These are individuals that firms are assigned to, and for those firms that they’re assigned to, the analysts are responsible for assessing the risk on an ongoing basis at those firms. They use a lot of different data to do those assessments, and those assessments are really the first step in narrowing the scope of the examinations and making them more risk based. So one factor that I think is a primary driver of what examiners are going to look at on an exam are those assessments that are done by the risk analysts. Another thing that’s become a significant factor in narrowing the scope of examinations is the data analytics that are done. Examiners, before they can come out and conduct an examination, are requesting electronic access to things like blotters and then running analytics against those blotters. Where in the past they were more apt to do random samples to decide what it is they’re going to focus on, they’re now going to come out and have a better sense of where they think the problems are and ask for specific transactions where they might see risks. So I think the things that everybody has talked about already, like priorities and new rules, sort of national scope issues are big factors, as well as those more micro areas that they’re finding, doing this risk analysis and blotter analytics.
Patrick Dennis: I think one of the things that we know is coming is Reg BI. There’s going to be some exam topics or exam priorities on Reg BI or Form CRS on the RIA side. It is a hot topic with the regulators. I fully expect it’s going to be something that they’re going to put on their exam priorities, at least making sure that the firms are making an effort. Jeff, did you have something to add?
Jeffrey HIller: Yeah, I was going to say that one of their priorities is, if you have been examined by the SEC or FINRA or any regulator in the past, and you got a deficiency, that should always be on your calendar because they will look back to see if they, say, did something a few years ago, and then see if you’re still in compliance. So that’s one where you really need to be on top of the ball. You should always look at your past exams and you should always be prepared. Even when they don’t commit, be prepared to know where you are on those particular rights.
Patrick Dennis: That’s right. It’s always helpful to be prepared rather than being caught by surprise. Listen, we all know that these examinations are disruptive. There’s no way around it, but the better prepared you are, the less disruptive they will be. If you are doing an ongoing effort to think that you’re ready, if they walked in tomorrow or you got the first day letter tomorrow, you’re a lot better off than if you’re scrambling to try and pull all your stuff together and do the Annual Review that you were supposed to do six months ago, and all those kinds of things. Bill, anything to add from the state side of things? I mean, I know that obviously they come in and do exams on a regular basis, and for cause, et cetera, but go ahead.
Bill Reilly: In addition to what everyone has said earlier, a couple of things about the States. They are all members of the North American Securities Administrators Association, also known as NAASA. There is a substantial amount of coordination via the state . You know, one of the things that we talked about are maybe looking at products and processes. I think one of the things that you’re looking at is that some of the exams you might see are exam sweeps . These are situations where it may be the topic of the day. One of the sweeps that was noted by NAASA, just a short while ago was the fact that States went out collectively, we talked for just a few minutes ago about Reg BI focus, and the States went out and did a benchmark review of where firms are broker-dealers versus investment advisors. What products are being sold, what type of disclosure, what types of commissions and fees, and they’ll come back probably sometime in 2021 and see, now that Reg BI has been adopted as of June, where things stand. So I think you’re looking at sweep exams, you’re also looking at focused exams, and I think that happens across the board. Whether you’re dealing with the States, the SEC or FINRA, you may have a situation where, for example, I believe in 2019, FINRA did a sweep and a review of UTMA and UGMA programs. There was a determination made that many of these investments – people who held them reached the age of majority and firms were not monitoring those. So there was a big focus and notice that went out from FINRA. But I, in my previous life as a regulator, and many of the people that are on the panel, we worked in a formal kind of nature. I’m not sure about that now. You may be able to address that, but I do know that there was cooperation between the SEC and FINRA, there were general examinations and sweeps that were conducted.
Patrick Dennis: Maybe we ought to back up and talk about it . I think we approached this originally with the idea of talking about routine exams, but maybe we ought to spend a minute or two talking a little bit about the different types of exams: routine exams, for cause exams, and sweeps. Ed, do you want to address that?
Ed Wegener: I think each regulator has different variations of these, but I would say that examinations really fall into three buckets. There’s the routine examination where they come out and test your controls, look at particular areas that might be priorities. At FINRA. those exams are going to take place at a minimum every four years, but really, the frequency of the exams are going to be driven by those risk assessments that the analysts are doing. The analysts are the ones that, based on those risk assessments, will determine the frequency of those examinations. And then there’s cause examinations because exams are really investigations into particular activity. Then finally, there are sweep examinations, and sweep examinations are exams where a regulator or, like Bill had mentioned , the combination of regulators like the SEC, FINRA and potentially the States, might see that there’s a potential industry-wide issue, and decide to look at the activity across a number of different firms. One of the things that FINRA has done, that’s been really helpful I think, along the lines of having more transparency into their programs, is when they do initiate a sweep examination they’ll publish the document requests that they send out to those firms so that other firms that might not be part of the sweep can get an idea of the types of things that they’re looking at.
Patrick Dennis: One of the things I would mention is, just because the regulator tells you it’s a routine exam, it may not be. I remember specifically one exam where the SEC kept saying it was a routine exam, but interestingly enough, they only asked about one Rep and his accounts and his trading activity. It was a guy that had created a lot of attention and everything else that, even though they kept calling it a routine exam, there was little doubt in anybody’s mind that they were looking specifically at this Rep and his conduct and kept telling me that it was routine exam. So just because they call it a routine exam, you better pay attention to what they’re asking about, because it may be a little different than what they’re telling you. Jeffrey , any thoughts?
Jeffrey HIller: No, I thought your insight was really true. It wasn’t something I thought about, but oftentimes you can tell what they’re looking for by the types of documents they request or don’t request. And so I think it’s a pretty cogent point.
Evan Rosser: When I was with FINRA in the Enforcement Department, we made it very clear that it was not a routine exam because we wanted the firms to have that expectation that we were going to focus on a particular security or issue or person. And I think that just is effective for both the firm and for the regulator so that they know, because each one of the rules are slightly different. I think it’s important for a firm to determine, and the firm is entitled up to a point, to know the nature of the exam that’s being conducted there. Regulators are never going to tell you everything that they have or why, but to the point Ed made earlier, whenever a regulator comes in they will have done their homework. They will know what the firm is up to, and you should be aware as well, that, if you have a change in your business, chances are it’s going to be an item that’s going to be on the routine exam. If you have terminated someone for cause you can expect to have an exam on that issue. If you have a series of customer complaints around a particular individual or a product , you can expect a cause exam around that issue. So those exams are a little different. They come from different places and your response to them will be a little bit different. One point as well, that whenever you get an exam request, it will likely have a review period on it, and you don’t have to provide anything outside that review period. So when you get those requests, either verbally or in writing, see what the exam period is because that’s the period that, until FINRA comes back to you or any regulator, that’s the period in which you are working, and you don’t need to give them anything outside that period.
Patrick Dennis: I think you can do yourself a big favor by making sure you stick to that period and that period only. In fact, there are certainly times that I remember discussing with the regulator and negotiating time periods and things like that on what we had, what we didn’t have, what we were going to provide. Sometimes it’s more challenging than other things. Occasionally regulators will work with you on time periods and things in terms of whether it seems inordinately long or short or something, but Ed, did you have anything to add?
Ed Wegener: Well , Patrick, I think you bring up a good point there. It’s something that I think that from a regulator standpoint, when we would start an examination, whether it was a routine examination or a cause exam or a sweep, we had a goal in mind. Like we wanted to review whatever it was that we were reviewing. We wanted to do it efficiently, but make sure that we had done it effectively. The requests that we made were usually based on the information that we had at the time, and not having a lot of information about how firms kept those books and records. So I would recommend that if you do receive a request, and whether it’s the review period seeming like it’s very long, or whether it’s the requests , the information that’s being requested seems overly broad, is to feel free to reach out to the person making the request, discuss with them and negotiate with them, the things that they’re requesting. Because I think you’ll find that they’re generally open to those types of negotiations, as long as they’re able to investigate what they need to investigate and do so as efficiently as possible.
Bill Reilly: Patrick, if I can, we haven’t touched on yet, is whether we’re doing a home or a branch office. A lot of the focus of a lot of the States is branch office activity, and one of the things you’ll find over the last 5 to 10 years is you’ll change the focus of products, focus of services at branch offices, varying immensely. I ‘m currently doing some examinations, a branch office, right now, where at one office you have 100% investment advisory activity; at another branch you have an office where you have 100% broker dealer. At some other offices, you have a hybrid where you have both broker-dealer and investment advisor – different focus, different provisions. And as firms continue to expand locations and products, clients, the procedures are being increased on a daily basis. But I do think it’s something there that, whether these are FINRA-registered branches, state-registered branches, registered investment advisors, each of them have a distinct Policies and Procedures Manual, operating procedures, and they have a different skill set.
Patrick Dennis: Okay. Thanks Bill. Any further observations by any of our former regulators on exams in general before we move on to the next topic?
Jeffrey HIller: I might touch base on a point that everybody’s been discussing, which is the document production. I have found that there are times when the SEC will, or FINRA will, request something and really not understand that they’ve just requested 2 million pages of documents, or three. So I have found that if you establish a good relationship early on and ask them if that’s really what they want or how you can hone it, I’ve always had success in that area. If I’ve explained it and you have the initial rapport that they know you’re not trying to do anything untold.
Patrick Dennis: Right. I think they very well may not know exactly what they’re asking for or the size of what they’re talking about, so, it is worth reviewing the request , talking to the regulators about it. Is this really what they want, or what are they trying to get at? Because you may be able to provide them something that gives them the information they want with a lot less time and effort on your part and on their part. That’s all the time we for today. Join us for Episode 2 as we talk about document requests during an exam and the importance of good communication with regulators.
Oyster: Thanks for listening. If you like what you heard, make sure to follow the Oyster Stew podcast on whatever platform you listen to. If you’d like to learn how we can help firms start, run, protect, and grow their business, visit our website at oysterllc.com.