Speech by SEC Staff:
Remarks before the: Greater Cincinnati Mutual Fund Association Directors' Workshop

by

Lori Richards

Director, Office of Compliance Inspections and Examinations
U.S. Securities and Exchange Commission

Cincinnati, OH
September 22, 2005

An Update on the SEC's Examination Program for Mutual Funds and Investment Advisers

Good Morning. I'm glad to be with you here today.¹ I want to thank the Greater Cincinnati Mutual Fund Association for inviting me to speak, and to JoAnn Strasser, a member of its Board of Trustees, who was quite relentless, although in a charming way, in encouraging me to address this group. I have not told her this, but that kind of persistence is the mark of an excellent SEC examiner - and she might consider the SEC as her next employer!

I'm pleased to be here at this workshop for mutual fund directors. At the outset, let me remind you that the views I express are my own and not necessarily the views of the Commission, the individual Commissioners or my colleagues on the Commission staff.

The topics on your agenda today are important and timely: how mutual fund boards of directors can operate most effectively, the relationship between the fund board and its chief compliance officer, and recently-enacted rules and legal issues that affect funds and their boards. Discussion of how mutual fund directors can best fulfill their mandate to serve fund investors is critical, perhaps now more than ever before: American investors have more money invested in mutual funds than in any other investment product - more than $8 trillion! This fact alone warrants having robust fund governance practices for the protection of investors.

But there is yet another reason why strong board oversight is so critical -- our recent past includes some serious abuses involving many mutual fund groups -- market timing and late trading, as well as other problems involving the failure to provide appropriate breakpoint discounts to fund investors, undisclosed use of fund assets to pay for distribution, and sales of unsuitable fund share classes. In many instances, this conduct involved overreaching by fund affiliates. In the wake of these scandals, the SEC and individual fund organizations and their compliance staff have implemented numerous changes designed to prevent a recurrence of these specific abuses. Going forward, however, a strong governance infrastructure will help fund organizations protect fund shareholders from other types of abuse in the future. Indeed, "tone at the top" is a key part in establishing a "Culture of Compliance" within the firm.

Serving the best interests of fund shareholders is the role of the fund's board, but it's also the role of the management company as a fiduciary. And beyond legal requirements, it just makes plain sense. I have often said that what's good for investors is good business for those who serve investors. The inverse is equally true -- loss of investor trust has real economic consequences for firms and for our markets overall. I know that most firms share this goal: they want to do business in an environment that fosters their customers' trust, and they want to compete in an industry where all firms are playing by the rules.

This morning I hope to round out your agenda by talking with you about SEC examinations. At the SEC, our primary mission is to protect investors and to maintain the integrity of the securities markets. With these goals firmly in mind, we're always seeking to improve our examination oversight. This morning I thought I would provide a snapshot of our examination program for advisers and funds.

I. Background: Why and How are Examinations Conducted?

Let me begin with some background - why do we conduct examinations? The primary goal of the SEC's examination oversight is to detect, and to deter, fraud and other violations that can harm investors. We seek to identify high-risk activity and to focus our limited examination resources on those activities presenting the highest risk to investors. We also seek to foster strong compliance practices to prevent fraud and other violations from occurring in the first place. Finally, we act as the "eyes and ears" of the SEC, and apprise the Commission and the staff about issues and the operation of regulatory requirements.

Let me outline briefly the "nuts and bolts" of examinations and how they work. Advisers and funds that are registered with the SEC are subject to the Investment Advisers Act and the Investment Company Act, both of which require firms to maintain certain records concerning their operations. The statutes also provide that these records are subject "at any time" to the reasonable examination by the SEC.

As a practical matter, the SEC examination staff typically initiate an examination with a letter to the firm notifying it of an upcoming examination, and describing the documents that the SEC staff will want to review on-site when they arrive. Some examinations can be conducted off-site - with documents provided to examination staff at our offices, and interviews conducted over the phone. In on-site examinations, exam staff will arrive at the offices of the firm on the day noted in the letter, and will ask to conduct an "entrance interview" with the firm, often with its chief compliance officer, and also with other management officers of the firm. This helps examiners understand the operations of the firm, and may assist them in focusing the examination on the firm's most significant activities. From all firms, we expect cooperation and candor, and that the firm's staff will help us to understand its compliance controls, and how they work to prevent and detect problems. We will also want to understand what steps were taken to correct problems that were detected. We know that undergoing an examination can be stressful, and it requires that the firm make its documents and key staff available. This may take time from the normal work day. We are sensitive to this and try to limit our time on-site and the documents we review to those necessary to determine if the firm is in compliance with the law. Our work is greatly facilitated by the prompt production of documents and information.

After the on-site portion of the examination is concluded, exam staff will return to the SEC offices, and will continue to analyze the documents and information they received. They may have follow-up requests for the firm. During this period, the examiners will be consulting with supervisors, and if the issues they see are novel or unique, they also consult with staff in the SEC's headquarters, such as the Division of Investment Management. In this way, exam staff will seek to make sure that their findings are consistent with the law and with past Commission guidance and interpretations.

Examiners will also have an "exit interview" with the firm, to describe any preliminary findings. This allows the firm to take immediate corrective action to remedy the problem, and also provides an opportunity for the firm to provide informal reaction to the exam's findings.

Examinations then often conclude with a "deficiency letter" which sets forth the findings from the exam, and asks for the firm to respond in writing, usually within 30 days. These deficiency letters serve a very important purpose -- they may be early warnings for firms about problem areas that need to be remedied. In their response letters, most firms describe the remedial steps they have taken to resolve the problem and to ensure that it does not reoccur. In this way, examinations serve an important role - they not only detect past problems, but they may also serve as the catalyst for firms to implement compliance controls to prevent future problems and violations. In examinations where the findings are quite serious - such as when we find indications of fraud or intentional misconduct - we refer the examination to staff in the SEC's Division of Enforcement. In some examinations, no deficiencies are found, and the firm is notified in writing that the examination has concluded without any deficiencies.

II. Risk-Based Targeting

As I mentioned, we've taken steps to better hone our focus on areas of the highest risk, and to encourage strong compliance practices to prevent fraud. Because we can't conduct in-depth examinations of every firm, we focus on the highest-risk firms, and the highest-risk compliance issues. How are we doing this?

First, we improved the risk-based targeting of examinations, and implemented a process to identify high risk issues. Our risk-assessment process utilizes the very significant knowledge of our exam staff in the field -- those folks who are on-the-ground, out conducting examinations, and who see "the insides" of firms every day. We asked all examiners to identify areas of compliance risk, and also to identify factors that would either mitigate or exacerbate that risk. For example, factors that might exacerbate a risk include the risk of non-detection, the likelihood of significant profits, the belief that "everyone is doing it," and the lack of clear regulatory or supervisory guidance. In identifying the highest-risk issues, we also seek input widely -- from other staff in the Commission, including the Division of Investment Management, from the Commissioners, from industry contacts, and other sources.

It will never be possible for regulators to detect every covert act, every concealed motive, every falsified record, every violation, nor will ever be possible for regulators to address every risk in the securities industry. But we can improve our ability to identify the types of conduct that can lead to the most serious violations and we can act promptly to solve problems once they are identified.

Next, we initiated targeted examination initiatives to probe these discrete issues "horizontally," or at several firms in the industry at once. These "risk-targeted examinations" provide us with a clear sense, relatively quickly, of industry practices with respect to a particular issue, and allow us to provide the Commission, its staff, and others with the information needed to address the issue, whether by issuing an investor alert, assessing whether changes to rules are needed, recommending an enforcement action or taking some other action to address the issue, using "all of the tools in our toolbox."

We also conduct "routine" examinations of the highest-risk firms - these may be firms with significant amounts of investor assets under management or firms that have weak controls, or have been identified for other reasons. In these examinations, we review the firm's compliance program, and its compliance with the new "Compliance Rule" requiring that advisers and funds have written compliance policies and procedures, annually review them, and designate a chief compliance officer (Rule 206(4)-7 under the Advisers Act, and Rule 38a-1 under the Investment Company Act).² The key areas we review are outlined in the Commission's release adopting the new rule, and include:

• Portfolio management, including allocation of securities among client accounts and the consistency of portfolio with the client's investment objectives;
• Trading practices, including whether "best execution" is sought, the use of brokerage commissions and soft dollars and compliance with the prohibition on using fund brokerage commissions for distribution (Rule 12b-1 under the Investment Company Act);
• Proprietary and personal trading by the firm and its employees under the firm's code of ethics (Rule 204A-1 under the Advisers Act);
• Accuracy of disclosures, including in account statements and ads;
• Safeguarding client assets from theft;
• Practices to ensure that required records are retained and preserved;
• Marketing practices and the use of performance claims;
• Valuation and pricing practices, including procedures to "fair value" securities and to prevent late trading;
• Compliance with fund governance requirements, including a review of the board's process for reviewing fund contracts and expenses;
• Safeguards for the privacy protection of client records;
• Plans for the business continuity; and
• Compliance with anti-money laundering obligations.

Other firms may be examined for cause (for example, based on a tip or complaint), or randomly.

How has this risk-based targeting worked so far? This targeted approach is working to identify problems, and to ensure that corrective action is taken promptly. Indeed, recent SEC examinations have detected significant and emerging compliance problems, which led (and are leading) to remedial and corrective actions.

One challenge for us is to effectively manage a risk-based examination program for a diverse and geographically-dispersed population of registrants. The SEC has very able examiners in its eleven regional and district offices. As a matter of fundamental fairness, we believe that we have an obligation to provide consistency in examinations - firms have a right to expect that we will interpret and apply the law in a transparent and equal manner - whether we're examining a firm in Ft. Worth or in Ft. Lauderdale. Our risk-based exam methodology facilitates this - examinations review the same issue across different types of registrants, and results are summarized in reports provided to our colleagues at the SEC, including the Division of Investment Management. In this way, we seek to ensure that interpretations of law are consistent firm-to-firm, and fully in accord with the Division's views. In addition to our regular and ongoing training programs for examiners, we're also a program to ensure that attorneys in the field are up-to-the-minute on the latest legal issues and interpretations.

To seek to ensure that our examinations are fully coordinated, all risk-based examinations are coordinated by our Washington staff in advance. This is aimed at ensuring that there is no duplication of issues examined, and also, to try to balance the number of examinations that any one firm may be subject to. Of course, with respect to the largest and most diverse firms -- with multiple affiliated fund groups and advisers, a transfer agent, and one or more broker-dealer firms -- the SEC staff may be reviewing discrete issues simultaneously.

We all know that those bent on fraud will try to evade detection, and the key for us is to obtain a level of confidence in the firm and in its compliance controls that fraud and violations are unlikely to occur. This is one reason why examiners will often ask to review a sample of email communications - we find that the "unvarnished truth" is often revealed in emails, and not in other books and records of the firm. Indeed, one lesson of the past scandals has been that email records can be critical in detecting fraud -- as we all saw, many of the undisclosed market timing agreements between fund executives and market timers were only evidenced in email communications. And today, not a week goes by that I do not see an examination in which the findings of violations are derived from email communications. We are sensitive to the costs of the production of emails, however, and understand that many firms have asked their outside counsel to review all emails for attorney-client privileged documents. We've recently taken steps to apply a more "risk-based" approach to our review of email communications. Firms too should ensure that they have some reasonable system to ensure that the firm is maintaining all required records.³

III. Fostering Strong Compliance Practices

As I said at the outset, we seek not just to detect fraud and other violations, but also, in a proactive way, to encourage firms to take steps to improve compliance practices before problems can develop. In the past, we too often saw the same types of violations occurring in one firm-after-another, not to think about ways that firms could prevent the problem in the first place. With the new Compliance Rule, funds and advisers are formalizing compliance programs and adopting more robust compliance controls. This is an extremely healthy development, as we expect that firms, first and foremost, will prevent, detect and correct problems in their own shops.

With the new Compliance Rule came new responsibilities, and for some firms, for the first time, a dedicated chief compliance officer. The chief compliance officer (CCO) guides, leads, and implements the firm's overall compliance program. To help CCOs in their important new responsibilities, earlier this year the SEC began a "CCO Outreach" program to better enable the Commission and its staff to communicate with CCOs.

Since late this spring we've hosted more than 25 regional seminars, for more than 1,200 local CCOs to learn some of the "nuts and bolts" of the examination process, some common compliance pitfalls, and about the SEC resources available to them. These seminars provided an opportunity for industry compliance personnel to interact with the SEC staff in an informal (non-examination) environment. We will also hold a larger CCO seminar later this year, on November 8, 2005.

Feedback from these regional conferences has been favorable. Thus far, 91% of the CCOs attending the seminars said (in anonymous evaluations) that the relevance, effectiveness of the speakers and presentation of materials was either "good" or "excellent," and 79% of the attendees said that the level of the presentations was neither too advanced nor too basic, but "about right" for them. Some comments:

"Would like more of these conferences in the future."

"It seems the SEC is moving toward a more hands on approach which I feel would be very helpful."

"Liked that SEC provided specific list of common mistakes IAs make so we can learn from those and implement in our situation."

"It was worth the expense to attend and well worth my time."

"Very good seminar with real world tools."

"Liked the relevance and breadth of topics covered/information provided."

"Liked the concept of an SEC-sponsored outreach program to the industry."

"Liked real-world examples, anecdotes and specific ideas about risks."

"Liked insight into exam process, SEC staff thoughts and concerns."

"Liked approachableness/friendliness/knowledge of staff."

In addition to the seminars, the staff plans to issue a periodic newsletter, the "CCO Observer," which will serve to communicate directly with compliance staff about issues of interest - including new rules, interpretive releases, recent examination findings, relevant enforcement actions and more. We expect that the newsletter will be written in a "plain English" format that is both usable and accessible, and will contain electronic links to relevant materials on the SEC's website. We are hopeful that this greater communication between the SEC and CCOs will continue to help foster strong compliance programs.

Conclusion

I hope I've provided you with a sense of current developments in the SEC's Examination Program. As an examiner, I'm often the one asking the questions -- now I hope to turn the table and that you will ask me some questions!

Thank you for your time this morning.

Endnotes

---

¹ The views I express are my own and not necessarily the views of the Commission, the individual Commissioners or my colleagues on the Commission staff.

² Final Rule: Compliance Programs of Investment Companies and Investment Advisers, Release Nos. IA-2204; IC-26299; File No. S7-03-03, December 17, 2003 (http://www.sec.gov/rules/final/ia-2204.htm).

³ If the firm's system is to rely on individual employees to not push the "delete" button, examiners will ask why the firm has confidence that this procedure is reasonably designed to work in practice. In adopting the Compliance Rule, the Commission stated that: "Each adviser should adopt policies and procedures that take into consideration the nature of that firm's operations. The policies and procedures should be designed to prevent violations from occurring, detect violations that have occurred, and correct promptly any violations that have occurred." Release Nos. IA-2204 and IC-26299. Rule 204-2(g)(3) under the Advisers Act and Rule 31a-2(f)(3) under the Investment Company Act requires advisers and funds that maintain records in electronic format to establish and maintain procedures to safeguard those records. The Compliance Rule requires an annual review of the adequacy of procedures and the effectiveness of their implementation.

http://www.sec.gov/news/speech/spch092205lr.htm