But industry executives are afraid of coming forward with questions or concerns for fear of drawing attention to themselves and being singled out for retribution, the GAO said.
When the SEC’s office of compliance inspections and examinations detects malfeasance, it often fails to take into account a firm’s compliance controls, the GAO found.
“GAO continues to believe that implementing GAO’s prior recommendation to obtain and use compliance reports from firms—a source of information on the effectiveness of their compliance controls—could potentially help OCIE better identify higher-risk firms,” the GAO said.
Further, SEC examiners often fail to tell firms that they visit about the status of their investigations.
Ever since the mutual fund trading scandal of 2003, the SEC has changed the approach it takes in its examinations, and is now taking a higher-level, risk-based approach.
Since January 2006, the OCIE has made changes to improve communication, most notably setting up a hotline for complaints, requiring examiners to contact registrants when exams last more than 120 days and trying to reduce duplicate examinations.
Although the SEC has a hotline in the OCIE office, many firms are reluctant to use it. Thus, the GAO has recommended that the SEC move the hotline to an independent office.