U.S. Securities & Exchange Commission
SEC Seal
Home | Previous Page
U.S. Securities and Exchange Commission

Speech by SEC Staff:
The SEC Examination Perspective


By: Mary Ann Gadziala
Associate Director, Office of Compliance Inspections and Examinations
U.S. Securities and Exchange Commission

Keynote Address at Glasser Legalworks Broker-Dealer Compliance Conference
New York
May 6, 2003

The SEC, as a matter of policy, disclaims responsibility for any private publication or statement by any of its employees. The views expressed herein are those of the author and do not necessarily reflect the views of the Commission or the staff of the Commission.

Good morning. It's a pleasure to be here to open your conference on broker/dealer compliance. Compliance at a broker/dealer offers a myriad of challenges. And the challenges continue to proliferate. Compliance officers must have an understanding of the market environment and the many complex businesses and products offered by the firm. They must be aware of and understand the laws and regulations that govern the firm's activities. They need to deal with the interplay of various jurisdictions and regulatory authorities, including the SEC, SROs, the states, the Federal Reserve (where there is an affiliated bank), the CFTC (when conducting security futures activities), and foreign authorities (when the business or deal involves a foreign jurisdiction). Compliance officers should understand the technological capabilities of their firm and their firm's operations. And they have to have an understanding of the people, the customers and clients, as well as the employees of the firm. To implement an effective compliance program requires the combination of this knowledge, the tools to monitor and oversee firm activities, and the appropriate expertise and skills to pull it all together to make compliance judgments.

As compliance and legal professionals, you are aware of the critical importance of an effective compliance program. It is the responsibility of compliance officers to work to anticipate potential problems, develop effective controls and monitoring systems, and ultimately to do their best to stop violations before they occur. If problems do occur, then compliance should raise them to the appropriate levels and work to correct the problems as quickly as possible. This will protect the integrity of your institutions and assist in maintaining the public trust in the capital markets.

This morning, I shall provide an overview of the SEC examination program. The focus will be on examination priorities and issues that raise concerns in the current market environment. The SEC, through our eleven regional and district offices and our headquarters office in Washington, conducts approximately 650 examinations of broker-dealers annually. Our examinations serve a number of purposes. They evaluate risk management and compliance at firms, identifying deficiencies, violations and best practices. We expect firms to take corrective actions as promptly as possible and to work to implement best practices as appropriate. Our oversight examinations also serve to evaluate the examination work conducted by the self-regulatory organizations or SROs. We discuss our findings with the SROs and work with them to improve their examination programs. Our examinations also assist us in identifying issues and concerns, which we raise to the Commission for appropriate action.

To evaluate broker/dealer compliance and risk management and SRO regulatory programs, and to keep the Commission apprised of newly developing securities regulatory issues and concerns, we conduct a number of different types of examinations. I group them into four categories: comprehensive exams, special purpose exams, new rule compliance, and product reviews. I will discuss examinations and priorities in each of these categories.

1. Comprehensive Examinations

We have developed three types of comprehensive examinations that give us an overview of the risk management, compliance, and supervision at a firm. The first is the internal controls and risk management examination. This examination focuses on a firm's systems, procedures, resources, and performance in the assessment, monitoring and control of all risks at the firm. The second is the comprehensive compliance exam. This type of examination reviews a firms' policies and procedures, and their implementation, to effect compliance with the full range of the many laws that govern firm activities. The third is the coordinated branch exam. This type of examination begins with an onsite review at the main office of the firm where we gather information to identify branches that raise concerns. We then examine those branches to give us an overview of the supervision at the firm.

During our comprehensive examinations, we are not looking for one particular set of policies and procedures. There is no single blueprint for risk management, compliance, or supervision - they must be crafted to reflect the particular business operations of each firm. Their design and implementation must take into account such factors as - size and geographic dispersion, types of business activities, products offered and customers of the firm, operations and technology, legal and regulatory issues, market conditions, and other relevant factors. Moreover, risk management, compliance, and supervision must be viewed as constantly evolving - as the environment changes, or as better practices come to light - firms should change their systems accordingly to maintain the highest level of appropriate controls. Appropriate updated controls and comprehensive oversight should serve as an effective defense against significant losses, violations, customer harm, and firm failures.

I will describe each of our comprehensive examinations beginning with the risk management and internal controls examination.

A. Internal Controls/Risk Management Exams

An SEC internal controls examination begins with an overview of a firm's risk management system. We look at organizational structure and the process by which managers identify, assess, monitor and control all risks within the broker-dealer. These exams are conducted in conjunction with a review of the firm's compliance with the SEC financial responsibility rules, including capital rules. If a firm is not vigilant in a particular area and lacks controls, it will very likely have related deficiencies and violations in the area.

Our internal controls examinations include reviews of the following areas:

  • Senior management, to look for establishment of overall policies and active involvement in the process of risk management and the oversight of risk parameters and controls

  • Adequacy of resources and systems used for risk management, and compensation incentives that may adversely impact independence

  • Internal audit, to ensure that comprehensive and independent assessments get to management and that deficiencies are addressed in a timely manner

  • Market risk in trading activities and firm inventory, including VAR (value at risk), economic models, scenario analyses, stress testing, and back testing; we follow trades from the trading desk through the entire risk management system

  • Funding, liquidity and credit risks, including counterparty credit risk across all products and businesses, credit limits, pricing models, guarantees, collateral, margin, and settlement and legal risks

  • Operational risks, including segregation of duties, checks and balances, protection of customer funds and securities, operating systems, management information systems, management reporting, front and back office operations, security, contingency planning and disaster recovery

  • And finally, we look to see that new products and activities are assimilated into the risk management system in a timely and appropriate manner

One area of particular focus this year is contingency planning and disaster recovery. While reviews in this area have been a part of our risk management examinations since inception, they have been significantly expanded since the terrorist attacks of September 11. It was a consequence of that unprecedented disaster that we realized that our existing systems had unanticipated vulnerabilities. For example, we had not taken into account the potential for such a widespread disaster where market and geographic concentrations as well as interdependence exacerbated the impact of disruptions. Several white papers have been published by government authorities delineating structural changes and sound practices intended to improve business continuity planning and the resiliency of the financial sector. The latest publication is the "Interagency Paper on Sound Practices to Strengthen the Resilience of the U.S. Financial System" published on April 7, 2003, by the Federal Reserve, the Treasury and the SEC. In addition, NASD and the NYSE have proposed rules imposing requirements for business continuity and contingency planning. These efforts are important to address vulnerabilities and ensure business continuity, thereby strengthening the resilience of the U.S. financial system.

In conducting risk management reviews, our examiners are looking for areas where the firm's controls may be weak or inadequate. We will conduct more thorough reviews in those areas to identify any deficiencies and violations of laws and rules. Internal controls and effective risk management are particularly important when firms are more aggressively pursuing innovative ways to increase revenues and enhance profits. Under such conditions, we should all be more vigilant.

Therefore, the objective of this first type of comprehensive examination is to assess and improve where necessary the structure and operation of a firm's risk management processes and systems.

B. Compliance Exams

The second type of examination that gives us an overview of how well a firm is self-policing its activities is the comprehensive compliance examination. In contrast to examinations focused on compliance with particular laws - such as the net capital rule, the Patriot Act, or Reg S-P, this examination covers compliance with the full range of relevant securities laws and regulations. It also covers the compliance systems of all affiliated broker-dealers at the same time. Each broker-dealer is required to establish, maintain, and enforce a system to supervise properly the activities of its employees. The firm's systems and implementation of procedures must reasonably ensure compliance with all securities laws. The comprehensive compliance examination assesses the strength of an organization's compliance culture and how effectively it carries out its compliance responsibilities at all of its broker-dealers.

Some of the functional areas we assess in these examinations include:

  • senior management oversight and involvement

  • written supervisory procedures and implementation

  • independence and experience of compliance personnel

  • adequacy of compliance resources

  • business and branch supervision

  • handling customer funds

  • surveillance and exception reports

  • reviews of correspondence

  • employee supervision, including heightened supervision

  • tracking and resolution of compliance concerns

  • complaints, arbitrations, litigation, and investigations.

Key subject matter areas that should be covered include:

  • recordkeeping, including financial reports and capital computations

  • suitability and unauthorized trading

  • disclosures to customers

  • best execution and reviews for excessive markups

  • reviews for insider trading and market manipulation

  • information barriers, including restricted and watch lists

  • managing conflicts among different business areas of the firm, such as between investment banking and research analysts

  • anti-money laundering

  • Reg S-P (security and privacy)

Our examinations look not only at the quality and coverage of procedures, but also for effective communications, implementation, and independent oversight. The SEC, NASD, and the NYSE together plan to conduct comprehensive compliance examinations of the five to ten largest broker/dealer complexes (covering over 50 broker-dealers) over the next year. In addition to the examination focus, the NASD recently announced that it would be sending out a Notice to Members seeking comment on proposed rule amendments that would require every firm to designate a Chief Compliance Officer. In addition, the rule would require the firm's CEO and Chief Compliance Officer to certify annually in writing the adequacy of the firm's compliance and supervisory procedures. This is expected to further raise the profile of the compliance program and increase high-level interaction between compliance and business at the firm.

C. Coordinated Branch Exams

The third type of comprehensive examination is the coordinated branch exam. We begin this type of examination with a general review of the books and records of the firm. We assess problem registered reps, complaints, arbitrations, significant changes in business or personnel, and other matters at each branch of the firm to create a matrix identifying branches that merit special reviews. Examination teams will then visit the selected branches to conduct onsite reviews. We combine the findings of the individual branch exams to develop an overall picture of the effectiveness of supervision at the firm. In a recent example, we worked with three SROs and eleven state securities regulators to conduct simultaneous examinations of 29 branches of a particular firm. We expect to increase our examinations at branch offices, coordinating with the other securities regulators, to cover more branches while avoiding duplicative examination work.

2. Special Purpose Examinations

As I mentioned, our comprehensive examinations are our best tools to gain an overview of a firm's risk management, compliance, and supervision. However, our more focused examinations provide us with the opportunity to probe more deeply into particular areas where appropriate. Two recent examples of our special purpose examination priorities are broker/dealer hedge fund activities and post-Enron structured finance reviews.

A. Broker/Dealers and Hedge Funds

With the downturn in the stock market and reduced broker-dealer earnings from traditional activities (such as M & A business, investment banking, and trading, commissions), some firms seem to be competing heavily in new areas, including for hedge fund business. In this environment there is concern that firms could take excessive credit or market risks or market inappropriately to investors.

We recently conducted examinations of seven broker-dealers that are significantly involved in businesses and services related to hedge funds. We viewed the hedge funds from two perspectives - as counterparties to broker-dealers (financial risk) and as products sold by broker-dealers to investors (investor protection).

The areas examined include:

  • services (prime brokerage, advisory, capital introduction, etc.)

  • marketing to obtain hedge funds as clients

  • counterparty credit risks (margin, collateral, risk limits)

  • market risks from hedge fund investments and lending

  • selling and recommending hedge funds to investors

  • guaranteed or other alternative products

In an Investor Alert dated August 23, 2002, and in Notice to Members 03-07 (February 2003), the NASD expressed concern about sales practices with respect to hedge funds. They also recently conducted a survey of their member firms to determine the extent of their hedge fund sales activities. Based on that information, we intend to identify firms for examination and work with the SROs to conduct a series of examinations to evaluate sales practices and related compliance in this area. In addition, on May 14 and 15, the SEC is hosting a roundtable to discuss investor protection implications of hedge funds. Topics to be covered include: the structure, operation and compliance activities of hedge funds; marketing; investor protection; the regulatory scheme; and whether additional regulation is warranted.

B. Structured Finance Transactions

The next area of examination focus, the review of financial institution participation in complex structured finance products, was initiated in part in response to a Congressional request following hearings on the Enron transactions. We are working with the banking agencies to conduct a series of parallel examinations of the structured finance activities of eleven financial organizations identified as major players in this market. Bank regulators are examining the banking entities and the SEC is examining the securities entities to get a full picture of structured finance activities.

Our examinations cover design, participation, marketing, advising, and selling complex structured finance products. Our focus is on transactions involving a counterparty or client that is a public company. We are will reviewing policies, procedures, and controls of the organizations for assessing accounting and tax strategy as well as the business purpose and appropriateness of these transactions. We are also looking at the organization's assessment of credit, market, and reputational risks associated with the transactions. The examinations are underway and we are also working with the banking agencies to analyze our findings and respond to the Congressional request for guidance in this area.

3. New Rule Compliance

The next general category of examinations covers new rule compliance. Recent priorities here are misappropriation, money laundering, and research analysts' conflicts.

A. Misappropriation of Customer Assets

Preventing the misappropriation of customer assets is an SEC priority. There have been a number of well-publicized cases involving the misappropriation of customer funds - cases where a registered representative, often through a clever scheme, steals customer money. Strong supervision and internal controls are key tools to prevent such losses. Therefore, we will be examining for effective controls against misappropriation of customer assets. Examiners will also look for compliance with the proposed SRO rules in this area when they become effective.

Some questions that may be asked during exams include:

  • What controls does the firm have on creating and sending customer account statements?

  • Does the firm have branch managers who are also producing brokers? If so, are there adequate controls?

  • How does the firm handle customer authorizations for withdrawing or transferring funds?

  • How does the firm handle customer changes of address? How does the firm confirm the validity of a customer P.O. box address?

B. Anti-Money Laundering

Securities firms have new responsibilities under the Patriot Act to prevent and detect money laundering. Many provisions of this Act have already gone into effect, and others will be going into effect soon. All broker-dealers should have established their anti-money laundering compliance programs, including: (1) adopting policies, procedures and controls specifically designed to detect and prevent money laundering;

(2) designating a compliance officer; (3) initiating ongoing training for employees; and (4) providing for independent tests or audits of the program. The first independent audits were due April 24, although the SROs recently informed firms that if the audit is not completed by that date, examiners would expect a definitive plan that includes a timetable for completion of the testing and the manner of the testing.

The requirements for all broker-dealers to identify concerns and file suspicious activity reports went into effect January 1. Prohibitions regarding foreign shell banks are also in effect. Informational requirements for certain foreign correspondent accounts and the certification process to achieve compliance with these provisions became effective on March 31. The long-awaited final rule on customer identification and verification was issued by Treasury and the SEC last week with an October 1 compliance date. These rules serve a very important purpose in combating money laundering and terrorism. Therefore, I hope you will all devote adequate resources and attention to compliance with anti-money laundering rules.

C. Conflicts of Interests

Another priority for the SEC examination program is the review for conflicts of interests. One concern is analysts' conflicts. The basic question is: Do analysts issue fraudulent securities analyses and ratings - perhaps motivated by the desire to generate other firm revenues, such as investment banking fees? In May of this year, the SEC approved NYSE and NASD rules on managing conflicts between investment banking and research analysts. The rules generally restrict the relationship between the research and investment banking departments; require disclosure of a financial interest in a company by a research analyst; require disclosure of investment banking relationships with a company; impose quiet periods for issuance of research following a securities offering of the company; and restrict a research analyst's trading in a company he or she covers. On April 28, the SEC, NASD, NYSE, NASAA, and New York Attorney General announced a global settlement with ten top securities involving research analysts' conflicts with investment banking. In addition to requiring payments of over a billion dollars for penalties, disgorgement, independent research and investor education, the settlement requires the firms to sever the links between research and investment banking. This includes prohibiting analysts from receiving compensation for investment banking activities and prohibiting analysts' involvement in investment banking "roadshows." We and the SROs will continue examinations in this area.

A related area is the general review of information barriers to address potential conflicts of interests. We are conducting examinations of the policies and procedures that firms have adopted to prevent the misuse of material non-public information under Section 15(f) of the Exchange Act. The exams serve two purposes - to evaluate compliance with current rules and guidance, and to evaluate the SRO guidance in this area, which dates back to 1991. A basic tool in avoiding abuses in this area is for firms to establish information barriers to prevent the dissemination of non-public information to those involved in trading or other activities where the use of the information may result in insider trading or other abuses. We are reviewing information barriers in light of technological developments, innovative and connected products, and the increased integration of various services that may increase the potential for conflicts. The question of the adequacy of information barriers continues to evolve, and we will continue to examine for compliance in this area.

4. Product Reviews

A continuing focus for SEC examiners is on retail sales practices - suitability, unauthorized trading, disclosure of risks, and churning, switching and parking securities. We've placed particular emphasis on reviewing sales practices for products that are new or may offer special or unfamiliar risks to investors. Some of these products include variable annuities, limited partnerships, mutual funds, microcap stocks, and securities futures products. While these products are not problems in and of themselves, they may offer special challenges under sales practice requirements. Examinations in this area fit into the fourth category of examinations - product reviews. This morning I will discuss three of the products covered by these exams.

A. Mutual Fund Breakpoints

Late last year, we became concerned that investors were not always being charged the correct sales loads on their mutual fund purchases. The focus is front-end sales loads with purchase volume discounts at specified breakpoints. Reduced commissions are charged when the level of dollar investments in a family of mutual funds reaches certain breakpoints. Investors can sign letters of intent to get the discount upfront, stating they will invest enough over a period of time to reach the breakpoint. They can also acquire rights of accumulation, which allow them to receive the discounts based on investments accumulated over time. In determining whether a breakpoint has been reached, not only are all the related funds in a fund family included, but purchases by related or "household" accounts of the investor may also be included.

In view of the complications of computing appropriate sales loads and concerns that customers may not be receiving appropriate discounts, the SEC and the NASD launched a multifaceted inquiry. Letters were sent to all broker-dealers conducting a public business asking them to assess their policies and procedures, as well as compliance with all requirements for sales load charges on mutual fund transactions. In addition, a survey requesting data on mutual fund sales was sent to the firms. The SEC, NASD, and NYSE examined 43 firms for compliance in this area. In March 2003, we issued a staff report on the findings of those examinations and surveys, together with recommended next steps.

Among the findings described in the report were the following:

  • At most firms examined, we found some instances where customers were not provided with breakpoint discounts for which they appear to have been eligible.

  • The average discount not provided was $364 per transaction.

  • The most frequent causes for not providing breakpoint discounts were not linking a customer's ownership of different funds in the same mutual fund family, not linking shares owned in a fund or fund family in all of a customer's accounts at the firm, and not linking shares owned in the same fund or fund family by persons related to the customer.

  • Firms' supervisory procedures in this area were not comprehensive.

Following the issuance of the report, firms were required to conduct a further assessment of breakpoint compliance by May 15, 2003. Finally, in response to the SEC's request, the NASD, SIA and ICI convened a working committee to explore and recommend ways in which the mutual fund and brokerage industries can prevent abuses and improve systems, investor disclosure, and education. Work continues in this area, and we expect this will remain a focus of the examination program. I should stress that despite the ongoing work, compliance with breakpoints is mandatory now.

B. Variable Annuities

The SEC and the NASD have conducted a number of examinations of the variable annuity sales activities of broker/dealers. Some of the abuses we have seen include unsuitable recommendations, abusive switching (particularly involving 1035 exchanges and replacements), improper registration of the sales force, misrepresentations, and inadequate supervision. We have also seen some sound practices that promote good compliance over this area. We are working to compile and analyze the findings of our examinations and anticipate sharing that information with all of you in the near future.

C. Security Futures Products

The Commodities Futures Modernization Act of 2000 permits the trading of security futures products (SFPs) by broker/dealers and futures commission merchants (FCMs). The most common of the SFPs are single stock futures contracts. Since SFPs are both a security and a future, the products are subject to both securities and futures laws and firms that trade these products must be registered as both an FCM and a broker/dealer. There are special provisions to prevent overlapping regulation. While the trading in SFPs has been light, there are 598 FCMs (notice-registered broker/dealers) and 16 broker/dealers (notice-registered FCMs) that have registered to trade them. We have been working with the CFTC and SROs to coordinate the examination of firms trading SFPs .


My objective this morning has been to give you an overview of what we in the SEC examination program consider important compliance and regulatory issues. While our examination program covers many other areas, the topics I have highlighted are some of our recent and continuing priorities.

Thank you for your time and attention. I'd be happy to respond to any questions you may have about broker-dealer compliance issues.


Modified: 05/08/2003