IT Execs See New Regs Slowing Down: Attention Turns to Fine-Tuning Existing Rules
February 27, 2006
MIAMI - With the whirlwind of legislation that started with the mutual fund scandals in 2003 seemingly subsiding, fund companies can stop scurrying to comply and do a better job of focusing on existing rules, speakers at The National Investment Company Service Association summit here said last week.
"The good news is we're over the crescendo and hopefully on the downhill," said Robert C. Pozen, chairman of MFS Investment Management of Boston. "We don't have to start from scratch and test everything again."
The bad news is that it has been an expensive process of complying with the Securities and Exchange Commission's new regulations, including 38a-1, 22c-2 and Sarbanes-Oxley. "We thought it would be costly, and it was," said Michael Whitaker, senior vice president and compliance officer for MFS. "But the monetary toll paled in comparison to the human toll," he said.
Suddenly, the rules caused departments within the same company to look at each other suspiciously, and fund companies to scrutinize the operations of service providers with which they had worked for years. Many broker/dealers are now afraid to sell their own companies' products, analysts' comments are more reserved, and companies are far more cautious about what information they share with investors.
"The audit fatigue was palpable," Whitaker said.
Add to that the lack of guidance the SEC has offered about implementing the regulations. For example, Rule 38a-1 requires investment companies to develop a set of compliance policies and procedures, institute a chief compliance officer to monitor those rules and report to the board of directors, and then have the board review those rules annually, with the first review occurring no later than this June. The rule, adopted in 2004, offered no uniform strategy and has caused much confusion within the industry.
"They're measuring things they've never measured before," said Paul O'Neil, senior director of Boston Financial Data Services of Boston. "We had 125 clients with 124 ideas of ways to do it," he said.
As a result, O'Neil could not offer a one-size-fits-all plan, and clients have spent significant amounts of time and money examining their own operations and developing policies to fit their own cultures.
Annual reports must also include any "significant compliance events" the CCO may have faced, leaving it up to each board to define "significant." But requiring a CCO to provide minutiae may make them look like they're on a witch-hunt, and what was part of an audit might not be suitable to a published report. At the same time, CCOs who say too little may raise eyebrows. "Everybody's walking that fine line," said James E. Hillman, a consultant based in New York.
The first annual report will be the most critical, Hillman said, because it will set a precedent. Moreover, these reports are widely circulated and available to shareholders. "This can be the smoking gun," O'Neil said.
In the absence of a uniform industry-wide standard, or regular compliance schedule, many companies have been using the Statement on Auditing Standards (SAS) No. 70 form. This standardized, universally recognized form allows companies to keep track of technology-related processes, but gathering information for the form can be costly and may not be the most efficient method, Hillman said.
Michael Fay, a partner at Deloitte & Touche of New York, noted that the data included in SAS-70s is already recorded in various regular internal reports. Companies should consider developing a centralized database and culling information on a rolling basis, rather than returning to traders and brokers three or four times for the same information, he said.
Whitaker suggested quarterly reports to the fund board, to keep everyone apprised, so that the year-end reports are a summary, not an exposition.
Besides worrying about the staff at the fund company itself, CCOs must also be mindful of relationships with wholesalers and third-party distributors, and vice-versa. "First, identify the risks," said David C. Martin, senior compliance officer at Phoenix Life Insurance of Hartford.
One major risk is gifts. Each fund company, distributor or wholesaler may have its own set of rules, so it is important that compliance officers learn one another's rules, and operate under the most stringent set when in business together. "You have to make the rules really clear," Martin said.
Once established, those rules must be communicated. Martin recommended that CCOs meet with wholesalers, distributors and any other third-party service providers to explain the rules carefully and have them certify that they have, in fact, been instructed.
And while codes of conduct in the past simply quoted rules, Martin suggested that new rules give explicit examples. Say a wholesaler goes with a broker to pay golf. Does it matter who pays for the round? Does the topic of discussion determine who foots the bill? If so, how is that measured?