U.S. Securities & Exchange Commission
SEC Seal
Home | Previous Page
U.S. Securities and Exchange Commission

Speech by SEC Staff:
Remarks before the Investment Adviser Compliance Best Practices Summit: Compliance Programs: Our Shared Mission


Lori A. Richards

Director, Office of Compliance Inspections and Examinations
U.S. Securities and Exchange Commission

Washington, D.C.
February 28, 2005

As a matter of policy, the SEC disclaims responsibility for any private statement by an employee. The speaker's views are her own, and do not necessarily reflect those of the Commission, the Commissioners, or other members of the staff.

Good morning, and thank you for welcoming me here today. And I thank David Tittsworth, Executive Director of the ICAA and Dennis Sullivan, publisher of IA Week for continuing to sponsor this annual conference dedicated to compliance issues for investment advisers. I always appreciate the opportunity to speak with you and am very pleased to be here with you again today. I must say that the views I express today are my own, and do not necessarily reflect those of the Commission, the Commissioners, or other members of the SEC's staff.

When I spoke with you last year, the October 5 compliance date for the Commission's new Compliance Rule was looming large. Remember? Recall all of the time, effort and expertise that you and other industry compliance professionals put in to designating a Chief Compliance Officer, reviewing existing policies and procedures, looking hard at the firm's operations and business lines, identifying conflicts of interest, identifying new policies and procedures to address compliance issues and those conflicts of interest, and making sure that those policies and procedures actually work as intended. I've heard about all of the work that went into this effort the analysis, the anxiety, the rethinking of past paradigms, the long hours. A year ago when I spoke with you at this conference, I shared with you some of my ideas on how you might approach implementing the Compliance Rule by conducting an assessment of your own firm's compliance program, retooling the program, and incorporating new procedures where needed. By now, your firm's compliance program should be in place and your Chief Compliance Officer should be on board. You should take pride in having accomplished all this.

I spoke to you last year with the overhang of the scandals in the investment management industry fresh and at the forefront of our examination and enforcement programs. I believe that the misconduct we have seen emerge in this industry -- and not by a few bad apples but by a wide range of large and small industry participants -- must change the way we all think about compliance. That conflicts of interest -- the incentive to place one's own interests before those of investors -- were at the core of all of the compliance problems we have seen, provides us with important lessons I think, about the operation of compliance programs today.

One of the most important lessons we have learned is that your compliance program cannot be static. It can't be "done," "on the shelf," or "fixed." An effective compliance program must continue to evolve and, to do so, the program must be able to identify, meet, and incorporate changes in your business and changes in your customers, to continue to identify conflicts of interest, to be responsive to changes in the statutory and regulatory regime, and to continually strive to find the best technology and the best people. It must be measured by its results. Indeed, much of this conference is dedicated to providing practical advice on how to ensure that your compliance program is actively preventing, detecting and correcting securities laws violations. I have heard this concept of an activist compliance program referred to as having a "living, breathing" compliance program. I believe that an activist compliance program incorporates several characteristics, given the lessons learned from recent compliance failures:

First, it must be respected within the organization, and have the utmost support from the top. The firm's leaders and business line managers must believe in and maintain a high fiduciary standard of honor and business ethics. If this fundamental commitment is lacking, woe to even the most earnest compliance staff.

Second, it must be well-resourced, and populated by staff with expertise. It has seemed to me that firms that are now spending lots of money and time on their compliance programs, and some of the firms who are doing no small amount of complaining about it, probably should have been better resourcing their compliance infrastructure all along, and are now catching up to establishing the necessary compliance and supervisory infrastructure to support their fiduciary obligations.

Third, it must possess an attitude of skepticism. It must be creative in thinking about ways that rules could be subverted, that ethical standards can be breached. This is a prominent lesson of recent events -- as my colleague Paul Roye has said "while some types of malfeasance may seem counterintuitive, you nevertheless need to expect the unexpected and urge your compliance personnel to take nothing for granted."1

Fourth, it must continually beware conflicts of interest - one of the most powerful being the desire to grow assets under management and the advisory fee to benefit the adviser, at the expense of the advisory client. This conflict may manifest itself in lying or fudging on performance claims, favoring some accounts over others in allocations, establishing "sticky assets" arrangements, paying or receiving undisclosed payoffs and kickbacks for business, and in a myriad of other ways. Another powerful conflict of interest is the desire of individual advisory employees to profit, at the expense of the advisory client. This conflict may manifest itself in front-running and other abusive personal trading, in self-dealing and in theft.

I believe that effective, and indeed activist, compliance programs are terribly critical. Your role has never been more important than it is today. And, along with this responsibility and importance has come some trepidation by new CCOs. I know that most CCOs don't approach their responsibilities lightly. We in OCIE do not see the Compliance Rule as an opportunity for an exercise of "gotcha" - that is, using the Compliance Rule as simply another way to make enforcement referrals. Instead, I see the new rule as providing an enormous opportunity to improve compliance in the asset management industry, and I view CCOs as our allies in our mission to protect investors.

We very much want CCOs to be empowered and able to effectuate this mission, and, for our part, we believe that we can help CCOs by communicating about compliance pitfalls we find, about compliance practices that appear to be effective, about new Commission rules and interpretations. At the same time, we hope to encourage greater communication from CCOs. We're thinking about ways we can best do this. But even today, there is already a lot of information available to you. For those of you who may not be aware of it, the SEC's website offers an incredible amount of current information about Commission initiatives, rulemaking, and enforcement actions. I strongly urge you to use this existing tool.

It is in this spirit that I wanted to share with you this morning what we learned from talking with Chief Compliance Officers in the weeks following the effective date of the Compliance Rule. I note that the brochure for this conference says, on the cover: "See how other CCOs are complying with the new rules," so I'm right on topic.

Some of you may have heard that in October and November, we began calling the CCOs of some large investment advisers. We wanted to have an immediate and personal introduction to the new CCOs, and we wanted to get a sense of how firms and their CCOs were integrating the requirements of the Compliance Rule into their operations for examination planning purposes. We contacted the CCOs of large advisers to investment companies, and while the total number of firms contacted represent only a small portion of the industry, the assets managed by these firms total nearly 40% of the assets managed by the industry. Here are some of the questions we asked and the responses we received.

We started by asking about the CCO. When we asked: Are you a permanent or "temporary" CCO, we found out that the vast majority -- 98% -- were permanent.

We also asked whether the CCOs were in place before the October 5 deadline. To explore this topic, we asked whether each fund sponsored by the adviser had designated a CCO, and whether each board had approved the CCO. To each question, all CCOs said yes, and I'm glad the results on those questions were unanimous.

We then turned to policies and procedures. Policies and procedures are critical to compliance because they incorporate and formalize the firm's system of controls. We asked if the adviser had all written policies and procedures in place that it believed were necessary for an effective compliance program. We were told by all CCOs that they had implemented all policies and procedures they believed necessary.

This was surprising to me, given that, as I said at the outset, a robust compliance program is one that "lives and breathes," and contemplates ongoing improvement. We asked the question a second time, but in a slightly different way. As you'll recall, in the release adopting the Compliance Rule, the Commission identified certain control areas that it expected advisers to address (if relevant to the adviser's business). These included the adviser's portfolio management process, its trading practices, valuation, any proprietary trading, the disclosures it makes to investors, its books and records, and safeguarding customer assets and information.2 So, we asked if advisers had policies and procedures in place for at least those areas noted in the release. In this case the response was slightly different, but only slightly:

Yes 99%

No 1%

That one percent represented a CCO who indicated that his firm did not yet have written policies for record retention and soft dollars. In any event, if your firm has not yet implemented policies and procedures -- at least in the control areas identified by the Commission in the release -- you should know that, according to your peers, they've left you behind.

We asked what program areas the CCOs were still working on. We were told by 39% of the CCOs that they were still working on several areas. I hope that this is an indication that these firms view their compliance programs as a continuing work in progress. The areas they said they were working on included:

  • testing automated compliance functions/systems;
  • continuous review and refinement/improvement of certain procedures;
  • training sessions for their staff;
  • clarifying language in policies for better comprehension (plain English); and
  • email and document retention efforts.

We also asked about the role of the board of directors. In general, boards play a critical role in compliance, and in helping to create and maintain a strong compliance culture, and they have certain specific obligations under the Compliance Rule.

We asked whether the board of each fund had approved all written policies and procedures that it believes are necessary for the fund to have an effective compliance program, and we were told by all CCOs that they had done so. We also asked whether each fund's board had yet approved the compliance programs of all advisers, sub-advisers, administrators, principal underwriters, and transfer agents, and we heard that 99% of boards had done so. This was, as you know, thought to be one of the most challenging aspects of the new rule.

For those of you wondering how often other fund CCOs will communicate with their boards of directors in times per year, here is what we learned:







More frequently than four


As you know, the Compliance Rule contemplates additional communications as necessary at any time during the year. And for those of you curious about who is paying the salary and benefits of fund CCOs, here's what we were told:











Other (affiliates/unnamed service providers)


Finally, we asked the CCOs: what do you think is the most challenging aspect of complying with the Compliance Rule? The responses we received were not uniform, rather, we heard that different CCOs found different aspects of the new Rule to be the most challenging for them and for their organizations. Here's a compilation of what they said were the most challenging aspects of the new rule:

  • how best to document, report, and test procedures;
  • board oversight and coordinated review of service providers;
  • the time frame of the rule's effective date;
  • some suggestions that the rules were too broad, or that more guidance from the Commission would have been helpful;
  • addressing email retention procedures;
  • obtaining the board's approval for everything amended or initiated;
  • the need to formalize hitherto informal policies;
  • the need to increase the staffing and economic resources of the compliance department;
  • finding a competent CCO;
  • aligning technology systems;
  • anticipating what SEC examiners would do under the new rule;
  • familiarizing new hired CCOs with the organization;
  • dealing with possible changes in liability exposure;
  • preparing for new rule requirements while continuing to deal with SEC examinations of current rule requirements;
  • enhancing the firm's culture of compliance; and
  • the need to broaden the firm's compliance procedures to incorporate all of the federal securities laws.

The honesty with which CCOs described the challenges they face in complying with the new rule was helpful to us, and I think reflects a serious effort to comply with the Compliance Rule, and to grapple with and address its new challenges.

One unrelated final note I want to mention, we've implemented what we call the "Exam HotLine." The Exam HotLine will be dedicated to receiving calls from members of the regulated community who have a complaint or a concern about an SEC examination. Because we do not intend the HotLine to supplant on-going and routine dialogue with examination staff and supervisors throughout the program, and because we are fortunate to have a well-trained and highly professional examination staff, I expect that there will be very few calls to the Exam HotLine. Nonetheless, if a member of the regulated community has a complaint or a concern about an examination, they should know where to call for immediate attention. The Exam HotLine will be answered by senior attorneys in the examination program's Office of Chief Counsel. These attorneys also direct our ethics program, so they will be ready to assess and investigate any ethical issues that might be raised. Our goal for the HotLine is to respond to any complaints with the same speed and vigor that we expect from securities firms when they receive complaints from their customers. The Exam HotLine can be reached by phone or e-mail. The phone number is: (202) 551-EXAM (3926). The e-mail address is: ExamHotLine@sec.gov.


I will end here with a final message. Your goal as compliance professionals and our goal at the SEC is the same -- we both want to strengthen compliance in the industry for the protection of investors. In that spirit, I urge you to see the Compliance Rule as an opportunity to empower and strengthen compliance. And, even with all of the time and effort that you've already put into establishing a Compliance Program consistent with the new Compliance Rule, do not view your work as complete. Establish an activist compliance program that reflects the ongoing challenges of meeting fiduciary obligations. That's our shared mission.

Thank you.



Modified: 03/01/2005