Speech by SEC Staff:
As a matter of policy, the SEC disclaims responsibility for any private statement by an employee. The speaker's views are her own, and do not necessarily reflect those of the Commission, the Commissioners, or other members of the staff.
Thank you. I'm pleased to be here today. The focus of this conference is certainly timely - as it is clear to me, and I hope to all of you, that advisory firms must take action now to improve compliance practices. In simply too many instances, we have found advisers valuing their own profits over the interests of their clients. The recent cases of advisers allowing abusive market timing, sometimes by their own employees, late trading, and selective disclosure speak loudly, and plainly say: "Past compliance practices didn't work." Too many advisory firms seem to have forgotten that they owe the highest duty of fiduciary care to their clients. In too many instances, examination staff have found that compliance policies, procedures, and personnel were pushed aside and ignored. This cannot continue. As far as I am concerned, the Commission put everyone on notice when it said: "We will aggressively pursue and punish those who have violated the federal securities laws and breached their fiduciary obligations to clients." For advisory firms, it is time - indeed past the time - to get your compliance house in order and to let your compliance personnel perform the jobs they are expected to perform. Moreover, compliance staff can't do it alone, they must operate within an environment that recognizes and supports the role of strong compliance and ethical practices, whether they're in the room or not. I have referred to this in the past as a "Culture of Compliance." It's up to the business leaders of the firm to take steps to imbue a culture of compliance throughout the firm, and to lead accordingly, every day, in making decisions, big and small.
This is a message that the Commission intended to send unequivocally when it adopted the "Compliance Rule" last December. The new rule requires every registered investment company and investment adviser to adopt strong compliance controls administered by a chief compliance officer. The goal of the rule is to codify and enhance the compliance function, and by doing so, to foster improved compliance. This is a very important new rule and I urge advisers and funds to take it very seriously. The Compliance Rule requires four basic things of an adviser or a fund:
The compliance date for the new rule - that is, the date by which all advisers and funds must have in place written compliance policies and procedures and have a chief compliance officer - is October 5, 2004. What is expected of advisers and funds on this date? When our examiners walk through a firm's door on October 5, they will expect the firm to have in place an effective and fully functioning Compliance Program. We will be looking for a program that reflects the reality of the firm's business and the conflicts and risks presented by that business. Let me offer some advice here - I suggest that advisory firms use this new rule and the time between now and October 5th to take a fresh look at existing compliance functions and to ask: "does this procedure really work?" "Is there a procedure that might work better?" "How sound are the firm's internal compliance checks and balances?" In addition, look at all areas of the firm's business for areas where the firm lacks compliance controls. Identify areas where there are conflicts of interest between the firm's interests, employees' interests, advisory client and shareholder interests. These are the areas to key in on, and hard. Then, after this thoughtful self-assessment, retool to improve existing compliance functions, and don't forget to adopt new compliance procedures to cover previously-uncovered areas.
So, how might one approach this task? Here are my thoughts on how firms might do so. Step one: conduct an inventory of compliance obligations under both the federal securities laws and pursuant to your disclosures to investors. Step two: identify areas of conflicts of interest. As you approach this, think about, in very realistic terms, what could go wrong? How could clients be harmed? Write these possible problems down. Consider the types of abusive conduct that has already been identified by the SEC in enforcement actions - but be more expansive in your analysis. Think about your service providers, too, and how their conduct - or misconduct - might harm your clients. Your goal here is to identify conflicts of interest that, if unmitigated, could lead to violations of any type. Step three: match existing compliance practices to your inventory of obligations and conflicts of interest and find any gaps. Step four: assess the effectiveness of existing compliance functions. In this stage, determine whether a particular compliance function makes violations less likely, and results in the prompt identification of violations. Step five: identify additional compliance procedures that are warranted. Step six: implement them, in writing in a clear, plain English manner, setting forth the goal of the compliance procedure, the regularity with which it will be performed and who will perform it. Part of successful implementation is to make sure employees are trained and understand their role in how the compliance function is to work. Step seven: test the compliance procedures. You can only ensure your Compliance Program is working if you test all the various components - and improve any weaknesses found. You should be tweaking your program over time - not simply waiting until the annual review. Mark your calendars now, because examiners will expect to see the annual review completed by October 5, 2005.
You may find that that the most effective way to undertake this entire assessment process is to utilize a committee comprised of staff from different areas of the firm, or to otherwise engage employees from all areas of the firm in a discussion about what procedures may be the most effective. You may also find that you benefit from outside assistance. Whatever process you use to review and implement new compliance processes, remember that your Compliance Program must be tailored to your business. Why? Because to be effective, it must be integral to your own operations. In this regard, I urge that you not slap together a Compliance Program at the last minute, or buy an off-the-shelf "one-size-fits-all" compliance manual. These Compliance Programs are not likely to be effective. If we find, after October 5th, Compliance Programs that are ill-suited to the firm's business and ineffective, our examiners will assume that compliance is not well-respected by these firms, determine that these firms are at high risk of violations, and will likely conduct a top-to-bottom, in-depth review of the firm's entire operations. And where appropriate we will make referrals to the Enforcement Division.
Thinking about how to manage risk areas is - or should be - nothing new! Firms have been doing this since the first day they went into business. We at the Commission have been certainly been talking about and enforcing the need for compliance for years. It also should not be new to hear that our examinations have been focusing on the identification of risk areas, the adoption of policies to mitigate and manage risk, the implementation of procedures to implement those policies, and the monitoring of the effectiveness of the procedures.
I know that many firms are starting this self-evaluation process, and indeed that's very likely the reason that you are attending this conference. As you know, the Compliance Rule does not list or mandate the particular areas for which firms must have compliance procedures, or the particular compliance procedures that must be adopted. Funds and advisers are too varied in their operations for them to have the same list of required elements. Instead, the Commission said that each firm's policies and procedures should take into account the nature of, and risks presented by, each organization's operations. The Commission also said that the policies and procedures should be designed to prevent violations from occurring (which is certainly the best outcome!), detect violations that have occurred, and correct promptly any violations that have occurred.
In the Release adopting the Compliance Rule, the Commission noted generally several areas where it would expect that advisory firms and investment companies would have policies and procedures. Not surprisingly, these areas closely correspond to risk areas that examination staff have been looking at for some time. Let me run down the list, and give some examples of the conduct that you should be focused on preventing. This is not by any means an exhaustive list.
For investment companies, the funds' or their advisers' policies and procedures should address all of the pertinent areas noted above, as well as other critical areas, including the following.
Good corporate governance policies and procedures would dictate that a fund compile and preserve an accurate and complete record of board meetings. With respect to board minutes and records, "the less said" is not the better course. In the absence of minutes and records that document board members' performance of their statutory and fiduciary responsibilities, our examiners will have to assume that little or no discussion was held.
As I noted above, no one plan will suit every adviser. But this list of risk areas and potential risks is very basic - and advisers need to consider each area when drafting their Compliance Program.
Now, having hopefully helped start you on your way to identifying the areas that you will want your Compliance Program to cover, let me conclude, by retreading a bit the ground from which I started. Recent events underscore that advisory firms must take action now to improve compliance practices. I view the new Compliance Rule as a mandate certainly - as I said, examiners will expect full compliance with the rule on October 5th - but I also view it as an opportunity as well. I urge that advisory firms view the Compliance Rule as an opportunity to take a fresh look at existing compliance programs, and to retool and to adopt state-of-the-art new procedures designed to ensure that firms are fully compliant with the securities laws and their representations to clients and shareholders.
|Home | Previous Page||