U.S. Securities & Exchange Commission
SEC Seal
Home | Previous Page
U.S. Securities and Exchange Commission

Speech by SEC Staff:
Priorities of the SEC Examination Program


Mary Ann Gadziala

Associate Director, Office of Compliance Inspections and Examinations
U.S. Securities & Exchange Commission

2002 Capital Markets Compliance Fundamentals Workshop
Financial Markets Association
December 12, 2002

The SEC, as a matter of policy, disclaims responsibility for any private publication or statement by any of its employees. The views expressed herein are those of the author and do not necessarily reflect the views of the Commission or the staff of the Commission.

Thank you. This afternoon I would like to discuss some of the areas of focus for our SEC examination program. I'm sure you'll recognize these as areas where your compliance and regulatory programs are focusing attention as well. It is our responsibility to work together to ensure that risk management and compliance systems at firms are an effective defense against significant losses, violations, customer harm, and firm failures. With appropriate controls and oversight, these harms can be prevented and/or damages can be mitigated.

In view of the importance of risk management and compliance systems in protecting customers and preventing or controlling losses, the SEC examination program has developed two types of comprehensive examinations that give us an overview of a firm's performance in these areas. The first is the internal controls and risk management examination. This examination focuses on a firm's assessment, monitoring and control of all risks at the firm. The second is the comprehensive compliance exam. This type of examination reviews a firm's policies and procedures, and their implementation, to effect compliance with the law. I'll discuss these two types of examinations first and then summarize some of our other significant examination priorities.

Internal Controls/Risk Management Exams

SEC internal controls examinations begin with an overview of a firm's risk management system. We look at organizational structure and the process by which managers identify, assess, monitor and control all risks within the broker-dealer. These exams are conducted in conjunction with a review of the firm's compliance with the SEC financial responsibility rules, including capital rules. If a firm is not vigilant in a particular area and lacks controls, it will very likely have related deficiencies and violations in the area.

Our internal controls examinations include reviews of the following areas:

  • Senior management, to look for establishment of overall policies and active oversight of risk parameters and controls
  • Internal audit, to ensure that independent assessments get to management; we look at coverage, resources, experience, and follow-up
  • Market risk in trading activities and firm inventory, including VAR (value at risk), economic models, scenario analyses, stress testing, and back testing; we follow trades from the trading desk through the entire risk management system
  • Funding, liquidity and credit risks, including counterparty credit risk across all products and businesses, credit limits, settlement and legal risks
  • Operational risks, including segregation of duties, checks and balances, protection of customer funds and securities, operating systems, management information systems, management reporting, front and back office operations, contingency planning and disaster recovery
  • And finally, we look to see that new products and activities are assimilated into the risk management system in a timely and appropriate manner.

What are some weaknesses we have seen in internal controls system at firms?

  • Inattention by senior management
  • Allowing senior trading personnel to oversee risk management - the inherent conflict between profit and risk control
  • Failure to adhere to the firm's risk limits
  • Understaffed and inexperienced audit staff

What are examples of sound practices?

  • Having the board of directors involved in risk management policy and oversight
  • Independent and experienced high-level risk managers
  • Periodic (daily) reconciliations of information data systems
  • Having an independent and centralized credit department to establish and monitor credit limits for counterparties across all businesses.

In conducting these reviews, our examiners are looking for areas where the firm's controls are weak or inadequate. We will conduct more thorough reviews in those areas and often find deficiencies and violations of laws and rules. Internal controls and effective risk management are particularly important when firms are more aggressively pursuing innovative ways to increase revenues and enhance profits, and under such conditions we should all be more vigilant.

Therefore, the first type of examination focuses on the structure and operation of a firm's risk management processes and systems

Compliance Exams

The second type of examination that gives us an overview of how well a firm is self-policing its activities is the comprehensive compliance examination. This examination focuses on compliance with securities laws and regulations. Broker-dealers are required to establish, maintain, and enforce a system to supervise properly the activities of its employees. The firm's systems and implementation of procedures must reasonably ensure compliance with all securities laws. This type of examination assesses the strength of a firm's compliance culture and how effectively a firm carries out its compliance responsibilities.

Some of the areas we assess in these examinations include:

  • senior management oversight
  • written supervisory procedures
  • independence and expertise of compliance personnel
  • business and branch supervision
  • surveillance and exception reports
  • implementation of supervisory and compliance procedures
  • employee supervision
  • tracking and resolution of compliance concerns
  • complaints, arbitrations, litigation, and investigations. Our reviews evaluate whether the firm's compliance program covers all the firm's businesses and all the laws and regulations that apply to them.

Some key areas that should be covered by a compliance program include:

  • supervision of registered representatives
  • record keeping, including financial records and capital computations
  • suitability and unauthorized trading
  • best execution and reviews for excessive markups
  • cancels and corrects
  • trading and execution
  • reviews for insider trading and market manipulation
  • information barriers, including restricted and watch lists
  • managing conflicts between investment banking and research analysts
  • reviews of correspondence
  • handling customer funds
  • anti-money laundering
  • rule S-P (security and privacy)

The compliance program must be designed to cover the business, operations, and customer base of the firm. We will look not only at the quality and coverage of procedures, but also for effective communications, implementation, and independent oversight.

Now I'll discuss some of the other priorities that are more focused on particular laws, products, or activities.

Broker-Dealers and Hedge Funds

A relatively recent focus of the SEC examination is broker-dealer hedge fund activities. We are examining broker-dealers that are significantly involved in business and services related to such private investment funds and alternative investments. We are looking at the hedge funds as counterparties to broker-dealers and as products sold by broker-dealers to investors. In view of the downturn in the stock market, and reduced broker-dealer revenues from traditional activities - M & A business, investment banking, trading, commissions and others - some firms seem to be competing heavily in new areas, including for hedge fund business. In this environment there is concern that firms could take greater credit or market risks or market aggressively to investors.

The areas we are examining include:

  • services (prime brokerage, advisory, capital introduction, etc.)
  • marketing to obtain business
  • counterparty credit risks (margin, collateral, risk limits)
  • market risks from hedge fund investments and lending
  • selling and recommending hedge funds to investors
  • guaranteed or other alternative products

Net Capital and Customer Reserve

Net capital and customer reserve violations are among the most frequently identified problems in our exams. A recent concern has been the assumption of liabilities by parents and affiliates of broker-dealers, which give a questionable picture of net worth. Again, with declines in firm revenues, increased attention should be paid to maintaining adequate capital in compliance with GAAP and the net capital rules. Of course, when a broker-dealer is a public company, the new rules under the Sarbanes-Oxley Act should be complied with as well.

Anti-Money Laundering

Securities firms have new responsibilities under the Patriot Act to prevent and detect money laundering. Many provisions of this Act have already gone into effect, and others will be going into effect soon. All broker-dealers should have established their anti-money laundering compliance programs, including: (1) adopting policies, procedures and controls specifically designed to detect and prevent money laundering; (2) designating a compliance officer; (3) initiating ongoing training for employees; and (4) providing for independent tests or audits of the program.

The requirements for all broker-dealers to identify and file suspicious activity reports (SARs) go into effect January 1. (Bank-affiliated broker-dealers have been required to file SARs under banking laws for some time.) Prohibitions regarding foreign shell banks and informational requirements for certain foreign correspondent accounts are also in effect. There is a certification process to achieve compliance with these provisions. For accounts opened after October 28, they are required 30 days after the account is opened. For those opened before October 28, the certifications are required by December 26. In addition there is an interim rule with respect to due diligence for certain private foreign banking accounts. A final rule on customer identification and verification is expected soon. These rules are new and complex - and they serve a very important purpose in combating terrorism and money laundering. Therefore, I hope you will be focusing a lot of attention on compliance with the AML rules.

Product-Focused Sales Practices

A continuing focus for SEC examiners is on retail sales practices - suitability, unauthorized trading, disclosure of risks, and churning, switching and parking securities. We've placed particular emphasis on reviewing sales practices for particular products that are new and may offer special or unfamiliar risks to investors. Some of these products include variable annuities, limited partnerships, microcap stocks, and securities futures products. While these products are not problems in and of themselves, they may offer special challenges under suitability requirements.

Misappropriation of Customer Assets

Another examination focus is ensuring against the misappropriation of customer assets. There have been a number of well-publicized cases involving the misappropriation of customer funds - cases where a registered representative devises a scheme to steal customer money. Strong supervision and internal controls are key tools to prevent such losses. In addition, new SRO rules in this area have been proposed. Therefore, we will be examining for effective controls against misappropriation of customer assets.

Some questions that may be asked during exams include:

  • How does the firm handle customer changes of address? How does the firm confirm the validity of a customer P.O. box address?
  • How does the firm handle customer authorizations for withdrawing or transferring funds?
  • What controls does the firm have on creating and sending customer account statements?
  • Does the firm have producing branch managers? If so, are there adequate controls?

Analysts' Conflicts of Interest

Another priority for the SEC examination program is the review for analysts' conflicts of interests. The basic question is whether analysts have issued fraudulent ratings. In May of this year, the SEC approved NYSE and NASD rules on managing conflicts between investment banking and research analysts. The rules generally restrict the relationship between the research and investment banking departments; require disclosure of a financial interest in a company by a research analyst; require disclosure of investment banking relationships with a company; impose quiet periods for issuance of research following a securities offering of the company; and restrict a research analyst's trading in a company he covers.

New rules have been proposed in light of examination findings and the passage of the Sarbanes-Oxley Act. We will continue examinations in this area.

Information Barriers

We are conducting examinations of the policies and procedures that firms have adopted to prevent the misuse of material non-public information under Section 15(f) of the Exchange Act. The exams serve two purposes - to evaluate compliance with current rules and guidance, and to evaluate the SRO guidance in this area, which dates back to 1991. We are reviewing information barriers in light of technological developments, innovative and connected products, and the increased integration of various services that may increase the potential for conflicts. The question of the adequacy of information barriers continues to evolve and we are continuing to examine compliance in the current environment.

Best Execution

The final SEC examination priority I would like to mention is our continuing focus on execution practices of broker-dealers. Firms are required to perform a "regular and rigorous analysis of execution quality" in order to provide best execution for customer trades. Some firms have designated review committees that review execution quality at different market centers and compliance staff who review the process. Firms should be using the new market quality data required to be provided by market centers under Rule 11Ac1-5.

Prompt Corrective Action

Before closing, I would like to make one final point regarding compliance. To make that point, I am borrowing a phrase from the U.S. banking industry - prompt corrective action. It is critical that if problems do occur, a firm must promptly investigate them, correct the problem, advise regulators, and fix the deficiencies in internal controls that allowed the problem to occur. The SEC has advised firms that such prompt responsiveness will be positively considered by examiners, enforcement staff, and the SEC in making enforcement decisions and other regulatory determinations.

In our role as examiners, we will do what we can to assist you to take prompt corrective action. We keep open lines of communication during examinations. We will also generally conduct an exit interview to inform firms of any problems we have found during our examinations so that they can resolve them as quickly as possible. I urge you to diligently oversee your compliance and risk management programs and to promptly correct and report any problems.


These are some of the top priorities for the SEC examination program. Of course, there are many others that I do not have time to mention. I hope that this has given you some idea of what we in the SEC examination program consider important compliance and regulatory issues.

Thank you.

I'd be happy to take any questions you may have about broker-dealer compliance issues.



Modified: 12/17/2002