Speech by SEC Staff:
Remarks before the SIA Compliance and Legal Division Regional Seminar

by

Mary Ann Gadziala

Associate Director, Office of Compliance Inspections and Examinations
U.S. Securities and Exchange Commission

Washington, D.C.
October 19, 2005

Thank you for inviting me to participate in this timely and significant seminar. As a member of the Commission's Office of Compliance Inspections and Examinations, and therefore a fellow legal and compliance colleague, I recognize your role as critical to a continuing high level of investor confidence and the effective functioning of our capital markets. While I would hope that everyone in your organization acknowledges the importance of legal and compliance functions in the firm's overall success and is immersed in the culture of compliance, it is you and your legal and compliance colleagues who must be a constant reminder to the firm's business personnel and who must implement programs to promote and monitor firm compliance.

In my remarks this morning, I would like to focus on two broad concepts that you may view as changes in our approach to examinations. I view them as part of a natural evolutionary progression in our constant search to keep our program at peak performance. First, we are pursuing increased risk assessment and coordination to improve examination focus and use of limited resources. And second, we have endeavored to make our examinations more proactive and forward-looking to assist us in earlier identification of concerns, working with firms to implement controls and improvements that will at their best prevent violations from occurring at all. The implementation of both of these concepts requires an enhanced partnership of our examination team with firms' risk control groups such as yourselves to achieve the most effective, comprehensive, and efficient compliance and risk management programs possible at all broker-dealer organizations.

1. Risk-Assessment Examination Program

For many years we have incorporated an element of risk assessment in selecting examination targets, establishing examination priorities, and focusing our exams. What may be viewed as changes to the examination program are our steps at formalizing and enhancing our risk assessment processes. Let me mention just a few of our principal enhancements in this area. OCIE has established a formal risk assessment team - -dedicated personnel whose sole responsibility is risk assessment. Working together with our examination staff, the risk team is developing more robust risk assessment technology, collecting and organizing risk-related data, conducting trend analysis based on examination findings, sharing information, and coordinating risk assessment examination initiatives. We are also continuing what have been frequently referred to as "mini sweeps". Through these initiatives, examiners identify potential compliance risks, select appropriate candidates for review, conduct focused examinations, and prepare reports for other Commission staff and the Commission. These reports present a risk analysis of the combined examination findings and make recommendations for future actions. Recommendations may include additional examinations, rule changes, interpretive guidance, or the publication of reports to share with the public sound and weak practices identified during the exams.

Another critical component of our risk assessment is coordination of all examination-related information at the Commission and SROs about an entire organization, as well as improved information sharing among regulators. This "holistic" approach to examinations means that we will implement a system to collect, track and analyze information about all the Commission-registered entities, including branch offices, in a select group of larger, more complex organizations. As technology and coordination among Commission and SRO programs further develop, we would look to expand this program for greater coverage. Of course, once we have this comprehensive information set, we would expect to share it with other regulators. This is meant to reduce regulatory burdens and develop the most effective overall regulatory examination system that would seek to eliminate any unnecessary duplicative regulatory examinations. Information would be shared within the Commission as well as with other financial services regulators, such as the bank regulatory agencies. We have a number of ongoing initiatives in this area and continue to work to further develop the sharing and integration of all relevant information to build the "holistic" approach to regulatory examinations.

Finally in the area of risk assessment, and perhaps of greatest significance to you and your firms, we are seeking to use to a greater extent, the independent audit and oversight work of firms themselves and to work more closely with firms towards resolution of problems at an early stage. As Lori Richards described in her speech yesterday to the SIA Internal Auditors Division 2005 Annual Conference, we are seeking to have Commission examinations rely more heavily on the work of high quality internal audit functions in determining the scope of our examinations. To the extent our preliminary review of the firm's audit program finds it to be effective, complete, and objective, our examinations would leverage on the firm's internal audits, thus permitting us to focus our resources on areas of higher risk, and areas not covered by the firm's own reviews. Increased communication will also assist in the success of this endeavor. While the current plan is to focus on the work of internal audit and use it to scope risk management examinations, it is logical that success in this endeavor will cause us to further extend the use of this initiative.

2. Proactive Examinations

The second broad concept I want to discuss is our work towards making our examinations more proactive and forward-looking. Again, this is an area where you and firm personnel generally, can offer considerable assistance by conducting your own thorough risk assessments, implementing appropriate controls, and working with examination staff. Together we can identify potential areas of concern and work to improve compliance and risk management. We have three types of broad-based proactive audit initiatives in our program: risk management and internal controls examinations, comprehensive compliance examinations, and our discussions with firms and analyses of conflicts of interests at those securities firms.

No doubt you are quite familiar with our risk management examinations as we have been conducting them for more than a decade. These examinations evaluate the capability of the firm's systems to identify, assess, monitor and control all of the firm's risks -- market, credit, operational, and legal and compliance. The specific elements of a risk management system will vary depending on the size, business, organization, customers and geographic dispersion of the organization. For that reason, examiners typically begin the risk management review by gaining an understanding of the firm and its business, as well as how it has developed and implemented a control system customized to fit its own organization. Nonetheless, examiners expect to find certain core principles of risk management including top level involvement, clear responsibilities at each level of management, independence of risk controls, strong well-developed systems and effective monitoring and reporting. While these examinations have always included a review of the firm's internal audit program, we would expect to enhance this review and conduct it earlier in the process in view of our efforts to leverage off the work of a firm's internal audit work in conducting risk management examinations. Once the examiner has scoped the examination, reviewed the implementation of controls, and identified any concerns, an exit interview will be conducted where the examination findings are shared with the firm. These findings and the firm's informal responses in connection with the exit interview will be provided by letter to the firm. The firm is expected to consider and address the examination findings to further improve its risk management system.

A second type of pro-active examination is the comprehensive compliance examination. Working with the NASD and NYSE, we have completed examinations of fourteen financial services complexes with 55 broker-dealers. We have now analyzed the results of all of these examinations and have found practices that appear to enhance overall compliance and others that may detract. It is our expectation to share this information with other Commission and SRO staff. These findings of sound and weak practices may be beneficial to you as you seek to develop the most effective compliance programs for your own firms.

The third area of proactive review is assessing conflicts of interest. In general, firms have become increasingly diversified and serve the interests of many different clients. This presents significant challenges to a firm to protect the interests of varied clients, as well as its own interests and those of the overall market. Many firms were highly responsive in conducting comprehensive conflicts analyses and sharing this information with Commission staff. We are currently in the process of analyzing the information collected and considering next steps. I would expect that looking at a firm's conflicts assessment will become a part of our general risk management examination as it is a critical component in analyzing and controlling a firm's risks.

3. Conclusion

My goal in providing to you this summary of the enhancements to our examination program is to assist you in gaining a further understanding of the philosophy and goals of the Commission's examination program. I hope I have also conveyed the importance of continuing to work together and keeping lines of communication open for early identification of risks and resolution of potential problems. Ultimately, this should more effectively reduce violations, protect investors and increase investor confidence, and ensure that the U.S. markets maintain their status of excellence.

Thank you for your kind attention.

http://www.sec.gov/news/speech/spch101905mag.htm