Better Information Sharing Among Financial Services Regulators	 
Could Improve Protections for Consumers (29-JUN-04, GAO-04-882R).
                                                                 
GAO has long held the position that financial regulators can	 
benefit from improved information sharing. As regulators are	 
faced with the challenges of overseeing a myriad of financial	 
products, along with the individuals and organizations that	 
develop and sell them, information sharing among regulators	 
serves as a key defense against fraud and market abuses. However,
our system of financial regulation is fragmented and, in many	 
cases, isolated among numerous federal and state financial	 
regulators overseeing the securities, insurance, and banking	 
industries. While there has been a greater effort to improve	 
communication in recent years, the routine sharing of information
between the regulators of the three major financial		 
industries--securities, insurance, and banking--continues to be a
source of concern. At Congress' request, we have issued reports  
and testimonies in recent years discussing the benefits of	 
improved sharing of criminal and regulatory information and the  
consequences of failing to adequately share such information.	 
This report focuses on three areas where greater attention is	 
needed to improve information-sharing capabilities among	 
financial services regulators. First, we highlight the need for  
insurance regulators to have more consistent access to the	 
Federal Bureau of Investigation (FBI) nationwide criminal history
data. Second, we discuss the importance of sharing regulatory	 
enforcement data as a tool to prevent the migration of		 
undesirable people, or rogues, from one industry to another.	 
Third, we present the results of new work assessing the 	 
regulatory oversight structures for certain hybrid financial	 
products and the extent to which regulators share consumer	 
complaint data that may be relevant to multiple regulators in a  
routine, systematic fashion. Finally, we highlight challenges to 
improving information sharing among financial regulators.	 
-------------------------Indexing Terms------------------------- 
REPORTNUM:   GAO-04-882R					        
    ACCNO:   A10771						        
  TITLE:     Better Information Sharing Among Financial Services      
Regulators Could Improve Protections for Consumers		 
     DATE:   06/29/2004 
  SUBJECT:   Information disclosure				 
	     Information resources management			 
	     Internal controls					 
	     Strategic planning 				 
	     Interagency relations				 
	     Computer matching					 
	     Federal/state relations				 
	     Regulatory agencies				 
	     Fraud						 
	     Crime prevention					 
	     Financial institutions				 

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Product.                                                 **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************
GAO-04-882R

United States General Accounting Office Washington, DC 20548

June 29, 2004

The Honorable Michael G. Oxley
Chairman
Committee on Financial Services
House of Representatives

Subject: Better Information Sharing Among Financial Services Regulators
Could Improve Protections for Consumers

Dear Mr. Chairman:

GAO has long held the position that financial regulators can benefit from
improved information sharing.1 As regulators are faced with the challenges
of overseeing a myriad of financial products, along with the individuals
and organizations that develop and sell them, information sharing among
regulators serves as a key defense against fraud and market abuses.
However, our system of financial regulation is fragmented and, in many
cases, isolated among numerous federal and state financial regulators
overseeing the securities, insurance, and banking industries. While there
has been a greater effort to improve communication in recent years, the
routine sharing of information between the regulators of the three major
financial industries-securities, insurance, and banking-continues to be a
source of concern.

At this Committee's request, we have issued reports and testimonies in
recent years discussing the benefits of improved sharing of criminal and
regulatory information and the consequences of failing to adequately share
such information. This report focuses on three areas where greater
attention is needed to improve information-sharing capabilities among
financial services regulators. First, we highlight the need for insurance
regulators to have more consistent access to the Federal Bureau of
Investigation (FBI) nationwide criminal history data. Second, we discuss
the importance of sharing regulatory enforcement data as a tool to prevent
the migration of undesirable people, or rogues, from one industry to
another. Third, we present the results of new work assessing the
regulatory oversight structures for certain hybrid financial products and

1In this report, financial regulators are the regulators of the financial
services industries.

                                Results in Brief

the extent to which regulators share consumer complaint data that may be
relevant to multiple regulators in a routine, systematic fashion.2
Finally, we highlight challenges to improving information sharing among
financial regulators.

We conducted our work in accordance with generally accepted government
auditing standards. For our work related to the first two objectives
concerning access to criminal and regulatory history data, respectively,
we relied primarily on previous GAO work. To address the third objective,
we conducted new work related to regulatory oversight and information
sharing associated with hybrid financial products. For more information
concerning the scope and methodology of this recent work, please see
enclosure I.

Financial regulators face challenges in accessing and sharing information
relevant to their oversight responsibilities, including information
related to criminal history data, regulatory enforcement actions, and
consumer complaints. Specifically, we found that many state insurance
regulators, unlike their counterparts in the banking, securities, and
futures industries, continue to lack the legal authority to access the
FBI's nationwide criminal history data. According to information obtained
from state regulators and the FBI, fewer than one-third of the states have
taken actions that current federal law requires for them to have such
authority. Consequently, regulators in other states cannot be sure that
they are protecting insurance consumers from fraud by keeping individuals
previously convicted of serious criminal behavior out of the business of
insurance.

We also found that financial regulators generally did not have ready
access to all relevant data related to regulatory enforcement actions
taken against individuals or firms. Regulatory data are maintained by the
various financial regulators on separate information systems and are not
always readily accessible by one another, particularly by regulators
across different financial industries. If the regulatory history of
applicants cannot be readily accessed, financial regulators are hampered
in their ability to detect and prevent an unsuitable individual, or rogue,
from migrating from one financial services industry to another.

2In this report, hybrid financial products refer to those products having
both insurance-and securities-related features.

Similarly, our recent work shows that many financial regulators do not
share relevant consumer complaint data among themselves on certain hybrid
products (i.e., products with features and characteristics both of
insurance and securities) in a routine, systematic fashion. The different
regulatory structures that are involved in the oversight of hybrid
products and the array of systems used to capture complaints about them
create challenges for regulators and consumers for resolving problems that
can arise in the marketplace. We found that the regulatory oversight
structure associated with certain hybrid financial products can vary
considerably, depending on the product and where it is sold. Moreover, the
regulatory structure can change over time. Often multiple regulators can
have an oversight interest in a particular hybrid financial product. In
such an environment, it can be difficult for consumers to determine which
organization should receive a complaint. Furthermore, once a complaint is
received, it may be relevant to another regulator, either because it may
not have reached the most appropriate regulator or because the complaint
information could be of interest to multiple regulators. However, many
financial regulators do not share consumer complaint data with one another
in a routine, systematic fashion. Consequently, particularly in the case
of hybrid financial products, regulators may be unable to resolve
individual complaints because complaints have been directed to the "wrong"
regulator, or, because of a lack of complete information, an individual
regulator may not be able to fully assess the magnitude of problems
affecting certain companies or products.

While financial regulators generally support better sharing of regulatory
information, they also cited some concerns and barriers. These generally
centered around protecting confidential regulatory information from public
disclosure, as opposed to technological issues. Consequently, options or
proposals for improving information-sharing capabilities or tools among
financial regulators need to address concerns about sharing and protecting
different types of regulatory data that have varying degrees of
sensitivity. We encourage efforts to achieve improved information sharing,
balancing a regulator's "need to know" with the appropriate protections on
the information, so that financial regulators can better prevent the
migration of rogues and respond more effectively to problems that may
surface in the marketplace.

Most State Insurance Regulators Still Cannot Access Nationwide Criminal History
                                      Data

Many state insurance regulators continue to lack the appropriate authority
to perform thorough criminal history checks on individuals trying to enter
the business of insurance.3 One of the important functions of a financial
regulator is licensing or approving the people who apply to work in the
industry. The first line of defense against fraud is to keep known
criminals and other inappropriate individuals out of the
business-particularly when that business is handling other peoples' money.
However, in previous work, we reported that many state insurance
regulators, unlike their counterparts in the banking, securities, and
futures industries, do not have the authority to obtain FBI nationwide
criminal history data.4 Today, the situation remains much the same.
According to officials from the FBI and the National Association of
Insurance Commissioners (NAIC),5 of the 50 states and the District of
Columbia, only 16 state insurance departments have the authority under
current federal law to access nationwide criminal history data maintained
by the FBI. NAIC has developed model state legislation for states to gain
access to the FBI data for purposes of conducting criminal history checks
on industry applicants. However, NAIC also maintains that the fastest way
to grant state insurance departments access to the FBI's fingerprint
database in a uniform fashion is by federal statute without the need for
subsequent state legislative action.

One mission of financial regulators is to protect the public by ensuring
that people with a history of dishonest behavior are not allowed the
opportunity to continue such behavior as representatives of banks,
securities firms, or insurance companies. In our previous report, which
described an insurance investment scam perpetrated by Martin Frankel, who
masterminded the theft of over $200 million from several insurance

3The FBI and the National Association of Insurance Commissioners provided
information on the state insurance departments authorized to obtain FBI
criminal history information.

4U.S. General Accounting Office, Insurance Regulation: Scandal Highlights
Need for Strengthened Regulatory Oversight, GAO/GGD-00-198 (Washington,
D.C.: Sept. 19, 2000); Insurance Regulation: Scandal Highlights Need for
Strengthened Regulatory Oversight,

GAO/T-GGD-00-209 (Washington, D.C.: Sept. 19, 2000); U.S. General
Accounting Office, Financial Services Regulators: Better Information
Sharing Could Reduce Fraud, GAO-01-478T (Washington D.C.: Mar. 6, 2001).

5NAIC, formed in 1871, is a voluntary organization of the chief insurance
regulatory officials of the 50 states, the District of Columbia, and four
U.S. territories. It does not have regulatory authority over the state
insurance departments. NAIC provides a forum for the development of
uniform policy when uniformity is deemed appropriate. It assists state
insurance regulators by offering financial, actuarial, legal, computer,
research, market conduct, and economic expertise to carry out financial
and consumer protection oversight functions.

companies during an 8-year period, we pointed out that most state
insurance departments lacked the regulatory tools to access the FBI's
criminal history databases. We reported that most state insurance
commissioners do not have the means to conduct nationwide criminal history
background checks on individuals to decide whether certain convicted
felons should be permitted to engage in the business of insurance. We also
recommended that the United States Attorney General, the president of
NAIC, and state insurance commissioners work together to establish a
mechanism by which state regulators can perform criminal background checks
on individuals to facilitate enforcement of the federal insurance fraud
prevention provision, 18 U.S.C. sec. 1033.6

We reiterated and amplified our discussion of this problem in subsequent
work. In testimony before two Subcommittees of this Committee in March
2001, we noted that among all financial regulators, only those regulating
insurance lacked the ability to routinely access national criminal history
data for the purpose of screening potential industry entrants.7 Then, in
June 2002, in the context of states' compliance with provisions of the
Gramm-Leach-Bliley Act (GLBA),8 we reported that some states' insurance
regulators do not conduct criminal history background checks as part of
their producer licensing requirements.9 As a result, other states that did
require applicant fingerprints and a criminal history screening were
reluctant to grant reciprocity to agents that had not previously met these
requirements. We noted that some state insurance departments in relatively
large markets were not willing to lower their standards on certain
licensing requirements, such as criminal history checks using

6Under 18 U.S.C. S: 1033, a person who has been convicted of any criminal
felony involving dishonesty or a breach of trust or any offense described
in the section may engage in the business of insurance only through the
written consent of an insurance regulatory official authorized to regulate
the insurer.

7GAO-01-478T.

8Pub. L. No. 106-102 (1999). In Subtitle C of Title III, GLBA called for a
majority of states to either adopt uniform producer licensing laws or
reciprocate with other states in the licensing process by November 2002 to
avoid the establishment of a body, the National Association of Registered
Agents and Brokers, which would take over producer licensing functions
from the states. In 2002, NAIC certified that the majority of states
satisfied the provisions in GLBA by reciprocating with other states in the
licensing process. However, some states did not reciprocate at the time
because they were reluctant to accept industry applicants who were
licensed in other states that use less stringent licensing standards.

9U.S. General Accounting Office, State Insurance Regulation: Efforts to
Streamline Key Licensing and Approval Processes Face Challenges,
GAO-02-842T (Washington D.C.: June 18, 2002).

         Regulators Lack Ready Access to Each Other's Enforcement Data

fingerprint identification. We concluded that in-depth criminal background
checks through fingerprinting strengthened consumer protections and
endorsed efforts to achieve uniformity among state regulators using such
requirements.

In light of our findings, we have recommended that state insurance
regulators be granted access to the nationwide criminal history data that
FBI maintains. To properly screen industry applicants who desire to enter
the insurance industry, insurance regulators need the appropriate
authority to access nationwide criminal history information on
individuals. If all state insurance regulators had the authority to access
this criminal history data, this would put them on more equal par with
other financial regulators in the banking, securities, and futures
industries.

Information on regulatory enforcement activities, in addition to criminal
history data, is vital to effective oversight, but is not always readily
accessible among financial regulators across different industries.
Criminal behavior is not the only reason for a regulator to bar an
individual from participating in a regulated industry. Regulators also
take disciplinary actions against individuals who have been found
responsible for breaking rules or regulations that are in place to protect
customers. In these instances, enforcement actions can result in
individuals being banned from returning to work in the industry or state
where they broke the rules. Such enforcement history would be critical to
a regulator in a different financial services industry or state if one of
these individuals sought a license to operate in a different industry or
location. But, if regulatory information about an individual is not widely
known or made available/distributed, little prevents a rogue from moving
to a different financial industry or state, lying on an application, and
beginning again to engage in unscrupulous activities. The only way to
detect and prevent this "rogue migration" is good regulatory information,
widely shared. Financial regulators have taken some steps to improve
information sharing among themselves and between industries, but generally
they do not have direct, ready access to each other's regulatory
information.

Each regulator faces the challenge of ensuring that individuals who have
been involved in improper activities in one state or financial industry
are unsuccessful in attempting to move to another. Accordingly, financial
services regulators generally maintain background and disciplinary data

on individuals and entities in their particular financial industry.10
Within the insurance, securities, and futures industries, where regulators
have authority to license or register individuals to sell financial
products, this information is largely centralized on an industrywide
basis. Therefore, different regulators in each of these industries can
access systems and databases that provide background information on
individuals and entities, consumer complaints, and disciplinary records
within that industry. In the banking industry, where regulators do not
license or register individuals, we found that regulators also entered and
maintained background, regulatory history, lending practice, and complaint
data on entities and some individuals. Such systems and databases are
decentralized among the separate banking regulators. Therefore, unlike the
"one-stop shopping" search capabilities available in other financial
industries, a search on an individual's regulatory history in the banking
industry could necessitate separate inquiries of the five regulators'
systems, though these queries are facilitated through Web-based
applications.11

Different financial regulators have taken some steps to improve
information sharing between industries. For instance, state insurance
regulators, represented by NAIC, and state securities regulators,
represented by the North American Securities Administrators Association
(NASAA),12 have formed a working group to familiarize one another with the
regulatory systems and tools available in their respective industries. In
May 2004, NAIC and NASAA hosted a joint educational seminar to facilitate
this effort. We also observed examples where state securities and
insurance regulators have developed procedures for requesting each other's
regulatory information or providing limited access to such data. Moreover,
many regulators, recognizing the need to share regulatory data with other
financial regulators, have established bilateral informationsharing
agreements to access external regulatory information.

10Regulatory background information would, among other things, include the
licensing or registration status and employment history of an individual.

11For the purposes of this report, the term "federal banking regulators"
includes the Federal Reserve Board, Office of the Comptroller of the
Currency, Office of Thrift Supervision, Federal Deposit Insurance
Corporation, and National Credit Union Administration.

12NASAA, organized in 1919, is a voluntary association whose membership
consists of 66 state, provincial, and territorial securities
administrators in the 50 states, the District of Columbia, Puerto Rico,
Canada, and Mexico. In the United States, NASAA represents the 50 state
securities agencies and provides information and expertise related to
capital formation and investor protection.

Financial regulators collect and maintain several types of regulatory data
with varying degrees of sensitivity that merit consideration of how such
data should be shared. In previous testimony before this Committee, we
noted discussions with financial regulators and Committee staff that have
identified several types of data, aside from those related to licensing
and employment history, that could be useful to regulators in detecting
fraud and limiting its spread from one financial industry to another.
These data types include 1) completed disciplinary or enforcement actions,
2) consumer complaints, 3) ongoing regulatory investigations, and 4)
reports of suspicious or unverified activity that merit regulatory
attention, but may not yet rise to the level of a formal investigation.
Generally, regulators are more comfortable with sharing regulatory
information on closed, adjudicated enforcement actions and less
comfortable sharing data that may be unsubstantiated. While some of these
data types may not be sufficient by themselves to support a regulatory
action, such as a disqualification for registration or a license, if
regulators were to have the information available, it could prompt them to
ask more probing questions or conduct further checks to ensure the fitness
of industry applicants. In the Frankel case, although Frankel himself
reportedly used aliases and fronts to perpetrate an insurance investment
scam, one of the individuals who appeared to have provided funds to
purchase the first insurance company in this scam, which was subsequently
looted of its assets, had a disclosure item involving complaints and
settlements in the securities industry. If regulators had interviewed that
individual to discuss past regulatory incidents and probed further, they
may have uncovered the scam before any assets were stolen.

While each regulator keeps data on miscreants identified in its own
regulated institutions or industry, financial regulators generally do not
have ready access to enforcement data maintained by regulators in other
financial industries. Moreover, as highlighted earlier, financial
regulators maintain their enforcement data on separate information systems
within different industries. Generally, access to regulatory data can be
accomplished on an information request basis, but direct, ready access to
regulatory data on separate information systems in different industries is
generally not available. For instance, NAIC maintains centralized data on
disciplinary actions regarding companies and individuals that can be
accessed by insurance regulators and industry producers, but financial
regulators in other industries generally do not have direct access to this
information. Some financial regulators do provide public access to names
of individuals and/or firms that have had enforcement action(s) taken
against them while others do not. Therefore, in the absence of a means to
link or search the various financial regulators' information systems, a

Varied Oversight Structures for Hybrid Products and Lack of Information Sharing
                           Hinder Consumer Protection

comprehensive regulatory background check on an individual would require
separate queries for information on numerous systems, some publicly
available and some not. Consequently, accomplishing routine, comprehensive
regulatory background searches on individuals throughout all the financial
services industries and regulatory entities remains difficult and
impractical. At the same time, through the Sarbanes-Oxley Act,13 Congress
has provided more explicit authority for financial regulators to consider
and take actions based on the regulatory history of industry applicants.
However, without an effective way of routinely checking the regulatory
records of multiple industries and agencies throughout the financial
services sector, some individuals who self report false information on
licensing and chartering applications are more likely able to avoid being
detected by regulators.

The multiplicity of regulators that are often involved in the oversight of
hybrid products and the array of information systems that can capture
complaint data create challenges for regulators and consumers to resolve
market problems that may arise. In our current work on regulatory
oversight and information sharing associated with hybrid financial
products (i.e., products with features and characteristics both of
insurance and securities), we found that the regulatory structures for
such products can vary considerably. Often, multiple financial regulators
can have an oversight interest in the creation and sale of hybrid products
and the mix of regulators involved can vary depending on the product and
where it is sold. Additionally, the manner in which consumer complaint
data are collected and stored also varies considerably among the financial
regulators and industries. When a consumer has a problem with one of these
products, commonly complex and risky by nature, he/she may find it
difficult to determine where to send the complaint. Once complaints are
received, financial regulators are hindered in their ability to fully
understand the extent of known problems with a particular financial
product because they lack the ability to access and analyze relevant data
from each other's complaint systems in a routine, systematic fashion. In
an

13Under section 604 of the Sarbanes-Oxley Act, Pub. L. No. 107-204 (2002),
SEC may consider the regulatory history of an individual in deciding on
the individual's fitness for registration as a broker, dealer or
investment advisor. Specifically, the SEC is authorized to limit, suspend,
or revocate the registration of persons who have been barred or subjected
to sanctions by a state securities, banking, or insurance regulator
because of fraudulent, manipulative, or deceptive conduct. See 15 U.S.C.
S: 78o (b)(4)(H) (2000 & 2003 Supp.).

environment where several regulators can have an oversight interest in a
product, we found numerous examples of complaints received by one
regulator that perhaps should have gone to another, or which, at the
least, would have been of interest to another regulator(s). At the same
time, we also observed that financial regulators have limited means for
sharing relevant complaint data with one another.

Oversight of Hybrid Products and the Regulatory Systems Used to Track Complaints
Vary

The regulatory oversight of hybrid financial products can vary
considerably depending on the type of product and where it is sold. In our
review of variable annuities, equity-indexed annuities, and viatical
settlements, we found that multiple regulators from the securities and
insurance industries can have oversight responsibilities and overlapping
interests in a particular hybrid product. Moreover, the oversight
structure can differ from state to state and can change over time,
reflecting continued differences among regulators and industry
participants over how such products should be regulated.14 Figure 1
highlights differences in how these three types of hybrid products are
generally regulated.

14Regulatory oversight of some hybrid products could change over time, as
debates continue over which regulatory entity is best suited for a
particular product. For instance, a key debate among financial regulators
is whether or not sales of variable life and annuity products should be
regulated as insurance or securities products at the state level. State
securities regulators have argued that they have greater
securities-related expertise and more comprehensive oversight to help
ensure that sales of such products are suitable for the investor as
compared to their insurance counterparts. Securities regulators also
maintain that they have more enforcement authority and tools to pursue
cases of sales practice abuse tied to variable products. In contrast,
insurance regulators and industry representatives maintain that oversight
of variable products as securities at the federal level coupled with
oversight as insurance at the state level is sufficient. Parties opposed
to state securities oversight of variable product sales argue that such a
regulatory framework would create "four layers" of regulatory
oversight-SEC, NASD, state insurance departments, and state securities
departments-resulting in greater costs and duplicative regulatory
functions. Recently, both securities and insurance regulators have each
developed legislative proposals to help strengthen their regulatory
authority over sales practices tied to sales of variable insurance
products.

Figure 1: Regulatory Oversight of Hybrid Products Varies Depending on the
Type of Product and the State Where It Is Sold

Notes: Equity-indexed annuities and viatical settlements are generally not
registered as securities with SEC, though SEC can assert oversight based
on the unique facts and circumstances of a particular product.

Some state insurance and securities regulators have statutory authority to
regulate viatical settlements. Additionally, in states where securities
regulators do not have explicit statutory authority on viatical
settlements, most securities regulators have taken the position that
investments in such products are investment contracts and believe they
should be treated as securities.

Different regulators bring different oversight roles and functions to the
table in the regulation of hybrid financial products-differences that are
important when a consumer needs help to resolve a problem with a hybrid
product. For example, a hybrid product that is considered to be a security
by federal securities regulators must be registered with the SEC, which
ensures that the product's literature contains the appropriate disclosures
to inform the investor of the product's potential risks. However, SEC
generally delegates its oversight of broker-dealer firms and the sales
practices of individual brokers to several industry organizations and
financial exchanges. These are known as self-regulatory organizations
(SROs) and include NASD (formerly the National Association of Securities
Dealers) and the New York Stock Exchange (NYSE), which regulate the sales
practices of their member firms and individual sales agents. State
financial regulators-banking, insurance, and securities-also play an
important role, augmenting the oversight provided by federal regulators or
national SROs.

Variable annuity products are regulated as securities by the federal
government but also fall under the authority of state insurance and
securities regulators. Variable annuities combine traditional life
insurance annuity contracts with an investment component that is
nonguaranteed and can fluctuate with market-based earnings (or losses).15
At the federal level, the SEC regulates the registration of variable
annuity products. Under federal law, variable annuity products registered
by the SEC are generally exempt from registration with state securities
regulators. In addition, NASD regulates the sale of these products by
broker-dealers. At the state level, the insurance companies that offer
variable annuities generally fall under the jurisdiction of insurance
regulators, though sales of such products can also fall under the
jurisdiction of state securities regulators, or some combination of both
regulators, depending on the state.

In contrast with variable products, equity-indexed annuities are generally
not subject to federal oversight and thus are typically regulated by state
insurance regulators. While equity-indexed annuity products also encompass
a market-based investment component, they provide a guarantee on earnings,
often in return for less participation in market gains, to ensure that the
purchaser will not incur losses on the investment in a market downturn.16
Although SEC has previously solicited comments

15Variable annuities were first introduced in the 1950s and are a
multibillion dollar business in the United States, with sales of variable
products exceeding $94 billion through the first three quarters of 2003.
Variable annuities are designed to provide tax deferral benefits of
annuities. Under an annuity contract, an insurer agrees to make a series
of payments for a specified period or for the life of the contract holder,
providing insurance against the possibility that the contract holder will
outlive his or her assets during the period covered under the contract.
The payments are either fixed or may vary from payment to payment. The
cash value of the contract is invested in an insurer account, which offers
the contract holder a number of investment options. The contract holder's
premiums are typically allocated to mutual funds that invest in stocks,
bonds, money market instruments, or some combination thereof. The values
of the investment and the periodic payments vary, much like a securities
product, depending on the performance of the chosen investment option.
Variable annuities also have a death benefit. If a contract holder dies
before the insurer has started to make payments, a designated beneficiary
is guaranteed to receive a specified amount of money.

16Equity-indexed products are annuities or life insurance contracts on
which the returns from the annuities are credited to contract holders
using a fixed formula based on changes in an equity index such as the S&P
500. Equity-indexed annuities are different from fixed annuities because
they credit interest using a formula based on changes in the index to
which the annuity is linked. However, equity-indexed annuities are similar
to fixed annuities in that they guarantee a minimum interest rate. The
annuities are designed to protect holders against severe downturns in the
market. Total sales of equity-indexed annuities during 2002 reached
approximately $13 billion.

on whether or not to regulate such products as securities, it has
generally not asserted jurisdiction over such products.17 However, SEC
officials explained that oversight could be asserted based on the facts
and circumstances of an individual product. NASD does not oversee sales of
equity-indexed annuities, but does offer investor information about these
products while referring consumers to state insurance regulators for
questions concerning these products.

The regulatory structure for viatical settlements, involving the purchase
and sale of insurance policies where terminally ill policyholders
redesignate investors as beneficiaries on their policies in return for a
reduced cash benefit prior to their death, has evolved in response to
market abuses.18 When viatical settlements were initially introduced in
the late 1980s, financial regulators generally did not have explicit
authority to regulate them. As widespread sales practice abuses later
surfaced in connection with sales of viatical settlements, different
federal and state financial regulators sought increased authority to
address the apparent regulatory gap by seeking explicit authority over
such products. For instance, the Federal Circuit Court for the District of
Columbia has held that viatical settlements are not securities under
federal law and, therefore, are not subject to SEC jurisdiction.19
However, similar to equityindexed annuities, while such products are
generally not registered with SEC, the SEC has told us that it may assert
oversight on a case-by-case

17On August 20, 1997, SEC solicited comments on a Concept Release
concerning the structure of equity index insurance products, the manner in
which they are marketed, and other matters of consideration in addressing
federal securities law issues raised by equity index insurance products
(Release No. 33-7438; File No. S7-22-97).

18Viatical settlements are a more recent hybrid product, developed in the
late 1980s. Sales of viatical settlements have grown from $90 million in
1991 to approximately $1 billion in 2000. Viatical settlements are
contracts under which investors purchase an interest in the life insurance
policies of terminally ill individuals. When the insured individuals die,
the investors receive the benefit of the insurance. More specifically,
investors purchase policies (or parts of policies) at prices below the
value of the death benefits. Because of uncertainties in predicting when
someone will die, these investments are extremely speculative. If the
seller dies sooner than expected, an investor may receive a higher return.
But if the seller lives longer than expected, the return will be lower. An
investor can lose part of or all of his/her principal investment if the
person lives long enough that the investor has to pay additional premiums
to maintain the policy. This element of risk is a securities feature of
viatical investments.

19Securities and Exchange Commission v. Life Partners, Inc., 87 F.3d 536
(D.C. Cir. 1996), reh'g denied, 102 F.3d 587 (D.C. Cir. 1996). The SEC has
taken action for fraud against enterprises that sell securities backed by
viatical settlements, however. See. SEC Litigation Rel. No. 18346 (Sept.
11, 2003).

basis depending on the facts and circumstances of a particular product or
situation. At the state level, the oversight structure for viatical
settlement products changed over time from that of little effective
regulation to that where most states have taken some legislative or
regulatory action to strengthen their regulatory tools and oversight of
such products. However, substantial variation still exists. Information
from state insurance and securities regulators shows that states now
regulate such products either through their insurance departments,
securities departments, or some combination of both. However, a handful of
states still do not specifically address the regulation of viatical
settlements. Moreover, even in states with a regulatory structure in
place, the fraudulent sale of these products continues to harm consumers
in the marketplace, as evidenced by the recent uncovering of a widespread
viatical-related scam, where investors reportedly may have lost up to $1
billion.20

A number of regulators collect consumer complaint data about securities
and insurance products, including hybrid products, but once complaints are
received, they are handled differently. Within the securities industry,
regulators at the state and federal levels collect complaints using their
own separate information systems, but not all complaint data are shared in
a systematic fashion. For example, according to NASAA officials, state
securities regulators use their own systems for tracking complaints they
receive. NASAA officials also explained that complaint data collected by
state securities regulators vary in the level of detail, and only the
number of complaints are aggregated on a nationwide basis.21 Some consumer
complaints that result in settlements or arbitrations above a certain
dollar threshold are entered into the Central Registration Depository
(CRD), a system with information on broker-dealer firms and individuals,
including disciplinary data related to enforcement actions, that is
jointly maintained and operated by NASD and NASAA. Meanwhile, SROs such as
NASD and NYSE do consolidate complaint data on a nationwide basis,
requiring their

20In May 2004, SEC and other federal and state regulators shut down the
operations of Mutual Benefits Corp. in Florida to halt an alleged billion
dollar fraudulent securities offering. Regulators are attempting to
recover what is left of the $1 billion on behalf of investors in this
scandal, which follows several other scandals in the viatical industry in
recent years. In February 2002, the House Financial Services Committee
held a hearing on fraudulent activities taking place in conjunction with
viatical sales in the marketplace.

21NASAA officials indicated that they send their members an annual survey
focusing on completed enforcement actions. In addition, from time to time,
NASAA surveys its members on a variety of specific issues, often in
response to requests for information from congressional committees. NASAA
officials also mentioned that the last two surveys included a question
designed to gather information on the number of complaints received.

member firms to enter records of consumer complaints received into an
information system maintained by the SRO.

Within the insurance industry, both state regulators and insurance firms
also record information on consumer complaints but, again, all the
available data are not shared with other regulators. State insurance
regulators receive and record consumer complaint data on their own
systems. However, in contrast with their state counterparts in the
securities industry, state insurance regulators have developed a mechanism
for consolidating records of closed consumer complaints on a nationwide
basis within NAIC's Complaints Database System (CDS). State insurance
departments periodically send data on closed consumer complaints to NAIC,
which consolidates them into CDS. However, NAIC officials acknowledged
that complaint submissions to CDS are voluntary and that not all states
that participate are consistent in reporting their complaints information
to NAIC for inclusion in CDS. Furthermore, the complaint data in CDS is
only accessible by insurance regulators and is not shared with securities
regulators in a routine, systematic fashion.22 Also, insurance regulators
do not have a system for collecting and consolidating complaints made to
insurance firms on a nationwide basis, in contrast to the SROs in the
securities industry. Thus, because of the varying ways that complaint data
are collected, the available consumer complaint data is not complete,
accessible, nor shared fully, either within or between industries.

Different Regulatory Systems and the Absence of a Capability to Share Relevant
Complaint data Create Challenges for Consumers and Regulators

The varied regulatory oversight structures associated with hybrid products
and the lack of a systematic means for sharing relevant complaint data
pose challenges for consumers and regulators as problems in the
marketplace arise. As noted earlier, the mix of regulatory entities with
an oversight interest can vary depending on the type of product and the
state. The regulatory structure may also change over time as financial
regulators differ over which regulator is best suited for a given
oversight function. Given this complexity, a consumer's dilemma about
where to send a

22NAIC has implemented the Consumer Information Source (CIS), an
application available from its Web site, with public disclosure of
aggregate complaint data by company on a state-by-state basis. Consumers
may access the following from CIS: (1) the total number of complaints for
a selected company in each state, (2) the total number of complaints by
type of coverage, (3) the reason the complaint was filed and disposition
of the complaint, (4) the ratio of a company's market share of complaints
compared to the company's market share of premiums for a specific policy
type, and (5) the total complaint counts by year with the percent change
of counts between years.

complaint can be very challenging. For example, a complaint regarding a
fixed annuity that is sent to an NASD member firm may not be forwarded to
the appropriate regulator. Regulators also face challenges because many do
not have a capability for consistently and routinely sharing complaints
they receive that might be relevant to the oversight interests of other
regulators-either because another regulator has authority to resolve the
complaint or because the complaint is of general interest to multiple
regulators. Regulators in the securities and insurance industries
generally have systems for ensuring that consumer complaints are received,
investigated, and, where possible, resolved. However, consumer complaints
associated with a particular type of product are collected in various ways
among different regulators and systems. We found that many financial
regulators lacked the ability to share consumer complaints with other
regulators within the insurance or securities industries, or with other
regulators between industries, in a routine, systematic fashion.
Consequently, some consumer complaints may never reach the appropriate
regulator. Similarly, those complaints received by the appropriate
regulator for resolution may also be relevant to, but not shared with,
another regulator(s) that has some oversight responsibility. This can
hamper the ability of a given regulator to see "the big picture" and to
fully understand the magnitude of a problem associated with a given
company or product. With the continued growth of hybrid products, the
likelihood increases that regulators will receive complaints that could be
of interest to other regulators.

The most appropriate regulator for a consumer who has a problem with a
hybrid product will depend on the type of product and where it was sold.
For instance, a consumer who has a problem with a variable annuity would
need to determine which regulator oversees the product and where to send a
complaint for resolution-to the regulator or to the broker that sold them
the annuity. While SEC and NASD regulate the registration and sale,
respectively, of variable annuities at the federal level, oversight of
sales practices at the state level may fall under the jurisdiction of
either the insurance department or the securities department, depending on
the state. Accordingly, consumers would then have to decide where to go
for help-SEC, NASD, the state insurance department, the state securities
department, the broker-dealer firm itself, or perhaps some combination of
these. The scenario could be further complicated if the product were
purchased in a banking institution that also offered financial products
through an affiliated securities or insurance operation, because the
consumer would then also have the option of going to a banking regulator.
Finally, other organizations such as the states' Attorney General offices
may also receive complaints from their citizens. Figure 2 illustrates the

potential confusion facing a consumer trying to decide which regulator or
organization to contact with a complaint about some type of hybrid
product.

Figure 2: A Consumer Can Face a Dilemma over Where to Send a Complaint for
a Particular Hybrid Financial Product

While the focus of our work was not to assess the effectiveness or the
quality of the complaints systems of the various regulators, our review of
nationwide complaint data collected in both the securities and insurance
industries identified numerous examples where complaints received by one
regulator also appeared relevant to other regulators. For example, we
reviewed data from the complaints system utilized by NASD and its member
firms, commonly referred to as NASD's 3070 system.23 In 2002,

23NASD Rule 3070 requires that member firms record certain information on
consumer complaints received for statistical and regulatory oversight
purposes.

more than one-third of the complaints recorded in the system were related
to annuities or other insurance products, as shown in table 1. NASD
indicated that the data on the system captured complaints on variable
insurance products as well as fixed insurance products. Oversight of
variable life and annuity insurance products falls under the jurisdiction
of federal securities regulators (SEC and SROs such as NASD and NYSE) and
also typically falls under the jurisdiction of insurance regulators at the
state level. Fixed life and annuity insurance products generally fall
under the jurisdiction of state insurance regulators. While state
insurance regulators may have an oversight interest in some of NASD's 3070
complaint data, such as understanding the nature of the complaints
originating from consumers in their states, they do not have access to the
system. NASD officials told us that data reported by member firms under
Rule 3070 is generally not shared with insurance regulators, nor is there
a requirement to do so.24 Consequently, complaints on products in this
system that do not fall under NASD's jurisdiction, such as fixed
annuities, are not forwarded to the appropriate regulator.25 State
securities regulators we spoke to also mentioned that the 3070 system data
is not regularly shared with them.

24NASD does refer insurance-related complaints to insurance regulators
that are received directly from investors.

25Individual sales agents are often dually registered as broker-dealers as
well as insurance agents, allowing them to engage in sales of products
regulated as securities by SEC and NASD (e.g., variable annuities), as
well as products generally regulated solely as insurance by state
insurance regulators (e.g., fixed annuities).

Table 1: Number of Complaints Recorded in NASD's Rule 3070 System, by
Product Type (2000-2002)

                                      Product Type   2000     2001       2002 
                                         Annuities  2,743    4,936      5,579 
                           Certificates of deposit    7        86    
                               Commodities/futures    4        6     
                                 Commodity options    10       9     
                               Debt - asset backed    62       49    
                                  Debt - corporate   239      276         287 
                                    Debt - foreign    10       9     
                                  Debt - municipal   282      220         193 
                                       Debt - U.S.   189      130         139 
                                     Deposit notes    0        1     
                                Direct investments   242      230         162 
              Employee/employer stock option plans    12       14    
                                  Equity - foreign    49       42    
                                   Equity - listed  4,215    3,027      2,810 
                                      Equity - OTC  6,149    3,831      2,582 
                                 Financial futures    14       2     
                                     Index options    55       37    

                Insurance                  6,493    6,119           7,946 
          Managed/wrap accounts               17      78              128 
              Miscellaneous                3,013    3,199           3,369 
              Money markets                  899     381              316 
              Mutual funds                 5,227    5,835           5,945 
          No product identified            5,666    5,721           6,460 
                 Options                    1055     532              429 
                  REITs                       24      43               21 
         Unit investment trusts              109      97              105 
             Warrants/rights                  25      21               24 
              Wrap accounts                  335     217              247 

Grand count 37,145 35,148 37,005 Percent insurance-relateda 25% 31% 37%

aFor each year, the Percent Insurance-Related is the sum of the Annuities
and Insurance categories divided by the Grand Count.

We also reviewed nationwide complaint data available in the insurance
industry and again found many complaints that could also be relevant to
securities regulators. During our review of the available data in CDS
maintained by NAIC, we observed examples of complaints on variable life
and annuity products that also appeared relevant to securities regulators
that have primary jurisdiction over such products. However, because of
confidentiality concerns, financial regulators other than state insurance
regulators do not have direct access to CDS, though some aggregate data by
company is publicly available, as previously mentioned. NAIC officials
indicated that the complaint data in CDS is not shared with securities
regulators in a routine, systematic fashion.

 Challenges to Improve Regulatory Information Sharing Include the Protection of
                                 Sensitive Data

As we reported in previous work, generally speaking the concerns that
financial regulators expressed to us about sharing more regulatory
information with one another were not technological in nature; rather,
they centered around the need to protect sensitive data. In particular, in
providing comments on proposals for an information-sharing network,
regulators expressed concern over what specific regulatory information
might be appropriate to share, the types of entities that would have
access to such data, and liability issues surrounding the release of
unsubstantiated information.

Financial regulators generally did not express concern about sharing basic
regulatory history data on closed disciplinary or enforcement actions. The
majority of such information is already publicly available, although not
necessarily easily accessible. Such information could convey whether an
individual was registered in a particular financial industry and any
closed regulatory actions tied to the individual's activities in that
industry. The threshold of concern rises as the sensitivity of the
regulatory data rises, particularly when the information has not been
substantiated or pertains to an ongoing investigation. For example, in
previous work, several financial regulators pointed out that the untimely
release of information on an open investigation could jeopardize that
investigation and existing sources of information.

Regulators were also concerned about the release of regulatory data to
entities or individuals who do not have regulatory authority. In previous
testimony, we reported that financial regulators in both the banking and
securities industry believed that NAIC's status as a nonregulatory entity
was a barrier to releasing regulatory data to it, even though NAIC is
comprised of, and operates on behalf of, state insurance regulators. Also,
some financial regulators expressed concern over the varying degrees to

which individual states are obligated to protect regulatory information
and, thus, the different degrees of protection that could result as such
information is released among state regulators.

Additionally, regulators brought up concerns about the potential liability
associated with disclosing some of the information maintained in their
databases. Financial regulators noted that some of their regulatory data
are self-reported or otherwise unsubstantiated. Release of unsubstantiated
information, particularly with regard to customer complaints and open
investigations, raised liability concerns for some regulators. Regulators
noted that the appropriate sharing and use of this sensitive data must be
considered because of its highly prejudicial nature and the potential
detriment to the party in question. Some regulators also questioned
whether a proposed system or mechanism for sharing each other's regulatory
information would violate the Privacy Act's prohibition against the
nonconsensual disclosure of personal information contained in records
maintained by federal agencies. While there are numerous exemptions to
this prohibition, including the "routine use" exemption,26 regulators
cautioned that the Privacy Act and its goal of safeguarding individual
privacy should receive due consideration.

While the extent of regulatory information that should be shared remains
an open question, the regulators we previously contacted generally agreed
that some degree of information-sharing capability would be useful. From
our past work, most generally supported an approach whereby they would
share some basic regulatory information on individuals, such as whether or
not they were registered in another financial industry and had a
disciplinary record. Previously, we suggested that a needs assessment be
conducted to determine the data elements most useful to each of the
financial regulators and the extent to which each regulatory authority
would be obligated to safeguard the data it collects from its industry. A
key issue related to such an assessment is balancing one regulator's "need
to know" with another's need to safeguard or restrict confidential or
sensitive regulatory information. Additionally, from our previous work,
financial regulators emphasized that maintaining a centralized database
containing all of the regulatory data of each financial industry may be
costly and difficult to maintain. They pointed out that the vast majority
of

26The routine use exemption permits nonconsensual disclosure of personal
information when the internal use of the information that is disclosed is
compatible with the purpose for which it was originally collected.

Observations

applicants were not likely to be carrying a blemished regulatory history
from another financial services industry. Nevertheless, most financial
regulators appeared to support the concept of an information-sharing
approach that allows access to basic regulatory information to flag
problems disclosed by regulators in connection with an individual's
activities in other financial services industries.

Effective regulation depends on many factors. However, one of the most
important is the extent to which regulators have access to complete and
correct information. Financial regulators face challenges in accessing and
sharing information relevant to their oversight responsibilities,
including criminal history, regulatory enforcement, and consumer complaint
data. We have previously suggested that insurance regulators were at a
considerable disadvantage relative to regulators in other financial
industries because of their lack of access to FBI criminal history data.
This disadvantage continues to be a problem today. Similarly, in today's
world of technological innovation and converging financial markets, better
information sharing of both regulatory enforcement and consumer complaint
data within and between financial industries would improve the ability of
financial regulators to protect both individual consumers and the public
at large. In particular, regulators would be better positioned to
recognize and reduce the movement of rogues from one industry to another.
Furthermore, improving financial regulators' ability to readily access or
share relevant consumer complaints in a coordinated, systematic fashion
would not only improve their ability to resolve those complaints, but also
help them ascertain the overall magnitude of market problems with a given
product or company. Moreover, better and more consistent information
sharing may facilitate joint efforts to investigate and prosecute
fraudulent behavior in the financial services industries.

GAO has long advocated better information sharing among financial
regulators but recognizes regulators' legitimate concerns in connection
with the sharing of sensitive data. Legislative actions will be needed to
address issues related to the sharing of sensitive information.
Ultimately, the successful implementation of expanded or new
information-sharing capabilities or tools will depend on the extent to
which protections are in place to make financial regulators feel
comfortable in sharing sensitive regulatory information with one another.
Difficult issues must be addressed in order to make this a reality, and
regulators will have to overcome some level of inertia and resistance to
change. The Committee's continued endorsement and encouragement for
improvement in the

interindustry sharing of criminal and regulatory information should
provide an important impetus to succeed.

Agency Comments 	We requested comments on a draft of this correspondence
from SEC, NASD, NASAA, and NAIC. We received general comments and
technical suggestions from the Associate Director of the Division of
Investment Management of SEC, the Associate Vice President for Government
Affairs of NASD, the Director of Policy of NASAA, and the Executive Vice
President and Chief Executive Officer of NAIC. Officials from these
organizations responded that they generally concurred with the report's
findings and message and offered technical suggestions that we
incorporated where appropriate.

As agreed with your office, unless you publicly release its contents
earlier, we plan no further distribution of this correspondence until 30
days from its issuance date. At that time we will send copies to the
Ranking Minority Member of the Committee on Financial Services and to
other interested congressional members and committees. We will also make
copies available to others upon request. In addition, this report will
also be available at no charge on GAO's Web site, http://www.gao.gov.
Please contact me or Lawrence D. Cluff at (202) 512-8678 if you or your
staff have any questions about this report. Major contributors to this
report were Barry Kirby, Tarek Mahmassani, Angela Pun, Barbara Roesmann,
and Paul Thompson.

Sincerely yours,

Richard J. Hillman Director, Financial Markets and Community Investment

Enclosure I

In conducting our work, we reviewed the regulatory oversight structure for
different hybrid financial products and also collected and assessed the
nature of complaint data received by various financial regulators. To
understand the different regulatory entities that could have an oversight
interest in a particular hybrid product, we compared and contrasted the
regulatory oversight structures associated with three different hybrid
financial products-variable annuities, equity-indexed annuities, and
viatical settlements. To assess the extent and nature of regulatory
information sharing that occurred between financial regulators, we
reviewed how different regulators collected and consolidated consumer
complaint data, and highlighted examples where consumer complaints
appeared relevant to other regulator(s). The focus of our review was not
to assess the quality of the complaint systems data from regulators,
though we did collect some basic information related to data quality and
known reliability issues, but rather to generally understand the manner in
which such data are shared among regulators. During our work we
interviewed and collected information or regulatory data from officials at
the National Association of Insurance Commissioners, state insurance
regulators, the Securities and Exchange Commission, NASD (formerly the
National Association of Securities Dealers), the New York Stock Exchange,
the North American Securities Administrators Association, state securities
regulators, the National Futures Association, the Federal Reserve Board,
the Office of the Comptroller of the Currency, the Office of Thrift
Supervision, and the Federal Deposit Insurance Corporation. We conducted
our work between November 2002 and May 2004 in accordance with generally
accepted government auditing standards.

This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed in
its entirety without further permission from GAO. However, because this
work may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this material
separately.

GAO's Mission

Obtaining Copies of GAO Reports and Testimony

The General Accounting Office, the audit, evaluation and investigative arm
of Congress, exists to support Congress in meeting its constitutional
responsibilities and to help improve the performance and accountability of
the federal government for the American people. GAO examines the use of
public funds; evaluates federal programs and policies; and provides
analyses, recommendations, and other assistance to help Congress make
informed oversight, policy, and funding decisions. GAO's commitment to
good government is reflected in its core values of accountability,
integrity, and reliability.

The fastest and easiest way to obtain copies of GAO documents at no cost
is through the Internet. GAO's Web site (www.gao.gov) contains abstracts
and fulltext files of current reports and testimony and an expanding
archive of older products. The Web site features a search engine to help
you locate documents using key words and phrases. You can print these
documents in their entirety, including charts and other graphics.

Each day, GAO issues a list of newly released reports, testimony, and
correspondence. GAO posts this list, known as "Today's Reports," on its
Web site daily. The list contains links to the full-text document files.
To have GAO e-mail this list to you every afternoon, go to www.gao.gov and
select "Subscribe to e-mail alerts" under the "Order GAO Products"
heading.

Order by Mail or Phone 	The first copy of each printed report is free.
Additional copies are $2 each. A check or money order should be made out
to the Superintendent of Documents. GAO also accepts VISA and Mastercard.
Orders for 100 or more copies mailed to a single address are discounted 25
percent. Orders should be sent to:

U.S. General Accounting Office 441 G Street NW, Room LM Washington, D.C.
20548

To order by Phone: 	Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202)
512-6061

To Report Fraud,	Contact: Web site: www.gao.gov/fraudnet/fraudnet.htm

Waste, and Abuse in E-mail: [email protected]

Federal Programs Automated answering system: (800) 424-5454 or (202)
512-7470

Jeff Nelligan, Managing Director, [email protected] (202) 512-4800

Public Affairs 	U.S. General Accounting Office, 441 G Street NW, Room 7149
Washington, D.C. 20548
*** End of document. ***