Sterling Management Solutions
Corp.
Jonathan G. Katz
Secretary
Office of the Secretary
Mail Stop 0609
United States
Securities and Exchange Commission
Via E-Mail:
Rule-comments@sec.gov
Re: Comment to Proposed
Rule File No. S7-03-03 – Compliance Programs of Investment Companies and
Investment Advisers (IC-25925 and IA-2107, dated
Dear Mr.
Katz:
Introduction
The
Commission has requested comment from the private sector relating to their
possible roles in overseeing compliance by investment companies and investment
advisers with the federal securities laws.
Sterling Management
Disclosure and financial controls for regulated entities under the recent
Sarbanes-Oxley Act and the new related rules adopted and proposed by the
Securities and Exchange Commission have become a huge area of concern for those
companies. Among other
requirements, Chief Executive and Chief Financial Officers are required to
certify their companies’ financial statements in certain filings with the
Commission. Such senior executive
officers face real and substantial personal liabilities should such
certifications prove unsupportable.
A Chief
Compliance Officer is proposed to oversee compliance efforts for investment
companies and advisers and perhaps even certify compliance policies and
procedures.
Sterling Management Solutions Corp.’s patent-pending
PerformBI™ for Corporate Governance technology solution is intended to provide
analytics and business process/workflow automation for disclosure and financial
controls, and certifications. We
believe that technology-enabled solutions will be required to ensure that
adequate controls are maintained and that assessments of the effectiveness of
such controls and the certification process are sufficiently informed. Without the implementation of such a
corporate governance system, it is unclear to us how reliable the required
certifications of controls over such complex activities (comprised of ongoing
business and legal processes, financial data, and various corporate governance
activities) will be.
The
platform is designed to provide a command and control digital dashboard (on a
business user’s computer screen and via other delivery mechanisms, including
wireless, phone and others) for the prevention, detection and correction of
potential fraud and other non-compliant events. This solution is intended to implement
and maintain control procedures and processes, and monitors (using threshold and
pattern-recognition detection technology) corporate financial, compliance and
event performance measurements for “out-of-condition” occurrences.
When utilized in an overall company process reasonably
designed to prevent securities law violations, this technology should assist
efforts to effectively enhance corporate governance across an organization,
contribute to a reduction in the risks to their business and shareholder value
of securities law violations, and possibly even be seen to help
personally-liable CEOs and CFOs reduce the risk of serious enforcement actions
and other legal action against both their companies and themselves. It should also materially assist
the audit committees of their boards of directors to be more effective in the
execution of their duties by allowing further control of, and transparency into,
a company’s disclosure and internal control processes.
FOSTERING USE OF THIRD-PARTY
CORPORATE GOVERNANCE AND
COMPLIANCE
TECHNOLOGY SOLUTIONS
The Commission has indicated that the existence of
legitimate third party mechanisms such as compliance audits and demonstrable
evidence of adherence to reasonable compliance procedures could assist them in
identifying companies that are pursuing best practices, reduce their need for
oversight of such companies, and therefore presumably reduce the cost of both
the Commission’s and, eventually, those companies’ efforts to prevent, detect,
and correct securities law compliance violations.
Responding to this new regulatory environment has become
a hotbed of activity for the private sector. The inherent difficulties and array of
disparate business processes involved in the managing the complex operations of
large regulated entities lends itself well to an integrated technology solution
approach. There also could be
significant economies of scale if corporate governance and compliance technology
is widely available and easily usable across the much more numerous population
of smaller funds and advisers.
To encourage the adoption of such systems, it is
respectfully suggested that the Commission strongly consider some type of “safe
harbor” treatment for investment advisers, investment companies, broker-dealers
and public companies that implement and effectively utilize such systems or
other compliance programs, or specifically allow for the use of soft dollar
credits for compliance systems directly tied to investment decision-making
processes under certain circumstances.
In other instances, the Commission has promulgated “safe
harbors” for forward-looking information and private placements of securities,
among other areas. The need to
ensure effective securities and corporate governance compliance and controls
appears to be of equal if not greater importance than the public policy issues
underlying the adoption of those aforementioned safe harbors.
Additionally, the use of soft dollar credits could allow
for more rapid implementation of these systems by certain regulated
entities. These types of systems
could be seen to be directly tied to the investment decision-making process in
that the analytics can automatically monitor, detect and alert about, among
other things, performance and compliance of the specific trading decisions
themselves.
These types of systems would presumably lead to
better-informed decisions about many investment decision related activities,
including the choice of trading partners (including investment advisers,
investment companies and broker-dealers) by allowing client investors,
especially institutions, downstream to observe and understand which of their
further upstream trading and execution entities are most compliant with the
securities laws and the specific investment and other business rules set by that
client. This type of
transparency into the investing decision-making and compliance process should be
encouraged and fostered by the Commission, which has numerous other rules
fostering similar types of “transparency” of information to the investing
public.
CORPORATE GOVERNANCE ANALYTICS
AND
BUSINESS PROCESS AUTOMATION
The sheer volume of financial and disclosure control
reports now inundating the desks of certifying executives and the corresponding
complex business processes necessary for the implementation and maintenance of
“effective” disclosure and financial controls present the very real risk and
danger of an “information overload” that would act to counteract the intent of
the new rules, which is to foster more robust systems of corporate governance at
regulated companies.
Software solutions are beginning to emerge that respond
to the need for better management of corporate controls. Certain of these solutions, such as
Sterling’s PerformBI for Corporate Governance, can provide actionable
industry-specific tracking and alerting analytics for disclosure and financial
controls right on the desktop of a senior executive or compliance officer and
integrate business process or workflow automation tools to allow
technology-assisted management of those controls.
PerformBI for Corporate Governance now allows for the
collection and automation of these processes into a centralized “digital
dashboard.” Senior officers and
responsible employees can use this system to help them prevent, detect and
correct deficiencies in a streamlined and efficient manner, thereby helping to
mitigate the risks of managing both highly complex regulatory requirements and
sophisticated business processes that depend on rapid response, remediation and
disclosure.
This technology also can allow for the tracking of the
effectiveness of these controls, significant changes made to them, help spot
deficiencies in the process, and otherwise help to ensure that controls,
policies and procedures are in place and maintained in a manner reasonably
designed to prevent violations of the federal securities laws.
The Sterling analytics platform monitors material
changes in specified financial, corporate event performance and compliance
measures, and quickly alerts senior corporate executives about possible
violations, along with providing built-in workflow automation, communications,
scheduling, CEO and CFO Sarbanes-Oxley certification support, code of ethics and
control document management, participant education and awareness campaigns about
corporate governance issues, and audit trail functionality.
Operational efficiencies, competitive advantage, and
enhanced risk management will be some of the resulting benefits to companies
using the PerformBI Corporate Governance solution. Investors and the financial markets in
general, however, will be the ultimate beneficiaries of such a software system
that helps to ensure the integrity of disclosure under the
DIGITAL DASHBOARD TECHNOLOGY
A “digital dashboard” for these solutions provides an
intuitive workspace portal for command, control and communication via a standard
web browser, giving the user centralized access to reports, alerts, documents,
workflow automation and additional tools such as email, wire feeds, news
services, video, and other information sources.
The PerformBI for Corporate Governance “dashboard”
allows the user a great deal of freedom, while at the same time providing
immediate desktop notification of potential financial and compliance violation
conditions. Because of the
intuitive design, very limited business user training is required. The dashboard allows for further
investigation capabilities and ad hoc report generation designed for
non-technical professionals, along with associated charting and
graphics.
PRE-BUILT VERTICAL-SPECIFIC
FRAUD AND COMPLIANCE ANALYTICS
When a specified potential violation condition is
detected, an alert is activated and communicated to the user. Alerts are
triggered by performance indicators from financial and compliance information
systems, and can also be triggered from a specific set of business rules or
other outside factors.
This true analytics platform's slice and dice,
drill-down, and ad-hoc capabilities can allow for immediate further
investigation and analysis directly at the desktops of CEOs, CFOs, Chief
Compliance Officers, audit committee members and other authorized parties.
BUSINESS CONTINUITY
Policies and procedures of investment companies include
business continuity plans. An
additional “dashboard” would be
The VCC, and associated services, including security
assessment and solutions, business impact analysis, and disaster recovery and
business continuity services, allow managers and even appropriate customers to
obtain company specific protocols, discrete instructions and guidance as well as
industry specific, effective and timely solutions to the issues presented by
business continuity or disaster recovery events.
Using web-enabled software, the VCC may contain, by way
of example: incident tracking; logging and reporting; automated standard
operating procedure checklists and plans; resource management (with full
database functionality); central command and control; messaging and
communications function with tracking; documentation of response actions;
contact lists; internet, intranet/VPN and wireless;
radio, cellular and satellite; appropriate member participation; automated
journaling; access to plans and data; mapping; role-based staff management;
linking capability to access internet sources for weather and event
intelligence; executive briefings, and other
features.
COMMUNICATIONS AND PERMISSION-BASED
VIEWS
Communications with members of the team regarding
required activities and compliance violation alert conditions are all provided
within the dashboard. Automated
follow-ups are sent should responses not be given within certain
timeframes. Auditable trails of
communications are stored automatically.
Wireless access allows the business user to receive reports and alerts
over cellular phones, Palm Pilots, Blackberry and other wireless devices.
Different views into such a system can be made available
on a user by user basis, even allowing specific sets of data to be viewed by
important other participants in the process, including members of the audit
committee of the board of directors.
NEW TOOLS FOR A NEW ERA
Certain resistance to the utilization of such technology
for command and control of securities disclosure business processes can be
expected from those who believe that experienced judgment cannot be replaced by
such tools and that such solutions may be too heavily relied upon in fulfilling
responsibilities for oversight of disclosure activities. It is true that, in effectively
implementing the use of such technology, there are definitely moral hazards to
anything that could be viewed to be a substitute for good experience and
independent judgment.
However, that argument still has some very significant
problems. It is like telling a
detective or intelligence analyst that better tools, such as DNA and fingerprint
databank sharing across jurisdictions, pattern matching for similar modus
operandi, or advanced data mining that spots possible criminal activity should
not be used because people will rely too heavily on it and ignore old fashioned
but still very effective gumshoe techniques.
It is an old axiom that the old techniques need to be
retained and still can provide tremendous breakthroughs. Surely no one thinks, however, that
detectives want to throw away the new tools just because they fear they will
make them lazy and not exercise independent judgment.
The same response applies to financial and compliance
professionals who use and make judgments everyday about the data and reports
coming to them from extremely complex financial systems or auditors who utilize
sampling techniques for auditing that are enabled and made more efficient by use
of technology. No reasonable person
would suggest that they not avail themselves of such tools and that they should
only use former labor intensive, technology-light efforts that could be
incomplete and untimely. Even
so, it is important to retain and rigorously continue to apply common sense and
non-data sourced auditing and compliance practices in the utilization of such
tools.
The ability of new computer solutions to collect,
integrate and analyze data, which is now still being done at some companies by
large numbers of business analysts armed with spreadsheets, is not to be
underestimated. The savings in cost
and time spent could be tremendous, both for regulated entities and regulatory
authorities.
PerformBI for Corporate Governance is providing an
answer to what regulated companies are required to achieve: earlier and more
timely discovery of potential disclosure issues and financial problems. This technology can help to nip those
issues in the bud and could even help provide strong evidence of such controls
to regulators.
Many top broker-dealers and other financial services
companies are already using analytics to monitor performance and compliance, and
regulated companies are beginning to use technology solutions for
Sarbanes-Oxley. Auditing and law
firms should understand these new tools also and the need of their clients’
business executives to not ignore the power of these tools to have institute
much better controls over their corporate governance activities.
These technologies provide a further path down the road
to the necessary automation of certain business and legal processes, giving the
human business users much of the critical information they need for informed and
value-added judgments in one central location and in a manageable and usable
form. A company, its senior
officers and compliance professionals can even be given alternatives as to what
logical steps they should take next, given the structures of their programs and
policies.
"Detection," "monitoring" and "real-time" are words now
being used by the Commission and other participants in the financial
markets. It could well be said that
regulated companies have no choice but to automate disclosure controls, unless
they want to continue to risk shareholder value, lawsuits, enforcement actions
and worse by keeping in place a process that has built-in unacceptable risks
created by an unwieldy structure that manually looks across multiple disparate
processes and systems with widely differing platforms and levels of
automation.
As a nation, we must all be smarter about our detection
and monitoring of activities relating to the securities markets and regulated
companies, including issues relating to non-compliance and outright fraud. There are intrinsic problems when a
complex regulated business relies exclusively on other human members of a
disclosure team, with the necessarily segmented and possibly biased, although
sometimes brilliant, views they bring to the table.
The effective implementation of a technology-enabled
corporate governance analytics system captures a tremendous amount of the
experiential scenarios of members of the disclosure team by memorializing those
scenarios in business rules and patterns to automate the detection of violations
of those scenarios. That aspect of
an analytics deployment is an indispensable part of the process of creating an
effective industry-specific analytics solution, as is keeping participants
accountable and communicating their disclosure control comments in an active and
auditable manner.
The complex business processes and technology systems of
businesses today clearly do not have enough transparency, even to the senior
executives managing them. PerformBI
for Corporate Governance can confront that complexity and provide a much more
efficient way of managing the ever-expanding universe of potentially material
information, leader to better quality disclosure to the investing
public.
Respectfully Submitted,
Robert N. Sobol
Chief Operating Officer
Sterling Management Solutions
Corp.
1-609-452-9300 (ext – 109)
Robert_sobol@sterlingmgt.com