Speech by SEC Staff:
The New Compliance Rule: An Opportunity for Change
Lori A. Richards
Director, Office of Compliance Inspections and Examinations
U.S. Securities and Exchange Commission
Investment Company Institute/Independent Directors Council
Mutual Fund Compliance Programs Conference
June 28, 2004
This is a critical juncture for the mutual fund industry, as we are on the eve of implementation of one of the most significant new obligations the new Compliance Rule.1 At the outset, let me remind you that the views I express are my own views and not necessarily the views of the Commission, the individual Commissioners or my colleagues on the Commission staff.2
From time to time in the press and in conversations, we hear the opinion that the SEC is over-reacting to the mutual fund scandal. That late trading and those that colluded with favored customers to market time their own funds involved only a few active participants. It's the "few rotten apples in the barrel" view on recent events. I have also heard the view that while, indeed, reprehensible acts did take place, the market took care of the problem by pulling billions of dollars out of the guilty funds. The firms responded by firing the responsible senior executives. The regulators responded by imposing sanctions and punitive fines. Wasn't this enough to take care of the aberrant behavior of a few wayward individuals who forgot their fiduciary responsibilities to the shareholder?
I want to answer this question from my perspective as an examiner, as one who has seen the conduct of fund firms "on the ground" as it were, the good, the bad and the ugly. I must respond to these critics that I believe that the rules recently put in place by the Commission are necessary and fully appropriate to prevent a recurrence of the particular forms of misconduct we have witnessed. The Commission has adopted rules that will illuminate funds' anti-market timing policies and require fund executives to report their transactions in fund shares so that any abusive trading can be detected, and has proposed a "hard 4 pm" close to eliminate the possibility of late trading. These types of rules, it seems to me, are clearly called for by recent experiences and by the need to protect American investors from a recurrence of misconduct that arose too easily in the past. And, moreover, the new rules will make violations much easier to detect, both for our examiners and for funds' compliance staff.
Beyond the specific kind of misconduct at hand now market timing and late trading we must ask more fundamental questions. Why did this occur? Why did so many fund firms seem to lose sight of their fiduciary duties? Why were there so many individuals who willingly participated or turned a blind eye to conduct that was clearly wrong? I believe that the cause of the misconduct, at its core, was rooted in a shift in philosophy or perspective as fund firms became more oriented to their bottom lines, they forgot, or the individuals at the top of their organizations never had, a fundamental philosophy of putting the investor first. It seems to me that this signals a need, not just for aggressive enforcement actions and specific rules designed to prevent and better detect the specific misconduct already identified, but to think about how to prevent the next type of fiduciary breach, by reorienting fund groups to their fiduciary obligations to serve the needs of investors first and foremost.
Chairman Donaldson recently spoke about an adviser's relationship with its clients. He said:
"The relationship between an investment adviser and its clients is supposed to rest on a bedrock foundation of fiduciary principals. It is extremely troubling that so much of the conduct that led to the scandals in the mutual fund industry was, at its core, a breach of the fiduciary relationship between investment advisers and their advised funds. As fiduciaries, advisers owe their clients more than mere honesty and good faith. Recent experience suggests that all too many advisers were delivering much less."
He went on to say that:
"'opportunity may only knock once, but temptation leans on the doorbell.' As much as we might wish to, we will never be able to set and enforce rules that govern every situation in which an investment adviser's employees might be tempted to exploit the adviser's clients for personal profit. We have no choice but to rely on the advisory firms themselves to step into the breach establishing a culture where the highest standards of behavior are practiced and where that doorbell is never answered."3
Paul Roye, the Director of the SEC's Division of Investment Management recently told the ICI's membership that "true reform must also rest on the establishment and nurturing of a culture of fiduciary responsibility that comes from within the industry, not just one that is imposed from the outside through regulation or legislation."4
One step that we as regulators can take to help advisers establish a "culture of compliance" a culture where, as the Chairman has said, the highest standards of ethical behavior are practiced is to make sure that there are adequate "checks and balances," or internal controls within firms, designed to make it more likely that ethical behavior will be the norm throughout the organization. It is no secret that organizations that lack internal controls, the hallmark of which are written policies and procedures and a clear supervisory structure, are much more likely to run into problems. These problems can range from the ad hoc "on the fly" decision that, even unintentionally, can harm the firm's clients, all the way up to dominance by a self-interested control person who can override any subordinate's good intentions. As an examiner, I see examples of both, the result of which can be that investors' interests are compromised.
To help ensure that fund organizations shore up their infrastructure of checks and balances, the Commission adopted the Compliance Rule (Rule 206(4)-7 under the Advisers Act and Rule 38a-1 under the Investment Company Act) in December 2003.5 As you know, the Commission actually proposed the rule well before the scandals emerged, which I think demonstrates the Commission's earlier recognition that, given the assets under management, the fund industry needed to catch up to other financial services firms and ensure robust controls over investors' assets. The Rule requires that funds and their investment advisers have comprehensive compliance policies and procedures in place, that they appoint a Chief Compliance Officer, and that the fund's Board review and approve the compliance programs of the fund and its service providers. It is hoped that this Rule will have a far-reaching, positive impact on mutual fund operations by ensuring that funds have a primary architect of the fund's compliance program, by formalizing that compliance program in the fund and its service providers, and by providing an important mechanism for the Board to exercise oversight. In short, we hope that the new Compliance Rule will help instill, in every fund organization, a "culture of compliance."
Given the goals of the new rule, I certainly hope that firms are preparing for it. The trust of your investors depends on your ability to ensure that you put their interests first. This is franchise value. If you view this rule as "just another compliance obligation," if you stage compliance with the rule for show, if you take only minimal steps, if you do not believe in its importance, you will fail to seize the opportunity it presents. And, I daresay, the result will be your firm's vulnerability to the next form of abuse and securities laws' violations. And, we at the SEC will not tolerate a perfunctory show of compliance. Strong words? Absolutely. There has been talk recently about the industry just "not getting it." Your interest in this conference, your determination to understand your obligations under the Rule and your commitment to implementing and complying with the rule will do much to belie this notion.
Let me now talk a little about the opportunity that this rule presents. I would urge you not to focus on the incremental costs of dedicating resources to implementation of the new rule. Rather, focus on what you can accomplish with a serious commitment to it the preemption of another industry scandal and hopefully the restoration of investor confidence and trust. You have the opportunity to rethink, to reassess and to adopt new measures to instill a culture of compliance. Use the opportunity that the rule presents to:
- question past practices, even those that while technically legal, may not be ethical;
- identify conflicts of interest or potential conflicts of interest;
- engage in dialogue with all business units and service providers about their activities;
- review your disclosures to your clients;
- inventory your obligations under the securities laws and your disclosures;
- match the inventory to your policies, procedures and controls;
- throw out practices, policies and procedures that did not serve;
- adopt new policies, test them out; and
- educate employees on conflicts, on the culture of the firm, and their responsibilities within it.
I believe that you can and should use the new Compliance Rule as an opportunity for fresh thinking about your firm's operations.
Let me turn now to some key aspects of the Compliance Rule: 1) designating a Chief Compliance Officer; 2) adopting policies and procedures; 3) conducting the annual review; and 4) reporting to the fund Board of Directors.
1. The Chief Compliance Officer
This morning we heard discussion on the selection process for the Chief Compliance Officer. This is a critical component of the new Rule. The Chief Compliance Officer will be responsible for administering the fund's compliance program. Although the Rule doesn't list the specific attributes the Chief Compliance Officer must have, the Commission stated that this person should be "competent and knowledgeable regarding the federal securities laws and should be empowered with full responsibility and authority to develop and enforce appropriate policies and procedures for the fund"6 in short: competent, knowledgeable and empowered.
In addition, a Chief Compliance Officer may be served by having other practical skills. The Chief Compliance Officer will need to not only understand the regulations but how the industry works, the products and services offered by the firm, the nature of the services provided by service providers, and the firm's operational and compliance structure. Certainly it will be important for her to be able to "think outside of the box" and to question and reassess past practices. She should look at product, market and regulatory trends to identify existing and emerging compliance risk areas. The Chief Compliance Officer is now a risk manager, a strategist, and importantly, an integral part of senior management someone with a voice at senior corporate levels that cannot be ignored.
As regulators, we will look to the Chief Compliance Officer as our ally, just as we do the independent auditors and the Board of Directors, particularly the independent directors. As examiners, we will develop that alliance we will speak often to the Chief Compliance Officer, utilizing her knowledge to more completely understand the fund's compliance program, to hear concerns, and to understand emerging issues and the ways in which they are being handled. We expect the Chief Compliance Officer to be open, honest and candid with us about issues that arise. Our examination process likely will begin with a discussion with the Chief Compliance Officer, and will have as its goal an assessment of whether the compliance program as a whole is effective in light of the fund it serves. As I said, we view the Chief Compliance Officer as an ally in ensuring that the interests of fund shareholders are served.
I know that fund firms are now considering where the Chief Compliance Officer position should fit within the firm's structure. I would not automatically assume that it should be placed within Legal or report through the General Counsel (remember that the Chief Compliance Officer also reports directly to the fund's Board of Directors.) Intertwining the corporate legal duties and the duties of the compliance officer may create conflicts not only in the implementation of the compliance program but also in the examination of the program. If you decide that the Chief Compliance Officer will report to Legal, counsel will have to clearly articulate instances of client privilege and show great effort to segregate any dual responsibilities. Routine compliance monitoring is not subject to attorney-client privilege, and in particular, take note that the Commission recently reminded firms that all reports required under the federal securities laws are meant to be made available to the Commission's staff for examination, and thus are not subject to the attorney-client privilege, work product doctrine or other similar protections.7
I also understand that many fund firms are thinking about "outsourcing" the Chief Compliance Officer function. While the rule does not preclude outsourcing, let me caution you that the Chief Compliance Officer is responsible for administering the fund's compliance program, which includes both adopting and implementing the policies and procedures.8 She has to have intimate knowledge of the firm's operations in order to administer an effective compliance program. Remember that the Commission stated in the Release that the Chief Compliance Officer should be competent, knowledgeable and empowered. It would therefore be logical to infer that a reasonable amount of time would have to be spent not only overseeing the structure of the compliance program but its implementation as well. Because of this, I am wary about whether a compliance "rent a cop" could really be up to the task. For example, is it reasonable to expect a Compliance Officer in New York to be able to effectively implement and monitor a compliance program in California? Is it reasonable for a Compliance Officer serving 10 different fund complexes to effectively service them all? This is a decision that must be made by the fund's Board. In thinking through this issue, be aware that if the compliance program is not effective because the procedures are not implemented effectively and problem is insufficient Chief Compliance Officer involvement or expertise, your fund firm will not be in compliance with the Rule.
I also understand that fund firms are thinking now about how to compensate the Chief Compliance Officer. In order to promote the independence of the Chief Compliance Officer from the management of the fund,9 the Rule requires that the fund Board, including a majority of independent directors, approve the Chief Compliance Officer's compensation. Given this, it seems clear that compensation should be designed to reinforce or incentivize the objectivity of the Chief Compliance Officer, and to motivate her to perform her responsibilities.10 In thinking through how to compensate the Chief Compliance Officer, I suggest that the spirit of the new Rule should drive compensation and incentives. Some key factors might be: is the Chief Compliance Officer administering a compliance environment that not only addresses and supports the goals of all the federal securities laws but the intent of those laws? Is the program structured to and does it in fact prevent, detect and correct violations? Does it support open communication between the fund's service providers and those with compliance oversight? Is the program proactive, seeking to identify potential risk rather than reactive, merely plugging holes as they arise? Think about these goals as you go about creating a compensation and incentive program for your compliance staff.
I know also that fund firms are thinking about the resources that they will dedicate to compliance, and to the compliance infrastructure. Current events teach that while compliance is not a profit center, lapses can cost an enormous amount. Be sure to provide the Chief Compliance Officer with the resources necessary to do the job. You can have the best compliance program, the most qualified compliance officer, but if she is not given the technological and staff support needed to properly administer the compliance program, your firm may be imperiling the compliance program.
This speaks to one of the concerns voiced in the comments received on the new Rule's "undue influence" provision. The Rule prohibits officers, directors, or employees of the fund, its adviser, or principal underwriter from directly or indirectly taking any action to coerce, manipulate, mislead or fraudulently influence the fund's Chief Compliance Officer. Commenters on the rule expressed concern that normal internal debate and discussion with a compliance officer about whether a law or regulation has been violated, about a new compliance policy or procedure, or even normal supervisory instructions or guidance given by the Chief Compliance Officer's boss could be construed as "undue influence." This provision is clearly not intended to suppress the normal give-and-take discussions within any firm. I'm sure that the fund's Board and the Commission will use the guidelines of reasonableness and honest intentions to determine whether or not the independence of the Chief Compliance Officer is being subverted.
2. Adopting Policies and Procedures
In the past, firms were only required to have written policies and procedures governing a fairly narrow scope of activities insider trading, privacy issues, proxy voting, codes of ethics and anti-money laundering. Now, the coverage of compliance is comprehensive, as the fund must have written policies and procedures to prevent the fund from violating the federal securities laws. Also, the fund's policies and procedures should allow for reasonable oversight of compliance by the fund's adviser, principal underwriter, administrator, transfer agent and other service providers. These procedures will be critical tools for your compliance personnel to be able to perform their jobs effectively.
We realize that this process will be an evolving one as the industry progresses toward best practices in the compliance area. We expect that the development and implementation of the compliance process will be dynamic, proactive and innovative a "living organism" as one recent industry compliance staffer observed.
In developing the compliance program, review your obligations under the federal securities laws and your disclosures to investors. Think about your fund's risks. Identify areas where there are conflicts of interest between the adviser's interest, employees' interests, service providers' interests, and advisory clients and shareholder's interests. The list of conflicts will depend on the nature of the firm's business. This requires a thoughtful self-assessment, and this is where "outside the box" thinking will be important. It's critical that you identify not just known conflicts and the Commission's Release on the Compliance Rule identifies some of these conflict areas11 but start this process fresh try to identify previously unidentified conflicts.
Then, in considering new policies and procedures to address these conflicts, remember that even the most detailed and all-encompassing policies and procedures will not obtain the desired results unless they are operating in an environment that recognizes, supports and values the role of strong compliance and ethical practices. The most effective organizations will not be those who employ "compliance cops" without also imbuing a "culture of compliance" top-down and consistently through all layers of management and staff. That's why, in conducting a compliance assessment and considering new compliance controls, firms should involve all senior management and appropriate business units in the process at the outset. Senior management might use this time before the new rule goes into effect to discuss the firm's code of ethics and its fiduciary obligations, to educate employees about the code and the fiduciary obligations in practice, and to reflect those obligations in the firms' policies and procedures.
3. The Annual Review
The new Rule requires that the Chief Compliance Officer conduct an annual review of the adequacy of the policies and procedures of the fund and its service providers, as well as the effectiveness of implementation. The Chief Compliance Officer is also required to deliver a written report to the fund's Board on the operation of those policies and procedures, any material changes during the year, any material changes recommended, and any material compliance matters that occurred since the date of the last report.12 Serious compliance issues must be raised to the Board without delay.13 In reviewing the operation of firms' compliance programs and for compliance with the rule, the examination staff will expect to see these annual reports, and copies of all briefing materials presented to the fund's Board in connection with the Board's review of the compliance policies and procedures, as well as a cogent summary of the Board's deliberation process.
While the Commission very clearly set forth its expectations and guidelines for the annual review, I note that the rule certainly does not preclude more frequent reviews. Indeed, if the compliance program is to be dynamic, it must be subjected to continual assessment and reassessment, particularly in light of new risks. As the businesses of service providers and markets are constantly changing, so are the risk environments that surround the fund. Also, compliance staff should continually be asking: Are we detecting problematic conduct with this policy? Based on what we've detected, should we alter our policy? Is there a better way to detect problematic conduct? Are we preventing problematic conduct with this policy? Is there a better way to prevent problematic conduct? Were the actions we took, once problematic conduct was detected, adequate to deter problematic conduct by this individual or others? In short, recognize that compliance is dynamic, and there is no end to the development and improvement of your compliance program.
4. The Obligations of the Fund Board
Under the new Rule, the fund's Board, including a majority of its independent directors, must approve the policies and procedures of the fund and each of its service providers (its advisers, principal underwriter, administrator and transfer agent). The approval must be based on a finding by the Board that the policies and procedures are reasonably designed to prevent violations of the federal securities laws.
I know that this provision of the new Rule has caused a quite a lot of discussion and debate about the Board's oversight role, and in particular, how the Board can reasonably oversee unaffiliated service providers? In adopting the Rule, the Commission stated that a Board may fulfill its responsibilities by reviewing summaries of compliance programs prepared by the Chief Compliance Officer or others, and that these summaries should familiarize the Board with the salient features of the program and how it works to address particularly significant compliance risks.14 With respect to service providers, the Board can evaluate a third party report, including a SAS 70 report, if it describes the service provider's compliance program as it relates to the types of services provided to the fund, discusses the types of compliance risks material to the fund, and assesses the adequacy of the service provider's compliance controls. 15 If the fund's Board should choose to accept a third-party report, the fund must also take into account other relevant information, such as its own experience with the service provider. To ensure that the Board is fully informed of changes that may affect its views of service providers, one of the Board's directives to its Chief Compliance Officer could be to conduct a periodic review of the service provider's program in light of changes that may affect risks to the funds.
One final note on the Board's role we would hope to see frequent and open dialogue by the Board about compliance issues, and a very open communication between the Chief Compliance Officer and the Board, especially during the developmental stage of the compliance program. We will be looking for more, rather than less communications with fund Boards. This is true on our end as well. We have always viewed the fund's Board of Directors as our allies in that their primary fiduciary responsibility is to the fund's shareholders and not to the fund's service providers. To assist the Board in that capacity, and to ensure that it is aware of our examination findings, the examination staff have recently initiated a policy to provide copies of our examination deficiency letters relating to the fund to the fund's Board.16
In conclusion, I hope you will agree with my message to you today that the Compliance Rule represents a challenge certainly, but also an opportunity for fund firms to reassess and retool. Our examiners will be asking the following questions on and after October 6: Has there been an honest effort on the part of all parties to establish an effective compliance program? Has the Chief Compliance Officer diligently and intelligently administered that program? Is the program being reviewed and updated frequently in light of the nature of the firm's business and the risks it faces? And, has the firm created a vibrant culture of compliance?
As we move forward, it is important for fund firms to set a clear and unwavering tone that, as fiduciaries you not only know what must be done but you are putting every effort into doing it and doing it the right way, in the best interests of investors.
Thank you very much and enjoy the rest of the conference.
1 Rule 38a-1 under the Investment Company Act, and related Rule 206(4)-7 under the Investment Advisers Act.
2 Thanks to John Walsh, OCIE Chief Counsel, who delivered these remarks on behalf of Ms. Richards.
3 Opening Statement of Chairman William H. Donaldson at a meeting of the Securities and Exchange Commission, Washington, D.C. (May 26, 2004) at http://www.sec.gov/news/speech/spch052604whd.htm.
4 Remarks by Paul F. Roye, Director, Division of Investment Management, Securities and Exchange Commission, to the ICI General Membership Meeting, Washington, DC (May 20, 2004) at http://www.sec.gov/news/speech/spch052004pfr.htm.
5 Compliance Programs of Investment Companies and Investment Advisers, Investment Advisers Act Release No. IA-2204 (Dec. 17, 2003), at http://www.sec.gov/rules/final/ia-2204.htm. (hereinafter "Release"). Throughout the remainder of this speech, Release page numbers will refer to the pagination of the Release on the SEC's web site.
6 Release at page 11.
7 Release at n. 94.
8 Rule 38a-1(a)(1).
9 Release at pg. 25.
10 The Commission also stated that the Board should assure itself that the adviser is not using the Chief Compliance Officer's compensation (including her bonus) as a way to retaliate against the Chief Compliance Officer for informing the Board of a compliance issue or taking aggressive action to assure compliance. Release at n. 77
11 Release at pages 5 and 7-10.
12 A "material compliance matter" is defined as "any compliance matter about which the fund's board of directors would reasonably need to know to oversee fund compliance" and which involves, for example, a violation of the Federal Securities laws, the respective policies and procedures of, or a weakness in the design or implementation of the policies and procedures of the fund, its investment adviser, principal underwriter, administrator or transfer agent. Release at page 27.
13 Id. at n. 84.
14 Id. at pages 6-7.
15 Id. at n. 36.
16 We caution Boards that SEC examinations are risk-based and are not comprehensive in nature, and do not substitute for direct Board oversight of fund activities.