(The news featured below is a selection from the news covered in the Federal Securities Law Reporter, which is distributed to subscribers of SEC Today.)

SEC Official Discusses Results of First Annual Compliance Reviews

John Walsh, the associate director and chief counsel in the SEC's Office of Compliance Inspections and Examinations, reviewed the lessons to be learned from recently completed fund and broker-dealer compliance reviews at the NRS spring compliance conference on April 18. He said that funds and broker-dealers should consider what they have learned from their compliance reviews and how to implement any necessary changes in response to their findings. Walsh noted that some entities ended their compliance reviews with separate checklists of possible risks and of compliance policies and procedures. He reminded them that the policies and procedures must be designed to address the risks that they identified.

Walsh said the staff is still finding firms that have no written policies and procedures. This most commonly arises with multiple-registered entities within a complex, he explained, and some of them get overlooked. He suggested that firms create an inventory of registered entities to ensure that all of them have written policies and procedures. Some firms have policies and procedures but have overlooked issues such as market timing, conflicts of interest when voting client proxies and subadvisers. Another problem area is the failure to enforce the written policies and procedures, according to Walsh.

Walsh noted that funds must obtain the approval of their boards for their policies and procedures based on a finding that they are reasonably designed to prevent violations of the securities laws. The examination staff has found circumstances in which the board has been overwhelmed with documents and others where the board has been given very general information. Boards may rely on summaries, he said, but the summaries must be sufficient to inform the board of how the compliance program addresses significant compliance risks.

Walsh reviewed the level of testing that is needed to ensure that the policies and procedures will detect violations. Some firms conducted no tests, he reported, while others failed to test for specific problems that could have been detected. The staff also found a number of creative tests that will search for patterns over time. For instance, the staff has seen tests that compare brokerage allocations to sales of fund shares, tests that take a long-term look a personal trading, tests that compare aggregate IPO allocations over time and tests that compare the performance of similarly managed accounts over time.

Walsh advised that the SEC set very high expectations for the chief compliance officer when it adopted the compliance rules. He noted that there is a lot of discussion about whether it is preferable to have an inside CCO or an outside CCO. Whichever a firm chooses, Walsh said there are potential conflicts of interest or operational issues that may arise. The key for the CCO is to be careful not to be too far inside or too far outside, he said, to be sure that he or she has the authority and influence needed to do the job.

During examinations of broker-dealers, Walsh said the staff has found cases where firms failed to document how the CCO will handle compliance issues. Another deficiency that continues to arise is the use of "canned" written supervisory procedures that do not fit their operations. Others have gaps such as the failure to review outside employment or the approval of outside employment based on a vague work description. Annual compliance meetings also pose problems, he said, ranging from the lack of a meeting altogether to the failure to document attendance.

The most common problem in the sales practice area for broker-dealers is sloppy adherence to their own procedures, according to Walsh. Other problem areas include the failure to supervise sales to the elderly and the switching of variable products. Walsh also emphasized the importance of identifying and responding to red flags. While electronic exception reports are beneficial, Walsh said they must be used carefully. If their parameters are not set correctly, they could miss important red flags.

If firms found some of these issues during their reviews or testing, Walsh said now is the time to fix them. He outlined a list of agenda items for meetings with executives, starting with whether the firm met all of its regulatory deadlines. The agenda should include any unique compliance risk exposures that were identified and how they should be addressed. Walsh said firms should consider whether their written policies and procedures accurately reflect real practices. His proposed agenda also suggests a review of the compliance tests that were run, the worst red flags that were identified and any serious compliance issues that remain open. The executives should be informed if anyone was unresponsive or tried to block the compliance staff from doing its job, he said. Senior executives should consider what they can do to follow up on the review in a productive way to ensure a lasting and positive impact on the organization, he advised.