I would like to thank Chairman Schapiro and Rick Ketchum for their excellent keynote remarks.
I share their sentiment and respect for the incredibly important role that Chief Compliance Officers play in protecting our capital markets. I also share the sentiment of the fundamental principle that both of these speakers have often articulated — that investor interests should come first.
As you know, the views that I express here today are my own and do not necessarily reflect the views of the Commission or of my colleagues on the staff of the Commission.
Twenty five years ago last May, an obscure event occurred that highlights many themes that are important in today’s conference. As described in the book Den of Thieves by James B. Stewart, it was then that a Merrill Lynch compliance officer in New York received an anonymous tip, handwritten in broken English and postmarked Caracas Venezuela, about Carlos Zubillaga, a Merrill employee in Caracas. The letter highlighted suspicious trading activity by Zubillaga. Merrill conducted an internal investigation, which identified suspicious personal trading activity and violations of firm policy by other current and former Merrill employees connected to Zubillaga. Merrill terminated the employees involved, and turned the letter and its investigation over to the SEC. The Commission’s investigation eventually identified US investment banker Dennis Levine as the source of the inside information. Stewart’s account describes how Levine then implicated Ivan Boesky, and Boesky led the SEC to Drexel Burnham and Michael Milken. This incident has many lessons for effective compliance and enforcement. First, tips, complaints and referrals are critical to identifying problems and ferreting out wrongdoing. Second, diligent internal compliance, supported by a firm’s senior management, is an important line of defense. It is important to note that Merrill’s compliance department on this occasion had sufficient support from management to be able to summon employees from Caracas to New York to answer questions based largely on information from an unknown source, that management was willing to take strong disciplinary action, and that Merrill elevated the issue to its regulator. Third, aggressive and well-focused investigation by the regulator is also enormously important. The SEC and US Attorneys’ office did not rest in pursuing this investigation until every avenue was explored. Finally, crime does not pay!
I trust that many of you share the appreciation that, to be effective, compliance and ethics programs cannot exist in silos. Instead, I believe they need to be ingrained in the DNA of the organization and the decision-making framework of the organization. They need to be imbedded in the business process and at the table when strategic decisions are being made and new products are being developed. They need to be an integral part of performance measurement and management processes. And, they need to be part of the way business is done. After all, compliance programs and the work that you do every day add tremendous business value. They protect the business, they enhance the brand, they ensure that reputation is protected and that reputation risk is managed.
In Chairman Schapiro’s remarks, and in the panel to follow, you have
heard and will hear a great deal about the Dodd-Frank Act, and the
challenges and opportunities that it poses, for the compliance community
as well as for the regulators. There are a great many ways that the
Dodd-
Frank Act impacts our work. These will be discussed in detail in
the coming panels, so I won’t review them all here. Instead, I will talk
about the changes that we are making to our National Exam Program, which
will help us in many ways, not least by giving us a better chance to
reconcile the demands of Dodd-Frank and the resource limitations that we
currently face under a flat budget. I will also sketch some of the focus
we are placing on governance and enterprise risk management. Finally, I
will talk about some of our specific current priorities in the
broker-dealer exam program, including AML.
Since I joined the SEC a year ago, we have undertaken a comprehensive self-assessment of our strategy, structure, people, processes and technology. We identified numerous improvements and have initiated a transformation plan to implement these improvements in a structured and phased manner. Some highlights are noted below.
First, we are implementing a number of reforms to build an integrated National Exam Program that ensures consistency, effectiveness and efficiency. Second, we are implementing an enhanced risk-focused exam strategy that will enable us to better allocate and leverage our limited resources to their highest and best use as we work to protect investors, help to ensure market integrity and support capital formation. We have identified four key objectives to support this mission through our exam program:
We have also developed Key Performance Indicators to help us to measure our performance and impact of our National Exam Program relative to our mission objectives.
We are implementing numerous structural enhancements to support the implementation of a National Exam Program and a risk-focused exam strategy. These improvements are designed to facilitate teamwork and collaboration, and drive greater consistency, scale and accountability. Here are a few examples:
While our structural improvements are comprehensive, they are also designed to achieve specific outcomes. For instance, in addition to facilitating better teamwork and collaboration with the policy divisions, the governance structure also strengthens the OCIE/Enforcement partnership and speeds alerts, information hand offs, and transitions from OCIE Exam staff to the Enforcement Division, transforming the lines of communication and accountability.
Our initiatives regarding people have been focused on recruiting new skill sets that are critical to supervising our modern capital markets, building a leading practice training program, introducing mentoring, and building a culture of high-performance, teamwork and accountability. Here are some specific examples:
We have re-engineered our exam process end-to-end to streamline and focus on those activities that add the most value. With this process re-engineering we have designed a more risk-focused exam process, enhanced pre-exam preparation, improved multidisciplinary staffing, increased field supervision and strengthened our agility and ability to allocate resources to their highest and best use. In addition, we have introduced a number of new mechanisms to drive standardization, consistency and accountability across our National Exam Program. Here are some examples of these improvements:
We have focused our technology improvement initiatives on automating our exam process end-to-end, including risk assessment and surveillance; exam preparation; all key activities associated with exam execution, such as trade analysis; work paper management and data analytics and reporting. Here are some of our technology initiatives:
We are also focusing our exams on risk management as it pertains to corporate governance, enterprise risk management (ERM) and registrants’ internal controls. In doing so, we will be coordinating closely with our regulatory partners — other federal financial regulators, FINRA and the states. In a time of resource constraints we hope to realize three benefits from this approach: (i) this will keep us focused on the most significant risks; (ii) by focusing on a somewhat smaller but high-priority range of issues in each exam we will be able to extend our resources further; and (iii) engaging firms at a higher level of management will have a more effective impact on a firm’s culture.
The financial crisis revealed just how dramatically risk management failures can harm investors, jeopardize market integrity and hinder capital formation. It also revealed the interdependence between various risk categories (e.g., liquidity, funding, market, credit, operational, compliance and reputation risks), and demonstrated how that interdependence can accelerate risk concentration and harm to investors and markets. Finally, the financial crisis revealed the need for better oversight of risk at the board and senior management levels, and the need for stronger independence, standing and authority among risk management, control and compliance functions so senior management and the board understand the true risk in the business model and more proactive and effective risk management decisions can be made timely.
From an exam perspective, this involves understanding each registrant’s business model, products and asset classes, and evaluating the risks and conflicts that are inherent in that business model. It also means seeking an understanding of what kind of risk management governance and compliance control frameworks registrants have put in place to mitigate and manage that risk profile. I want to emphasize that we are keenly aware of the lessons learned from the financial crisis, as well as from Madoff, where we were roundly criticized for losing the forest for the trees by honing in on some issues and missing broader, systemic and far more serious problems in the organization.
As we increase our focus in these areas, we will generally want to understand how risk management is embedded in key business processes and decision-making at five levels:
In addition to looking at key risk management issues, such as executive compensation incentives, new product review, and model validation, our examiners will also seek to understand how effectively the firm is managing key risk and control processes. These include:
We will incorporate a strategic dialogue of the enterprise risk management framework into our exams so we can effectively distinguish the forest from the trees and then dive into targeted exams in focused risk areas (e.g., products, asset classes, business units) to test effectiveness.
Financial and Operational Risks. The NEP is very focused on financial risk management of broker-dealers. Liquidity, valuation, concentration and funding are therefore critical issues from a risk management perspective. We also want to understand the products and services that pose particular risk. Complex structured products are therefore a key exam concern, as well as variable annuities, leveraged ETFs, and fixed income, including municipal securities.
Trading Practices. With regard to trading practices the NEP continues to look at best execution and short sales. Our examiners are also seeking to better understand algorithmic trading, high frequency trading, sponsored access and key risk controls around these processes as technology drives so much of the speed and risk around the trading environment.
Sales Practices. The NEP is particularly focused on fraud or abusive sales practices in the retail distribution channel. We want to understand what registrants are doing to identify, mitigate and manage the risks in this area and ensure effective compliance supervision. This is a particular concern where there are independent or remote branches, particularly if there are registered representatives in those branches who have a disciplinary history. As mentioned previously, the NEP is also going to conduct examinations of firms and individuals that are dually registered as broker-dealers and investment advisers to look at sales practices and other issues.
Protection of Customer Assets and Information. Increased emphasis on protection of customer assets from fraud and misappropriation and protection of customer information from misuse means that independent third-party asset verification will continue to be a significant part of exams. The NEP is implementing streamlined versions of our methodology for asset verification so that we do a targeted review of different types of accounts and custody locations.
Pre-retirement issues are also an exam area. Prior joint exams with FINRA have been conducted in the retirement space, focusing on seniors (free lunch seminars) and good practices. The NEP will continue to focus on risks and concerns in that space, such as:
I would like to close by thanking you for coming together today to participate in this broker-dealer seminar. I very much look forward to an on-going dialogue.
Thank you very much.
1 The Securities and Exchange Commission, as a matter of policy, disclaims responsibility for any private statements by its employees.