Jilaine Hummel Bauer, Esquire
11739 N. Shorecliff Lane
Mequon, Wisconsin 53092
Comment Letter on Proposed
Compliance Programs of Investment Companies
And Investment Advisers
February 25, 2003
Mr. Jonathan G. Katz
Office of the Secretary
Mail Stop 0609
United States Securities and Exchange Commission
450 Fifth Street, NW
Washington, DC 20549
Re: Investment Company Act Release No. IC-2107 ("Release")
File No. S7-03-03
Dear Mr. Katz:
During the past 23 years, I have served as general counsel and compliance officer for small and medium-sized federally registered investment advisers. The firms with which I have been associated managed both high net worth and institutional separate accounts, as well as proprietary and non-proprietary mutual funds. During my tenure, I have had the privilege to develop and administer compliance programs with the support of dedicated staff under what I believe were some of the best circumstances and some of the most difficult and challenging. I also have been proud to be associated with a number of trade and professional organizations that I believe share your goal of fostering comprehensive compliance programs as a means of protecting the interests of investors.
Given my personal experience, the Commission's proposed new Rule 38a-1 under the Investment Company Act and proposed new Rule 206(4)-7 under the Investment Advisers Act (the "Proposed Rules") are of great interest to me, and I appreciate the opportunity to comment on them. I hope that you find my perspective and input useful, and would be pleased to further discuss the proposals with you should you find that beneficial.
Recent business scandals and the subsequent decline of investor confidence in our capital markets have prompted a review of business practices in a number of areas including financial reporting, disclosure, auditing and accounting, governance and compliance. As a result, rules governing practices in these and other areas are being re-written through the legislative and rulemaking processes, as well as through private sector initiatives. The Proposed Rules are but one example of concerted efforts to restore investor confidence.
Good Governance Principles as the Cornerstone for Effective Compliance Programs
Certainly the Proposed Rules should help detect and prevent conduct that could be harmful to investors and violative of applicable law. The Proposed Rules also should help ensure that mitigating and remedial actions are taken more quickly. Nevertheless, the Proposed Rules are inadequate in a major important respect -they simply cannot prevent violations of "all applicable governmental laws, rules and regulations." To encourage responsible behavior and create an environment in which members of an organization take the initiative to address inappropriate conduct before damage is caused and the public's trust is violated, it is not enough to require policies and procedures designed to detect and prevent securities law violations. The Proposed Rules should be expanded to also promote the positive by requiring investment companies and investment advisers to adopt good governance principles.
Governance principles articulate the values of an organization and provide conduct parameters for directors, officers and employees. They serve to protect all of an organization's stakeholders, including shareholders and employees. In fact, recent empirical research suggests that companies that implement good governance principles enhance shareholder returns by as much as 8.5 percent.1
Governance principles help a company's leaders and followers understand and meet the expectations and requirements of an organization, even in situations not contemplated by compliance rules and procedures. They also help prevent tacit, if not explicit, cooperation with those who conceive, execute, and knowingly benefit from corporate misdeeds. They are the cornerstone of all effective compliance programs and vest compliance officers with standing and authority apart from that obtained from a company's board of directors and chief executive.
Specific governance principles should not be prescribed by rule, but rather companies should be allowed to develop and adopt their own expressed in language relevant to their organizations. However, the principles adopted should serve the single purpose of advancing good business ethics and practices. In addition, governance principles should be communicated to members of an organization along with an explanation of their purpose, a recitation of commitment to the principles by directors and senior management, illustrations of the principles in practice (subject to an express caveat that they are not all-inclusive), a description of the infrastructure that interprets and enforces the principles, and an explanation of the responsibility of each individual subject to the principles to understand and follow them, as well as the possible sanctions for conduct that deviates from them.
Additional Comments with Consideration Given to Application and Effect on Smaller Organizations
In addition to establishing a requirement that investment advisers and investment companies adopt good governance principles, the following are specific comments on the Proposed Rules with particular consideration being given to their application and effect on smaller organizations.
- All investment companies and investment advisers, regardless of size, should adopt comprehensive internal compliance programs covering all aspects of their operations. Investment companies and investment advisers are fiduciaries and stewards of the assets they are entrusted to manage. All investors deserve the protections envisioned by the Proposed Rules, regardless of the size of the regulated organization. The recordkeeping associated with a rigorous compliance program is essential to the ability of both management and the Commission's staff to evaluate the efficacy of the program. Given the Commission's acknowledgement in the proposing release that its examiners cannot be everywhere at all times and their current resources only permit them to conduct routine examinations once every five years, rules designed to ensure the strongest of internal compliance programs and controls are especially important for the protection of investors associated with smaller firms, notwithstanding the costs or inconvenience to the organization.
- Third party compliance reviews. Subject to certain exceptions, third party compliance reviews should be required for each investment company and investment adviser prior to its commencement of operations, within some stated period after it commences operations (e.g., 18-24 months), and on a regular basis thereafter. This is of critical importance for new organizations and those that have not been involved with the portfolio management or administration of investment companies who may not be familiar with issues and practices specific to the industry. It also will ensure that a comprehensive compliance program is established and implemented from inception, that business decisions are made with due consideration being given to compliance and internal control requirements from the beginning, and compliance initiatives do not take a back seat to marketing, sales and investment initiatives.
It would be appropriate, however, to waive, all or in part, the pre- and post- commencement of operations compliance review for new investment companies (or series thereof) that are part of an investment company complex with relevant operating experience already subject to ongoing compliance reviews. For example, the pre- and post-commencement of operations compliance review of an investment company complex with operating experience related to one or more fixed income funds that launches an equity fund might be limited to those aspects of its compliance program that are modified or developed relating to equity funds. Also, the requirement that third party compliance reviews be conducted on a regular basis after the pre- and post-commencement reviews could be waived for organizations that perform an internal control review at least annually, provided the internal control review is comprehensive, and not limited to financial matters.
The scope of the review of an organization's compliance program or its internal control review should cover all major areas of risk and vulnerability in a company's operations, including corporate governance issues. Indeed, it would be desirable to require that the review embrace the definition of "internal controls" set forth by the Committee of Sponsoring Organizations of the Treadway Commission ("COSO").2 Specifically, "internal controls" should not be limited to the reliability of financial and operating data, but also include controls that promote operating effectiveness and efficiency, the safeguarding of assets, and compliance with law, regulation and contractual requirements. The review could be performed "in-house" or by an outside party, other than the company's regular outside auditors. In either case, the party performing the review should be an accountant, auditor or other person with industry knowledge and experience.
- Board reporting and public disclosure. The requirement that the compliance officer of an investment company present an annual report with respect to its compliance program to its board of directors also should apply to investment advisers. In cases where an investment adviser is not organized with a board, the report should be made to the adviser's senior executives. In addition, material changes to the program and material compliance matters requiring remedial or disciplinary action should be reported not less frequently than quarterly. In the case of an investment company, the report should also encompass that portion of the compliance program of its investment adviser (and sub-advisers) relevant to services performed for the investment company, and the investment adviser should be required to make appropriate certifications to the investment company as to the adequacy of its program.
In addition to communicating with the board and senior management about its compliance programs, the Commission should consider requiring investment companies and investment advisers to disclose to investors a description of their compliance programs and governance principles, and the identity and a description of the experience of their chief compliance officers. For an investment adviser, the disclosure could be in Part II of Form ADV. For an investment company, the disclosure could be in its prospectus or annual report, and should include information about both the investment company and its investment adviser.
- SEC examinations. In addition to requiring third party compliance and internal control reviews, the Commission should reconsider its examination priorities. It is my understanding from comments made recently by examination staff that they have shifted their focus to examining with the greatest frequency the largest organizations as measured by assets. Although this might allow evaluations of systems and controls of operations involving the greatest percentage of assets under management, I believe the risk of weaker systems and controls is likely to be greater in smaller organizations that sometimes have fewer resources and less experienced staff dedicated to compliance. The risk may even be higher in the case of small and mid-size investment advisers that, in addition to investment management services, perform administrative, accounting and other services for investment companies. The Commission should consider examining these organizations more frequently than once every five years given the complexity of an investment company's operations.
- Expansion of audit requirements. If investment companies are required to conduct and report on comprehensive and regular reviews of their compliance programs, including their internal controls (broadly defined), as discussed above, an additional review by a company's independent auditors would appear to be largely duplicative and an unnecessary expense. However, the Commission should consider whether it would be beneficial to require an investment company's investment adviser to be audited. Audit requirements, which already are in place for broker-dealers, will promote the Commission's objective of protecting investors by helping to ensure the financial viability and integrity of the organizations that they entrust to manage their assets.
- Self-regulatory organization. Regardless of whether one or more self-regulatory organizations ("SRO's) are established for investment companies and investment advisers and regardless of the purpose they might serve, the Commission should explore ways by which communications with senior management of smaller organizations can be enhanced. Sometimes, because of their size and limited resources and personnel, these organizations are less active in industry associations that promote good business practices and ethical standards and review and comment on legislative and regulatory proposals affecting the industry. As a result, smaller firms may be less well informed on important issues and developments or are informed on a less timely basis. In addition, because their involvement in industry associations is often more limited than that of their larger peers, the input the Commission receives from these associations may not always reflect the perspective of, or implications for, smaller firms. One way of enhancing communications with firms of all sizes would be for the Commission to conduct regional roundtables or to develop an industry advisory board to the Commission consisting of senior representatives of firms of all sizes with membership rotation and terms of two or three years.
- Fidelity bonds; other insurance; net capital requirements for investment advisers. Since few investment advisers take custody of client assets, most securities are no longer held in physical form, and most employees of an investment company's investment adviser typically are covered under the investment company's bond, there seems to be little benefit to requiring investment advisers to obtain fidelity bonds. However, to help ensure that financial infrastructure vulnerabilities do not interfere with an investment adviser's ongoing ability to furnish investment advisory services, the Commission should consider requiring federally registered investment advisers to satisfy net capital requirements. The Commission also should consider whether it would be desirable to require both investment companies and their investment advisers to obtain errors and omissions and directors and officers insurance. In the case of investment companies, it may be desirable to further require that separate insurance be obtained for independent directors.
Net capital and insurance coverage amounts should be established based on the amount of assets under management, number of clients, the type of assets managed and investments made, and the nature of any other services performed for clients. For example, capital and coverage requirements might be higher for an investment adviser that provides discretionary investment management services or sponsors and manages mutual funds than for an investment adviser that does not.
Adopting such requirements should provide additional protection to clients in the event of a loss due to wrongful or negligent conduct, and the rigor of the underwriting process for this type of insurance should contribute to better controls and risk management practices. Such requirements should also help alleviate personal liability concerns of qualified individuals who are asked to serve as independent directors and compliance officers of smaller and newer organizations that might otherwise be more thinly capitalized and less likely to obtain such insurance on their own.
Regardless of whether it is required or optional, investment companies and investment advisers that obtain joint insurance should be required to adopt written methodologies allocating premium and coverage based on the underwriter's assessment of risk allocation.
8. Additional proposal regarding personal loans to directors and executive officers of investment advisers. The Sarbanes-Oxley Act of 2002 prohibits public companies from providing, guaranteeing, or arranging loans to executive officers and directors, subject to certain exceptions. Although investment advisers that are public companies are subject to this new requirement, many advisers are not public companies. The Commission should consider adopting a similar prohibition applicable to executive officers (including compliance officers) and directors of federally registered investment advisers that are privately held or, at least require the nature and extent of such arrangements to be disclosed in Part II of the adviser's Form ADV.
- Selection of Chief Compliance Officer - General.
The following requirements are suggested to enhance the efficacy of individuals designated as chief compliance officers of both investment companies and investment advisers:
- Individuals designated as chief compliance officers should be knowledgeable and experienced with regard to laws, rules, regulations and industry practices applicable to the regulated entity with respect to which they are designated as compliance officer. In particular, individuals designated as compliance officers of investment companies, should be knowledgeable and experienced with regards to laws, rules, regulations and industry practices applicable to investment companies, in addition to those applicable to investment advisers, broker-dealers or other organizations they serve.
- Chief compliance officers and other compliance personnel should be required to satisfy continuing education requirements and should be required or encouraged to obtain certifications from independent organizations that establish and administer standards in recognition of their professional expertise.3
- Individuals designated as chief compliance officers should report on a day-to-day basis directly to either the chief legal officer or chief executive officer of their organization.
- The chief compliance officer should be an executive officer, but should not hold any other executive office, nor directly supervise or perform certain business functions. To ensure their objectivity and independence, even in the smallest of organizations, compliance officers should not serve as chief executive officer, chief operating officer, chief financial officer, chief accounting officer or chief information officer. In addition, although it may be appropriate for compliance officers to be involved in oversight to ensure compliance, they should not directly supervise or perform functions involving accounting, investment research, trading, portfolio management, marketing or sales.
- The individual responsibility, obligation or liability of a person that acts in good faith in conformity with applicable law, rules and regulations should not be increased as a result of his or her designation as chief compliance officer, and the Commission should not object on public policy grounds to indemnification or insurance provided by an investment company or investment adviser for any such additional liabilities that are, in fact, imposed on such person. Further, the Commission should address the "thorny" question of the liability of the compliance officer in the event that others who are not supervised by the officer do not implement remedial steps or sanctions he or she recommends. A compliance officer should not be personally liable or be disciplined for negligent, reckless or illegal conduct of others or their supervisors if the compliance officer:
- develops, communicates and administers a compliance program reasonably designed to achieve the objectives of the Proposed Rules,
- acts in good faith,
- has taken reasonable steps to achieve compliance with rules and procedures and has no reason to believe rules and procedures are not being followed or, if compliance exceptions are detected, recommends and communicates appropriate remedial action, including modifications in rules and procedures designed to prevent reoccurrence of the exception, to the persons responsible for taking such action and their supervisors, and
- promptly notifies the chief executive and the board of directors when recommended remedial actions are not taken.
Selection of Chief Compliance Officers for Investment Companies.
Typically, an investment company is "externally managed," meaning that it has no employees of its own and its chief executive and other officers are employees of the company's investment adviser or other key service providers. Although an investment company's investment adviser and principal underwriter usually have persons designated as "chief compliance officers" who are knowledgeable and experienced with regards to laws, rules and regulations applicable to investment companies, these individuals obtain their authority from, and are accountable to, the chief executive officer of the investment adviser or service provider with which they are employed. Therefore, additional steps should be taken to ensure such persons possess the necessary autonomy and authority to serve the best interests of the investment company.
If an investment company designates a chief compliance officer that is an employee or officer of, or has another relationship with, the company's investment adviser or other service providers, the following additional requirements should be considered. In cases where the requirement involves board approval, board approval should include the approval of a majority of the independent directors.
- Written procedures should be developed and approved by the board of the investment company for addressing situations in which a possible conflict of interest could arise in connection with the performance of the chief compliance officer's duties and responsibilities on behalf of the investment company and its investment adviser or other service provider, which procedures should provide for timely and meaningful disclosure of all such conflicts to the board.
- In designating an individual as chief compliance officer, the board should expressly consider whether the individual has the requisite competencies in terms of knowledge, education and experience.
- In addition to requiring the board to approve the investment company's chief compliance officer, the board also should approve such person's compensation arrangements.
- In situations where an investment company's chief compliance officer reports directly or indirectly to a senior executive of the investment adviser or other service provider who has a controlling interest in that organization, the board should consider whether additional measures should be adopted to ensure the compliance officer has the requisite authority and autonomy to serve as the investment company's compliance officer.
- The board should be involved in the review of the performance of the investment company's compliance officer and approve the termination of any such person.
- The board should be promptly notified of the resignation of the chief compliance officer of the investment company and of the resignation or termination of the chief compliance officer of its investment adviser.
Thank you for the opportunity to comment as you work with these vitally important rules. I would be privileged to speak further with you about the Proposed Rules, my comments and the implications for smaller organizations they will affect.
Jilaine Hummel Bauer
cc: The Securities and Exchange Commission
The Honorable William H. Donaldson, Chairman
The Honorable Paul S. Atkins, Commissioner
The Honorable Cynthia A. Glassman, Commissioner
The Honorable Harvey J. Goldschmid, Commissioner
The Honorable Raul C. Campos, Commissioner
Giovanni P. Prezioso
Lori A. Richards
Director, Office of Compliance Inspections and Examinations
Paul F. Roye
Director, Division of Investment Management
Stephen M. Cutler
Director, Division of Enforcement
|1|| "Corporate Governance and Equity Prices," Gompers, Ishii and Metrick, The Quarterly Journal of Economics 118(1) (February 2003)
|2|| Committee of Sponsoring Organizations of the Treadway Commission, Internal Control - Integrated Framework, 1992.
|3|| Accreditation and continuing education programs should be considered for directors and executive officers of investment companies and investment advisers to help ensure that they understand their responsibilities and are informed of current legal, regulatory and industry developments relevant thereto. To ensure a certain uniformity level of competencies, persons with primary responsibility for portfolio management, trading and research also should be required to obtain professional certifications.