Thursday, May 20, 2010

Paper tigers

Republican members of the house Committee on Oversight and Government Reform issued a report yesterday titled The SEC: Designed for Failure. Bearing in mind the current political climate, TheRaven still hears the ring of truth. However, while the Minority Committee members wrote a fairly comprehensive document, they missed the importance of a key finding.

The report covers typical dysfunctional organization issues, such as siloed departments and  bureaucratic warfare, seasoned by a plethora of lawyers with little knowledge of securities markets. The SEC has an unusual problem: its analysts are unionized. The report expresses incredulity that no SEC staff have been fired in the aftermath of the Madoff case.

The problem that cuts across all others is technology. We begin with a section copied directly from the report, beginning on page 11. Footnotes have been stripped out and TheRaven's emphasis has been added but the text is otherwise verbetim

 First, the Commission has thus far failed to incorporate technology into its own review of securities disclosures. The Commission’s Division of Corporation Finance (CF) employs hundreds of attorneys and accountants  to read and check public companies’ registration statements, prospectuses, proxy materials, periodic reports, and other filings. A large portion of this work consists of simple calculations. For example, a CF accountant might check to make sure that no item labeled “Miscellaneous” in a company’s financial statements represents more than 10% of the total of its category, or calculate simple financial ratios using numbers contained in the statements. CF accountants also usually compare numbers from the current period with numbers from previous periods to check for unusual changes.

These tasks are performed manually, using printouts, pencils, and calculators.  The private sector has for many years used software that automatically calculates important ratios, flags significant year-on-year changes, and checks the mathematics of financial statements. CF does not, which wastes untold amounts of highly-educated attorneys’ and accountants’ review time. In fact, CF officials have actively resisted internal suggestions that some manual calculations and checks could be automated to save reviewer time for the tasks that require more skill.

Another common review task is to check whether various disclosure elements are present or not. For example, CF’s reviewers regularly check to make sure that a company has included the required CEO and CFO certifications with its quarterly and annual reports on Forms 10-Q and 10-K, in the proper format. These disclosure elements are not
tracked in any centralized system. Instead, CF’s reviewers use Microsoft Word templates and create documents with typed X’s indicating the presence or absence of such elements in a company’s filings. This makes it impossible for CF to respond quickly when a company has omitted a required disclosure element. Instead, CF reviewers compile long lists of deficiencies in a company’s filings and send comprehensive comment letters to the company requesting changes.

After negotiations, the company might make an amended filing. CF’s internal policy for comments on annual reports, at least as of 2008, was to “send a comment letter to a firm prior to the firm’s next fiscal year-end.” In other words, it might take eight months for CF to even contact a company about a deficient annual report, and longer for that company to file an amended report.

Second, the Commission employs no automatic, electronic screening software to check filings for indicia of fraud or errors. Outside analysts, academics, and accounting associations have developed lists of risk factors and ratios that are correlated with accounting misstatements. But the Commission has not incorporated this knowledge into any comprehensive risk-monitoring software. Instead, CF relies on the eyes of its reviewers to find errors, and the Commission’s Division of Enforcement relies on tips,
complaints, news stories, and referrals to find fraud. The Commission has long promised to develop the ability to perform industry-wide quantitative forensic analysis. It has failed to do that, and academia has instead taken the lead in uncovering fraud through number-crunching.

The Commission maintains no central electronic database of companies’ financial information, other than EDGAR’s electronic repository of text-based disclosure documents. Commission staff use Google Finance, Yahoo! Finance, and commercially available resources to perform or check their analyses.

Because it cannot perform quantitative analysis, the Commission has no means of prioritizing the thousands of tips and complaints it receives. If the Commission had a robust database of the financial information filed by its registrants, it could automatically prioritize tips relating to registrants fitting a risk profile. But no such database has ever been constructed. In September 2009, the Commission created the Division of Market Risk, which it tasked with, among other things, “strategic and long-term analysis” and “conducting research and analysis in furtherance and support of the functions of the Commission.” The new Division’s accomplishments remain unclear. As of April 24, 2010, its website redirected to a September 2009 press release announcing the appointment of its first director. Meanwhile, the Division of Enforcement announced a new Office of Market Intelligence, which, judging from published news reports, may be working on the sort of “proactive analytics” that have hitherto been missing. But fullscale analysis of all the data received from the Commission’s regulated entities is probably still years in the future.

Third, the Commission’s information technology resources are fragmented and unconnected. For one example, the agency lacks a universal internal search function. Commission staff have no automatic means of finding all of the electronic records that relate to a particular registrant – a corporation, a mutual fund, an investment adviser, or another entity. Information is scattered throughout dozens of databases; to find all the information the Commission might have about a particular company, they all must be searched.

Even worse, there is no consistent naming or numbering convention for regulated entities – an essential element of any enterprise-wide approach to data management. The Commission’s Web-accessible, public database of EDGAR filings is similarly limited. For instance, there is no means of searching within a single company’s filings. Investors and Commission staff who use EDGAR are faced with a “stack of electronic documents” whose component parts cannot be separately searched. For another example, the Commission has no agency-wide data management policy or plan, and no Chief Data Officer. Most large organizations that deal with large amounts of electronic information have senior officers and separate departments dedicated to ensuring data quality; the Commission has neither. As a result, its data compilations are redundant and corruptible.

Picking up the report again on page 28...

...the Commission has been unable to systematically update its disclosure rules for
an electronic information age. The rules do not contemplate electronic disclosure
formats. Frequently, they require paper-based methods for presenting information, such as attachments, incorporation by reference, and footnotes, that are difficult to translate into an all-electronic system. For another example, the cover pages of Forms 10-K, 10-Q, and others include checkboxes. The checkboxes indicate whether the issuer is current on its reporting obligations, whether it has posted interactive data files on its website, and whether it is a large accelerated filer, an accelerated filer, a non-accelerated filer, or a smaller reporting company. Astonishingly, the checkboxes are not linked to any
electronic database. EDGAR has no means of limiting searches based on issuers’
responses to the checkboxes. 


...the disclosure rules have become so complex that they can only be understood by specialized lawyers who work for the Commission and private law firms and investment banks. Some members of this elite group circulate back and forth between the Commission and the firms. Maintaining the complexity of the system is in their personal financial interest.

The report's five recommendations are aimed at "Congress should pass more laws" and "Mary Shapiro should do her job". Not terribly surprising. The disappointment is, obviously, that this minority report let the technology issues slip through its fingers. An agency-wide filings database and automated review process would push the SEC towards competence, in advance of other reforms. TheRaven hasn't performed a calculation with paper and pencil since 1984. Getting appropriate tools in the hands of SEC analysts would enable, empower and remind agency staff that they live in the 21st century.

Systemic risk created by SEC incompetence is inadequately addressed. The focus is on fraud risk. Investor security is important, however, the real peril is that SEC bungling creates market inefficiencies that weaken America's position in global capital markets. In comparison,  Madoff is barely a headline.

No comments:

Post a Comment