What is SEC compliance?
SEC compliance is adherence to the rules and regulations that the Securities and Exchange Commission makes and enforces. Those who must comply with these standards work or operate in the securities industry, including brokers, investment advisers and companies, municipal advisers, mutual funds, and the members or participants of Systems Compliance and Integrity entities who receive information about certain events. The government agency carefully monitors the actions of these professionals at the civil, criminal, federal, regulatory, self-regulatory and state levels.
SEC regulations are very demanding, strict and thorough. It can be daunting to comply with all of the banned activities, financial statement requirements, mandated actions, new regulations and rules, procedural and technical filing conditions, published guidance and unofficial interpretations. However, the purpose of the SEC is to protect investors from fraud, to facilitate the formation of capital that is required to support economic growth and to ensure that the securities markets remain efficient, fair and orderly.
SEC laws and regulations
The laws and regulations that the SEC approves and enforces evolve from the concept that all investors should have access to basic facts about the investments that they make before they buy. Under these rules, public companies must disclose meaningful financial and other details to the public, which provides common knowledge that all investors can use to decide for themselves whether or not to buy, hold or sell certain bonds, futures, stocks or other securities. Below are some of the laws and regulations that promote this disclosure of information, protect investors and maintain fair dealing:
- Securities Act of 1933 – The objectives of this law are to prohibit deceit, misrepresentation or other fraud during securities sales and to require the disclosure of financial information and other vital details. A majority of securities must be registered with the SEC, and the statements and prospects provided in the registration are made public shortly thereafter. Investors who suffer losses may exercise their right to recover those losses if they can prove that the registration details were inaccurate or incomplete. Some securities that do not require registration include intrastate offerings, limited offerings, private offerings to small groups of people or entities, and municipal, state or federal government securities.
- Securities Exchange Act of 1934 – The SEC was created under this law, giving the agency power over all facets of the industry, including the authority to oversee, register and regulate brokerage firms, clearing agencies and transfer agents as well as self-regulatory organizations, including the Chicago Board of Options, Financial Industry Regulatory Authority, NASDAQ Stock Market and New York Stock Exchange. Additionally, the Act identifies and bans certain market behaviors such as insider trading and gives the SEC disciplinary powers over regulated individuals and entities.
- Trust Indenture Act of 1939 – Debt securities such as debentures, bonds and notes can be registered under the Securities Act but cannot be offered for public sale if the formal agreement, which is called the trust indenture, between the bond issuer and the bondholder does not adhere to this law.
- Investment Advisers Act of 1940 – Sole practitioners and firms that receive compensation for advice on securities investments are required under this law to register with the SEC and to adhere to its regulations. Since amendments in 1996 and 2010, only advisers who work for investment firms as sole practitioners or who have $100 million or more in assets as employees must register.
- Investment Company Act of 1940 – This law is designed to curtail conflicts of interest within organizations that primarily engage in securities investing, reinvesting and trading as well as selling securities to the public. It requires companies to regularly disclose to investors their operations and structure, investment objectives and policies, and financial condition.
- Sarbanes-Oxley Act of 2002 – Upon being signed into law, this Act mandated several reforms with the goal of enhancing financial disclosures and corporate responsibility as well as combating accounting and corporate fraud. It created the Public Company Accounting Oversight Board to oversee the activities of auditors.
- Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 – The purpose of this law was to reshape the regulatory system in several areas: credit ratings, consumer protection, corporate disclosure and governance, regulation of financial products, trading restrictions, transparency and others.
- Jumpstart Our Business Startups Act of 2012 – This law is also referred to as the JOBS Act, and its goal is to minimize regulatory requirements to help businesses raise money in public capital markets.
The Office of Compliance Inspections and Examinations
The OCIE conducts the National Examination Program with a mission to utilize risk-based strategies that ensure market integrity, protect investors and support the responsible formation of capital. It encourages compliance with securities laws and regulations through examinations, outreach programs, publications and referrals to the Division of Enforcement when appropriate.
The SEC uses the OCIE's examinations to identify and monitor risks, improve industry practices, inform rule-making initiatives and pursue misconduct. The NEP uses modern quantitative techniques to collect and analyze data about all registrants, and this helps select registrants for on-site examination. Below is an overview of each examination program implemented under the NEP:
- Investment Adviser/Investment Company – The purpose of this program is to examine investment advisers and companies to determine their compliance with securities laws, especially the Investment Advisers Act and Investment Company Act.
- Broker/Dealer – This examination program examines broker-dealers to ensure that they comply with securities laws, particularly the Securities Exchange Act. It also coordinates with the NASDAQ Stock Market, New York Stock Exchange and other SROs on regulatory issues involving broker-dealers.
- Market Oversight – The purpose of this program is to conduct risk-based examinations of SROs and securities exchanges to ensure that they and their participants comply with securities and SRO requirements.
- Clearance and Settlement – This program is responsible for the examination of clearing agencies and the coordination of transfer agents in accordance with the Securities Exchange Act.
The Compliance Outreach Program
This program was created to support open communication and coordination between SEC regulators and industry organizations and professionals. It provides a forum for discussing compliance issues, learning about effective practices and sharing experiences in a practical way. The program hosts regional events at various locations and national events in Washington, D.C. every year. There are four sections of the program that each focus on investment advisers and mutual funds, broker-dealers, municipal advisers and SCI entities.
The Office of the Chief Accountant
The OCA is the SEC office that establishes and enforces auditing and accounting policies to improve the relevancy and transparency of financial reporting. It is also responsible for enhancing the professional performance of public auditors to ensure that registered financial statements are credible and presented in a fair manner. The office is separated into three groups that work together to advise the SEC on matters concerning accounting and auditing:
- The Accounting group consults with domestic private-sector accounting organizations and individuals about the application of accounting standards and the requirements of financial disclosure.
- The Professional Practice group develops auditing policies and procedures to promote the reliable reporting of financial details. It also manages the resolution of ethical and independence matters among financial auditors and preparers.
- The International Affairs group collaborates with the above groups and international auditing, accounting and regulatory entities with financial reporting goals that are similar to those of the SEC.
SEC audits: What to expect
The SEC conducts audits of investment advisers and firms to ensure that they comply with its laws and regulations. This is a routine event, and it is considered inevitable to occur. Since a negative audit could lead to consumer mistrust, a deficiency letter, sanctions or other disciplinary action, it is vital for investment advisers and firms to remain compliant in their everyday operations.
It may also be beneficial for advisers and entities to conduct their own internal audits with either in-house auditors or outsourced audit firms or professionals. Doing so will help them identify weaknesses in their compliance system and allow them to fix problems before the SEC audit. Additionally, knowing what to expect during an SEC audit could ensure that the process goes well and has a positive result. Some of the information that the SEC staff will ask for include
- client lists with their account types and asset values,
- chronological lists of trades,
- copies of purchases and sales journals,
- lists of newly opened or terminated accounts within a certain period, and
- pricing and quotation service lists
The Division of Enforcement
The SEC's enforcement staff are crucial to its effectiveness as a regulator. The Division of Enforcement helps the agency execute this function by recommending investigations of violations and the type of proceedings to pursue thereafter as well as prosecuting potential violators. Every year, it brings hundreds of civil actions against professionals who and entities that are found in violation of securities laws. To achieve its role as an enforcer, the Division collaborates with U.S. and international law enforcement agencies, including Congress, federal agencies and departments, SROs, state securities regulators and various organizations in the private sector.
Conduct that may prompt an SEC investigation
There are several violations that could lead to the investigation of investment professionals and companies. Insider trading is one of the most common, and it involves trading securities based on nonpublic details and material. Another common violation is providing false or misleading information or omitting information about securities and the entities that issue them. Other typical violations include:
- manipulating securities prices,
- selling securities that are not registered,
- stealing the funds or securities of customers, and
- violating the responsibility of treating customers fairly.
The investigation process
When the Division of Enforcement has reason to believe that an investment professional or entity has violated SEC laws and regulations, its first action is to gather evidence of the transgression. It uses many sources to obtain evidence, such as investor complaints and tips, market surveillance activities, media reports, other SEC offices and divisions, SROs and other sources within the securities industry.
Every investigation is a private affair, and the enforcement staff develop the facts as much as possible by conducting informal inquiries and witness interviews, examining brokerage records, reviewing trading data and other investigative methods. When the investigation is a formal order, the staff can subpoena witnesses to testify and provide books, records and other related documents. Upon completing the investigation, the enforcement staff present the findings to the SEC for review.
Taking the findings and recommendations into account, the agency will decide on the best action to take. If it and the violators come to an agreement on their own, there is no need for administrative or civil court proceedings. If further action is necessary, the agency could base its decision on the type of injunction or sanction that it seeks. The agency could initiate both administrative and civil proceedings when the violation warrants both.
The processes for administrative and civil actions
When the SEC decides to take administrative action, the proceedings are heard by the agency and an administrative law judge. The judge is an individual who is independent of the agency and who will consider the evidence that the Division of Enforcement staff and the defendant present. Afterward, the judge will issue an initial decision with findings of fact, legal conclusions and recommended sanctions.
There are several types of sanctions that the administrative law judge's decision may include, such as a ban from the securities industry, cease and desist order, censure, civil monetary penalties, order to repay illegal profits, and revocation or suspension of SEC registration. The Division and defendant have the right to appeal part or all of the initial decision. The SEC could agree with the decision, remand it for more hearings or reverse it.
When the SEC decides to file a civil suit in a district court, it may ask the court to choose a remedy or sanction. However, the agency often requests an injunction to prohibit the defendant from taking further actions that violate its laws or regulations. The injunction may also require accounting in fraud cases, audits or special arrangements for supervision.
Additionally, the SEC can request civil monetary penalties or an order for the illegal profits to be repaid. If the court sees fit, it may ban or suspend the defendant from acting as a director or corporate officer. Defendants who violate any court order could be found in contempt and subjected to paying fines or being imprisoned.
BMC's Complete Guide to IT Security & Compliance
BMC's Complete Guide To IT Security & Compliance
- IT Security & Compliance Introduction
- IT Risk Management & Governance
- Automated Patching for IT Security & Compliance
- Advanced Persistent Threats
- Compliance Audits
- Compliance Programs
- Introduction to PCI Compliance
- Introduction to HIPAA Compliance
- Introduction to SOX Compliance
- Introduction to SEC Compliance
- Security Guide: SOA Compliance
- Introduction to DISA Compliance
IT Compliance Best Practices
IT Security & Compliance Solutions
TrueSight Vulnerability Management (formerly SecOps Response Service) enables IT operations and security teams to prioritize and remediate threats based on potential impact to the business.Learn More
TrueSight (formerly BladeLogic) Server Automation helps IT rapidly remediate known vulnerabilities, and automate compliance checks for regulatory requirements such as PCI-DSS or security standards like DISA.Learn More | Free Demo
TrueSight (formerly BladeLogic) Network Automation enables IT with a policy-based approach to regulatory standards for network management with real-time compliance audit reporting and vulnerability detection and remediation.Learn More
BMC Discovery (formerly ADDM) automatically discovers data center inventory, configuration, and relationship data, and maps business applications to the IT infrastructure.Learn More | Free Trial