New OCIE Request List Backs Away From CCO Focus
Looking closely at an examination request list recently sent out by the SECís Fort Worth District Office, youíll notice a few things missing.
There are no questions about the firmís compliance resources and budget, or the CCOís opinion thereof. There are no questions about the CCOís experience or competence. And thereís no question about the CCOís personal compensation. The whole section on risk SOPs (standard operating procedures) is gone, too.
But despite the removal of those particularly troublesome questions, the list isnít all sweetness and light. The CCO or the firmís president still has to sign a statement on firm letterhead describing the firmís material "regulatory/disclosure" breaches. If there werenít any, the CCO or president is asked to provide a signed written statement to that effect. The staff did attempt to make this item more palatable. Rather than covering the entire exam period, the request covers regulatory or disclosure breaches that occurred in the past twelve months. And, helpfully, the item contains the following note: "The registrantís responses to this item assist the staff in determining that the registrant has working controls in place to detect and correct violations when they occur. Disclosure of these breaches is not intended to provide the staff with a road map for citing the registrant for deficient practices."
Well, thatís reassuring.
The item also points out that a pattern of minor breaches could constitute a material breach. For example, receiving an access personís personal trading report a day late could constitute a material breach if it was part of a pattern of late filing by that individual or by access persons generally.
The list also asks for a separate written statement listing "any compliance problems" encountered during the exam period. However, the CCO or president do not need to sign this list. If there were no compliance breaches, the firm is asked to provide a written statement to that effect.
The list contains an e-mail request that, if read literally, could be quite burdensome: it states that the SEC exam staff, once on site, will select an unspecified number of individuals for which it will review e-mails. For each of the individuals, the firm should be prepared to provide "all e-mails, including their corresponding attachments, sent and received between January 1, 2004 and June 30, 2005," in an electronically-searchable format.
Presumably, the staff will not be requesting 18 months of e-mails for each person. Instead, it appears that the firm must be prepared to provide all e-mails for the 18 month period. The actual e-mails requested, however, likely will be for a narrower period within that 18-month time frame.
Also of note: The staff made clear that the e-mail request list includes attachments and e-mails sent on third-party systems: "In identifying e-mails that are responsive to our needs, please be mindful that e-mails may be stored both on servers and on individual hard drives of the persons selected," said the staff. "These e-mails may also be maintained by third parties such as AOL, Microsoft or Bloomberg."