U.S. Securities & Exchange Commission
SEC Seal
Home | Previous Page
U.S. Securities and Exchange Commission

Speech by SEC Staff:
"Compliance in Today's Environment: Step Up to the Challenge" — Remarks Before the IA Compliance Best Practices Summit 2009


Lori A. Richards

Director, Office of Compliance Inspections and Examinations
U.S. Securities and Exchange Commission

IA Week and the Investment Adviser Association
Washington, D.C.
March 12, 2009

The SEC disclaims responsibility for any private publication or statement of any SEC employee or Commissioner. This speech expresses the speaker's views, and does not necessarily reflect those of the Commission, the Commissioners, or other members of the staff.

Good morning. It's a pleasure to be with you today. I want to thank the IA Week and the Investment Adviser Association for sponsoring this 11th Annual IA Compliance Best Practices Summit. I'm glad to speak to you today, as I view your work as compliance professionals as critical to the protection of investors. If you are able to work within your firms to implement effective compliance programs, you will prevent problems from occurring, and detect and promptly correct problems that do occur. This is exactly what the securities laws intend, and the outcome that regulators seek.

I speak to you today at a challenging time. The economy is distressed, investors have lost investment savings. There have been frauds, Ponzi schemes and other scams that have caused great harm to investors. Many financial services firms have seen serious reductions in revenues and are cutting operating costs. In Washington, there is serious discussion concerning the best regulatory structure for financial services firms, including advisers, brokers, hedge funds and other market participants. Our Chairman, Mary Schapiro, has stated that, while the challenges the Commission faces are historic, they are not insurmountable. She has said that it will take determination, hard work, toughness, and above all, "an unrelenting will to stand up for investors." She said:

"It is precisely during times like these that we need the SEC as the ‘investor's advocate.' An SEC with the staff, the will, and the resources necessary to move with great urgency to: bring transparency and accountability to all corners of the marketplace, vigorously prosecute those who have broken the law and cheated investors, and modernize our country's regulatory system to match the realities of today's global, interdependent markets."1

Chairman Schapiro went on to say that:

"Regulation is a two-way street. The ‘regulated' need not wait for a regulator's reforms, though they will come. At a time when investors are appalled at the ways of Wall Street, it is there that change must begin. A strong and reinvigorated SEC will be on the beat like never before to catch wrongdoers. But there needs to be a new era of responsibility on Wall Street and throughout our markets to ensure that wrongs don't occur in the first place. The sooner that Wall Street works to repair its own problems, the sooner investors will once again find the confidence to invest in what should be the finest markets in the world."2

This morning, I wanted to highlight some steps that I think advisory firms can take now to help assure that the conduct of the firm and its employees meets fiduciary standards owed to advisory clients, and that firm is truly preventing problems, misdeeds and misconduct in the first place.

Your role as Chief Compliance Officers and compliance personnel could not be more important than at this moment. While our oversight system needs strong and tough regulators, no regulator can be in the room when firm employees make decisions and choices that will impact investors. That's where having a "Culture of Compliance" that emphasizes doing what's right is so critical. You can step up to reinforce and to strengthen your firm's Culture of Compliance now.

Review Your Compliance Program!

As you know, all SEC-registered investment advisers are required to have a Compliance Program that includes written compliance policies and procedures, a chief compliance officer and an annual review of the adequacy and implementation of the compliance program, with results reported to senior management (under the "Compliance Rule").3

In the six years since the Compliance Rule was adopted, advisers have gained experience with having a formalized compliance function. And they've come a long way! Advisers have had the benefit of both their direct experience as well as the industry's collective experience, and information provided at numerous conferences, such as this one. In addition, the SEC staff created the CCOutreach program and ComplianceAlerts in order to share information about compliance practices and trends, with the goal of helping CCOs to create strong compliance programs. Now, we're past the implementation stage and compliance with the Compliance Rule is no longer a "new" obligation. SEC examiners will be reviewing the adequacy of firms' compliance programs with the expectation that firms will have fully-operational, effective, compliant compliance programs.4

When it adopted the Compliance Rule, the Commission suggested that firms' compliance efforts should be nimble enough to ascertain and quickly address new and emerging compliance risks. Indeed, the Commission directed that advisers particularly consider "significant compliance events, changes in business arrangements and regulatory developments" when they conduct their periodic compliance reviews.5 In fact, many compliance professionals consider their firms' compliance programs to be in a state of constant improvement to identify and address new issues and compliance risks, incorporate new forensic tests and new technology. This is what is meant by an "evergreen" compliance program.

To have an "evergreen" compliance program, what areas should you focus on now? I think a thorough and careful review of new compliance risks due to changes in the firm's business, its structure, its products, its service providers or other changes is critical — to assure that the compliance program is "square on" today's compliance risks. And, as I will elaborate this morning, I also suggest you take a fresh look at: 1) disclosure; 2) custody; 3) performance claims; and 4) the resources supporting the firm's compliance program.

1. Disclosure: Is the firm disclosing its activities and conflicts of interest in a way that is fully consistent with its obligations as a fiduciary?

As you know, an adviser is obligated to act in the best interests of the advisory client, and must disclose conflicts of interest.6 Indeed, disclosure by the adviser and the informed consent of the client, based on full and fair disclosure, is at the heart of the Adviser's Act. In an early case, the Commission described the obligation in this way:

(an adviser has) "an affirmative obligation to disclose all material facts to her clients in a manner which is clear enough so that a client is fully apprised of the facts and is in a position to give his informed consent. And this disclosure, if it is to be meaningful and effective, must be timely. It must be provided before the completion of the transaction so that the client will know all the facts at the time that he is asked to give his consent." 7

Advisers should ensure that they are scrupulous in their disclosure and that their disclosure is meaningful – that a client would clearly understand what is being said. This is an area of some weakness – inadequate disclosure was among the top five most common deficiencies that SEC examiners found in exams last year and, over the years, has consistently been one of our most frequent exam findings.

I suggest that advisory firms conduct a review of their existing practices – and match those against disclosed practices. For example, are you disclosing accurate and complete information regarding:

  • conflicts of interests created by business arrangements or affiliations?

  • compensation arrangements with solicitors, finders, or other service providers?

  • fees paid by clients to the firm or affiliates and the services provided for such fees? and

  • the use of client commissions to pay for products and services?

More fundamentally, are you delivering disclosure documents to clients as required and making filings with the Commission in a timely manner?

2. Custody: Have you confirmed that advisory clients' assets are safe?

As you are aware, advisory clients' assets must be held by a qualified custodian and the custodian must provide each advisory client with an account statement at least quarterly (under the "Custody Rule").8 In instances where that is not the case, the adviser must have a surprise "verification" by an independent auditor that includes a verification of client holdings.

In light of Ponzi schemes and other types of frauds, the examination staff will be reviewing advisers' controls over custody as a focus area and in targeted examinations. The ultimate goal is to attain a high level of confidence that the transactions and portfolio positions reported to clients by the adviser fully and fairly reflect actual investments and transactions made by the adviser. You should be taking similar steps. Let me outline steps that you might take:

  • Obtain custodian statements from the custodian. Compliance personnel could request that the custodian for each (or a sample of) advisory clients provide a copy of the most recent statement that the custodian sent to clients.

  • Compare custodian statements with advisory records. Compliance personnel could then compare transactions and portfolio positions on the custodian statements with the adviser's books and records for consistency. And, compliance personnel could also compare the names and addresses of clients as shown on the custodian statements to the names and addresses of clients as maintained by the adviser – as a check to see if custodian statements are being sent to advisory clients.

  • Review the adviser's reconciliation process. Compliance personnel could review any routine reconciliation process used by the adviser and the documentation of that reconciliation (e.g., for the same period covered by the custodian statements obtained from custodians).

  • Take additional steps to confirm assets when custody is with the adviser or an affiliate. When advisory clients' assets are in custody with the adviser or an affiliate, compliance personnel should consider the risk of theft, and/or falsified transactions or account balances reported to clients. In these situations, consider obtaining confirmations of trades or holdings higher up in the custody chain — from entities that are independent of the adviser (e.g., prime brokers, depositories or counterparties of OTC derivative positions). After obtaining this information, compliance personnel could reconcile these transactions or holdings to the positions held by advisory clients.

  • Review client account statements sent by the adviser. Compliance personnel could also consider periodically reviewing account statements sent to clients by the adviser to ensure that the transactions and positions reported and the names and addresses of clients are consistent with reports of the custodian.

If the client is a hedge fund, compliance personnel could review whether the auditor is, in fact, independent, and ensure that, if required, the audited financials are distributed in a timely manner to all hedge fund investors. These steps could aid compliance personnel in performing a review of custody at an advisory firm.

3. Performance Claims: Are you certain that they are accurate?

As you know, when advisers provide their performance history to clients or to potential clients — for example, in individual account statements or in response to an RFP — those performance claims must be accurate. Given the conflicts of interest in this area — the fact that advisory fees may be pegged on performance, the marketing significance of performance claims, and the simple fact that there is a natural disinclination to deliver bad news to clients — this is an area where CCOs and compliance personnel will want to focus their attention.

This is an area too where SEC examiners often find problems. These problems range from errors in performance calculations due to carelessness to intentional deception. Among the problems are:

  • Overstating the firm's performance returns, assets under management, or length of operation;

  • Not including the disclosures necessary to prevent the performance claims from being misleading (e.g., firms did not disclose whether results reflected dividends, did not disclose differences with an index used to compare the adviser's performance); and

  • Inappropriately including or excluding information or data in composites (i.e., such as advertising past specific recommendations).

Given the importance of providing accurate performance information, some advisers retain an outside firm to verify their performance claims. This is a best-practice. Other strong practices include:

  • Using greater care when crafting performance composites for marketing materials. Firms should review client account holdings and verify that each account is appropriate for inclusion in a composite, including sector and security concentrations; compare client account asset levels to composite asset minimums; review accounts that are excluded from composites to ensure that reasons for the exclusion are adequate and documented; and periodically review composite disclosures to ensure the information reported is accurate.

  • Conducting special tests to ensure that complete records with respect to marketing and performance advertisements are kept. Firms should periodically test recordkeeping practices to ensure that all documents necessary to substantiate advertised performance are being appropriately created and retained.

  • Establishing procedures to periodically review marketing materials to make sure the information reported is truthful and not misleading. In particular, when an adviser asserts that its composite performance claims are consistent with GIPS standards, that statement must in fact be accurate.

4. Resources: Does your compliance program have adequate resources to do the job? Can it leverage off of other functional groups?

As you know, under the Compliance Rule, compliance policies and procedures should be designed to prevent violations from occurring, to detect violations that have occurred, and to correct promptly any violations that have occurred – and they must be adequate to this task. At the SEC, many of us have cautioned against making resource reductions to compliance programs that could undercut their effectiveness.

In conducting the annual review of the effectiveness of the implementation of the compliance policies and procedures, the CCO will want to consider whether the program has adequate resources.9 If a lack of resources undercuts the CCOs ability to perform an effective review, or undercuts the effectiveness of their implementation, the CCO should include this information in the CCO's annual report or other indication of the annual review.

Also, consider alternative ways to better target resources towards monitoring firm activities that pose the greatest risk for harm to investors. Consider leveraging off the work performed by other functional groups within the firm, such as internal audit and risk management. Consider also investments in technological resources for front-end compliance and for monitoring. Those firms that invested in technology are seeing their investment pay off now, but new investments in technology may save money in the long run if they help firms to detect and correct or avoid compliance problems altogether.


It is true that today's challenges are historic, though not insurmountable. And as the Chairman has said, financial services firms should not wait for regulators to call them to task before they make changes. Your role as Chief Compliance Officers and compliance personnel could not be more important than at this moment. You can help to reinforce and to strengthen your firm's Culture of Compliance now.

Today, I've outlined some ways that advisory firms can help ensure that the conduct of the firm and its employees meets fiduciary standards owed to advisory clients, and that firm is truly preventing problems, misdeeds and misconduct in the first place. You can step up by taking a fresh look at the adequacy and effectiveness of your firm's Compliance Programs now – and, as I've outlined this morning, you should consider paying special attention to disclosures, custody arrangements, performance calculations, and resources for the firm's compliance program.

Thank you for your attention, and keep up the important compliance work that you do.




Modified: 03/12/2009