October 3rd Briefing, Transformation

Information technology at the SEC Corey Booth Chief Information Officer “ Transformation and Innovation” National Press Club October 3, 2007

Today’s discussion

Overview – the Securities and Exchange Commission and the role of IT

Snapshots of specific initiatives

“ Interactive data”

Enforcement and examination systems

Ongoing challenges – what EA is teaching us

SEC strategic objectives “ The mission of the Securities and Exchange Commission is to protect investors; maintain fair, orderly, and efficient markets; and facilitate capital formation.”

IT: The key driver of agency productivity

Plus : Big rise in complexity

Globalization

Derivatives

Private equity/hedge funds

“ Democratization”

US equity market value 1993 2005 $6.2 trn $18.2 trn 9.3%/yr 6.6% after inflation BUT:

SEC staff/resources really can’t be expected to grow faster than GDP over the long term

IT is our single best lever for keeping up with our expanding mission

Our three-part strategy Program effectiveness Agencywide infrastructure and support IT management processes Electronic disclosure Workflow and content management Electronic discovery Analytical tools Staff productivity, flexibility, and support Technical “backbone” Back office systems Information security and privacy IT governance IT people management

Specific initiatives – Program Effectiveness Electronic disclosure Workflow and content management Electronic discovery Analytical tools

Interactive data initiatives and tools

EDGAR system modernization

Improvements to sec.gov

Enforcement portfolio management

Disgorgements and penalties

Examination management

“ Quick and dirty applications”

Document imaging/ e-discovery

Forensics lab

Qualitative risk assessment

Examination analytics

Specific initiatives – Infrastructure/Support Staff productivity, flexibility, and support Technical “backbone” Back office systems

ITIL service management

Remote access enhancements

Desktop/laptop refreshment and management

AV/scanning/faxing solutions

VOIP rollout

Storage/records management strategy

ITIL service management

Infrastructure services “re-outsourcing”

Data center footprint planning

Budgeting and procurement systems implementation

Financial system upgrade

Recent progress – IT management Information security and privacy IT governance IT people management

Awareness training

Patching and configuration policies

Access control

Monitoring tools and processes

Certification/ accreditation

Privacy policy review

Capital planning process redesign

Improved change control process

Enterprise architecture development

“ Human capital review”

360 º feedback

Managed professional development

Internet-based disclosure at the SEC

EDGAR – the heart of company disclosure (Electronic Document Gathering, Analysis, and Retrieval)

First electronic filing in 1986

First electronic dissemination in 1992

Web-based public access to filings in 1994

Real-time public access in 2003

Insider ownership and transaction filings incorporated in 2003

Full-text search in 2006

Today, a critical tool for US investors

700,000 filings annually

528 million online EDGAR searches at www.sec.gov

Secondary dissemination via third parties

Interactive data – the next big thing Overall goal: Transition filings from “paper-like” formats (such as HTML) to computer-readable format (such as XBRL)

Primary beneficiaries:

Investors, analysts, and other members of the public

Direct consumption

Indirect use through intermediaries

Secondary beneficiaries: Corporate and mutual fund filers Tertiary beneficiaries: SEC reviewers

From this…

To this

From this…

To this

Many interactive data possibilities

Financial reports (annual, quarterly)

Mutual fund prospectus information

Executive compensation

Mutual fund portfolio holdings

Consolidation/simplification of form libraries

“ Investor centric” improvements “ SEC centric” improvements

Compliance reports from regulated entities (mutual funds, broker-dealers, investment advisers, etc.)

Data interchange with regulatory partners (SROs, PCAOB, exchanges, etc.)

Portfolio management: Enforcement Referral and inquiry Investigation Litigation Financial management/ collections Distributions Document management/workflow Management reporting Phase 1 – Post-judgment management (2006-07) Phase 2 – attorney case portfolio management (2007-08)

Portfolio management: Examination Risk assessment and exam targeting Research/ preliminary data gathering Fieldwork and onsite data gathering Exam level assessment Reporting Document management/workflow Management reporting “ RADIUS” (2008+) RADAR (2007) OASIS (2008) “ eSTARS” (2008+)

The SEC’s enterprise architecture Technical reference model Data reference model Applications/services reference model Business reference model

Some challenges along the way

EA offers excellent frameworks for thinking about business technology

If “done right”, can truly draw linkages all the way from business strategy through the technical layers

BUT:

Can waste time looking for business-level commonalities where they don’t necessarily exist

Can focus too much on the business issues (!)

Sometimes misses the trees for the forest

What is the agency’s operating model? Level of information integration Business process standardization General Electric McDonald’s Citigroup Wal-Mart

What is the agency’s operating model? Level of information integration Business process standardization “ Current state EA” “ Future state EA” (Actual future state)

Lessons learned