SEC Significantly Deficient in Disgorgement and Penalties Controls, GAO Finds
Someone has to watch the watchdog. Thereís no telling what will turn up.
A GAO audit of SEC financial statements turned up some bad news for the agency: Accounting for disgorgements and penalties in FY 2014 were labeled as a significant deficiency, with specific problems including the SEC "recording certain disgorgement and penalty transactions to incorrect customer numbers in the general ledger."
On the positive side, the GAO removed a significant deficiency given the SEC in FY 2013 involving the agencyís internal controls over information technology security. Overall, the GAO report was also favorable. While the government auditor did note its concern about SEC practices with regard to disgorgement and penalties, it found that the SEC, as of September 30, 2014, "maintained, in all material respects, effective internal control over financial reporting."
The GAOís findings, which it issued in a November 2014 report, were also included in the SECís Summary of Performance and Financial Information for FY 2014, issued February 12 of this year. The document reports how the agency measured against its own 2014 strategic goals in a number of areas, including examinations, enforcement and investor education (see below).
Judging the SEC
Some might find it ironic that the SEC, which has the authority to bring charges resulting in civil money penalties and more against a firm that did not maintain proper controls over client assets, was found by the GAO to have not maintained proper controls over disgorgement proceeds that it was holding.
But maybe not. "An adviser is charged with serving as a fiduciary with clients," said
University of Michigan law professor Adam Pritchard. "The SEC is a law enforcement agency and its function is to get the bad guys and make them pay. If they donít control the money that they bring in that much, it will eventually get to the correct parties. But the money was nonetheless taken away from the bad guys."
The Commission has a problem in this area because of a "disconnect between the Enforcement Division and the structure that Congress and the SEC set up to get the money back to investors," Pritchard said, noting that while there is incentive to prosecute, "there is a lack of incentive" to correctly handle the money once it is collected.
Then there is the meaning of the term "significant deficiency," which "is a term of art in the auditing world and does not rise to the level of the more serious finding of a 'material weakness,'" said
Zaccaro Morgan partner Nicolas Morgan.
"The good news for the SEC," he said, "is that the GAO did not find a material weakness in the area of disgorgement or any other area in 2014. Ö However, the bad news for the SEC is that the one significant deficiency in 2014 (accounting for disgorgement and penalties) is a recurring problem, including issues reported by the GAO and new issues contributing to the same deficiency."
Disgorgement and penalty transactions
FY 2014 was not the first year the GAO expressed concerns about what it found to be SEC deficiencies in regard to its controls over disgorgement and penalty transactions, but in previous years those concerns did not reach "significant deficiency" level.
"In fiscal year 2013, we concluded that these deficiencies did not individually or collectively represent a material weakness or significant deficiency," the GAO said, adding that it brought them to the attention of SEC management in May 2014. While the GAO acknowledged that the SEC took action to address some of those deficiencies, it said that "our testing results this year identified new deficiencies in accounting for disgorgement and penalty transactions, which, combined with the remaining control deficiencies from our prior audits, are important enough to merit the attention of those charged with governance of SEC. Therefore, while not considered a material weakness, we consider these issues to collectively represent a significant deficiency in SECís internal control over financial reporting as of September 30, 2014."
"I would expect improvement in this area over the coming year," said
Stradley Ronon partner Lawrence Stadulis. "It appears that the SEC understands the nature of the deficiency in this area and is undertaking steps to address it," he said, noting that the performance report expressly states that the significant deficiency "íwill continue to be an area of focus for us in FY 2015.í"
The GAO categorized the various deficiencies that compiled the overall significant deficiency into two groups: those it had identified in 2013, which it referred to as continuing deficiencies, and new deficiencies that had not been uncovered in previous audits.
Here are the continuing deficiencies in terms of disgorgement and penalties that†the GAO†identified:
Insufficient procedures for ensuring the availability of disgorgement or penalty-related funds before transferring them to the U.S. Treasury;
Ineffective monitoring of disgorgement and penalty-related cases filed in courts to ensure that all cases that should be recorded as receivables are identified in a timely manner; and
Insufficient safeguarding controls at service providers that collect disgorgements, penalties and related interest payments from violators on the SECís behalf.
As for new deficiencies found in its 2014 financial statement audit, the GAO found, among other things, that the SECís routine monitoring procedures did not consistently detect and correct errors in a timely manner. "Instead, as individual errors were found and brought to its attention, [the] SEC would investigate further to identify any similar issues, and it was these ad hoc reviews that would result in the identification and correction of additional errors," the GAO said, adding that the errors it found in 2014 were "largely caused" by:
Ineffective policies and procedures for tracking and recording account receivable transactions; and
Lack of consistent information sharing between the Office of Financial Management and the Division of Enforcement.
The auditing agency also found these†problems:
Controls not established to ensure that all offsets of disgorgement-related accounts receivables were recorded in the general ledger in a timely manner. "Limitations in [the] SECís general ledger system do not allow it to record both the accounts receivable amount and offset at the same time, which has resulted in [the] SEC relying on a manual process to enter the offset amount at a later time."
Disgorgement and penalty transactions recorded to incorrect customer numbers in the general ledger. "This was caused by the ineffective implementation of existing SEC policies," the GAO said. "For example, we found that one of the 45 accounts receivable amounts we tested as part of a statistical sample was recorded to an incorrect customer number. In addition, [the] SEC identified a disgorgement and penalty accounts receivable amount that was recorded twice in the general ledger because it was initially recorded to an incorrect customer number, resulting in an overstatement of SECís gross accounts receivable of $4.4 million, which was subsequently corrected." SEC procedures, the GAO said, require staff to determine whether an accounts receivable has already been recorded before initiating the recording of a new receivable and require review of new receivables as they are recorded.
Mary Jo White, in a November 12, 2014 response to the GAO that was included in the audit report, said she was pleased that the GAO found that the SEC no longer had a significant deficiency in regard to information security, as it did in 2013. "We will continue to strengthen our controls in this area, while focusing on the newly identified significant deficiency in the area of accounting for disgorgements and penalties," she said.
More specifically, she promised, among other things, to "undertake a thorough assessment of our controls and organizational approach" in regard to disgorgements and penalties. "The agency also will take specific corrective actions to consistently implement and evidence effective internal control over the timely recording of judgments and orders," and that the Office of Financial Management and the Division of Enforcement are working closely together to review orders in individual cases, "and we expect this ongoing communication to help ensure proper recording of judgments and orders."
In assessing its own performance against goals it previously established, the SEC found some areas where it exceeded the goals and others where it failed to meet them.
Percentage of investment advisers and investment companies examined during the year (performance goal 2.2.1). The agency examined 10 percent of all registered advisers in FY 2014, surpassing its goal of 9 percent. But it failed to meet its goal of examining 12 percent of investment companies that year, examining 10 percent. "During FY 2015, staff will continue to implement improved processes and procedures," the agency said, adding that it "expects that these improvements, which include enhancements to the exam programís risk assessment processes, will lead to more effective coverage of registered entities." It also added that "certain targeted initiatives aimed at high risk firms and activities have already been implemented and it is anticipated that these efforts will result in improved coverage levels in FY 2015."
Average months between opening a matter under inquiry or an investigation and commencing an enforcement action (performance goal 2.3.3). The SEC in FY 2014 matched the number of months it took in FY 2013 Ė 21 months, but fell short of its goal to reduce the time to 20 months. Basically, the agency said it would try harder next time, seeking more effective management of cases, leveraging various processes and initiatives to promote efficiencies in investigations, and encouraging the use of tools like subpoena enforcement actions to keep investigations on time.
Number of industry outreach and education programs targeted to areas identified as raising particular compliance risks (performance goal 2.1.1). The SEC really outdid itself here, holding 63 major outreach efforts during FY 2014, including holding national and regional compliance outreach events, and publishing risk alerts. The goal was just 16 such programs. The agency said it will "continue to expand and improve these efforts during FY 2015 and FY 2016."