Remarks at the NASD Fall Securities Conference

Elisse B. Walter
Senior Executive Vice President
San Francisco, California
November 17, 2005

Welcome once again to NASD's 14th annual Fall Securities Conference.  I hope the conference is meeting your expectations and that you will give us feedback so that we can continue improving the compliance initiatives that we offer to the people and firms we regulate.  After all, as we have said many times, you are on the front line of investor protection and market integrity.

As you know, Mary Schapiro was scheduled to speak at this conference.  But she got a last-minute invitation, literally a command performance, to testify before Congress on sales of certain investment products to members of the armed forces - an issue we've been working on quite actively.  So, unfortunately, and with Mary's sincere apology, you will not be seeing her here.

Since most of you are compliance professionals, one of your primary touch points with NASD is your District Office, particularly the examiners who come calling on you.  Because of this, I want to talk to you today about where we are in developing the next generation of our firm examination program.  I won't touch on it today, but we have an additional effort that brings together business processes and cutting edge technology in our market regulation programs.

I don't have to tell you that the securities industry is a diverse community with a variety of firms distinguished by size, products and services offered, customer base, business models, and revenues.  To highlight this diversity, let me provide you with just a few facts.

  • NASD regulates more than 5,000 firms. 
  • More than half those firms employ fewer than 10 registered persons.
  • At the other end of the spectrum, the ten largest firms we oversee employ almost 25 percent of all registered persons in the industry.
  • In fact, the largest firm employs more than 25,000 registered persons; that's as many as the total employed by the smallest two thirds of the firms we regulate.
  • Some firms have annual revenues of less than $5,000, while others generate many millions of dollars of revenues per month. 

And the differences don't end there.  A review of Form BD shows that there are almost 30 different business types listed, including the perennial favorite category, "Other."  The business types are far-ranging, from making markets in over-the-counter securities, to real estate syndication, to selling securities of non-profit organizations.  Business firm structures include partnerships, sole proprietors, corporations, subsidiaries of holding companies, independent contractors, and other models.  While some firms operate from a single location, others do business throughout the world, managing trillions of dollars in customer assets from dozens of domestic and foreign venues.

It is against this diverse backdrop that NASD works to develop and implement a balanced approach to regulation - one that protects investors while taking into account the variety of impacts our regulations and programs have on the industry.  The challenge is significant and I can assure you that every facet of the broker-dealer community weighs in with its own thoughts, comments and, yes, complaints, about our ideas and actions.

In this rich and complex environment, it is essential that we operate a flexible and risk-based examination program that supports our mission of investor protection and market integrity while minimizing, to the extent feasible, the costs and burdens of regulation on the industry.  We have to know the firms, and their products and services, better than ever before, and we have to hone our regulatory focus to identify those areas that pose the greatest risk of harm to investors or the U.S. capital markets. 

The diversity of our industry, together with the steady increase in new products and regulatory requirements, makes it impractical for NASD to carry out its examination program the old way - namely a soup-to-nuts review of every activity of each firm.  Rather, the exam program must evolve to meet the demands of the increasing complexity in products and trading systems, the growing use of sophisticated technology by firms, the new rules introduced by Congress, the SEC and NASD, and the shifting mix of business activities and models.

Today I want to talk to you about what we have already done to meet this challenge, what we have in the works, and what the future holds.

I often hear from you that our regulatory scrutiny has grown more intense in the past few years.  In reality, what seems like more intense examinations represent standard procedure combined with an increasing number of topics and rules that we examine for.  So, for example, if your firm hasn't been visited for, say, three years, the examination may seem more intense to you simply because we're looking into new areas, such as AML, supervisory control amendments, mutual fund sales practices, and business continuity planning.  Recognizing that just these few - but complex - topics have dramatically expanded the scope of our examination program, we have launched specific initiatives to design and implement a more risk-based approach to our work.

An initial step we took in this direction was the introduction of risk-based examination focusing practices.  Right now, every firm continues to receive a compliance examination at least once every four years.  The timing of these examinations is determined by each firm's basic risk exposure to customer funds and securities.  So, for example, clearing firms and trading firms are examined at least once every two years, while fully introducing firms are on a four-year cycle.

Each year, our Member Regulation Department conducts a quantitative and qualitative review of data for each firm and, using an abundance of criteria, we develop a risk profile for each firm.  The firms with the highest risk earn a special, specifically-tailored examination during the current year. 

Before we start an on-site examination, we select the areas to review based on the firm's unique business activities and characteristics, and we perform our work using technology-enabled tools.  I am sure that many of you have completed the Web Information Request - or WebIR - in anticipation of a cycle examination.  This request is sent to every firm before an on-site examination, and provides the examiner with data that is used to minimize the amount of time we spend at your firm and to focus our attention where a firm is most active or presents the most risk to investors.  Using a firm's response to the WebIR, in addition to information available in our internal systems, our examiners choose from over 160 different examination elements to select the appropriate areas to focus on at the firm. 

Sweep examinations are another - granted, sometimes controversial - method of performing a focused review of emerging regulatory issues.  Rather than directly incorporate these reviews into our on-site examinations, we have used sweeps to, in the first instance, inform our thinking on the issue at hand.  It is only after this assessment that a regulatory response is developed - and that response is not necessarily a disciplinary action.  In the breakpoint area for example, a global sweep did result in a few disciplinary actions, but the primary results were guidance, new tools to help firms deal with A share breakpoints, and the return of customer funds. 

Those of you with larger firms may not see this as very risk-based since you are often included in regulatory sweeps.  But, the process is risk-based.

In the past year we have conducted sweep examinations to look at a variety of topics - including income deposit securities, 1031 Tenants-in-Common exchanges, and fairness opinions - areas that were not addressed in our compliance examination program and therefore not duplicated when the staff is on-site to carry out routine examinations.  We try to tailor the question so that our scope is not overly broad.  Similarly, not every firm-even a large firm - that does business in a particular product is included in each sweep.  Rather, we use regulatory intelligence to determine how to approach as few firms as possible while still obtaining the information necessary to understand the situation from a global perspective.  We have centralized sweep approval to eliminate internal duplication.  As a safeguard, our sweep letters ask firms to contact us if they have received a request on the same subject from a different regulator, so that we (not you) can coordinate.

As sweeps have progressed, we have enhanced our examination techniques to make the job more efficient for our staff and less intrusive for firms.  In this regard, we have successfully experimented with on-line surveys, questionnaires, and self-assessments to collect and analyze data.  This approach leverages our regulatory resources and permits NASD to conduct a global assessment of potentially systemic problems without spending much, if any, time in firms- a real plus based on the feedback we hear from the industry. 

Indeed, not every review needs to be conducted on-site.  In fact, you may be surprised to learn that we've adhered to this principle since May 1998, when we launched the Alternative Municipal Examination module.  This resource allows us to fulfill our regulatory obligations for some lower-risk MSRB member firms every two years without having to conduct on-site visits.

Building on this approach, we have developed and initiated a number of off-site, near real-time reviews.  These generally take the form of industry outlier analyses.  This means that we now routinely conduct off-site reviews to identify firms that are outliers in specified areas, such as late U-4 and U-5 filings, late trade reporting, and inaccurate customer complaint disclosures. In this way, we can identify apparent violations at the firms exhibiting the most problems - the outliers - and address the problems in a more timely, consistent and fair manner through handling firms with similar issues at the same time.

We have also expanded our automated surveillance system to quickly identify issues such as the material expansion of business outside of the safe harbor provisions of Rule 1017 (our central membership rule), or the failure to complete the regulatory element of continuing education.

With the further development of off-site surveillance techniques, we can continue to place of the right emphasis on problem areas and address potential violations well before the next on-site examination, while using our resources to fully investigate sales practice problems whenever and however they arise. 

So that's where we are today.  But we are especially excited about where we are headed.  In the near future, we hope to know more about a firm when we walk in the door than we currently know about it when we leave.  In this technological age, we can - and will - put in place systems that allow us to monitor firms smarter and sooner.   

Similarly, capitalizing on technology lets examiners spend much less time on the drudgery of data entry, as they still do today in some cases.  In the past, with paper firm records, this was unavoidable.  In the future, fortunately, it is not.  Rather, we will ask firms, especially clearing firms and distributors, to work with us to modernize our regulatory program so that examiners arrive at a firm ready to discuss exceptions rather than begin reviews.  We're not there yet, but, as I will discuss in a few minutes, I am confident we will be there soon.

First, let's talk about some lessons learned.  In the recent past, we have asked variable annuity and mutual fund distributors to provide information to help us identify firms for special examinations.  For example, as part of a sweep, we asked mutual fund distributors to identify NAV transfer programs they offered and firms that sold the most shares of the mutual fund during the program period.  This approach has worked well, so we will continue to work with clearing firms and distributors to establish standardized report formats that allow for the easy transfer of electronic information about correspondents of the clearing firm or distributor to NASD.  This will streamline the review process and may reduce firm costs by eliminating the need for many custom requests and reports.

We are also working on a number of initiatives to use data that is already publicly available.  We recently signed an agreement for automatic downloads of mutual fund data that we use for a number of fund sales practice reviews. We are working on a similar arrangement for equity and debt valuations.  Using this information, we have automated a number of computations, to increase consistency and reduce review time. 

Now let me describe some other initiatives that we are working on that will continue to advance our examination program.  Specifically, we are piloting a third generation surveillance system that aims to combine the information we receive on firms and registered persons through a variety of filings, coordination with other regulators, customer complaints, and clearing firm reporting.  We are using this data to build a new generation of alerts that points us to individuals, branches, or firms that require special attention either for an isolated issue or for a potential systemic problem.

In plain English, one of the new scenarios we are working on assigns to every registered rep a risk score based on customer complaints, arbitrations, civil and criminal litigations, regulatory actions, and a history of employment at problem firms. With this system, less than 10 percent of registered representatives received a risk score greater than zero in the fourth quarter of 2004.  In most industries there is an 80/20 rule - 80 percent of your revenues come from 20 percent of your customers.  We, too, have an 80/20 philosophy:  a small percentage of our membership accounts for most of our significant regulatory issues.  Thus, we want to use new technology to generate new scenarios that pinpoint those firms and registered reps that present the greatest threat to investors.

We are also previewing the quarterly review of data in the NASD Contact System to ensure that firms provide contact information and perform quarterly certifications as required.  It is essential that we can contact firms when needed, as we all saw after the devastation of hurricanes Katrina, Rita, and Wilma.

In fact, it is very much in your interest to keep information you are required to submit to regulators current and accurate.  The data analysis and risk assessments that I have discussed are driven largely by the data firms submit.  If those data are out of date or inaccurate, they could create false positives when specified risks are assessed.  This, in turn, could lead to more frequent or more intensive examinations than are actually necessary to protect investors.

I've given you a sketch of some of the things we intend to accomplish in the near term.  Now let me give you a picture of our future - what we call our Next Generation Examination Program, or Next Gen.  This is distinct from what I've discussed up to this point because it is characterized by a long-term strategy at NASD to re-conceptualize our examination and firm regulation programs.  While some terms like "risk-based" carry over into the Next Gen strategy, we are talking about a profound change that not only leverages all of our prior and ongoing work, but that provides for an efficient and flexible approach to regulation as well as a more robust risk identification and assessment process than what we have today.

The Next Gen program is based on three founding principles: risk-based review; regulation from a distance; and electronic filing. 

The first principle, risk-based review, will build on our current risk assessment approach. 

Regulation from a distance is the second key principle of the Next Gen program, meaning as much regulation will be accomplished using automated surveillance tools and offsite virtual examinations where possible and prudent.  Don't get me wrong; NASD will still visit firms on-site.  But inspections will be targeted based on concerns and issues uncovered through regulatory intelligence and the risk assessment process, so that examinations of the future are more "cause-like" and less "cycle-like." 

As is the case today, an off-site approach will allow NASD to use resources more efficiently while improving examiners' access to information.  But, we anticipate greater accomplishments and savings when we implement regulation from afar through Next Gen.  We will make expanded use of surveillance, using sophisticated analytical tools to look for patterns in data, which will come from both the firms and third party data providers.  Virtual examinations will be used for regulatory areas where firms are required to submit additional documents for review, but onsite review is not necessary. 

Electronic filing is the third and final key principle of the Next Gen model.  Through firms' electronic submissions of new types of data and documents, we will be able to construct and store more sophisticated and complete profiles of each firm.  Those profiles will then be used to drive tailored regulation, and perform risk assessments, trend analysis, and reporting.  Moving electronically submitted documents into a common document repository will allow NASD to request a document once and make it available to regulatory staff throughout the organization. The advantage for firms is fewer information requests throughout the year.  Electronic filing also allows for more standardized submissions, which will increase the speed of regulatory review. 

In summary, the Next Gen operating model enables NASD to identify risks posed by firms by analyzing electronically submitted data and documents in new and improved ways.  Regulatory packages are tailored based on each firm's Member Profile and will contain specific surveillance scenarios and other regulatory execution methods.  A surveillance engine would determine compliance with rules and generate alerts when potential non-compliance is detected.  Targeted regulation is achieved through a risk-based approach, with resources focused on the areas of greatest regulatory concern and risk scores driving the depth, frequency, and execution approach.  The overall combination of the key principles provides members with less intrusive, more flexible and more efficient regulation.

While implementing the Next Generation Examination Program is a significant challenge, we can leverage our existing risk-based model.  By capitalizing on technologies that did not exist when we first embarked on risk based programs, I am confident that NASD can stay ahead of the curve in the execution of examination programs that - when combined with the efforts of the industry - serve as a strong foundation for the best investor protection system in the world.

I've given you a picture of where we are and where we intend to go with our firm examination program.  I know how valuable it is for you to know with some certainty what you can expect from us.  It is equally valuable to us to hear your comments, concerns, suggestions and complaints about our operations - current and planned.   And a good time to start is now, so I thank you for listening and invite your questions and comments during the senior staff panel that will begin shortly.   With that, I'd like to ask my colleagues to join me.