U.S. Securities & Exchange Commission
SEC Seal
Home | Previous Page
U.S. Securities and Exchange Commission

Speech by SEC Staff:
Frequently-Asked Questions About SEC Examinations


Lori Richards

Director, Office of Compliance Inspections and Examinations
U.S. Securities and Exchange Commission

SIFMA Compliance and Legal Division January General Luncheon Meeting
New York, N.Y.
January 17, 2008

As a matter of policy the SEC disclaims responsibility for any private statement by any employee. The speaker's views are her own, and do not necessarily reflect those of the Commission, the Commissioners, or other members of the staff.

Good morning and happy new year! I'm very pleased to be here with you today — while I am a reliable speaker at the Compliance and Legal Division's Annual Meeting, I have not been fortunate to speak at this monthly luncheon for some time.

I'm happy to talk with you, as I view compliance professionals and the work you do as so terribly critical to the effective functioning of our markets and to the protection of investors. As compliance professionals, you are a key constituency of ours, and I view you as important allies in our work to protect investors. And with current unsettled conditions and today's immediate compliance challenges on your plate, your work could not be more important.

At this, your first meeting of 2008, I thought it would helpful to you if I used this opportunity to shed light on the SEC's examinations and some of our recent and ongoing initiatives and exam priorities for 2008. We are very much informed by events and compliance issues of the recent past, and so you will see that the compliance issues that came to have significance in 2007 are very much foremost on our agenda for our examinations in 2008.

I thought I'd share this information in the context of answering some of the most frequently-asked questions that we hear about our examinations (I'm going to save the "Top 10" compliance issues that we're concerned about for this year's annual meeting of the Legal and Compliance Division). Our Chairman, Christopher Cox, has asked us to be more transparent about examinations — the process we use, the issues we are concerned about, and what we're finding — and it's in that spirit that I'd like to answer the most frequently-asked questions.

Before I do, however, I'm obligated to say that, as a matter of policy, the SEC disclaims responsibility for any private statement by any employee. These views are my own, and do not necessarily reflect those of the Commission, the Commissioners, or other members of the staff.

What are the most frequently-asked questions? They are:

  • Will my firm be examined?
  • What issues are SEC examiners focused on now?
  • If my firm is examined, what kind of information and documents are examiners likely to request?
  • What are the possible outcomes of an SEC examination? and
  • What can I do to ensure that the examination goes smoothly?

While we get asked lots of other questions, these are the questions we hear most frequently, so these are the questions I'd like to address today.

1. Will my firm be examined?

In our work as examiners, we are challenged by oversight of 5,800 broker-dealers (with more than 173,000 branch offices!), almost 11,000 investment advisers, and about 950 mutual fund complexes with more than 8,000 portfolios, and 450 transfer agents. I start with the numbers here because they demonstrate that, as government resources are limited, we cannot examine every firm, every branch office, or every issue.

This reality informs us in two ways — first, in the firms and issues we choose to examine, and second, in our recent initiatives to help firms improve their own compliance programs. Using the language of principles, the principles that underpin our work in each area are: "To best protect investors, examiners should focus on the areas where they may be at greatest risk of harm," and "It takes more than just regulators to protect investors." Let me explain both of these principles a bit, and then describe our recent actions in each area.

In recent years, given the growth in firms that are registered with the SEC, we came to the conclusion that our limited resources would best be used in examining those firms and issues that have the greatest potential to pose harm to investors. Our approach to examinations seeks to zero in on those firms and those issues that are most deserving of our attention — those areas where investors may be most at risk. We focus attention on:

  • Firms that are of such size, that, if anything went wrong, a significant number of investors would be affected; this is why we spend a fair amount of time examining large firms, and monitoring their compliance controls.
  • Firms and areas within firms where compliance controls or supervision appears to be weak; these firms may have had a prior exam or enforcement history indicating weak controls or problems, or present other indications of compliance risk.
  • Firms that are involved in activities that may present increased compliance risk, if not controlled adequately; I'll share some of these issues in a moment.

Our risk-assessment process incorporates each of these approaches, and it helps guide examiners in every phase of examination — which firms to examine, what areas to focus on, and what issues to look at. It's important for you to know that this risk assessment process includes an assessment of your firm's compliance controls. Because firms that have strong compliance controls will be more likely to prevent problems from occurring, and to detect and correct any problems that do occur, they will likely be subject to less examination attention, and less thorough examination scrutiny. If controls appear to be non-existent or weak, it's likely that examiners will drill down in these areas looking for violations.

Along with adopting a risk-based approach to examinations, we also came to the conclusion in recent years that we at the SEC could do more to assist firms to reduce their compliance risks by improving their compliance programs. Strong compliance programs will help firms to avoid violations in the first place — certainly the best outcome for investors. That's why we created the CCOutreach program for investment adviser and mutual fund chief compliance officers. And why, just recently, in partnership with FINRA, we created a CCOutreach program for broker-dealer CCOs. This program was born out of a desire to further promote open communications between securities regulators and compliance officers with respect to compliance issues, to share experiences, and for participants to learn about effective compliance practices. It grew out of a need to discuss the operational aspects of compliance, and to focus less on the discrete legal requirements — and more on the practical "how-to's" of compliance. The program for broker-dealer CCOs will kick off with an inaugural National Seminar at SEC headquarters on March 7th, as well as regional meetings and other communications about compliance issues later in the year. Look for more information about specific components of CCOutreach BD on both the SEC and the FINRA websites.

In addition, to further assist firms in improving their compliance programs, we publish what we call "ComplianceAlerts" on the SEC's website, which provide the compliance community with information about compliance issues and problems that we've seen in our examinations. We hope that by providing you with information about what we're seeing at other firms, you will use this information to make sure that your firm's compliance is effective in those areas.

2. What issues are SEC examiners focused on now?

This is probably the most frequently-asked question we hear. I know that most folks want to know about the specific compliance areas that we're focused on so that they can make sure that their firms' compliance programs are addressing these issues. While time doesn't allow a full summary, I wanted to raise with you several of the most critical compliance issues that examiners are focused on now.

It's important to note at the outset that — just as with most of the compliance risk issues we're concerned with — these issues may exist in different types of registrants — broker-dealers, investment advisers, and investment companies — and we're focusing on these issues in different types of registrants. The recent Rand study confirmed what we have known for some time — that the boundaries between broker-dealer and investment adviser functions have blurred, as firms are increasingly seeking to offer a wider spectrum of products and services. And, increasingly, broker-dealers and advisers are seeking affiliations and business relationships in order to offer these new services to clients. In this environment, where lines between registered entities are increasingly blurred, our Office of Compliance Inspections and Examinations is well-positioned to identify compliance issues that exist across registrant "boundaries." Indeed, because our examination program includes all types of registered entities, we are functionally well-suited to see how compliance risks may exist in all types of registered entities, and to take a consistent approach in examining for compliance.

As an example, in 2008, we will be working on a pilot that will include examinations of a number of dually-registered broker-dealers and investment advisers at the same time, with a view towards creating a common examination module. We've had very good experience in developing an exam approach that includes a single exam of affiliated advisers, mutual funds and transfer agents for compliance with the Advisers Act, the Investment Company Act and the Exchange Act, and this initiative is yet another step forward in this process. There is potential that it might provide efficiencies to firms in that their various activities might be examined at one time, rather than being subject to more than one exam, by separate exam teams. And, it allows examiners to see the "whole picture" of a firm's various activities, providing clear benefits for regulatory oversight.

Let me now turn to several of the specific compliance issues that examiners are focused on now.

a. Controls Over Valuation

In examinations of all types of registrants, examiners are focusing on the firm's controls to value securities. Particular emphasis is on whether the firm has controls and is implementing those controls when pricing structured products, illiquid securities or other difficult-to-price securities. Examiners will also look at whether processes and procedures related to risk management, valuation, accounting, and other back office functions are adequate given the types of investments made. Examiners are likely to want to understand the level of experience and sophistication of the personnel who are involved in pricing, and if there is some level of independence in the pricing process.

Particular focus is on firms' controls over the pricing process with respect to illiquid securities. For example, whether firms are applying adequate diligence in pricing, whether they are following their procedures, whether they have adequate safeguards to ensure that pricing reflects prices that could be obtained in a current sale. In this regard, we're particularly looking at whether prices are calibrated to observable trade data even if the market for a security is less liquid than in the past. We'll also be looking at dealer quotes provided to customers, and whether they seem to reflect prices at which the security could actually be sold, given concern about unrealistic "accommodation quotes" that don't represent real quotes at which the firm would be willing to trade.

This is an area where you as compliance professionals are, hopefully, already engaged.

b. Controls Over Non-Public Information

Trading while in possession of material non-public information violates the antifraud provisions of the federal securities laws. Recently, instances of aberrant trading before public announcements have increased. The SEC and the SROs have active programs to police for indications of insider trading, and bring enforcement actions when such instances are detected. It's very troubling that, in a number of recent cases, the insider traders were employees of regulated firms. While any instance of insider trading can diminish the faith that investors have in the fairness of the markets, tipping or trading by a securities professional represents the potential for serious harm to investor trust. And the damage to a firm's reputation can be lasting and serious.

Preventing insider trading is every firm's responsibility. To prevent insider trading, broker-dealers and investment advisers are required to establish, maintain, and enforce written policies and procedures reasonably designed, taking into consideration the nature of their business, to prevent the misuse of material non-public information by the registered entity or its associated persons (under Advisers Act Section 204A and Exchange Act Section 15(f)).

Review of controls to prevent insider trading in client, proprietary, or employee accounts is a high priority area in SEC examinations of all types of entities — broker-dealers, advisers and funds. Generally, the focus of examiners will be on whether firm has identified the source and type of non-public information that they and employees may be privy to, whether the firm has crafted and implemented adequate procedures to maintain the confidentiality of that information, and is implementing those procedures. We're also interested in understanding how firms ensure that that their procedures are working, and what kind of testing is performed. Our examinations will seek to understand the firm's own compliance and supervisory programs with respect to insider trading, and will probe more deeply if there are weaknesses in these programs.

Some issues that exist here are whether firms have fully identified all sources of non-public information given the variety of business activities that they perform, and their relationships with clients and investors, and their employees. This information includes information about customer orders, firm research, and about deals and transactions. In addition, as firms have expanded their product and service lines in recent years, the sources and types of non-public information has increased, for example, from trading of syndicate loans, the expansion of the private equity market, new types of offerings such as PIPES, and increased trading in security-based swaps. These activities may present new compliance challenges that you will want to identify and address.

This is an area where I hope you are already engaged. The instances of recent insider trading indicate that a more proactive compliance effort is needed. Don't wait for us to knock on your door before taking any needed steps forward here.

c. Dealing with Senior Investors

With more senior investors in our markets than ever before, the Commission has prioritized the protection of senior investors in its investor education, examination and enforcement programs. In examinations, we conducted an exam sweep last year of securities firms offering "free lunch" sales seminars to seniors, and found problems in the marketing, sales and supervisory processes of many firms. Our report, issued jointly with FINRA and NASAA is on our website. I will not let an opportunity pass without noting that it contains a summary of some strong practices we have observed in the supervision and approval of materials for sales seminars. It's on our website at: http://www.sec.gov/spotlight/seniors/freelunchreport.pdf

We know that many firms are taking steps to look at their interactions with senior investors, and to ensure that they're dealing fairly with them. We're pleased by this focus by firms, and are very interested in understanding the practices that firms are developing in the following areas:

  • Marketing and advertising to seniors;
  • Account opening;
  • Product and account suitability;
  • Ongoing review of the relationship and suitability of products;
  • Discerning the changing needs of seniors;
  • Surveillance and compliance reviews; and
  • Training for firm employees.

There is no "one-size-fits all" approach to effective practices in these areas, and there may be many different practices that are effective. I hope that this too is an area for your focus.

3. What kind of information and documents are examiners likely to request?

We get asked this question frequently. Recently, we've heard from several compliance consultants and firms that they value some sort of predictability in the documents that they will need to provide, as they are maintaining documents in a form that makes them readily available not only for SEC examiners, but also for their own compliance oversight and for others who may be conducting due diligence. Because we do seek to tailor our examinations to the particular firm being examined, it is not possible to have a one-size-fits-all document request. Nonetheless, we are looking for ways to be more transparent in the kinds of documents and information that we often need.

We are aware of the cost and time that is needed in responding to our information requests, and we're reviewing the document requests that we typically use in routine exams to make sure that they include information we need, and do not ask for information we don't.

We have sometimes been asked why cannot simply interview firm CCOs and obtain the information we need to perform the exam that way, as it may be easier for the firm than producing documents and written information. Because examinations by their nature involve testing and indeed, verifying representations that are made, firms should expect that examiners will obtain documents, sometimes a significant number of documents, during an examination.

Here's an important tip about document production — you should feel comfortable speaking with the exam team about the documents that you maintain and the relative ease or difficulty in providing information. This dialogue is important to ensure that examiners obtain the information they need, and in a way that minimizes disruption to the extent possible to the firm.

4. What are the possible outcomes of an examination?

We get asked this question quite frequently. Most of our examinations result in non-public deficiency letters that describe the deficiency that we found and ask the firm for a response. In 2007, about 80% of our exams of broker-dealers resulted in a deficiency letter (this was the case in about 70% of our exams of advisers and funds). Most firms respond that they will or already have implemented measures to address the problem and ensure that it does not reoccur — indeed almost 90% of broker-dealer firms do so. This is exactly the response that we seek, as it indicates that the firm will address the problem and ensure that it does not reoccur.

In examinations where we find serious problems, examiners will refer the matter to enforcement staff. The criteria that we use to determine whether to make an enforcement referral have remained the same for many years, and are intended to identify the factors that warrant an escalation of the remedy to an enforcement action. Among the factors that are considered are:

  • Does it appear that fraud has occurred?
  • Were investors harmed?
  • If the conduct does not include fraud, is it serious (i.e., ongoing, repetitive, systemic or severe?)
  • Did the firm apprise us of the conduct and take meaningful corrective action?
  • Is the conduct of a type/degree that is most appropriate for the SEC to handle, rather than another regulator?
  • Is the activity in a particular area that the SEC wants to emphasize (i.e. emerging types of wrongdoing?)
  • Did the actor profit from the conduct?
  • Did the actor appear to act intentionally?
  • Is the conduct recidivist in nature?
  • Were the firm's supervisory procedures inadequate?

In 2007, 14% of our exams of broker-dealers resulted in referrals to SEC enforcement staff for enforcement review (this was the case in 6% of our exams of advisers). These involved indications of serious misconduct and fraud.

5. What can compliance staff do to ensure the examination goes smoothly?

An often asked question — here are some thoughts about what you might do to facilitate a smooth exam.

  • Assume that you will be examined. View regulatory examinations as a normal part of your business as a responsible regulated firm. In advance, identify any risk areas within your firm, and take steps to proactively address them. Here's a tip — a very common exam finding is that firms have inadequate written policies and procedures for the nature of their business and their particular compliance risks, or don't implement those they do have. This is a good place to start your preparation.
  • Don't run your compliance program around the regulatory exam process. By that I mean — proactively identify and address areas of risk in your firms on an ongoing basis, not just those areas where you know regulators have an interest and not just right before an exam. You will get caught dealing with yesterday's problems and the "just in time" approach will be obvious to examiners anyway.
  • Provide accurate, responsive information in a timely way. Make sure firm employees are educated about the need to provide accurate, responsive information in a timely way. At the outset, talk with examiners about the ground rules — for example, who will be the firm's contact person for the exam, any questions about the document request, and ask the examiners for their priorities so that you can provide information and documents that will facilitate their speedy review. Avoid accidental destruction of documents after being notified of an exam.
  • Talk with the exam team. Treat the examiners as the professionals that they are. Most likely, they've examined different types of firms, and have seen both strengths and weaknesses. They are not there to play "gotcha." Be scrupulously honest with them. Talk with them openly about your operations, and use their questions as an opportunity to explain the firm, its business, its compliance risks and corresponding compliance controls. If, if you become aware of a problem during the exam, talk to the exam team. If you decide to fix a problem being examined during the exam, again, tell the exam team.


I've reached the end of my time — I hope that, in addition to answering the most frequently-asked questions about examinations, I've answered some of your questions about exams. If not, I'm happy to do so now.

Thank you for your attention.


Modified: 01/17/2008