Speech by SEC Staff:
Keeping Pace with the Speed of Change for Small Firms:
Perspectives from the SEC
Lori A. Richards
Director, Office of Compliance Inspections and Examinations
U.S. Securities & Exchange Commission
Securities Industry Association, Small Firms Conference
Fort Lauderdale, Florida
October 9, 2003
Before I do anything else, let me remind you that the views I'm about to express are my own, and not necessarily those of the Commission or my colleagues on the Commission's staff.
I'm very pleased to be here today. I think this conference has a great name: "Managing at the Speed of Change." Today, change is fast and accelerating. Keeping up, keeping pace, has become a real challenge. If it makes you feel any better, it's as much of a challenge for us, as I'm sure it is for you.
Today, of course, we're going to focus on the speed of change for small firms. Small firms play a crucial role in our securities markets. I'm sure the people here today already know this. You serve investors' needs in small communities in the way that few large firms can, and you are involved in the life of your local communities in meaningful ways. And, even with the consolidation wave that swept the industry in the last years, small firms still represent the vast majority of the firms doing business in the industry today. Let me share the stats with you -- about 90% of NASD member firms have less than 100 registered representatives. If you throw in firms with an extra 50 representatives, you get about another 2% of the brokerage community. In other words, firms with 150 or fewer registered representatives make up 92% of the NASD's membership! I think these numbers speak for themselves.
And you may be interested to know that you are not alone. The small firm model is also the predominant type of investment adviser. In a recent survey based on filings with the SEC, National Regulatory Services and the Investment Counsel Association of America determined that 67% of investment advisers registered with the SEC have 10 or fewer employees. These are just the advisers registered with the SEC -- if you were to include state-registered advisers, the percentage of small firms would probably be even higher.
In short, small firms dominate on both sides of the registered community. So when we talk about how small firms are keeping up with all the recent changes, we're not talking about some obscure or boutique industry group. We're talking about a substantial portion of the firms that constitute the securities industry.
In the examination program, we are very aware of the importance of small firms. Not only that, we understand small firms. We understand for a simple reason. We work in your offices. When we conduct an examination, we move in with you and your employees. For a short period of time, we are on-site with you and learning about your functions, your operations, your relationships with your clients and your bookkeeping.
We know, when we walk into a small shop, that we need to be very careful to avoid disrupting your business. We understand, when we ask for records, if there is only one copier. We consider, when you tell us about your policies and procedures, whether they make sense given your size. Finally, we are ready to listen, if you think we don't get it. If you think we don't understand your business or operational model.
One of my senior examiners likes to tell a story that illustrates this. He was examining a small dually-registered broker-dealer/investment adviser. The firm made its only conference room available to the examiners, which happened to be a storefront room at the front of the office. That is where they reviewed documents and conducted interviews. Based on their review of client files, the examiners had some questions about a particular representative. They interviewed his supervisor, and in particular wanted to know how the supervisor knew what the representative was doing. The supervisor kept saying - "it's not in writing," "I don't have an audit trail," "I don't have a formal procedure," "but trust me, I know." The examiners, not all that comfortable with the "trust me, I just know" response as you might guess, kept asking questions, and finally the supervisor stood up and said: "follow me." He turned, led the examiners back into his office, and showed them his desk. Well, it turned out that he and representative shared the same small desk! The registered representative sat on one side and the supervisor sat on the other, and they shared a single telephone. The supervisor turned to the examiners and said, "You see, every day, I learn more about his life than I ever wanted to know." I remembered that story because it illustrated what supervision was like in a very small space.
Of course, even so, that firm should have required the supervisor to write some things down. Good compliance requires good documentation. Moreover, putting aside regulatory requirements, the firm was taking a terrible risk. If all of your institutional knowledge walks out the door when your supervisors leave at night, you better hope they all come back in the morning. By the end of the examination, I would hope that that firm understood not only that the rules required the firm to have written supervisory procedures, but also that it was good business practice to do so as well.
Documentation and controls are needed in every setting, big and small. But the story illustrates an important truth about small business. You know your firms. You know your employees. You know your customers. You are directly and personally involved in your business. This is a tremendous strength of the small business community, in every sector of the economy.
For those of you with an interest in history, one of the intellectual parents of federal securities regulation, Louis Brandeis, recognized this truth about small business. He believed that small firms were the optimal business model. Each business, he said, depends on the skill of an individual or at most a small group. When a business grows too big for its leaders to understand, it will suffer, and eventually decline. He called this the "Curse of Bigness." I have thought about this curse, in recent years, as the senior officers of major corporations stepped forward to say that they didn't know about some significant matter, even fraud, because they didn't know was going on in their own business. This is a rare problem in the small firm community. You know.
This leads me to the specific point I want to make today. That is, small firms face some real challenges in keeping up with regulatory change; but they also have real strengths. First, and foremost, you know your business. This is just as important for compliance, as it is for everything else that you do. I cannot emphasize this enough.
I work in compliance, and I think compliance is very important. But recall the famous quote by Georges Clemenceau, the Prime Minister of France during World War I. He said: "War is too important to be left to the Generals." I feel the same way about compliance.
Compliance is too important to be left to the compliance professionals. They have the expertise. They have the experience. They are the front-line. But ultimately, they depend on the business leadership. Business managers set the firm culture, particularly the culture of compliance at the top. They determine whether the firm's culture of compliance will be to exceed industry rules and standards, or to skate close to the line. That culture underpins a firm's business and the decisions and choices that its employees make every day, about small and not so small things. When a firm is confronted with a question about how to resolve a customer's complaint, how to handle an error in a trade, how to allocate securities -- these decisions are guided by your firm's culture of compliance. It's important for business managers to create a culture that guides and reinforces employees as they make decisions and choices each day. This falls not to the compliance people, but to the business leaders of the firm. Business leaders decide whether they will just talk the talk of having a strong compliance culture - will they just talk about ethics and strong compliance, or will they make sure that those words are backed up with reality by making sure that the compliance function is given the tools and resources it needs to be proactive in ensuring compliance? As you can see, I believe that business leaders are ultimately responsible for the firm's compliance.
Importantly, this is true regardless of the size of your firm. I've heard people say, "You don't understand, in a small firm the business managers have to be responsible for compliance." I always answer, "In every firm, the business managers are responsible for compliance." If you are leading a firm, regardless of its size, you are just as responsible for compliance as you are for sales and return on investment. And it goes without saying that all investors, whether customers of a large wirehouse or of a two-man shop, deserve the same high degree of investor protection. Their interests must always come first, wherever they hold an account. The obligation to comply with the law and to maintain high ethical standards is and must be the same for all types of firms, whether in New York City or in Newtown, Ohio, in Los Angeles, California or in Los Gatos, New Mexico. The responsibility to investors is the same, but the methods that firms employ to assure compliance may differ. This is where small firms have a real advantage. In thinking about many of the current regulatory requirements, we can see, again and again, how compliance leadership can play a critical role in helping you keep up with change. Today, I will address four key compliance areas. They are: supervision, the new books and records requirements, anti-money laundering, and mutual fund breakpoints. In each of these areas, I believe that small firms have a real benefit, by virtue of their size, in crafting compliance controls that work for the small firm.
Sales practice violations by individual registered representatives continue to be an area of concern. Many of these violations could have been prevented or detected through diligent supervision. In the coming year, we will continue to focus on evaluating how firms fulfill their duty to supervise in our examinations.
What can you do? Regardless of the size of your firm, you should have a comprehensive and current supervisory system in place that addresses all aspects of your firm's business activities. That's really important - make sure that your supervisory system encompasses all activities of your firm - don't leave any area out. This necessitates some ongoing review -- that you periodically review what you do to make sure that your supervision is keeping pace with the products you sell, your customer base, your advisory activities, and any changes in the firm's business.
Another issue that is particularly important in the small firm community is the need to designate specific individuals who are responsible for each area of compliance. This is an area where the leaders of small firms can get themselves in trouble. I've noticed, over the years, that small firm leaders sometimes fail to make it clear when they are relying on someone to manage an area or issue. Instead, they like to rely on informal, word-of-mouth procedures. When trouble strikes, that lack of formality can lead to a lot of after-the-fact finger pointing, and "I assumed so-and-so would take care of it." If you think someone is in charge of an issue, write it down, make sure everyone understands, and make sure you exercise reasonable oversight of what your chosen person is doing.
Let's take a look at some specific supervisory issues. Preventing misappropriation of customer assets is a priority for us, and should be a priority for you. There are simply too many stories similar to Frank Gruttaduaria's - a trusted high producer who steals customer money - that have no place in the securities business. Strong supervision is critical to prevent misappropriation. Firms should ensure that they have adequate methods of identifying problem trades and inappropriate activity. Reviewing customer account activity does not require expensive software. There are a number of cost effective ways that a small firm can do this. These include:
- Receiving exception reports from your clearing firm free of charge;
- Using inexpensive vendor software; and
- Using your own firm's internal databases.
Remember, you must keep all records documenting your firm's supervisory review, records of the accounts reviewed, and any records of questionable transactions and the resulting resolution.
Also, consider talking to your firm's customers regularly -- ask them if they are satisfied with the service they are receiving, have any questions, and make sure they know that they can call a supervisor at the firm if they ever do -- keeping the lines of communication open between the customer and the firm's supervisors is an important way for firms to get a sense of whether the customer is having problems or concerns that might not otherwise come to your attention. I know that some here will say that they don't want to intrude on the relationship that the registered representative has cultivated with the client. This is dangerous thinking - the customer is a customer of your firm - and your firm has a legal obligation to the customer.
Correspondence is another focus area. In particular, small firms often have difficulty dealing with multiple small office locations. Purchasing expensive software programs to review e-mails may not be an option. However, small firms can effectively monitor communications -- internal and external -- by using some everyday resources. For example, you can:
- make sure all incoming correspondence is sent to your home office so you can review it;
- program the fax machines to send automatic copies of all faxes -- both incoming and outgoing -- to the main office for review;
- randomly review a certain number of emails per day; or
- focus on the e-mail traffic of different representatives on a regular basis.
Depending on the size of your firm, and the volume of correspondence, these can be cost effective alternatives. Again, with your knowledge of your business, of your employees, and your customers, you should be able to spot trouble brewing pretty quickly.
Books and Records
At this point, we've all had about five months of experience with the new books and records rule. Hopefully, I don't need to remind you of its requirements, especially since they were discussed at length before its effective date. Let me touch upon some of its specific requirements and how small firms can cope with them.
As you know, you must now maintain certain records for each "office," reflecting that office's activities. If you are unable to maintain the required records in each office, you must be able to produce them `promptly.' In general that means on the same day they were requested. The new rule defines "office" as any location where your associated persons regularly conduct your business. This requires you to:
- evaluate which locations are covered by the rule;
- determine whether you will be able to maintain records at each location; and
- if you cannot keep them on-site, determine what you will do to ensure prompt production.
Hopefully you have already evaluated your firm's situation. If you have not yet done so, I urge you to do so. Because the test of your compliance will come when examiners walk in the door, possibly by surprise, and ask for records. At that point, it's too late to start thinking about this issue.
Additionally, now you must periodically give each customer a copy of her account record information to verify and update its accuracy. As a small firm you are in a good position to know your customer. Small firms typically have a smaller customer base and often emphasize strong one-on-one relationships with their customers. Therefore, this requirement should be less onerous for you than for the bigger firms.
Finally, you should think about the record keeping and supervisory obligations relating to instant messaging. IM, like e-mail, must be retained if the communication relates to your "business as such." Smaller firms need to consider whether they can handle supervising this type of communication. If you are unable to monitor, archive, and retrieve IM traffic, then you may be better off just prohibiting it all together.
Over the last two years, the Department of the Treasury, with input and guidance from a number of regulators, has finalized many of the key provisions of the USA PATRIOT Act. These include:
- general AML compliance program requirements;
- Suspicious Activity Reporting;
- Customer Identification Programs; and
- correspondent and private banking account rules.
The SEC and the SROs, along with members of the securities industry, have collaborated to provide continuing guidance and resources for firms. Hopefully, you've been kept apprised of the AML rules and regulations as they are enacted.
This is an area were being small really helps. Again, you know your business and you know your customers. The key is finding the tools and resources you need to create an AML program that fits your business. Luckily, there are a lot of resources available to you. I know that the SIA has been very active in educating firms about their new responsibilities in this area. The SEC and the SROs have an enormous amount of information on our respective websites. The NASD has even provided you with an AML compliance program template. One word of caution, when using templates, any templates, remember that they are intended only to be a guide, and should be tailored to fit your particular needs and business model.
The new AML rules also require firms to provide for independent testing of their programs. Many of you have voiced concerns regarding this requirement. As regulators, we understand that maintaining the independence of auditors can be challenging task for small firms.
Small firms may use internal staff as long as they are independent from the AML program itself and have the knowledge they need to effectively evaluate your firm's AML system. However, some firms may find it more cost effective to use a qualified outside party. Training internal staff and establishing procedures to ensure their independence also costs money. One thing you may find helpful, I've heard that some small firms have coordinated with other small firms to hire an outside auditor at a reduced group rate. Seems like great creative thinking.
Monitoring systems are also a challenge for many small firms. I've heard of many that are using standard off-the-shelf software packages. Some software too can be customized to develop a spreadsheet-based monitoring system. My point is, small firms can do this, in a cost-effective way, and still make sure that the program fits the specific requirements of their business.
Mutual Fund Breakpoints
Everyone here should know about the attention regulators have been giving to mutual fund breakpoints - firms that sell mutual funds must redouble their efforts to ensure that they are providing customers with all available discounts. There are other areas that warrant additional attention.
First, many firms are crafting disclosure statements to alert their customers about breakpoint opportunities. The disclosure statement should be easy to understand, which means it should be in Plain English, and contain information such as:
- the general parameters for breakpoint discount eligibility;
- the availability of rights of accumulation and letters of intent;
- that related accounts within the firm may be linked; and
- that related accounts held outside the firm may be linked, and that the customer should provide information about these accounts to the firm.
If you have not developed a comprehensive disclosure form that captures all the critical information, including a list of related accounts, consider doing so. Again, here in the small firm community, you have a real advantage. You know your customers, so this type of information-gathering should fit right into your business model. Effective lines of communication and a strong disclosure policy can eliminate problems down the road.
Second, you should also be aware that examiners are looking closely at B share transactions. As a result of some recent examinations, we've developed some concerns that firms are putting customers into B shares when the customer could have benefited from a breakpoint discount had the customer purchased A shares. Examiners will be assessing firm practices, supervisory procedures and controls to make sure that firms are disclosing the different sales charges associated with the different fund classes such as A, B and C shares, and recommending share classes that are the most suitable for the customer.
Finally, a word about late trading in mutual fund shares. You know that our examiners and enforcement staff are investigating, and that any instances of allowing customers to place or confirm trades after 4pm will be met with enforcement action.
In sum, fast moving regulatory changes are a challenge for us all. But small firms have some real strengths in keeping pace. In particular, new compliance requirements that emphasize knowledge of your business, knowledge of your employees, or knowledge of your customers, play right to your strengths. I know that the small firm community can and will assure that compliance obligations are met with the spirit of vigor and creativity that characterizes all that you do.
Thank you very much.