The Securities and Exchange Commission is getting a makeover - and technology is playing a central role in the renovation. According to a recent report by Needham, Mass.-based research firm TowerGroup, the SEC's IT budget for 2005 - $113 million - is two-and-a-half times the commission's 2002 technology budget.
There have also been some major organizational changes within the SEC's IT division: a new chief information officer, Corey Booth, was hired in early 2004 and, of the 23 supervisory positions reporting to Booth, 20 have been filled by new hires, promotions or reassignments; only three are held by the same people who were there before Booth took the helm.
"In many ways, 2004 was about laying a foundation with regards to re-organization and starting to really think through what our IT strategy ought to be," says Booth. "2005 is Year 1 of the execution phase." According to Booth, the SEC's expanded IT budget will be spent on four key areas: upgrading technology infrastructure (i.e., telecom, hardware, storage, desktops), developing new applications, improving data management and expanding analytical capabilities.
While a $113 million IT budget is small compared to the amount of money being spent by many of the firms that the SEC oversees, Dushyant Shahrawat, a senior analyst at TowerGroup and author of the report, believes the increase in IT investments still will have a significant effect on overall institutional compliance spending. According to the report, for each additional budget dollar the SEC spends on internal efforts, the industry will spend $5 to ensure better compliance. "Going forward, there will be some visible impact on what firms will have to do with compliance spending and the amount that will be spent because there'll be a more active regulator on their backs," Shahrawat says.
Catch Up vs. Leg Up
Definitive plans for a massive technology overhaul at the SEC were long overdue. The commission previously relied on self-regulatory organizations such as the New York Stock Exchange and the National Association of Securities Dealers to invest in initiatives to identify potential violations in the industry and refer them to the SEC. But after a series of corporate scandals, including those involving Enron and WorldCom, garnered much criticism from the United States Congress and the public, the pressure to strengthen the SEC's effectiveness and restore investor confidence was greatly increased.
"Collective pressure was building up over the last five to seven years," explains Shahrawat. "I think one of the most telling statistics is between 1996 and 2000, SEC IT spending went up 2 to 3 percent at best, when the industry that it most oversees - the brokerage industry - their IT spending was going up 16 to 17 percent every year."
It became evident to all industry observers that there should have been a correlation between the SEC's technology spending and the IT spending of the industry participants that it regulates. Consequently, in August 2004, the SEC released the 2004 to 2009 Strategic Plan to make itself a more proactive, efficient and effective regulatory body. An integral part of the plan involves the successful implementation of state-of-the-art electronic-information discovery, workflow and content management solutions, and data-tagging format tools that will enable the agency to catch accounting and securities irregularities before they become major problems.
The new tools also will help the SEC to manage routine investigations better. "Today, we aren't as good as where we would like to be in terms of being able to organize and manage all of [our internal information]," says the SEC's Booth. "What these systems are going to allow us to do is manage the cradle-to-grave case within a single system."
TowerGroup's Shahrawat adds that while the SEC still has a long way to go before accomplishing all of its goals, industry participants will feel the impact of the plan this year - and for years to come. "I think between 2002 and 2003, it was more of a catch-up game" between the SEC and the more tech-savvy industry participants, he says. "But looking a little bit deeper in some of the projects the SEC has under way - definitely in the enforcement space - it seems to indicate that it's not just catch-up, it's actually now trying to get a leg up on the industry, which means the industry will then try to catch up to make sure they comply with all of this stuff."
Nasdaq Reacts to the SEC
Nasdaq anticipated the repercussions of the SEC's strategic initiatives early in the game. According to Steven Randich, Nasdaq's executive vice president and chief information officer, operations and technology, the exchange began considering a number of e-mail archival and retrieval solutions shortly after the SEC's plan was released. At the time, Nasdaq was using EMC Corp.'s SAN system with an automatic tape backup.
Randich points out that the main driver for the search for a new solution was the SEC's "more demanding and more specific" documentation retention requirements. Because the exchange has a wealth of historical data - regulatory data, market data, communications with listed companies, communications with broker-dealers - the commission often makes requests for data whenever it's investigating a financial firm.
"We get an average of three to four inquiries a year," says Randich. "It took us weeks and months to comply, ... which is too long for the SEC."
After considering solutions from various technology providers, including Mountain View, Calif.-based Legato (which was acquired by EMC), Nasdaq decided to replace its SAN system with the Reference Information Storage System (RISS) by Palo Alto, Calif.-based HP.
"We ultimately selected the HP system because it was very cost-efficient," relates Randich. "It's a single solution with the hardware and software, so you don't have to go to multiple vendors," he adds. Randich declines to disclose the exact cost of the system, but admits that it's six figures.
The project took six months from conceptualization, and RISS was implemented in April 2004. The system now is integrated into Nasdaq's backup recovery program, and Randich claims it's essentially an entirely hands-off process. Since Nasdaq runs on Microsoft Exchange, when e-mails come in, RISS listens to the Microsoft Exchange server, keys off the logging mechanism and saves all e-mails automatically, he relates.
"If an e-mail comes in that's immediately deleted by an employee ... it's already been saved on the system before the employee even got the e-mail to begin with," Randich explains. RISS provides topic-automated indexing so that the information in that e-mail, and the attachment, is automatically indexed by the name of the company and the name of the sender without the need for manual intervention.
Another benefit brought about by the new e-mail archival and retrieval system is that Nasdaq's technology team no longer has to get involved with the routine inquiries. Nasdaq's compliance and legal teams now handle the inquiries themselves, leveraging the system's graphical interface to do a search, using functionality similar to that offered by Google or Yahoo.
But perhaps the biggest payoff is the fact that RISS brought in quick returns on the investment. "We determined that we just needed one inquiry a year to basically get payback on the product," says Randich. "We installed it last spring and had two inquiries within that year, so it pretty much paid for itself two times over in the first partial year of implementation," he continues. "This year it's proving to be even more lucrative."