ICI Comment Letter on Nasdaq's Proposed Rule Change to Require Listed Companies to Have Internal Audit Function (pdf)

March 28, 2013 Ms. Elizabeth M. Murphy Secretary Securities and Exchange Commission 100 F Street, NE Washington, DC 20549 Re: The NASDAQ Stock Market LLC Proposed Rule Change to Require Listed Companies to Have an Internal Audit Function (File No. SR- NASDAQ-2013-032) Dear Ms. Murphy: The Investment Company Institute (“ICI”)1 appreciates the opportunity to comment on the recent proposal by The NASDAQ Stock Market LLC (“Nasdaq”) to require listed companies to establish and maintain an internal audit function.2 The ICI supports the objective of the proposed rule to ensure that listed companies have a mechanism in place to review and assess regularly their system of internal controls and to identify any weaknesses and develop appropriate remedial measures. As explained below, an internal audit function, however, should not be required for investment companies – closed-end funds and exchange-traded funds – that are registered under the Investment Company Act of 1940 (“Investment Company Act”) and listed on Nasdaq.3 For registered funds, the requirement is unnecessary given their robust regulation under the Investment Company Act, impractical given their unique structure, and inconsistent with the New York Stock Exchange’s (“NYSE”) corresponding listing requirement, which includes an exception for registered funds. For all of these reasons, we urge Nasdaq to include an exemption from the internal audit requirement for registered funds. 1 The Investment Company Institute is the national association of U.S. investment companies, including mutual funds, closed-end funds, exchange-traded funds, and unit investment trusts. ICI seeks to encourage adherence to high ethical standards, promote public understanding, and otherwise advance the interests of funds, their shareholders, directors, and advisers. Members of ICI manage total assets of $14.6 trillion and serve over 90 million shareholders. 2 Notice of Filing of Proposed Rule Change to Require that Listed Companies Have an Internal Audit Function, Release No. 34-69030, 78 FR 15075 (Mar. 8, 2013) (“Proposal”). 3 Hereinafter, this letter refers to these funds as “registered funds.” Ms. Elizabeth Murphy March 28, 2013 Page 2 of 5 Substantial Regulation of Registered Funds Unlike Nasdaq-listed operating companies, registered funds are stringently regulated under the Investment Company Act, which imposes: detailed requirements on funds with respect to their capital structure, day-to-day operations, and custody of assets; oversight by independent directors; limitations on the use of leverage; fidelity bonding for officers and others that have access to fund securities; and prohibitions on most transactions with affiliates.4 Moreover, unlike operating companies, registered funds are subject to periodic on-site inspections by the Securities and Exchange Commission (“SEC”) staff designed to ensure that they are operating in compliance with applicable laws and their stated investment objectives and policies. We believe that the internal audit function envisioned by the Proposal is largely duplicative of functions already performed by or for registered funds to comply with the Investment Company Act. The proposed internal audit requirement would add little to enhance risk management processes and internal controls at registered funds given the existing requirements relating to oversight of funds and their service providers. Specifically, the Investment Company Act requires registered funds to adopt written policies and procedures reasonably designed to prevent violation of the federal securities laws by the fund, including policies and procedures that provide for the oversight of compliance by the fund’s investment adviser, administrator, and transfer agent.5 A registered fund must designate a Chief Compliance Officer (“Fund CCO”) who is approved by the fund’s board and charged with administering and overseeing its compliance program.6 A Fund CCO, together with fund management, assesses compliance risks and controls at the fund level. A Fund CCO must “tak[e] steps to assure herself that each service provider has implemented effective compliance policies and procedures administered by competent personnel” and “should be familiar with each service provider’s operations and understand those aspects of their operations that expose the fund to compliance risks.”7 4 In addition to the Investment Company Act, registered funds are subject to requirements under the Securities Act of 1933 and the Securities Exchange Act of 1934. As with operating companies, registered funds are subject to certification requirements originally adopted by the Sarbanes Oxley Act of 2002 and incorporated into Rule 30a-2 of the Investment Company Act (a registered fund’s principal executive officer and principal financial officer are required to provide the certifications). 5 17 C.F.R. § 270.38a-1. The service providers to registered funds generally also are subject to regulation and oversight by regulatory bodies including the SEC and the Financial Industry Regulatory Authority (FINRA). 6 A registered fund’s board also is charged with oversight of compliance with the federal securities laws by the fund’s investment adviser, administrator, and transfer agent to the extent they are providing services to the fund. 7 Compliance Programs of Investment Companies and Investment Advisers, Release Nos. IA-2204 and IC-26299, 68 FR 74714 (Dec. 24, 2003). A Fund CCO may review, among other documents: a service provider’s standard operating procedures and other policies and procedures, to the extent relevant to the registered fund’s operations; results of any regulatory examinations; reports on internal and external reviews and testing of the service provider’s systems, processes and Ms. Elizabeth Murphy March 28, 2013 Page 3 of 5 Moreover, no less frequently than annually, a registered fund is required under Investment Company Act rules to review the adequacy of the compliance policies and procedures of the fund and of each investment adviser, principal underwriter, administrator, and transfer agent and the effectiveness of the implementation of such policies and procedures. The Fund CCO also must, no less frequently than annually, provide a written report to the fund’s board that, at a minimum, addresses: the operations of the policies and procedures of the fund and its investment adviser, principal underwriter, administrator, and transfer agent; any material changes made to the compliance policies and procedures since the last report; any material changes recommended to such policies and procedures as a result of conducting the annual review; and each material compliance matter that occurred since the date of the last report. The Fund CCO also must meet with a fund’s board of directors at least annually and meet separately with the fund’s independent directors. In practice, many Fund CCOs meet with their boards at least quarterly and more frequently in the event of a material compliance matter. Structural Differences of Registered Funds and Operating Companies In addition to being unnecessary given regulation under the Investment Company Act, Nasdaq’s proposed internal audit function requirement is impractical given registered funds’ unique structure. Registered funds differ fundamentally from operating companies in their structure – most registered funds have no employees and their operations generally are conducted through service providers, including investment advisers, administrators, custodians and transfer agents.8 Moreover, unlike operating companies, registered funds have only a single line of business – to invest the money pooled from investors in securities.9 Consequently, the operations and related controls of registered funds are much narrower in scope than those of operating companies. In addition, registered fund financial statements are simpler than those of operating companies.10 The proposed requirement to establish and maintain an internal audit function would be impractical for registered funds for two reasons. First, most registered funds would be forced to have controls; and independent third-party audits to evaluate the effectiveness of compliance controls, including SSAE No. 16, Reports on Controls at a Service Organization (“SSAE No. 16 Reports”). Many Fund CCOs make periodic due diligence visits to their fund’s service providers. 8 We are aware of only a handful of closed-end funds that are internally managed and have employees. We are not aware of any exchange-traded funds that are internally managed. An externally managed registered fund’s executive officers are usually furnished by one of its service providers, typically the investment adviser or administrator. 9 As described above, the structure and operations of registered funds are stringently regulated through a combination of disclosure requirements and restrictions on day-to-day operations by the Investment Company Act. 10 All securities are measured at fair value with the change in value reflected in earnings. Registered funds generally do not present many of the difficult or judgmental accounting issues found in operating company financial reporting, such as pensions, post employment benefits, deferred taxes, or intangible assets. Ms. Elizabeth Murphy March 28, 2013 Page 4 of 5 “internal staff” just for this purpose because they do not have employees. Second, in the case of registered funds, the internal audit function would not be assessing the processes and system of internal control of the listed company but rather conducting assessments of the external service providers. Many service providers maintain their own internal audit function, which helps strengthen the overall control environment of those organizations, and correspondingly, the overall control environments of the registered fund. An internal audit by a registered fund, therefore, would be duplicative of functions already performed by these service providers.11 Moreover, registered funds are likely to face difficulties in implementing an internal audit function, including a lack of authority and access, to “audit” effectively an external service provider.12 Implementing an internal audit function would increase costs for registered funds and ultimately for their shareholders, particularly in light of these structural and other obstacles. Given the substantive and stringent regulations that apply to funds under the Investment Company Act as described above, we do not believe that these increased costs are offset by any meaningful incremental benefit. Exceptions in NYSE and Nasdaq Listing Standards for Registered Funds The extent of the regulation that applies to registered funds has been long recognized by various exchanges, including the NYSE and Nasdaq. In this regard, the NYSE does not require closed-end funds and exchange-traded funds to comply with many of the corporate governance requirements of Section 303A of the Listed Company Manual, including the requirement to have an internal audit function. The NYSE stated that it considered these requirements “unnecessary for closed-end and open-end management investment companies that are registered under the Investment Company Act of 1940, given the pervasive federal regulation applicable to them.”13 Similarly, when Nasdaq previously implemented comprehensive corporate governance requirements for its listed issuers, it acknowledged the “pervasive system of federal regulations in certain areas of corporate governance” applicable to registered funds and therefore exempted closed-end funds and exchange-traded funds from many of the corporate governance requirements of its Rule 5600 11 Most major service providers issue SSAE No. 16 Reports. See supra note 7. 12 To the extent that the proposed rule contemplates a more in-depth traditional audit level review of various functions, the ability to audit an unaffiliated service provider may be more difficult because such service providers may be reluctant to allow an outside party to scrutinize their proprietary systems, processes, technology or resources at that level, or even if willing, may not be able to do so for multiple fund clients. 13 NYSE Listed Company Manual § 303A.00 (2013). Ms. Elizabeth Murphy March 28, 2013 Page 5 of 5 Series.14 Under the current proposal, however, Nasdaq did not propose to exempt these funds from the internal audit requirement. We believe that the failure to do so may have been an oversight in light of Nasdaq’s other exemptions for registered funds and the fact that the proposed internal audit function requirement would not provide measurable benefits to registered funds or to their shareholders, as discussed above. Further, considering the potential additional costs that such a requirement would impose on fund shareholders and the availability of a NYSE exemption, the requirement could provide a disincentive for registered funds to choose to list on Nasdaq. Conclusion Although the proposed internal audit requirement may be necessary and appropriate for many types of issuers listed on Nasdaq, for registered funds, it is unnecessary given their unique regulation under the Investment Company Act, impractical given their unique structure, and inconsistent with the NYSE’s corresponding listing requirement. Accordingly, we request that Nasdaq Listing Rule 5615-4 be amended to exempt registered funds from its requirements. * * * We appreciate the opportunity to submit our comments on the Proposal. If you have any questions or need additional information, please contact me at (202) 218-3563, Bob Grohowski at (202) 371-5430, or Jennifer Choi at (202) 326-5876. Sincerely, /s/ Dorothy M. Donohue Dorothy M. Donohue Deputy General Counsel—Securities Regulation cc: David Strandberg Chief Counsel, Listing Qualifications, Nasdaq OMX 14 Nasdaq Listing Rule IM 5615-4 (2013).