Speech by SEC Staff:
Strengthening Examination Oversight: Changes to Regulatory Examinations
Lori A. Richards
Director, Office of Compliance Inspections and Examinations
U.S. Securities and Exchange Commission
SIFMA Compliance and Legal Division
St. Louis Regional Seminar
The New World of Compliance and Legal
June 17, 2009
Good Morning. I’m very pleased to be with you today to outline our plans to strengthen examination oversight of broker-dealer and investment adviser firms. In the wake of Madoff and other frauds, we’re making changes to examination oversight that will sharpen examiners’ ability to detect fraud and other types of violations. In many instances, these changes have been formulated collaboratively with FINRA. Many of these changes have already been implemented, and others are longer-term in nature. All will impact regulatory examinations of your firms.1
- enhancing examiners’ training and expertise in fraud detection,
- enhancing examiners’ expertise in complex financial products, trading and other areas,
- conducting focused examinations and an exam sweep of firms with higher potential fraud risk profiles,
- improving the tools available to examiners to detect fraud, and leveraging the work performed by the firm’s independent auditor,
- improving surveillance and risk-based targeting, and
- improving our handling of tips and complaints inside the SEC.
As I said, taken together, these changes will sharpen examiners’ ability to identify signs of fraud, and more broadly, will improve examiners’ ability to identify deficiencies and violations in today’s markets.
First, some background is in order. At the SEC, our mission is to protect investors, maintain fair, orderly, and efficient markets, and facilitate capital formation. In the examination program, our goal is to identify potential fraud and other violations, to encourage firms to have strong compliance and supervisory programs, and to provide information to the Commission and other SEC staff about compliance in the industry. SEC examiners are objective, perseverant, skeptical and enormously hard-working. We examine all types and sizes of firms, and about 80% of our exams find some type of deficiency or violation. As a result of examinations, the vast majority of firms make improvements in compliance and supervisory controls to remedy the problem and assure that it does not reoccur. Indications of fraud and other serious violations are referred to Enforcement staff for further investigation, and every year the SEC brings many enforcement actions charging fraud and other violations that were initially discovered in examinations.
Indeed, while I have the utmost confidence in the SEC’s exam corps — overarching all of the changes we’re making to our examinations is the fact that there should simply be more cops on the Wall Street beat than there are today. There are 425 exam staff for oversight of over 11,000 advisers, including hedge fund managers, and the entire mutual fund industry. Similarly, the SEC has just over 300 exam staff for examinations of broker-dealers, markets, transfer agents, SROs, clearing agencies, credit rating agencies, and other types of firms. As Chairman Schapiro has noted, by comparison, other financial regulators often have close to parity between the number of staff and the number of entities they regulate. She said further that, in the context of rapidly expanding markets, recent reductions in the SEC's staff seriously limited the agency's ability to effectively oversee the markets and pursue violations of the securities laws. She has emphasized that “additional resources are essential if we hope to restore the SEC as a vigorous and effective regulator of our financial markets.”2 For examiners, this makes it critical that we put our resources to best use to protect investors, and that we leverage from the work of others.
With that as background, let me describe the changes we’re making to our program.
1. Enhanced Training for Examiners in Fraud Detection
We’re providing new training for examiners in fraud detection. While the “signs” or indicators of fraud can often seem obvious when viewed in retrospect, ongoing frauds often involve concealed activities, false statements, fabricated records, and, sometimes, collusion among participants. Much like in the national intelligence or homeland security realms, our challenge is to identify “indicators” among many, many disparate pieces of information, and to connect them to see patterns that could indicate fraud. This is much easier said, of course, than done.
To enhance examiners’ ability to spot and investigate signs of fraud in today’s markets, in August 2009, the SEC, FINRA and NASAA will sponsor a joint training program for our examiners. It will include case studies on fraud of various types, including Ponzi schemes, offering frauds, manipulations and other types of fraud. We’re bringing in speakers with hands-on experience in fraud detection, including experienced SEC, FINRA and state examiners and investigators, criminal investigators from the FBI, forensic auditors, and others. We’re also hearing from a convicted fraudster — to hear about how he was able to perpetrate a fraud on shareholders and the techniques and deceits he used to fool investors, auditors, and others.
In addition, earlier this year, OCIE’s Training Branch held a special training for examiners on exam techniques and strategies to identify and investigate Ponzi schemes, affinity frauds and related schemes.
And, as you may have heard, we also expanded the number of our examiners who are Certified Fraud Examiners — to date, more than a third of our staff have signed up for training to become Certified Fraud Examiners. This CFE training is in addition to other privately-provided certifications that examiners may hold — such as the Chartered Alternative Investment Analyst, Certified Public Accountant, Certified Financial Planner, Chartered Financial Analyst, and other certifications.
2. Enhanced Examiner Expertise in Complex Financial Products, Trading and Other Areas
Of course, frauds aren’t limited to offering fraud and Ponzi schemes, but exist in a huge variety of forms and types. Indeed, in recent years, examinations have detected frauds involving complex and collusive trading arrangements, secret payments, inflated fees, kickbacks, market manipulations, falsified performance, overpricing, and a variety of other types of frauds. As well, the securities markets and products of today are broader and more complex than in the past.
It is clear that regulators need to be armed with the sophistication and tools to keep pace. We’re enhancing examiner expertise in complex financial products, trading and other areas.
As background, in the exam program today, about 63% of our staff are accountants, 16% are compliance examiners (typically having a finance degree or MBA) and 13% are attorneys (the remaining provide support, IT and other functions). Most examiners come to the SEC with prior private sector experience in the securities industry, in auditing or in compliance. Indeed, the vast majority of our hires within the last five years have seriously impressive credentials. Those who historically may have known the SEC’s examiners as young and green are out-of-touch with today’s reality.
To further round out the expertise of our staff, I’m pleased to announce today that we have launched an effort to recruit professionals with specialized experience to the examination program. We’ve created Senior Specialized Examiner positions to bring and maintain specialized experience to the examination program. Senior Specialized Examiners will conduct examinations in the field and serve as a resource for other exam staff on issues within their experience. At this time, we’re seeking applicants with experience in securities trading, portfolio management, valuation, forensic accounting, information security, derivatives and synthetic products, or risk management for examiner positions in New York, and in options trading or credit rating issues for examiner positions in Washington D.C. The postings for these positions are accessible on the SEC Web site: http://www.sec.gov/jobs/jobs_fulllist.shtml#exam.
We’re also enhancing examiners’ training and expertise in particular key areas — such as, for example, options, derivatives, trading, anti-money laundering, and financial issues. And, to mirror the increasing overlap between advisers and brokers, we’re providing new training for examiners to enable us to better conduct examinations of firms that are registered as both broker-dealers and investment advisers — so that issues that overarch registrant “lines” are more effectively examined.
Taken together, these steps will enhance our expertise in complex financial products, trading and other areas, better enabling us to conduct oversight of today’s financial services firms, trading strategies and products.
3. Focused Examinations on Firms with Higher Potential Fraud Risk Profiles
We’re conducting examinations focused on firms with higher potential fraud risk profiles. Underway now is a nationwide exam sweep of firms that present certain risk characteristics, e.g., advisers that use an affiliate to maintain custody of advisory client assets, hedge funds that seem to have “smooth” or outlier returns, use of an unknown auditor or no auditor, firms with a disciplinary history, and broker-dealers that sell captive or affiliate hedge funds or limited partnerships, and other characteristics. These examinations include a routine verification with independent third-party custodians and with advisory clients (on a sample basis) that assets exist as represented by the firm.
4. Improved Tools for Examiners in Detecting Fraud and Leveraging the Work Performed by the Firm’s Independent Auditor
We’re taking new steps to provide examiners with tools they need to aid in detecting fraud and other types of violations. These include more rigorous pre-exam due diligence of the firm and its employees and operations, and a sharper focus on not only the “red” flags that could indicate a potential fraud — but also the more subtle “yellow” flags that could indicate that something is amiss. These steps will help examiners know more about the firm they are examining, and to hone in on fraud risks. Let me outline some of these new tools and methodologies:
- Improved Standard Pre-Exam Work Methodology: Prior to examinations, examiners will perform a more thorough pre-review of the firm to identify risk areas. Pre-exam steps include more thorough research and due diligence of registrants, their affiliates, and related persons prior to fieldwork for all examinations, regardless of scope or exam-type. The objective is to obtain a better understanding of the firm’s business before examiners arrive, and to better utilize resources on-site. For firms, this will mean that examiners will request more information before the examination. Our goal will be to learn and understand more of the risk characteristics of the firm prior to going on-site.
- New Fraud Module: We’re developing a new examination module that will provide guidance for examiners in identifying “red” and “yellow” flags of potential fraud and strategies for additional investigation. Red flags may be obvious, but yellow flags will not be — and the goal of this module is to help examiners see the sometimes subtle indicia that something may not be quite right with the firm. Examples of “red” and “yellow” flags include: lack of separation of duties/dominant control person; self-custody or use of affiliates for custody/power of attorney over client accounts; aberrational performance claims; lack of independent audit, audit by obscure firm; dire financial condition of a firm or principals; aggressive self-promotions; poor controls over outside business activities; and unusual activity in error or inter-company accounts.
Also, to a greater extent, examinations of advisers and broker-dealers include a verification of the assets held. Generally, examiners will seek verification from independent third-party custodians and with clients that assets exist as represented by the firm. While we understand that seeking these verifications from third parties and from clients and customers has raised concerns by securities firms and investment advisers, we believe that this type of verification is simply necessary to provide assurance that assets exist as represented by the firm. I like to say that our philosophy here isn’t so much Ronald Reagan’s “trust but verify,” but simply “verify.”
We’re also seeking to leverage the work performed by the firm’s independent auditor. To a greater extent, examiners will seek to understand the nature of the verification work performed by the firm’s independent auditor. Did the auditor confirm or verify that assets held on behalf of customers actually exist?3 In situations where we can obtain this assurance (and ideally in writing) from the broker-dealer’s, investment adviser’s or hedge fund’s audit firm, the scope of our testing should reflect that. To improve the safekeeping of advisory client assets, the Commission recently proposed rules that would require that an expanded number of investment advisers engage an independent public accountant to conduct an annual "surprise exam" to verify client assets.4 If the rule is adopted, accountants would file a report of their surprise verification with the SEC -- this would further allow us to leverage the work performed by accountants into our oversight.
And, as I mentioned when speaking of improvements to examiner training, we recently expanded exams of joint or dual registrants to assure that we have “eyes on” all activities, particularly advisers that use an affiliated broker-dealer for custody of advisory clients’ assets. Firms should also expect to be asked about any overlap between registered and unregistered entities, particularly where we see the flow of funds between registered and unregistered entities, and any indication that the firm is seeking to conceal fraudulent activity in an unregistered entity. In situations where examiners can’t get comfortable with what they see and don’t see and there are any indicators of possible fraud, we will make a referral to enforcement staff so that the matter can be investigated.
5. Improved Surveillance and Risk-Based Targeting
In addition to these changes, I strongly believe that the SEC must improve its ability to target firms for examination and inquiry. As I have said, we simply lack the resources to be able to conduct examinations of every firm periodically, in a comprehensive way. I believe that our oversight could be significantly strengthened if our on-site examinations were coupled with off-site monitoring and surveillance. This would allow us to better identify and focus our attention on those firms and issues presenting the most risk that warrant follow-up.5
To establish and maintain an effective surveillance program, the SEC would need to have a constant flow of timely and reliable information about each firm surveilled, as well as the technology and resources to monitor and analyze the data and information. This would enable SEC staff to gauge the relative compliance risk that each entity presents at a point in time and to monitor changes to these risk profiles over time.
OCIE staff are now working with other agency staff (in the Office of Risk Assessment and in other offices and divisions) and with FINRA to identify the key data points and technology that would facilitate an improved risk-based oversight methodology. Following that, we’ll work with the staff who draft rule proposals to prepare recommendations for the Commission’s consideration, with the goal of improving the SEC’s surveillance and risk-based targeting.
In addition, the SEC is seeking funding for additional investments in our information systems to mine data from examinations, investigations, filings, tips, and to link it together, and combine it with data sources from outside the SEC to help us determine which firms or practices raise red flags and deserve a closer look.
6. Improved Handling of Tips and Complaints
We’re improving the way we handle tips and complaints. Often, leads for cause examinations come in to us through complaints and tips from members of the public. But the SEC receives an enormous number of complaints and tips each year — over 700,000! In February, the SEC retained the Center for Enterprise Modernization (a federally-funded research and development center) which began work immediately on a comprehensive review of internal procedures to evaluate tips, complaints, and referrals. The SEC is creating a system that will centralize this information so we can track it, analyze it and more effectively identify valuable leads for investigations or examinations.
Finally, I encourage you, as industry compliance and legal professionals, if you identify signs of possible fraud, to communicate directly with your local SEC regional office or FINRA district office about the matter. More broadly, I remind financial services firms of their ongoing legal obligation to maintain a healthy compliance and supervisory program designed to prevent, detect and correct any violations of the securities laws. This obligation exists in both healthy and troubled economic times, and I underscore the need for financial services firms to maintain and reinforce strong compliance and supervisory programs.
* * *
Thank you for your time today, and for allowing me the opportunity to outline changes in the SEC’s examinations. In many instances, these changes have been formulated collaboratively with FINRA. Taken together, these changes will sharpen examiners’ ability to identify signs of fraud, and more broadly, will improve examiners’ ability to identify deficiencies and violations in today’s markets.
1 The Securities and Exchange Commission disclaims responsibility for any private publication or statement of any SEC employee or Commissioner. This speech expresses the author's views and does not necessarily reflect those of the Commission, the Commissioners, or other members of the staff.
2 Chairman Mary Schapiro, Testimony Before the Senate Appropriations Subcommittee on Financial Services and General Government, June 2, 2009 (http://www.sec.gov/news/testimony/2009/ts060209mls.htm).
3 Broker-dealers are generally required to have an annual audit of their financial statements by an independent public accountant registered with the PCAOB. Exchange Act Rule 17a-5 requires that the scope of the accountant's audit and review must be sufficient to provide reasonable assurance that any material inadequacies existing at the date of the examination would be disclosed if the material inadequacy existed in the broker-dealer's: (a) accounting system; (b) internal accounting controls; (c) procedures for safeguarding securities; and (d) practices and procedures the broker-dealer has implemented to comply with specified rules (emphasis added). If the accountant finds any material inadequacies, the accountant either must ensure that the broker-dealer promptly notifies the Commission of those inadequacies or must itself promptly file a special report with the Commission. AICPA guidance for these audits suggest that the auditor consider confirming directly with depositories and clearing organizations the security positions serviced on behalf of the broker-dealer (5.163), and further that sampling may be used in the verification of the stock record (5.62) (AICPA Audit and Accounting Guide for Broker-Dealers in Securities, Chapter 5, Auditing Considerations).
Investment advisers are not required to have an annual audit by an independent public accountant, but certain advisers (those that use a qualified custodian that does not send account statements to clients) are required to have a “surprise examination” each year by an independent public accountant (under Rule 206(4)-2, the custody rule under the Advisers Act). In a surprise examination, the accountant must count and inspect all securities held by the adviser on behalf of such advisory clients, confirm all assets held by a custodian on behalf of such advisory clients, reconcile all assets to the books and records maintained by the adviser, seek to confirm with all clients the detail of cash and securities held by the adviser on behalf of the client, and confirm on a test basis with clients accounts that were closed or for which assets were returned to the client. See Nature of Examination Required to Be Made of All Funds and Securities Held by an Investment Adviser and the Content of Related Accountant's Certificate, Investment Advisers Act Release No. 201 (May 26, 1966). The accountant must file a certificate with the Commission within 30 days after the surprise examination. If the accountant, as part of this independent review, finds any material discrepancies, the accountant must notify the Commission within one business day.
Registered investment companies are required to have an annual audit of their financial statements by an independent public accountant (under Section 30(g) of the Investment Company Act). AICPA guidance suggests that the auditor should confirm all securities with the custodian, including securities held by the custodian on behalf of the investment company in a central securities system or other omnibus account, or physically examine the securities as applicable under the circumstances (2.158). For non-registered investment companies, the timing and extent of testing custody is a matter of the auditor’s judgment (2.158) (AICPA Audit and Accounting Guides, Investment Companies, Chapter 2, Investment Accounts).
4 Custody of Funds or Securities of Clients by Investment Advisers, Advisers Act Rel. No. 2876 (May 20, 2009) (http://www.sec.gov/rules/proposed/2009/ia-2876.pdf). The proposal would further require advisers whose client assets are not held by a firm independent of the adviser to be subject to a review and report by a PCAOB-registered and inspected accounting firm that, among other things, describes the controls in place relating to custodial services, tests the operating effectiveness of those controls and provides the results of those tests. Advisers would also be required to publicly disclose the name of the accountant conducting these reviews, so that our staff could better monitor compliance and assess adviser compliance risks. Accountants also would be required to disclose the reason for any termination or resignation from performing these reviews, which could highlight issues for regulators to follow up on.
5 “The Role That Surveillance Might Play in the Risk-Based Oversight of Mutual Funds” remarks by Lori Richards at the 2008 Securities Law Developments Conference, Investment Company Institute (December 16, 2008) (http://www.sec.gov/news/speech/2008/spch121608lar.htm).