The following edited transcript is from “Surviving an SEC audit after Madoff,” an </i>InvestmentNews<i> webcast held May 19
The following edited transcript is from “Surviving an SEC audit after Madoff,” an InvestmentNews webcast held May 19. Editor Jim Pavia and deputy editor Evan Cooper were the moderators.
InvestmentNews: They say that there are three things that are givens in the investment business — death, taxes and audits. Our goal today is to make sure that audits are a little bit easier to deal with, especially after the recent securities scandals. To start, each of our panelists will fill in our listeners on who they are and why they are here.
Mr. Hermening: Unlike our other planning panelists, I am a fee-based adviser [at Hermening Financial Group LLC in Wausau, Wis.], which is a combination of fee- and commission-based income. I am registered with a broker-dealer, First Allied Securities [Inc.] in San Diego. But I also have an independent SEC-registered [investment advisory] firm. Prior to that, for about two years, we were licensed only with our state. We manage assets inside of what traditionally would be known as wrap-type programs and accounts, as well as fee-based consulting.
Mr. Kautt: I'm president and chairman and chief investment officer of The Monitor Group [Inc. in McLean, Va.] We have a fee-only RIA, not to be confused with fee-based or fee-offset. We are subject only to Securities and Exchange Commission audits, and we were audited in late 2006. We do not fall under the purview of either [the Financial Industry Regulatory Authority Inc. of New York and Washington] or any other regulatory agency other than the SEC. And because of this, some of our comments may not apply to those who are registered representatives or to broker-dealer affiliates. We have been in business as a registered investment advisory firm since 1991, with full discretion over all of the assets we manage — and were at the time of the audit at about $450 million.
Mr. Marshall: I'm a [New York-based] partner in the investment management and securities enforcement group at Ropes & Gray [LLP of Boston], and in that capacity, I counsel many registered entities, investment advisers, investment companies and broker-dealers on inspection and enforcement issues. Probably my greatest credential for being on this panel is that I worked for the SEC for many years and for about five years ran the SEC inspection program for investment companies and investment advisers in the New York region, which is about half of the total national inspection program. So I've seen it from the SEC side.
InvestmentNews: We received several phone calls prior to this webcast asking questions about what we were going to cover, which is unprecedented. So we know audits are a hot button and that the advisers really are clamoring for information. Can you take a few minutes to walk us through how someone prepares for an SEC audit?
Mr. Hermening: We have a relationship with an independent-consulting firm that has managed to provide us with insight and direction on a consultancy basis, which would include everything from preparation of a compliance manual to development of procedures and forms. We work very closely with our consulting firm, and they have managed to assist us in the process of the detailed preparation for each of the specific requests that were in the SEC audit letter. The audit letter arrived about two weeks before they wanted to show up on-site, which gave us some time to prepare in gathering data, documents and files. They wanted most everything prepared on a digital basis and sent down to them on flash drives and other hardware. They still spent a full four days in our office when we had our initial SEC audit last year.
InvestmentNews: How specific were the SEC requests? What were they looking for exactly?
Mr. Hermening: They wanted to make sure that we had, for example, the proper investment adviser agreements per client, that all of the documents were correctly and sufficiently completed. They wanted to see each account in which an individual investment advisory client had indicated they wanted to be in our growth strategy or growth and in-come strategy, and that their monies were appropriately invested. They asked for a lot of information that didn't apply to our firm, such as [initial public offerings]. Our firm doesn't deal in initial public offerings. But we have limited discretion to manage an investment advisory client's portfolio. They wanted performance information, detailed asset holdings and to be able to confirm every trade for the year in the data that we provided to them.
InvestmentNews: Kevin [Hermening] said he got the letter about two weeks prior. Was that the same time you got your letter?
Mr. Kautt: It was about two weeks prior, but I told them that I had a previous commitment.
It was interesting because we got a letter from the SEC's Philadelphia office. I was in Washington, but interestingly enough, the SEC Washington office didn't send anybody; they had to bring a team in from Philly. But we got right back to them and said, “Sure, we would love to see you. And when do you want to come in?” And they said, “Here's the date we're coming.” And I said, “Great, I'll be in Las Vegas.”
I'm the chief compliance officer, but our director of compliance would be here. And we have a guy who is also our director of operations, who I work with closely on our entire compliance program.
Some of the listeners may be thinking that you are literally bolted down to a chair while they are there. And in fact, I was not physically present in the office for our SEC audit for the four days they were here. However, I was available by telephone. I was in a business conference out of town — yes, it really was in Las Vegas — and that was fine, as long as they can interview you, and you have the data prepared in an orderly fashion. And yes, they want it all electronically. We prepared it on a burnt DVD, which is the same as a flash drive, and it was fine. They had a list of about 20 pages, and we checked off the items — again, as a fee-only adviser, there are many things that we do not deal with, as Kevin [Hermening] was saying. So we ended up checking off what we could provide them. We put the package together, we prepared the conference room for them, and we were ready when they walked in the door.
InvestmentNews: What happens after the SEC asks questions and you provide answers on a disk?
Mr. Hermening: In my case, I literally was only in our conference room during the four days for a little less than one hour. But I had two of my staff — my chief compliance officer and our trader, the manager of our RIA — sitting in quite often during the meetings. We had two auditors out of Chicago. One I believe was a [certified public accountant], the other I think was also a CPA as well as an attorney, and they had both of their laptops opened the entire time, and they went through all of the data, pretty much everything that we had sent to them. They wanted additional documentation for things that they had questions about, and they were reviewing everything from advertising materials, to fee structures, to reporting, to billing.
InvestmentNews: Rick [Marshall], how do you prepare the people you're consulting?
Mr. Marshall: I have a six-step program: plan, control, advocate, speed, truth, confidentiality. Let's start with planning. What we are talking about here is what happens before you get that letter, before the examiners show up. It is the most important work you do to get ready, because once they come in and they are working through the information, if you have problems, you are going to have to deal with the problems. What you do before you ever get that letter is critical. So you build a good system of compliance.
You want to know what kind of tests the SEC actually does when they come in to do their inspection. Most of them are now on the SEC website. Go to sec.gov and go to “Compliance” for the [CCOutreach] programs, and you can go back to 2008, 2007, 2006. They call them forensic tests. Do the tests yourself. Do them now before they ever come in. If the tests show problems, then you address those problems and fix them. Build a good system of compliance. Do the kind of testing the SEC has told you they are going to do when they come in.
Record keeping is another part of planning. What does the SEC do when they come in and conduct an inspection? They ask for the required records. They look at the required records. If you don't have the required records, that's a violation in and of itself. So one thing that many, many registrants think is less important — record keeping — is actually very important to get through an SEC inspection well.
And then you can do some periodical mock SEC exams. There are companies that do this; I do this. You come in, you do a little practice. My experience is, a lot of the inspections begin with interviews. There are some standard interviews they do, for example, on the culture of compliance or on your risk assessment. Those are things that are very good to prepare for, and they help you to run a good system of compliance.
The second step is control. This is from the moment they come in the door. This is a big deal. An SEC inspection is a very important interaction with the government. I say control the process. How do you do that? Designate a person who is your control person in charge of the inspection. All requests for information from the SEC, Finra, whoever, go to that control person. They read them. If they are ambiguous, they get clarification. If they are burdensome or ridiculously broad, they push back and try to get them narrowed. And then all of the information that goes back out to the regulator goes through that control person who makes sure, number one, that it is responsive, and number two, that they keep a record of what they have given. It's very important to keep a record, because if there are problems later on, you have to know what you gave the regulators.
The third step is to advocate your case. What does that mean? It means you make your good points to the regulators. If the regulators are looking at something and you've got a good story to tell, put your case forward. If they found a mistake, if you made a mistake, there are always some mitigating factors you can come forward with. You found it and fixed it before they arrived. You are going to address it, it was inadvertent, no one was injured. Whatever it may be, put forward that advocacy. Nowadays, when the deficiency letter, which is the product of the inspection, becomes so well-known and so important to people, it is very important that you put that advocacy forward as aggressively as possible and at as early a date as possible. Always ask for an exit interview, because that gives you a chance to find out what they are worried about before they write it up in the deficiency letter. If they have a mistake, correct the mistake right away — jump on it. If they have got you, if it is a good point, put your mitigating facts forward in a very aggressive way.
Fourth: speed. Get them out of there. There are two reasons for this. First, my theory is, the longer they stay, the more likely it is they are going to get irritated and annoyed, and look at your stuff more closely and find violations. They have also said — and this has now become a priority, post-Madoff — that they are looking to sanction registrants for delaying the inspection. The statute says that the SEC has a right to get the records within a reasonably prompt period of time. That is not well-defined, but you don't want to be the test case. Don't drag the process out; commit the resources to make sure you get them the documents, get them the copies, give them what they want.
The fifth step is truth — two points here. If you lie to the government or you produce a false document, you have committed a felony. You have made a bad problem 100 times worse. Scrupulous honesty is necessary in every document you give, every oral representation you make. If you don't know, say you don't know. If you didn't prepare some kind of compliance checklist, don't create it and backdate it. There are enforcement cases where people were sanctioned for that. You would be surprised how easy it is for the regulators to find that.
Not quite as extreme as the first point, but important in the planning process is to make sure you have monitored all of the promises you have made to the regulators in the past and do an inventory. Make sure you have kept those promises.
The final step is confidentiality. There is an onerous statute, the Freedom of Information Act, which permits any citizen to go to the government, the SEC or Finra and get files about you, subject to certain exemptions. There is a very simple process in which you can write a letter to the SEC at the beginning of the inspection, or a letter to Finra, requesting confidential treatment of the information you produce. That gives you the right, if someone makes that Freedom of Information Act request, to get notice so you can make sure all of your rights to keep that information confidential are preserved. A lot of confidential stuff — how much you pay people, investment strategies, who your clients are — is going to be turned over during the inspection, and there is nothing you can do about it. The worst thing in the world is to have a competitor or a disgruntled former employee get their hands on that and use it to your disadvantage. So preserve confidentiality.
InvestmentNews: Tell us what has changed since the Bernie Madoff scandal. What is the SEC looking for in particular that is different now than in the past?
Mr. Marshall: There are a couple of things that have changed. The first one, which has been widely publicized, is that the regulator is reviewing third-party custodial records to verify assets. So if you have your assets custodied, the SEC is going to get verification. They are going to be looking at your reconciliations with the custodial records and focusing very much on making sure that the assets are there, preserved. I would also say that they have become much more suspicious of representations that are made by a registrant. There was a time when they might have just taken your word for it. Now they are going to want to verify it, and they are going to want to verify it not just by looking at your records but by looking at third-party records. And so they might go to clients. If you say you have disclosed something to clients, they might go to them to make sure the disclosure has been made. If you say that a trade was done in a certain way, they might go to the broker to verify that it was in fact how the trade was done. So I would say that greater suspicion about the representations that have been made is certainly part of the process.
Mr. Kautt: I would like to build on a couple of things that Rick [Marshall] said. I think it's critical to build your compliance program and plan on being audited rather than be surprised by an audit letter. We have been audited many times during our 16 years, but in fact we did not employ an outside consultant. We felt that we didn't want to use a boilerplate compliance book or manual. We thought that could be problematic and cost us money. So we looked at the five key risk areas that we thought our firm had, and built our compliance programs around that, so that when, not if, the SEC showed up, we knew that we were absolutely as tight as a drum, both from a compliance standpoint and from a record-keeping standpoint in anything that might be a risky area. And to build on what was said about Madoff, there were really four areas where Madoff made off with the money.
One was custody, the second was proprietary products, the third was performance reporting with his infamous old computer, and the fourth was trading. So in upgrading our compliance program, we took two key risk areas where we could be sensitive — custody and performance reporting. We didn't change the protocols, but we added those to our key risk areas and changed our documentation. As Rick [Marshall] said, the SEC wants to see the documentation. And you better have it or stand by for news in the evening.
InvestmentNews: One of the questions from our listeners is di-rected to Kevin Hermening: “Whom did you use as a consultant, and who are some of the consultants out there that are popular among advisers?”
Mr. Hermening: Our firm uses National Compliance Services [Inc.] — NCS — in Delray Beach, Fla. Regarding the conversation about the SEC now going to custodians to confirm assets, about two hours ago, I received an e-mail — as did our chief compliance officer — from our consulting firm indicating that yesterday, the SEC posted on their website the actual letter that will go to advisory clients to confirm their account balances. So it really shouldn't cause us concern, as it is standard practice amongst SEC examiners. But that is their job to keep us informed of important or relevant regulatory issues.
InvestmentNews: Did you tell your clients that the SEC may come calling soon?
Mr. Hermening: The SEC just posted the letter to the website. It's from May 18. So they now have this document — SEC Form 1662 — which requests a response from the client within 10 days of receiving the letter. It asks for the type of account — I suppose that means whether it is an [individual retirement account] or a joint account or whatever — the account number, the last deposit date, the last withdrawal date and the total balance.
So presumably, the clients would look at their monthly statements for that data or call the firms. Everything that we do is necessarily and deliberately at arm's length. We don't custody assets in our firm. We are with the major wirehouses, which is where most of our assets are. And it is our responsibility to keep on top of these things. It's just that we have chosen not to log on to the SEC website every day or every couple of days to keep tabs on this ourselves, which is why we hired an outside firm.
InvestmentNews: We have written about how advisers are concerned that if a customer gets a notice from the SEC they might infer that the SEC has concerns about the adviser. Have you communicated to your clients that this is part of the normal course of affairs?
Mr. Kautt: We try to communicate [with] our clients between 20 and 30 times a year, which could be anything from a phone call to a meeting or a letter. We sent a letter immediately after the Madoff story broke, and told clients the risk areas and why they were not at risk. After our audit, we told them we had one. And if you go to the front page of our website, you can click on something that says, “SEC Articles,” which discusses the audits.
We felt that it was important to let our clients know what the government was about to do to intervene in their lives, and we let them know as fast as we could. And because of the letter that Kevin [Hermening] cited, we will probably write yet another letter. We know that the SEC had absolutely no power to make any of our clients do anything. They can't, because they aren't regulated by the SEC. But we will tell them, “You may get this letter — it's a good thing. If you get it, please respond.”
Mr. Hermening: We will be doing the same thing. I actually delayed a marketing piece to personalize that portion of it.
InvestmentNews: Here's a question from one of the listeners: “Do you include invoices for asset under management fees with quarterly reports? And if so, does that satisfy the requirements to deliver the invoice before debiting?”
Mr. Kautt: We invoice our clients on a forward basis every quarter, so that meets one requirement, which is not to charge fees more than six months in advance. They receive a “paid” invoice, if you will, because we pull the money right out of the account. It also specifies what the assets under management are, and that absolutely meets the SEC examination requirements.
Mr. Hermening: Our firm bills or invoices quarterly in arrears. We also send out quarterly invoices along with account statements. Clients have already received their statements generally around the same time or they see them from Pershing [LLC of Jersey City, N.J.] or the other custodians, and we send our RIA documents out to them, our performance reports. We do comparative performance reports, or compare to the Dow [Jones Industrial Average] and the Nasdaq [Composite Index]. It's just what we do in our firm. And the SEC reviewed all of those documents.
As we all know, they don't really approve them. They certainly would disapprove if they needed to, but they basically just review them. And if they have a problem, then they would certainly, I'm sure, take issue with it.
I also have a registration that brings me under the compliance rules related to Finra, as well as the broker-dealer's policies and procedures, which in some cases are more stringent than the regulators'.
Our broker-dealer's compliance department has all of our data, documents and copies of all of our files, as well as for each individual client. It is an extra set of eyes, but since they also have compliance and regulatory responsibilities, it makes sense that they would need to receive those as well.
Mr. Marshall: The SEC put out a release in 2000 on electronic delivery of documents, basically saying there are three requirements. The first is notice, which is really consent. The client has to agree that they will accept electronic delivery. The second is access, which now is pretty simple, and it was in 2000, but it has to be delivered in a form that the client can access or open. And third is evidence of delivery, which means that the regulated entity has to keep some kind of record to show that they sent the document electronically. So you can certainly deliver documents electronically, but the mantra is notice, access and evidence of delivery.
InvestmentNews: Do auditors review e-mails or do they just ask you to outline your e-mail compliance policy and processes?
Mr. Marshall: “Always,” is the simple answer. I cannot remember an inspection in recent years when they did not make some kind of request for e-mails. They have gotten more reasonable in terms of the scope of the request. They were asking for all e-mails of everyone over multiyear periods. Now they tend to be more selective both in terms of the people that they ask — they try to narrow that down — and the time periods. But I have not heard of an inspection in recent years where they have not requested e-mails and reviewed them in connection with the inspection.
InvestmentNews: What do they look for in the e-mails?
Mr. Marshall: They would always look for things like fraud and misappropriation, but, for example, if they were looking for something to do with your proxy-voting policies, they will put in proxy and voting, and they will use the Concordance search engine to search. The SEC uses Concordance, which is a search engine, and that is public knowledge. You can buy Concordance and put in search terms. And they put in search terms depending upon what they are looking for. You can do the same thing. You can buy Concordance and search your e-mails.
InvestmentNews: We have a question about SEC procedures from one of our listeners: “How long do I have to wait for a response letter after an audit? What is the normal course of action?” The listener was audited in October and has not yet heard from the SEC. This person contacted the SEC but was told the agency is working on highly important issues.
Mr. Marshall: Well, that sounds ominous. They should get back in touch with the SEC and find out what these issues are. The answer is that the fieldwork portion of the inspection, which is where the examiners are actually in your offices looking at documents and talking to people, is only part of the process. Once they finish the fieldwork, they prepare work papers and have senior people review them. They analyze the data and sometimes request additional information. The SEC has said that they will send a notice — when the inspection is completed — if they have found no violations. My experience is that inspections can stay open for a very long time. I would say to the person who posed the question that that kind of feedback from the SEC suggests that they are very troubled by something, and I would be proactive with the SEC in trying to figure out what they are worried about, and try to address it through aggressive advocacy.
Mr. Kautt: Luckily, we were pre-Madoff, and there were no high and important issues inside or outside the SEC. I am wondering if some of those issues might have been internal to the SEC about the time the Madoff story broke. But in any case, we had our exam in the fall, and we did not complete the final letter until February. So it was about four months.
InvestmentNews: Does the SEC want to see marketing plans, and if so, are they subject to the audit?
Mr. Kautt: Absolutely. We have a relatively sophisticated marketing materials and a director of marketing who was interviewed by the SEC. He was one of the three key people interviewed, in addition to our director of operations and our vice president of planning. But they didn't spend much time with the director of business development. They wanted to see all of the marketing materials. And they considered any communication sent to clients on a regular basis as falling in that category. We sent generic returns for our overall corporate portfolio, as well as specific reports that were individually prepared for each client. So they said, “Golly, this is marketing material.” You must fully disclose on the back how you derive that. So they actually spent probably half of a day looking at every communication or type of communication that we sent to clients and prospective clients. But I will tell you that they only looked at about three e-mails on one client.
InvestmentNews: When the SEC auditors are at the office, what happens? Do you make people available to them as they request it?
Mr. Kautt: As Rick [Marshall] mentioned, the interview and the audit is very tightly controlled. The auditors were put in a conference room and given power, the Internet, a telephone and coffee, tea, water, the whole bit. They had one guided tour through our office. If they wanted to speak with someone, we had them speak to that person in the presence of our director of compliance. Before the SEC showed up, we had a team briefing, kind of like a pre-game discussion about being honest, being direct, answering the question and only the question. And if you couldn't answer it, say, “I don't know; I will find out and get back to you.”
InvestmentNews: Great advice. Kevin [Hermening], would you like to address the marketing question?
Mr. Hermening: I agree with everything Glenn [Kautt] said, and would add that in the 18-page pre-audit letter, there was a section with roughly 10 questions related to performance advertising and marketing. Because our firm doesn't advertise its performance figures, most of those questions did not apply to us.
Of course, we do have in our introductory materials with new prospects, or with clients, in fact, copies of our forms ADV Part II, copies of our investment advisory agreements, biographies, things of that sort. That all falls under the purview of advertising or marketing materials, but not comparable to performance-advertising material.
From our standpoint, that is an area where it was very helpful to have already had another set of eyes looking at our materials in the form of our broker-dealer's compliance department or advertising review department. And so we didn't have issues related to that. I would additionally state that in regard to having a controlled environment, our consultants suggested that we not allow the SEC to have a PC in front of them where they could have access to our servers and look at documents and materials not related to the audit but maybe related, for example, to the sale of a mutual fund with a sales charge, or an annuity or a life insurance policy that would be more on our securities or broker-dealer's side. It wasn't relevant to the SEC audit. And so I agree with Glenn [Kautt] that having that, in having a controlled environment away from the files, all of the auditors' questions were initially brought to the compliance officer, and then she would gather on her own from individual the materials that they were requesting.
Mr. Marshall: Two quick points. First, what has just been described is a great illustration of my second step — control the process. You have heard about some very constructive ways to control the inspection process. With respect to the specific question of whether the records are subject to the inspection power — the short answer is that the government takes the position that if the record relates to the business and you retained it, even if it is not one of the enumerated required records, it is subject to the inspection power. And I am asked this question very, very often: Can we tell the regulators that they don't have a right to inspect the record? That is a risky game for a couple reasons. First of all, refusing to give them access to a record that they have a right to inspect is a violation of law. You can be cited for just that. Number two, it doesn't tactically lead anywhere, because they can always refer the matter to enforcement, which can then subpoena any record that exists. So it is a very frequently asked question. I could explain for broker-dealers and investment advisers or investment companies how you get there. But put simply, the regulators uniformly take the position that even if the record is not one of the enumerated records you are required to keep and you kept it in relation to the business, it is subject to their inspection power, which means you can be sanctioned if you refuse to turn it over.
InvestmentNews: I am posing this question to Rick [Marshall] because it is probably too indelicate to pose to Kevin [Hermening] or Glenn [Kautt]. How smart, or how knowledgeable, are the examiners? We hear reports all the time that these people don't know what they are doing. In your experience, do they know what they are doing?
Mr. Marshall: It varies from examiner to examiner. There is no uniform answer to that. The SEC has people who are very seasoned, very intelligent and very well-educated, as well as people who are brand-new and not fully trained. And so the answer is that I have certainly had very frustrating experiences with new examiners who didn't know what they were doing. But on the other hand, there are some people who were extremely sophisticated, who you are not going to put anything over on.
InvestmentNews: If you get an auditor who isn't well-trained, what do you do?
Mr. Marshall: Two pieces of advice: One is that they are powerful; it's like talking to a judge. So be respectful, patient and polite. Number two, if they are just a complete blockhead and they are just wasting your time and money and driving you crazy, don't just keep pounding away at them — go up the chain. The example I give clients is: Imagine you are in Iraq, and there is a column of tanks going to the wrong town. And you come running out, and you stop the column, and a young kid, 19 years old, pops out of the lead tank — he's the driver — and you tell him, “You're going to the wrong town! Turn this whole column around and go to another town.” What do you think the kid is going to say? He's going to say, “You're out of your mind. The general told me to drive the tank down this road. I'm driving the tank down this road.” You can scream at that kid for 100 years, and all you are going to do is make him mad. That is the second mistake. If you get into a situation where your politeness, your patience, your advocacy is getting absolutely nowhere, don't just get into a war with a junior examiner. Take it up the chain in a polite, respectful way and get to the senior person who knows what they are doing.
Mr. Kautt: Let me give you an example. We were asked to provide the financial records because we do have custody of some assets. In other words, I am a trustee, so that constitutes custody under the SEC regulations. I understand the Freedom of Information Act, and I didn't want to provide that, because I was concerned that it might in fact be subject to FOIA. So I said to the examiners, politely, “No, we will not do that. But if you will please have your supervisor or your legal counsel call me, we can discuss it.” And we did. He assured me that it was exempt from FOIA, and we provided it. So as Rick [Marshall] said, if you don't want to get into a contest with the examiners, take it upstairs.
InvestmentNews: One of our listeners is asking whether the SEC is going to raise the minimum AUM for SEC registration.
Mr. Marshall: There has been talk about that. I think it partly depends on whether they regulate hedge funds, which will flood them with new registrants. So I think if they do that, the ability to keep up with the number of examiners they will need will be almost hopeless. So my guess, is they will then raise the minimum.
InvestmentNews: We have got another question from a listener: “With all of the custody issues surrounding collecting client fees, what would be the impact on firms that had to invoice clients and wait for payments, as opposed to having the authority to collect fees directly from client accounts?”
Mr. Marshall: I think that is a business issue, and I don't think any adviser would like that arrangement. It's obviously better to have the automatic deduction of fees and do it in advance, because you get paid.
Mr. Kautt: Yes, that is a business decision. The SEC merely wants to make sure that you are not billing beyond the regulatory maximum of six months without some awfully good reason. And I certainly can't think of a business reason. They took one look at how we collect fees. Again, we do bill out of their accounts; we have third-party custodians. It was a non-event.
InvestmentNews: Here's another question from the audience: “Our firm has selling agreements with third-party firms. What type of documentation does the SEC request from the relationships with third-party firms?”
Mr. Hermening: We actually have a couple. We have an adviser who uses one, and he does his business as an investment adviser through our registered investment advisory firm. The RIA was the firm that needed to have the selling agreement with those particular separate-account-management companies. And then our fellow had to have his contract with the RIA. The SEC asked for all of that documentation because those assets were still being reported, and cash flow still came through our firm even though we didn't actually manage or have discretion or make decisions.
Mr. Marshall: I don't know whether we are talking about a broker or an advisory [firm], but the fundamental points are that the SEC will want to see a written agreement and disclosure. What disclosure is required depends on whether it is a broker or adviser, but there certainly should be a written agreement and disclosure where required, which would always be the case in some form.
InvestmentNews: Kevin [Hermening], one of our listeners has an issue with your statement that your broker-dealer is another set of eyes. The listener's broker-dealer has implicitly stated that even though it receives copies of everything the listener sends to RIA clients, under no circumstances does it approve or disapprove of what was sent since the broker-dealer would then be on the hook for our compliance. True or false?
Mr. Hermening: Well, certainly, some of the broker-dealers that we have had contact with over the last several years, as we looked at various broker-dealer relationships, have taken the position in some cases that they will simply not allow registered representatives who have an independent RIA to operate with discretion. Our broker-dealer, of course, has taken the position that they have allowed independent RIAs, but they are getting paid, for example, a portion of the investment advisory fees that our firm collects. Because I am dually registered, the broker-dealer knows and understands that they have got that responsibility if they are going to allow a dually registered representative.
InvestmentNews: One of the listeners is asking if the possibility of an audit has any correlation with the amount of assets under management.
Mr. Marshall: The SEC uses what they call risk factors to target an audit, and larger advisers are generally more likely to be inspected more frequently than smaller ones. But it is only one factor, and I don't really think it is the most important factor. There are some large advisers that aren't inspected all that frequently. The very, very largest advisers are inspected quite frequently, but the answer is that the more assets you have under management, the more likely you are to be inspected more frequently, but it is not a one-to-one relationship.
InvestmentNews: Here is another post-Madoff question. How will confirmations help if false statements are sent to clients? What is the SEC looking for advisers to provide to verify balances?
Mr. Kautt: I'm speculating here, and I think everyone on the webcast is speculating, because we aren't the SEC. But let me go back to key risk areas. If you have identified the key risk areas for compliance in your firm and you focus on those, you are way ahead of a lot of folks. If you have a bona fide, legitimate third-party relationship as a custodian or as a broker-dealer — in other words, the investments are not housed at your shop — then that third-party confirmation is going to work. If you don't, then there might be a problem.
It's the same thing with performance reporting. You may report the performance, but you receive the underlying trading or data from your custodian and the broker-dealer. Kevin [Hermening] said he sends out quarterly performance reports. And he gets his data from Pershing or from somebody else. We get ours from [The Charles] Schwab [Corp. in San Francisco] or Pershing.
But it may be a little trickier if you have proprietary products. And Rick [Marshall] may agree or disagree, but the risk profile goes up rapidly when you have custody, when you have proprietary products, when you are doing your own trading and you don't have third-party reporting. That is going to subject you probably to an audit really, really quickly. It was eight years between our last audit and our most recent audit because our risk profile as a fee-only RIA is so low. And in fact, that is why we became one, because we have very, very few issues. We don't typically have custody, we don't have proprietary products, we don't report performance ourselves; we use third-party data. And we don't custody; we have a third-party custodian. So we are at the bottom end of the risk profile scale.
Mr. Marshall: Those are all good insights. I think what the SEC is just trying to do as much as possible is double- and triple-check that the asset which the clients think are there are really there. When a custodian is involved, it can start by going between the adviser and the custodian to verify that the third-party custodial records agree with the adviser's records. But that doesn't foreclose the chance that what the clients are being told is something different. This is just a way to double-check that you are going to the third-party custodian and the client and that you are ultimately checking to ensure as best you can that everything is where the client expects it to be. It isn't perfect, but it is a double-check against the possibility that the adviser is keeping an accurate set of books for the regulators that correspond to the custodian's records but telling the client something different.
InvestmentNews: A listener wants to know whether you advise having an accountant and/or an attorney present during the audit.
Mr. Marshall: That's a tactical question. It depends on the issues that are likely to come up and your relationship with the regulators based on your historical experience. If you expect to have some very difficult issues — difficult in the sense that they could lead to enforcement actions, and you either have had in the past contentious relations with the examiners or you expect to have contentious relations in the current inspection — I think it is fine. I'm very experienced in dealing with these issues, and hopefully a good advocate and can bring extra value. A lot of registrants resist it because they feel that having a third-party outsider will create suspicion. It also raises cost and potentially raises a delay factor, so I certainly know a lot of clients who would say that unless there is a very sensitive issue and/or they feel that there is a contentious relationship with the regulators, to keep the third parties out of the picture.
InvestmentNews: Rick [Marshall], in your experience, is there such a thing as a rule of thumb as to how much firms should be spending on compliance in terms of cost and time?
Mr. Marshall: The SEC doesn't have a rule of thumb, because it depends on the nature of the firm. It depends on the type of activities they are engaged in and the kind of people they have working for them. Small firms that engage in very complex activities and have people who are in an extreme example convicted felons, out on bail, would require a lot of compliance supervision — whereas another firm that has a plain-vanilla business and everybody is just clean as a whistle and very compliance-conscious may need to spend less. So there is no rule of thumb.
InvestmentNews: Are auditors responsive to advisers asking questions or needing clarification?
Mr. Kautt: Our experience is that the auditors were quite responsive. We didn't need much clarification, but they quickly came back to us.
Mr. Hermening: I would agree. They were very helpful as well with our staff in getting clarity on some of the items. Literally, there were a couple of hundred items that they were requesting information about. And so a lot of them didn't apply, but they were very helpful in clarifying.
InvestmentNews: If you change your ADV Part I from “no custody” to “custody,” is that a flag for an SEC audit?
Mr. Marshall: Yes, it greatly increases your risk of being audited.
Mr. Hermening: That's the reason we don't have custody.
Mr. Kautt: Yes, that is one of the post-Madoff-era issues. That action would increase your risk profile.