U.S. Securities & Exchange Commission
SEC Seal
Home | Previous Page
U.S. Securities and Exchange Commission

Speech by SEC Staff:
SEC Risk Management and Compliance Examinations


Mary Ann Gadziala

Associate Director, Office of Compliance Inspections and Examinations
U.S. Securities & Exchange Commission

2003 Fiduciary and Investment Risk Management Association
Fiduciary and Risk Management Seminar
February 26, 2003

The SEC, as a matter of policy, disclaims responsibility for any private publication or statement by any of its employees. The views expressed herein are those of the author and do not necessarily reflect the views of the Commission or the staff of the Commission.

Good morning, I am very pleased to kick off this timely seminar on risk management and compliance. As auditors, risk managers, compliance professionals, consultants and executives in the financial services industry, I am sure you are aware of the importance of these critical areas to the overall integrity of your institutions and maintenance of the public trust in the capital markets. Over the past year, concerns have been raised about research analysts' conflicts, misappropriation of customer assets and overcharges of customer fees, abusive practices relating to the allocation of stock in hot IPOs, and questionable accounting in books and records. There have been headline grabbing allegations, major enforcement actions, and fines in the hundreds of millions of dollars. While these actions have served to punish wrongdoers, they take place after the harm has occurred. Compliance and risk management systems, on the other hand, are preemptive. At their best, they should allow firms to anticipate potential problems and stop violations before they occur.

This is a challenging time for compliance and risk management. The challenge is not only to address issues in the recent high profile cases involving regulatory lapses by a number of financial services firms, but also for all firms to react to market, regulatory and technological changes that make business operations more complex and diversified. The volume, speed and sophistication of transactions have increased enormously. Technology, automation, innovation, and geographic dispersion all offer substantial new challenges. Terrorist and other threats require increased focus on contingency planning and disaster recovery. As mergers proliferate, firms have the added challenge of combining and integrating disparate procedures and systems. And firms must respond to the continuous stream of new laws and regulations as well as increasing customer demands for services. All this must be done within the constraints engendered by intense competition and the economic necessity of earning appropriate returns for shareholders.

In this environment, it is critical that we all work to make the improvement of existing risk management and compliance systems a top priority. Risk management and compliance systems at firms must be an effective defense against significant losses, violations, customer harm, and firm failures. With appropriate controls and oversight - the implementation of best practices - these problems can be prevented and/or damages can be mitigated.

My focus this morning will be on the risk management and compliance examinations of broker-dealers conducted by the SEC. Examiners from our eleven regional and district offices and our headquarters office in Washington conduct approximately 650 examinations of broker-dealers annually. The purpose of our examinations is to evaluate risk management and compliance at firms, to identify deficiencies and violations, and to ensure that firms-as promptly as possible- take corrective actions and work to implement best practices. Our examinations also serve to evaluate the examination work conducted by the self-regulatory organizations or SROs. These include the NYSE, NASD, AMEX, CBOE, and regional exchanges, among others.

Risk management and compliance systems are of critical importance in protecting customers and preventing or controlling losses. Firms are the first line of defense and bear the primary responsibility for compliance and appropriate management of risks. The SEC examination program has developed two types of comprehensive examinations that give us an overview of a firm's performance in these areas. The first is the internal controls and risk management examination. This examination focuses on a firm's systems, procedures, resources, and performance in the assessment, monitoring and control of all risks at the firm. The second is the comprehensive compliance exam. This type of examination reviews a firms' policies and procedures, and their implementation, to effect compliance with the full range of the many laws that govern firm activities. In addition to these comprehensive examinations, we conduct more focused examinations in a number of financial responsibility and sales practices areas. These include such diverse areas as anti-money laundering, analysts' conflicts, charging appropriate customer fees, and many others. I'll discuss the two more general risk management and compliance examinations first and then summarize some of our other significant compliance priorities.

Internal Controls/Risk Management Exams

An SEC internal controls examination begins with an overview of a firm's risk management system. We look at organizational structure and the process by which managers identify, assess, monitor and control all risks within the broker-dealer. These exams are conducted in conjunction with a review of the firm's compliance with the SEC financial responsibility rules, including capital rules. If a firm is not vigilant in a particular area and lacks controls, it will very likely have related deficiencies and violations in the area.

During our examinations, we are not looking for one particular set of policies and procedures. There is no single blueprint for risk management - it must be customized, reflecting the particular business operations of each firm. The design and implementation of a firm's risk management system must take into account such factors as - size and geographic dispersion, types of business activities, products offered and customers of the firm, operations and technology, legal and regulatory issues, market conditions, and other relevant factors. Moreover, risk management must be viewed as constantly evolving - as the environment changes, or as better practices come to light - firms should change their risk management systems accordingly to maintain the highest level of appropriate internal controls.

Our internal controls examinations include reviews of the following areas:

  • Senior management, to look for establishment of overall policies and active involvement in the process of risk management and the oversight of risk parameters and controls
  • Adequacy of resources and systems used for risk management, and compensation incentives that may adversely impact independence
  • Internal audit, to ensure that comprehensive and independent assessments get to management and that deficiencies are addressed in a timely manner
  • Market risk in trading activities and firm inventory, including VAR (value at risk), economic models, scenario analyses, stress testing, and back testing; we follow trades from the trading desk through the entire risk management system
  • Funding, liquidity and credit risks, including counterparty credit risk across all products and businesses, credit limits, pricing models, guarantees, collateral, margin, and settlement and legal risks
  • Operational risks, including segregation of duties, checks and balances, protection of customer funds and securities, operating systems, management information systems, management reporting, front and back office operations, security, contingency planning and disaster recovery
  • And finally, we look to see that new products and activities are assimilated into the risk management system in a timely and appropriate manner.

What are some weaknesses we have seen in internal controls system at firms?

  • Inattention by senior management
  • Allowing senior trading personnel to oversee risk management - the inherent conflict between profit and risk control
  • Failure to adhere to the firm's risk limits
  • Understaffed and inexperienced audit staff What are examples of sound practices?
  • Having the board of directors involved in risk management policy and oversight
  • Independent and experienced high-level risk managers
  • Periodic (daily) reconciliations of information data systems
  • Having an independent and centralized credit department to establish and monitor credit limits for counterparties across all businesses.

In conducting these reviews, our examiners are looking for areas where the firm's controls are weak or inadequate. We will conduct more thorough reviews in those areas and often find deficiencies and violations of laws and rules. Internal controls and effective risk management are particularly important when firms are more aggressively pursuing innovative ways to increase revenues and enhance profits. Under such conditions, we should all be more vigilant.

Therefore, the objective of this first type of comprehensive examination is to assess and improve where necessary the structure and operation of a firm's risk management processes and systems.

Compliance Exams

The second type of examination that gives us an overview of how well a firm is self-policing its activities is the comprehensive compliance examination. While we conduct many examinations focused on compliance with particular laws - such as the net capital rule, the Patriot Act, or Reg S-P- this examination covers compliance with all relevant securities laws and regulations. It also covers the compliance systems of all affiliated broker-dealers at the same time. Each broker-dealer is required to establish, maintain, and enforce a system to supervise properly the activities of its employees. The firm's systems and implementation of procedures must reasonably ensure compliance with all securities laws. The comprehensive compliance examination asssesses the strength of an organizations's compliance culture and how effectively it carries out its compliance responsibilities at all of its broker-dealers.

Some of the functional areas we assess in these examinations include:

  • senior management oversight and involvement
  • written supervisory procedures and implementation
  • independence and experience of compliance personnel
  • business and branch supervision
  • handling customer funds
  • surveillance and exception reports
  • reviews of correspondence
  • employee supervision, including heightened supervision
  • tracking and resolution of compliance concerns
  • complaints, arbitrations, litigation, and investigations.

Some key areas that should be covered by a compliance program include:

  • recordkeeping, including financial reports and capital computations
  • suitability and unauthorized trading
  • disclosures to customers
  • best execution and reviews for excessive markups
  • reviews for insider trading and market manipulation
  • information barriers, including restricted and watch lists
  • managing conflicts between investment banking and research analysts
  • anti-money laundering
  • Reg S-P (security and privacy)

Like the risk management system, the compliance program must be customized to cover the businesses, operations, and customer base of the firm. Our examinations will look not only at the quality and coverage of procedures, but also for effective communications, implementation, and independent oversight.

As I mentioned, the risk management and comprehensive compliance examinations are our best tools to gain an overview of a firm's performance in these areas. However, there are a number of specific compliance areas where more focused examinations are conducted. I will now outline some of the other SEC examination priorities that are more focused on particular laws, products, or activities.

Broker-Dealers and Hedge Funds

We are conducting a series of examinations of broker-dealers that are significantly involved in businesses and services related to hedge funds. In the broker-dealer examination program, we are looking at the hedge funds in two ways - as counterparties to broker-dealers (financial risk) and as products sold by broker-dealers to investors (investor protection).

In view of the downturn in the stock market and reduced broker-dealer earnings from traditional activities, such as M & A business, investment banking, and trading, commissions, some firms seem to be competing heavily in new areas, including for hedge fund business. In this environment there is concern that firms could take excessive credit or market risks or market inappropriately to investors.

The areas we are examining include:

  • services (prime brokerage, advisory, capital introduction, etc.)
  • marketing to obtain hedge funds as clients
  • counterparty credit risks (margin, collateral, risk limits)
  • market risks from hedge fund investments and lending
  • selling and recommending hedge funds to investors
  • guaranteed or other alternative products

Congressional hearings and further reviews are expected.

Structured Finance Transactions

The next area of examination focus, the review of financial institution participation in complex structured finance products, was initiated in part in response to a Congressional request. We are working with the banking agencies to conduct a series of parallel examinations to cover all the entities within particular organizations engaged in this business. Bank regulators will cover the banking entities and the SEC will cover the securities entities to get a full picture of the structured finance activities. This will include design, participation, marketing, advising, and selling. We will also be looking at the credit and market risks undertaken. In addition, we will review policies, procedures, and controls of the organizations for assessing the business purpose and appropriateness of these transactions. We are currently at the early stages of the review.

Mutual Fund Breakpoints

Late last year, we became concerned that investors were not always being charged the correct sales loads on their mutual fund purchases. The focus is front-end sales loads with purchase volume discounts at specified breakpoints. Reduced commissions are charged when the level of dollar investments in a family of mutual funds reaches the breakpoints. Investors can sign letters of intent to get the discount upfront, stating they will invest enough over a period of time to reach the breakpoint. They can also acquire rights of accumulation, which allow them to receive the discounts based on investments accumulated over time. In determining whether a breakpoint has been reached, not only are all the related funds in a fund family included, but purchases by related or "household" accounts of the investor may also be included.

In view of the complications of computing appropriate sales loads and concerns that customers may not be receiving appropriate discounts, the SEC and the NASD launched a multifaceted action plan. Letters were sent to all broker-dealers conducting a public business asking them to assess their policies and procedures, as well as compliance with all requirements for sales load charges on mutual fund transactions. In addition, a survey was sent to the firms requesting data on mutual fund sales. A number of examinations for compliance in this area were initiated by the SEC and NASD, along with the NYSE. A report on the findings of those examinations and surveys, together with recommended next steps is expected to be issued soon. Finally, in response to the SEC's request, the NASD, SIA and ICI convened a working committee to explore and recommend ways in which the mutual fund and brokerage industries can prevent abuses and improve systems, investor disclosure, and education. Their first meeting was held Monday. Work continues in this area, and we expect this will remain a focus of the examination program.

Misappropriation of Customer Assets

Another examination focus is ensuring against the misappropriation of customer assets. There have been a number of well-publicized cases involving the misappropriation of customer funds - cases where a registered representative devises a scheme to steal customer money. Strong supervision and internal controls are key tools to prevent such losses. In addition, new SRO rules in this area have been proposed. Therefore, we will be examining for effective controls against misappropriation of customer assets.

Some questions that may be asked during exams include:

  • How does the firm handle customer changes of address? How does the firm confirm the validity of a customer P.O. box address?
  • How does the firm handle customer authorizations for withdrawing or transferring funds?
  • What controls does the firm have on creating and sending customer account statements?
  • Does the firm have branch managers who are also producing brokers? If so, are there adequate controls?

Anti-Money Laundering

Securities firms have new responsibilities under the Patriot Act to prevent and detect money laundering. Many provisions of this Act have already gone into effect, and others will be going into effect soon. All broker-dealers should have established their anti-money laundering compliance programs, including: (1) adopting policies, procedures and controls specifically designed to detect and prevent money laundering; (2) designating a compliance officer; (3) initiating ongoing training for employees; and (4) providing for independent tests or audits of the program.

The requirements for all broker-dealers to identify concerns and file suspicious activity reports (SARs) went into effect January 1. Prohibitions regarding foreign shell banks are also in effect. Informational requirements for certain foreign correspondent accounts and the certification process to achieve compliance with these provisions will be fully effective on March 31. A final rule on customer identification and verification is expected soon. These rules are new and complex - and they serve a very important purpose in combating terrorism and money laundering. Therefore, I hope you will all devote adequate resources and attention to compliance with anti-money laundering rules.

Net Capital and Customer Reserve

Net capital and customer reserve violations are among the most frequently identified problems in our exams. A recent concern has been the assumption of liabilities by parents and affiliates of broker-dealers, which give a questionable picture of net worth. Again, with declines in firm earnings, increased attention should be paid to maintaining adequate capital in compliance with GAAP and the net capital rules. And when a broker-dealer is a public company, the new rules under the Sarbanes-Oxley Act must be complied with as well.

Product-Focused Sales Practices

A continuing focus for SEC examiners is on retail sales practices - suitability, unauthorized trading, disclosure of risks, and churning, switching and parking securities. We've placed particular emphasis on reviewing sales practices for particular products that are new and may offer special or unfamiliar risks to investors. Some of these products include variable annuities, limited partnerships, mutual funds, microcap stocks, and securities futures products. While these products are not problems in and of themselves, they may offer special challenges under sales practice requirements.

Analysts' Conflicts of Interest

Another priority for the SEC examination program is the review for analysts' conflicts of interests. The basic question is one of conflict. Perhaps motivated by the desire to generate other firm revenues, such as investment banking fees, do analysts issue fraudulent securities analyses and ratings? In May of this year, the SEC approved NYSE and NASD rules on managing conflicts between investment banking and research analysts. The rules generally restrict the relationship between the research and investment banking departments; require disclosure of a financial interest in a company by a research analyst; require disclosure of investment banking relationships with a company; impose quiet periods for issuance of research following a securities offering of the company; and restrict a research analyst's trading in a company he covers.

New rules have been proposed in light of examination findings and the enactment of the Sarbanes-Oxley Act. We will continue examinations in this area.

Information Barriers

We are conducting examinations of the policies and procedures that firms have adopted to prevent the misuse of material non-public information under Section 15(f) of the Exchange Act. The exams serve two purposes - to evaluate compliance with current rules and guidance, and to evaluate the SRO guidance in this area, which dates back to 1991. A basic tool in avoiding abuses in this area is for firms to establish information barriers to prevent the dissemination of non-public information to those involved in trading or other activities where the use of the information may result in insider trading abuses. We are reviewing information barriers in light of technological developments, innovative and connected products, and the increased integration of various services that may increase the potential for conflicts. The question of the adequacy of information barriers continues to evolve and we will continue to examine for compliance in the changing environment.

Best Execution

Another SEC examination priority I would like to mention is our continuing focus on execution practices of broker-dealers. Firms are required to perform a "regular and rigorous analysis of execution quality" in order to provide best execution for customer trades. Some firms have designated committees that review execution quality at different market centers and compliance staff who review the process. Firms should be using the new market quality data required to be provided by market centers under Rule 11Ac1-5.

Prompt Corrective Action

Before closing, I would like to make one final point regarding compliance. To make that point, I am borrowing a phrase from U.S. banking industry supervision - prompt corrective action. It is critical that if a problem does occur, a firm must promptly investigate it, correct the problem, advise regulators, and fix the deficiencies that allowed the problem to occur. The SEC has advised firms that such prompt responsiveness will be positively considered by examiners, enforcement staff, and the SEC in making enforcement decisions and other regulatory determinations. In our role as examiners, we will do what we can to assist you to take prompt corrective action. We keep open lines of communication during examinations. We will also generally conduct an exit interview to inform firms of any problems we have found during our examinations so that they can resolve them as quickly as possible. Therefore, I urge you to diligently oversee your compliance and risk management programs and to promptly correct and report any problems.


I have outlined some of the top priorities for the SEC examination program. Of course, there are many others that I do not have time to delineate. My objective has been to give you an overview of what we in the SEC examination program consider important compliance and regulatory issues.

Thank you.

I'd be happy to take any questions you may have about broker-dealer compliance issues.



Modified: 03/03/2003