Speech by SEC Staff:
Financial Services Institute: First Annual Public Policy Day

by

Lori Richards

Director, Office of Compliance Inspections and Examinations
U.S. Securities and Exchange Commission

Washington, D.C.
October 13, 2004

An Update on the SEC's Examination Program

Good Morning. I'm glad to be with you here today, I understand that this is the inaugural meeting of the Financial Services Institute's Public Policy Day. I am pleased to have been invited to address this group at its first such meeting. I have been asked to update you on SEC's activities in the last year. Hold onto your hat, because we've been very busy! At the outset, let me remind you that the views I express are my own views and not necessarily the views of the Commission, the individual Commissioners or my colleagues on the Commission staff.

The mission of this group, to serve as a forum for industry leaders in the broker-dealer independent contractor community to come together and address common concerns and issues, is certainly important. And, it is timely, as the securities industry is grappling with ways that it can ensure that it serves its customer - the investor - in the best possible way. Compliance breaches in the last year have certainly served as a warning that, in the drive for results, productivity and profit, firms must refocus and rededicate themselves to ensuring that they do not lose sight of their customer.

These compliance breaches are now well known by all of us and by the investing public -- the failure to provide customers with breakpoint discounts in selling mutual funds, abusive market timing and late trading, inappropriate sales tactics in the sale of variable annuities, research analysts' conflicts of interest, failing to inform brokerage customers of sales incentives provided by mutual funds - these are all examples of problems that recently beset a significant number of industry firms.

These breakdowns, as well as other problems we have seen in our examinations, indicate a need for more vigorous compliance and supervisory programs by financial services firms. More broadly, however, I believe that recent events should signal a need for deeper and more meaningful change than just adopting a new policy or procedure dealing with whatever particular misconduct may be on our radar screens. I believe that recent experiences indicate a need for firms to consider how they can be more proactive in ensuring that problems never occur in the first place. The concept of prevention is not new and is in fact a key aspect of the federal securities laws - as the Exchange Act, the Investment Adviser's Act and the Investment Company Act all have provisions that reflect the need for registered firms to have policies and procedures reasonably designed to prevent violations of the federal securities laws (Section 15(b)(4)(E) of the Securities Exchange Act of 1934, Rule 206(4)-7(a) under the Investment Advisers Act of 1940, and Rule 38a-1(a) under the Investment Company Act of 1940). I know that you share my view that problems are best prevented from occurring in the first place.

Just as compliance breakdowns have caused many firms to consider improvements that they can make in compliance, in supervision and in the firm's "Culture of Compliance," we as regulators have also taken steps to reassess both regulatory obligations of firms, as well as the way we conduct our oversight. Our primary mission is to protect investors and to maintain the integrity of the securities markets, and with this goal firmly in mind, we've made some changes. I thought this morning I would briefly summarize some of the regulatory changes that the Commission has taken in the last year that are of interest to broker-dealers and investment advisers, and then spend most of my time outlining developments in the SEC's examination program.

I. Select Recent Regulatory Actions Affecting Broker-Dealers and Advisers

Recent regulatory actions affecting (or potentially affecting in the case of proposed rules) broker-dealers include the following:

• Disclosure of sales incentives: In January of this year, the Commission proposed that broker-dealers be required to provide customers with a new point-of-sale-disclosure and confirmation document that would disclose costs and conflicts of interest that arise in selling fund shares (Exchange Act Release No.22-8358).
   
• Supervision of remote branch offices: In March, based on recent enforcement actions and examination findings, the SEC's Division of Market Regulation issued a bulletin describing supervisory tools that are characteristic of good supervisory procedures (Staff Legal Bulletin No. 17). They include: conducting random, surprise inspections; using technology to monitor activities; ensuring that specific supervisory responsibilities are assigned, and sufficient resources are accorded to implement those responsibilities; being cautious about hiring registered reps with a disciplinary history; implementing special monitoring procedures for high risk activities; and ensuring ongoing education for registered reps.
   
• Supervision and preventing theft of clients' funds: Given problems with respect to supervision of producing branch managers and misappropriation of customers' money, the NYSE and NASD recently adopted new rules governing supervision and internal controls (NYSE Rule 401, NASD Rule 3012).
   
• Compliance controls: To ensure that compliance controls are a critical part of every firm's business, the NASD has adopted an new rule requiring that firms' designate a chief compliance officer, and that the firm's CEO certify annually that the firm has in place processes to establish, maintain , review test and modify written supervisory procedures (NASD Rule 3013).
   
• Variable annuities: Given recent examination and enforcement cases involving unsuitable sales of variable annuities, the NASD proposed an important new rule designed to protect investors (NASD Notice to Members 04-45). The rule would include requirements with respect to suitability, disclosure, principal review, supervision and training tailored specifically to transactions in variable annuities.
   

With respect to investment advisers, some of the new rules (and proposed rules) include:

II. The SEC's Examinations

As I mentioned, I wanted to spend the bulk of my time with you today talking about SEC examinations. After all, your interface with the SEC may occur primarily during an examination, and I know that the industry is very interested in the changes to our program that we have recently implemented.

Let me begin by telling you about our philosophy -- we have dedicated ourselves to being more proactive, to identifying high risk conduct and taking steps to mitigate or eliminate it, before it can blow up and investors are harmed. This is a fundamental goal of our Chairman, and as an examiner, I've simply seen too much investor harm and abuse, and have heard from too many investors who were misled or taken advantage of not to think about how this misconduct might be prevented in the first place.

Think about the damage done in the last few years, which has had a real impact on investors, not just in terms of the dollars lost due to particular fraudulent or abusive behavior, but also in terms of trust, your customers' trust. I have often said that what's good for investors is good business for those who serve investors. The inverse is equally true -- loss of investor trust has real economic consequences for firms and for our markets overall. I know that most firms share this goal: they want to do business in an environment that fosters their customers' trust, and they want to compete in an industry where all firms are playing by the rules.

In the examination program, we intend to: 1) focus our limited resources on the areas presenting the highest risk to investors; 2) implement a proactive "problem solving" strategy designed to identify emerging compliance problems so that they may be remedied before they can become too severe or systemic; and 3) help foster strong compliance practices that help prevent problems from occurring in the first place.

How are we doing this?

1. Risk-Based Targeting

First, beginning last fall, we improved the risk-based targeting of examinations. We implemented risk assessment strategies to identify high risk issues and we then launched targeted examination initiatives to probe these discrete issues "horizontally," or at several firms in the industry at once. These "risk-targeted examinations" provide us with a clear sense, relatively quickly, of industry practices with respect to a particular issue, and allow us to provide the Commission, its staff, and others with the information needed to address the issue, whether by issuing an investor alert, assessing whether changes to rules are needed, bringing an enforcement action or taking some other action to address the issue, using "all of the tools in our toolbox."

Our risk-assessment process utilized the very significant knowledge of our exam staff in the field -- those folks who are on-the-ground, out conducting examinations, and who see emerging issues. We asked all examiners to identify areas of compliance risk, and also to identify factors that would either mitigate or exacerbate that risk. For example, factors that might exacerbate a risk include the risk of non-detection, the likelihood of significant profits, the belief that "everyone is doing it," and the lack of clear regulatory or supervisory guidance. Factors that might mitigate a risk include, for example, a high risk of detection, low probability of profits, and a clear knowledge of the scope of permissible and impermissible conduct.

It will never be possible for regulators to detect every covert act, every concealed motive, every falsified record, every violation, nor will ever be possible for regulators to address every risk in the securities industry. But we can improve our ability to identify the types of conduct that can lead to the most serious violations and we can act promptly to solve problems once they are identified. We have been actively seeking ways to further refine and improve this process throughout the Agency, to better anticipate areas of emerging risk, and to coordinate methods to solve the problems that are identified. Indeed, the Commission has created a dedicated "Office of Risk Assessment" to serve exactly this function. The new director of that Office, Charles Fishkin, is now on-board at the SEC, and we expect that he will help the Agency's staff spot issues and coordinate solutions.

With respect to mutual funds specifically, we are also actively thinking about how we can use data and information to target our resources more precisely to those firms, and those areas within firms, where there are indications of problems. Chairman Donaldson has created a "Task Force on Mutual Fund Surveillance" to determine how the Agency can better obtain and use data and technology in this effort.

2. Identifying and Remedying Problems

How has this risk-based targeting worked so far? This targeted approach is working to identify problems. Indeed, recent SEC examinations have detected significant and emerging compliance problems, which led (and are leading) to SEC remedial and corrective actions. Let me give you some examples:

• "Revenue sharing:" Examinations last fall revealed the increasing use of fund assets for sales and marketing payments to broker-dealers. These findings resulted in SEC enforcement actions, and in the SEC enacting a rule to bar funds from using brokerage commissions to pay marketing incentives to broker-dealers (July 04), and proposing a rule that would require greater point-of-sale disclosure to broker-dealer customers about the incentives received by the broker-dealer to sell a particular fund (December 03).
   
• Violations by specialists: Examinations revealed that NYSE specialists were "trading ahead" of their customers' orders. This finding resulted in SEC and NYSE enforcement actions against NYSE specialist firms, and over $240 million in disgorgement and fines (March 04). Examinations of other exchanges' specialists are ongoing.
   
• Disclosure and suitability problems in the sale of variable annuities: Examinations revealed that many broker-dealers were selling variable annuities without adequate disclosure of their features, to individuals for whom they were not suitable, and with poor supervision and training. These findings led to the issuance of a public SEC/NASD report describing both poor and best practices for broker-dealers (June 04 at http://www.sec.gov/news/studies/secnasdvip.htm), and to the NASD proposing new rules designed to ensure better disclosure and sales practices (June 04).
   
• Market timing and late trading: After the NYAG brought its case involving market timing and late trading by Canary Partners, SEC examiners conducted an industry-wide probe, leading to enforcement actions and to rules requiring improved disclosure of market timing policies (April 2004), facilitating information that could aid in the detection of abusive market timers operating in omnibus accounts and proposing a hard 4p.m. close to slam the door on late trading (December 2003).
   
• Broker-dealers' overcharging customers by failing to provide "breakpoint" discounts available to customers buying mutual funds: Early indications of problems by the NASD led to an examination sweep by the SEC, NASD and NYSE that found widespread failures to provide discounts to customers, resulting in a public report of these findings (http://www.sec.gov/news/studies/breakpointrep.htm, March 03), an industry-wide accounting of the overcharges, and reimbursements to investors. Findings also led to: creation of an industry task force that identified systemic solutions; a new SEC rule to better disclose available breakpoint discounts (June 04); and SEC and NASD enforcement actions.
   
• Use of "fair value" pricing by mutual funds: SEC examiners conducted a review of the use of fair value pricing practices of over 900 funds that invest primarily in foreign securities, to evaluate the frequency of use and problems in the application of fair value methodologies, and provided information and data to the Commission and staff (May 2004).
   
• Review of the structure, activities, valuation and risks of hedge funds: SEC examiners conducted fact-finding inquiries of a cross-section of hedge funds and managers, findings were reported in "Implications of the Growth of Hedge Funds" (http://www.sec.gov/news/studies/hedgefunds0903.pdf, September 03).
   

In addition to better identification of emerging wide-spread problems, the greater focus on risk-based targeting and more in-depth examinations has resulted in an increase in examinations finding significant problems. For example, one measure, the number of examinations referred for enforcement investigation, increased significantly in the last year. Clearly, a result of better targeting is being able to detect and remedy serious problems promptly.

We have made this targeting process a part of our program, and have a number of risk targeted examinations now underway. Let me describe, thematically, some of the things we're looking at now:

• Several of these risk targeted examinations, involve, in different contexts, undisclosed payments - off-the-books, side letter-type payments that appear not to be disclosed to the ultimate stakeholder, the investor. In these examinations, we're following the old adage "follow the money." Some situations involve the inappropriate use of fund's money. For example, we're looking mutual funds' securities lending - to see if the proceeds of the loan go back into the fund. We're also looking at brokerage commissions paid by index funds and other funds to see if the fund is getting what it's paying for, or the fund's money is being used for some other, undisclosed purpose. We're looking at how funds select service providers, and for under-the-table payments made to secure the business that are not disclosed, and not in the best interests of shareholders.
   
• Other situations involve failures to disclose conflicts of interest, such as when broker-dealers agree to favor the sale of particular funds in exchange for payments from the fund and its adviser, with respect to payments by funds to consultants or 401k plan sponsors without adequate disclosure of the conflicts created, in how securities are allocated amongst client accounts, and in the use of soft dollars.
   
• Some on-going examinations involve sales practice problems - like selling unsuitable securities, misrepresenting risk or cost, misrepresenting performance results achieved, or recommending that a customer mortgage his/her home to purchase securities.
   
• Some examinations involve pricing practices, such as with respect to mutual funds that hold difficult-to-price securities.
   
• Because the possibility of problematic conduct is lessened by good supervision, we're also looking at supervisory and compliance programs at many types of firms.
   
• Other examinations involve the use -- or misuse -- of customer trading information or other non-public information, including by employees of broker-dealers, funds, advisers and other types of entities.
   
• In several contexts, we're looking at trading practices, and whether they're in the best interests of the customer, including by looking at specialists' and market makers' trading practices.
   

3. Fostering Strong Compliance Practices

As I said at the outset, we view our mission as not just the detection of problems, but also, in a proactive way, to encourage firms to take steps to improve compliance practices before problems can develop. As an examiner, I have too often discovered problems occurring in one firm after another, not to think about ways that firms could prevent the problem in the first place. I like nothing better than when firms improve their compliance practices to prevent problems and violations. I know that many firms certainly share this view. And as a practical matter, while we have recently increased the size of our examination staff (we now have approximately 490 staff people dedicated to examining investment advisers and mutual funds and 315 staff people to oversee broker-dealers), we can't ever replace the obligation of firms, first and foremost, to prevent, detect and correct problems in their own shops.

What steps can we as regulators take to help firms' improve compliance practices? We can look back up the compliance and supervisory chain and try to determine what led to problems in the first place. In the last year, SEC examiners initiated targeted examinations to focus on firms' efforts to prevent problems, including by reviewing firms' compliance programs and handling of conflicts of interest. I submit that these efforts are among our most important, and, as I said at the outset, the identification of strong proactive measures to prevent problems should be a top priority for all firms.

One step we can take to help foster stronger compliance is to highlight problem areas, and spur greater communication about strong compliance practices and internal controls. Recently, we issued public reports that aim to do that. For example:

• "Interagency Statement on Sound practices Concerning Complex Structured Finance Activities": Post-Enron and other financial frauds that involved the use of certain structured finance products, examiners worked together with federal banking regulators to conduct examinations and together identified certain sound internal controls. The SEC and the federal banking regulators have proposed these guidelines for public comment (http://www.sec.gov/rules/policy/34-49873.htm, June 04).
   
• "Joint SEC/NASD Report on Examination Findings Regarding Broker-Dealer Sales of Variable Insurance Products: Examinations revealed that many broker-dealers were selling variable annuities without adequate disclosure of their features, to individuals for whom they were not suitable, and with poor supervision and training. In June of this year, we issued a report describing both poor and best practices for broker-dealers (http://www.sec.gov/news/studies/secnasdvip, June 04).
   

I have heard from many firms' compliance staff that they value this type of report, because it can help generate ideas on how they might improve their own internal controls. Compliance folks have also said that this type of regulatory report gives them support in asking the business leaders of the firm for more resources or more attention to compliance issues!

4. What Does This Examination Approach Mean for Firms?

This examination approach means that an SEC examination of your firm may be focused on a discrete area or issue. While the examination focus may be narrow, in that area, examiners will likely probe deeply, asking for records and documents, including internal communication, like emails, if they are relevant. We will work with firms on the timeframes for producing documents, but as you will understand, so that we can do our work effectively and efficiently, we ask for prompt production of relevant information. We are also working on ways that we can improve the flow of information between the largest firms and our oversight staff, to help ensure that we are aware of significant developments in the regulated community.

From all firms, we expect cooperation and candor, and that you will help us to understand your compliance controls, and how they work to prevent and detect problems. We will also want to understand what steps were taken to correct problems that were detected. From us, you can expect that we will conclude our work as quickly as possible, and provide you with the results of the examination in writing - in a deficiency letter if we found deficiencies, or in a "no further action" letter if no deficiencies were identified. We recognize that given the concentration of investor assets and accounts in the largest asset management and brokerage firms, the largest firms in the industry may be subject to several risk targeted reviews at once. In fact, some firms may see more of us in these risk targeted exams, and less of us for routine full-scope examinations. We will seek to do our work, and to identify firms to be examined, with minimum burden to the firms' examined. We encourage communication during the examination - please talk with examination staff about any issues that arise.

If your firm is an investment adviser or investment company, we will be examining high-risk firms regularly - these are very large firms with significant investors' assets under management, and firms with less-than-robust internal controls or with other high risk characteristics. All other firms may be examined for cause (for example, based on a tip or complaint), pursuant to a risk targeted examination or randomly.

If your firm is a broker-dealer, we will be examining large firms' internal controls regularly, and other firms will be examined for cause, pursuant to a risk targeted examination, to evaluate the oversight of an SRO, or randomly.

I want to say a few words about the outcome of examinations. Most examinations are concluded, after an exit interview, with a deficiency letter that outlines our findings, and asks for corrective actions to fix the problem and preventative actions, to ensure that it does not reoccur. These deficiency letters serve a very important purpose -- they may be early warnings for firms about problem areas that need to be remedied.

I am often asked about the criteria we use in considering whether examination findings ought to be referred to our colleagues in the SEC's Division of Enforcement. Among the factors that are considered are:

• Does it appear that fraud has occurred?
   
• Were investors harmed?
   
• If the conduct does not include fraud, is it serious (i.e., ongoing, repetitive, systemic or severe?)
   
• Did the firm apprise us of the conduct and take meaningful corrective action?
   
• Is the conduct of a type/degree that is most appropriate for the SEC to handle, rather than another regulator?
   
• Is the activity in a particular area that the SEC wants to emphasize (i.e. emerging types of wrongdoing?)
   
• Did the actor profit from the conduct?
   
• Did the actor appear to act intentionally?
   
• Is the conduct recidivist in nature?
   
• Were the firm's supervisory procedures inadequate?
   

I know that the prospect of an SEC examination is not eagerly anticipated. I understand that producing documents and answering questions may not be part of your business plan. I submit, however, that it should be -- all firms that handle other people's money should be prepared to demonstrate that they are doing so with the utmost of care. This responsibility is not to be undertaken lightly, it means having strong internal controls designed to prevent abuse and violations of the rules. It means investing in the compliance infrastructure needed to handle other people's money. If you approach your work with this responsibility in mind, you will understand that our mission is not to "get you," but to make sure that you are acting in the best interests of both of our clients - investors.

Conclusion

I will end here. I hope I've provided you with a sense of current developments at the SEC and in the Examination Program in particular.

Thank you, and I'm happy to answer any questions you may have.