Is This an Inspection or an Investigation? The Blurring Line Between OCIE and Enforcement

March 6, 2012

I.  Introduction

The most significant impact of SEC registration on private fund advisers is that the adviser becomes subject to inspection by the SEC’s Office of Compliance Inspections and Examinations (OCIE).  The greatest risk arising from an examination is that the inspection staff decides to refer finding from an inspection to the Division of Enforcement for an investigation.  This article discusses the risks of an examination becoming an investigation and strategies for anticipating and mitigating those risks.[1] 

II.  The Risk That an Examination Results in a Referral to Enforcement

Asset managers are particularly vulnerable to collateral consequences of a government investigation.  Particularly in the wake of recent cases, many investors have little tolerance for fund managers who are subject to an investigation, thus making flight of capital a real risk for advisers under investigation.  Stark examples of this played out over the last year when the F.B.I. executed search warrants in November 2010 on four hedge funds.  Of the four funds raided, three ceased doing business even in the absence of criminal charges.[2]

Statistics indicate that a substantial — and increasing — number of examinations result in Enforcement investigations.  For example, in fiscal year 2010, OCIE staff made 272 referrals of examination findings to the Enforcement Division.[3]  This represented a significant increase from 237 referrals in fiscal year 2009, and 198 referrals in fiscal 2008.  (Not surprisingly, the largest number of referrals to the Enforcement Division each year comes from the OCIE staff in the New York Regional Office.)  In the eighteen months from November 2010 to April 2011, the Enforcement Division opened nearly 200 investigations as a result of OCIE examination referrals.[4]  This suggests that OCIE referrals have become an increasing source of new investigations for the Enforcement Division.

In the wake of the Stanford Ponzi scheme, the SEC’s Inspector General conducted a review of referrals by OCIE regional office staff to the Division of Enforcement.  The report reflected a generally favorable and collaborative relationship between OCIE and Enforcement, but also made suggestions for increased coordination.[5]

In response, senior staff in OCIE and the Division of Enforcement have touted their increased collaboration.  Even before the Inspector General’s review, OCIE and the Enforcement Division had already begun to enhance the level of collaboration between the two groups.  In testimony before the House of Representatives Subcommittee on Oversight and Investigations, Robert Khuzami, Director of the Division of Enforcement, and Carlo di Florio, Director of OCIE, outlined the steps that had been taken to increase the level of coordination, including: (i) regular monthly meetings to discuss issues raised in ongoing examinations, (ii) quarterly exam reviews to identify, among other things, referrals to the Enforcement Division, (iii) evaluation of exam referrals by OCIE and Enforcement staff to identify misconduct, (iv) coordination between OCIE staff and specialized units in the Enforcement Division, particularly the Asset Management unit, and (v) risk-based initiatives that have led to sweep exams looking at areas such as suspicious performance returns, disclosure and valuations at bond funds, mutual fund fees, problem advisers and adviser compliance programs and procedures.[6] 

Perhaps no single case illustrates the risk of an examination becoming an Enforcement investigation than the insider trading cases related to Galleon.  According to media reports, the Galleon insider trading investigation began in February 2007 with an OCIE inspection of the recently registered hedge fund adviser.[7]  Four months later, Raj Rajaratnam was testifying at the offices of the SEC in the investigation that would eventually lead to the most sweeping series of insider trading cases in the agency’s history.

Other, albeit less dramatic, examples of collaboration between the Enforcement and OCIE staff abound.  For example, in announcing an enforcement action against a broker-dealer for the sale of notes linked to the performance of synthetic collateralized debt obligations, the SEC’s press release noted that the examination team assisted in the investigation.[8]  In another matter involving the failure of a fund adviser to file Forms 13F, the Commission’s administrative order noted that the issue arose as a result of questioning by the inspection staff.[9] 

The risk of inspections becoming investigations has been heightened as a result of the recently adopted rules to implement the whistleblower provisions of the Dodd-Frank Act.  In May 2011, the SEC adopted the final rules that provide rewards of 10%-30% of financial recoveries to individuals who provide information to the SEC that leads to an enforcement action.

The potential for these rewards provides a strong financial incentive to employees to provide information to the staff that is likely to lead in the first instance to a cause examination, which in turn often leads to an investigation.  Even before the recent whistleblower rewards were enacted, a whistleblower tip factored into the Galleon investigation.  According to a media report on the Galleon investigation, during the inspection of Galleon, the staff received an anonymous letter alleging widespread insider trading at Galleon.[10]

Moreover, the SEC’s first report on the whistleblower program suggests that it is succeeding in generating tips that are leading to substantial investigations.  According to the report, in the period August 12 to September 30, 2011, the office received 334 whistleblower tips.[11]

III.  Strategies for Managing the Risk of an Enforcement Referral

Although the risk of an inspection becoming an investigation is substantial, there are strategies for mitigating that risk and potentially averting a lengthy and costly investigation.  The first step to managing the risk is identifying when an exam poses a heightened risk of an Enforcement referral.  When such a risk is identified, the second step is to attempt to engage with the staff in a dialogue that provides the registrant with an opportunity to address the issues of concern to the staff and potentially avert a referral to the Enforcement Division.

          A.  Assessing the Risk at the Beginning of the Examination

There are three general categories of SEC examinations: routine, cause and sweep exams.  Each type of exam presents a different level of risk.  Therefore, identifying the nature of the exam at the outset is an important first step in assessing the risk of the potential for Enforcement Division interest.

Unfortunately, the staff does not disclose to the registrant the reason it is conducting an exam (i.e., whether the exam is routine or cause) and will decline to answer the question if asked. However, it is sometimes possible to infer the type of exam in each case based on the circumstances of the exam, including the information requested and questions asked by the staff.

Routine exams:  As the name suggests, routine exams are conducted routinely to review and test the effectiveness of the registrant’s compliance policies and procedures.  In contrast to cause exams discussed below, routine exams are not triggered by any particular reason to suspect any compliance deficiency or securities law violation exists.  Nevertheless, according to the staff, the selection of registrants even for routine exams is supposed to derive from a risk-based assessment in which high-risk registrants are examined more frequently and with greater regularity than low or medium risk registrants.  This also means that in determining areas on which to focus during an examination, the staff is expected to assess and focus on those aspects of a firm that present heightened risk due to the nature of the registrant’s business and compliance infrastructure.  

Cause exams:  Cause exams are initiated based on a reason to believe that a regulatory compliance deficiency may exist or violation of the securities laws may have occurred or be occurring.  Cause exams may be initiated based on a variety of sources, including complaints from investors, counterparties, competitors or employees (both current and former); evidence obtained in an existing Enforcement Division investigation; documents reviewed in an examination of another registrant; referrals from other regulatory agencies, and media reports. 

In this respect, a cause examination may be initiated on the basis of the same sources that would otherwise be sufficient to commence an investigation.  But where the subject of the complaint is an SEC registered entity, the staff’s first investigative step is often simply to conduct an examination.  This gives the staff more immediate access to the registrant’s documents and employees and the ability to be on-site at the registrant’s offices, thereby often avoiding the intermediation of counsel for the registrant.  In these circumstances, the exam staff may be coordinating very closely with the Enforcement staff and the exam may simply be the beginning of what would otherwise be an investigation. 

For obvious reasons, cause exams present a heightened risk of an Enforcement referral.  In a cause exam, the staff has commenced the exam based on a suspicion that a violation may have occurred.  Thus identifying a cause exam at the outset is important.  Often the initial document request from the staff can provide insight into whether the exam is routine or cause.  Typically, in a cause exam the initial document request is more targeted and focused on particular issues, such as trading in particular securities or arrangements with particular third parties.   

Sweep exams:  Sweep exams are exams conducted of a large number of registrants to review a particular regulatory compliance issue.  They are typically initiated because the staff has determined that a particular industry-wide practice should be reviewed to determine whether regulatory compliance concerns are implicated or should be addressed, either through staff guidance, rulemaking or Enforcement investigation.  Sweep exams may be based on risks identified by a variety of sources, including the SEC’s Division of Risk, Strategy and Financial Innovation, media reports or issues identified in other investigations or examinations.

Sweep exams present a heightened degree of risk because they are focused on areas of concern to the staff.  However, they present a somewhat lower risk than cause exams because they are typically focused on industry-wide practices rather than the conduct of a specific registrant.

Sweep exams are distinguishable from cause exams in that, although focused on a specific business practice or compliance issue, they are conducted at multiple registrants at the same time.  Typically, the staff does not announce the initiation of a sweep exam.  Nevertheless, one may be able to identify a sweep by conferring with counsel or compliance personnel at other registrants. 

          B.  Assessing the Risk During the Examination

Regardless of the reasons that triggered the examination, any examination can potentially result in an Enforcement referral based on information uncovered by the staff during an exam. 

Assessing whether the staff is contemplating making a referral to Enforcement during the exam can be difficult.  One can infer at least the potential for a referral if the staff demonstrates a heightened interest in a particular issue in the exam.  In some cases, before concluding an examination, the staff may express a concern that a particular issue indicates a deficiency or even a potential violation and give the registrant an opportunity to respond to the staff’s concerns.  However, the outcome of that dialogue may not be a reliable indicator of the staff’s consideration of an Enforcement referral.  Typically, the staff is not transparent about its reaction to the registrant’s explanations.  Thus it is not uncommon for registrants to misperceive silence from the staff as the conclusion of an issue.  Registrants can subsequently be caught by surprise when the staff refers an issue to Enforcement without any further dialogue on the subject. 

At the conclusion of an examination, if the staff has identified compliance deficiencies, they will send the registrant a deficiency letter that describes the deficiencies and provides the registrant the opportunity to respond.  However, the deficiency letter process does not provide any indication whatsoever whether the staff is also considering an Enforcement referral.  Indeed, the staff’s practice with respect to deficiency letters and Enforcement referrals has varied.  In some cases the staff has identified an issue as a deficiency in a deficiency letter and simultaneously referred the same issue to Enforcement for investigation without any notice to the registrant.  In other cases, the staff has referred an issue to Enforcement (again without any notice to the registrant), yet omitted any discussion of that issue from the deficiency letter.  Accordingly, one cannot rely on the deficiency letter process to indicate whether an Enforcement referral is also being made. 

          C.  Confronting the Risk with the Staff

Identifying the risk of an Enforcement referral is critical for at least two reasons.  First, where the risk is heightened, it becomes more appropriate to treat the exam as the beginning of the an investigation, including having counsel review documents before production to the staff, prepare employees for interviews by the staff, potentially conduct a more expansive internal review of areas of concern to the staff, consider remediation of an existing deficiency, and possibly open a dialogue with the staff about their concerns.  Second, because the staff may not notify the registrant that it is considering an Enforcement referral, correctly assessing the risk of a referral can provide the registrant with an opportunity to confront the staff’s concerns directly and undertake an effort to persuade the staff not to make the referral.

In some cases, the staff may expressly raise the possibility of an Enforcement referral and provide the registrant an opportunity to address the staff’s concerns before making a final decision.  When this happens, it provides the registrant an opportunity to make factual and legal arguments to respond to the issues identified by the staff and, if applicable, to address potential remediation the registrant has undertaken or is willing to undertake to address the staff’s concerns. 

More often, however, the staff does not provide the registrant any advance notice of an Enforcement referral.  Thus, the only way to determine whether the staff is considering a referral to Enforcement is to ask the question explicitly.  The decision of whether to ask the question will depend on all the circumstances of the particular exam.  There can be a reluctance to ask such a question for fear that the staff may misinterpret the question as a suggestion that there is greater reason to suspect a violation than the staff otherwise perceives.  On the other hand, in the absence of posing the question, there may be no way to identify the potential for an Enforcement referral and to have the opportunity to persuade the staff that it should not make such a referral.  Ultimately, the decision whether to raise the question with the staff will depend on all the circumstances on a particular examination.

IV.  Conclusion

SEC examinations present an increasing risk of developing into Enforcement investigations.  However, when the risk in a particular exam is identified and the opportunity seized, the registrant may be able to address the staff’s concerns within the confines of the examination and avert the cost, burden and adverse commercial impact of a protracted Enforcement investigation.  

This article originally was prepared for Practising Law Institute’s "Hedge Fund Registration and Compliance 2012" conference, January 31, 2012.

  [1]   The author of this article, Mark K. Schonfeld, is a partner in the New York office of Gibson, Dunn & Crutcher, LLP, and Co-Chair of the firm’s Securities Enforcement Practice Group.  Before joining Gibson Dunn in 2008, Mr. Schonfeld was Director of the SEC’s New York Regional Office, where he oversaw both the Enforcement and Examination programs of the Office.     

  [2]   Azam Ahmed, "For Level Global, F.B.I. Raid Is a Final Blow," New York Times, (March 4, 2011) ("After the raid…investors asked for $750 million back, and those who had planned to invest new money withdrew."), available at Katherine Burton and Saijel Kishan, "Loch Capital Said to Have Closed Its Hedge Funds Last Year After FBI Raid," Bloomberg News (March 7, 2011), available at; Katherine Burton, "Barai Capital Winds Down Funds After FBI Raid, Investor Says," Bloomberg News (Jan. 31, 2011), available at

  [3]   U.S. Securities and Exchange Commission, Office of Inspector General, "OCIE Regional Offices’ Referrals to Enforcement," Report No. 493 (March 30, 2011) ("Inspector General Report").

  [4]   Robert Khuzami, Director, Division of Enforcement, and Carlo di Florio, Director, Office of Compliance Inspections and Examinations, "The Stanford Ponzi Scheme: Lessons for Protecting Investors form the Next Securities Fraud," Testimony before the Subcommittee on Oversight and Investigations, Committee on Financial Services, U.S. House of Representatives (May 13, 2011), available at ("Khuzami and di Florio Testimony").

  [5]   Inspector General Report, n. 3 supra.

  [6]   Khuzami and di Florio Testimony, n. 4 supra.

  [7]   George Packer, "A Dirty Business: New York City’s Top Prosecutor Takes on Wall Street Crime," The New Yorker (June 27, 2011), available at

  [8]   SEC v. Stifel, Nicolaus & Co., Inc., Civ. Action No. 2:11-cv-00755-AEG, Lit. Rel. No. 22064 (E.D. Wis. Aug. 10, 2011), available at

  [9]   In the Matter of Quattro Global Capital, LLC, Admin. Proc. File No. 3-12725 (Aug. 15, 2007), available at  For other examples of recent collaboration between OCIE and the Division of Enforcement, see Khuzami and di Florio Testimony, note 4 supra

[10]   Packer, "A Dirty Business," The New Yorker.  According to the article, the anonymous letter stated: "It is hedge funds like Galleon Group that create wealth for their shareholders and themselves at the expense of innocent investors.  Insider trading word in this fund should be changed to insider partnership and prostitution….  Prostitution is rampant for executives visiting Galleon. You will find that the Super Bowl parties for the executives, paid for by Galleon Group, include prostitutes and other forms of illegal entertainment.  In return, the executives provide Galleon the unfair edge that the fund leverages so well."

[11]   U.S. Securities and Exchange Commission, Annual Report on the Dodd-Frank Whistleblower Program, Fiscal Year 2011 (Nov. 2011), available at

Gibson, Dunn & Crutcher LLP 

Gibson, Dunn & Crutcher’s lawyers are available to assist in addressing any questions you may have regarding these developments.  Please contact the Gibson Dunn lawyer with whom you work, the author (Mark K. Schonfeld (212-351-2433, [email protected]), or any of the following members of Gibson Dunn’s Securities Enforcement Group:

© 2012 Gibson, Dunn & Crutcher LLP

Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.