Keynote Address at Compliance Week 2014

Commissioner Kara M. Stein

Washington, D.C.

May 19, 2014

Thank you, Matt, for your kind introduction. 

Before I begin my remarks, I am required to tell you that the views I am expressing today are my own and do not necessarily reflect those of the Commission, my fellow Commissioners, or the staff of the Commission.

I am pleased to join you this morning as the keynote speaker for your 9th annual conference.  Compliance Week is an important resource that helps all of us keep pace with, and understand, evolving global regulations.  It is an honor to be here with a deep bench of distinguished speakers to address an audience that cares so much about creating and maintaining a strong culture of compliance.  You, like the Commission, understand the power of prevention.  

Like many government agencies, and like you, we must live within our budget.  And we all are trying to figure out how we can do more with less.  I am certainly aware that together we are stronger than we are alone. 

We have worked as partners for a long time to protect our financial markets and investors.  We rely on you, the boots on the ground, to tell us what is going on in these markets and at your firms.  You rely on us to be smart, fair, and effective. 

This morning I want to talk to you about how we can help you do the best job possible, and how you can help us.  I have some ideas, but I need your input.  You live and breathe compliance and know what is realistic and what is not. 

Before I discuss how we can work together to better harness the power of prevention, it’s worth taking a moment to review why I think compliance is so important.

The Importance of Compliance

The importance of compliance was imprinted on me at an early age.  During one summer when I was in college, I worked at the Naval Nuclear Fuel Division of a firm that helped power over half of the U.S. Navy’s fleet during World War II.  And I was struck by the careful attention paid to both quality assurance and control. 

There was a team dedicated to improving production and processes to avoid issues that could lead to defects.  And this team worked to have all employees involved in the process.  While avoidance was the goal, everyone understood that problems could arise.  As a result, there were employees participating in quality control circles, where they scoured for defects and reported them to management.  The incentives to get it right were significant – quality control issues were one of the top reasons that the government contracted with the firm.  And, more importantly, robust quality assurance and control were essential to our national security. 

These guiding principles – quality assurance, quality control, and escalation – are just as important to our financial markets.  Every person in this room appreciates that, as you strive each day to promote compliance at your firms.

Thanks to your work, compliance is one of the strengths of American financial markets.  It gives individuals around the world the confidence to invest.  Those investments help businesses grow, prosper, and create jobs for millions of Americans.  They help our citizens buy homes, save for retirement, and pay for their children’s educations.  When compliance is lacking, confidence in our financial markets waivers.  And with it, so does the health of the entire economy. 

Investors rely on you.  The markets rely on you.  And regulators rely on you.  Firms must have good policies and procedures.  But more important than that, they need smart and dedicated people to implement and enforce best practices.

I know the job isn’t easy.  You also are being asked to do more each day, with the same or fewer resources.  And the nature of your role is evolving constantly.  The regulatory landscape is changing, most recently with a wave of new rules implementing the Dodd-Frank Act and the JOBS Act. 

And on top of these rules, you have to grapple with other challenges, such as cybersecurity and the increasingly global nature of business.  You have to anticipate, plan for, and adapt to changes.  I know it takes a lot of work, and I deeply appreciate the importance of your mission.

Make no mistake, you have great responsibility:  whether drafting and implementing policies, influencing executives’ decision-making, identifying risks, investigating allegations of misconduct, or reporting violations.

And you have some power.  It may not be superhuman power, but we need to help you tap the power you do have to maximize your potential to prevent misconduct.  Because the power of prevention is remarkable. 

It is something that cuts across disciplines.  We know that wearing a helmet when riding a bike can protect against serious head injury.  We know that focusing on preventive health care now will enable us to enjoy a higher quality of life later. 

Prevention is just as important to our financial markets.  We need figure out how to maximize it, and that means finding ways to empower you.          

When Compliance Fails

When compliance fails, investors and companies are harmed in very tangible ways.  I see this harm, up close and personal, every week as I wade through a stack of enforcement cases. 

The victims are diverse.  They are senior citizens, who have been deprived of their life savings.  They are pension plan investors, whose losses are felt by the dedicated public servants and communities that they serve.  They are issuers that may be tainted by insider trading in their securities by unrelated third parties.  And there is a larger harm that is harder to measure, but that affects our entire economy – a loss of confidence in our markets.[i]

The cases that I see also include a broad range of violations.  At one end of the spectrum, we have Ponzi schemes, offering frauds, and financial frauds.  But there also are examples of companies with poor controls that led to significant losses for investors.  In one recent example, a large asset manager overcharged its clients by half a million dollars because it failed to provide promised fee breakpoints.[ii]   And our staff’s recent examinations of advisers to private equity funds have uncovered striking deficiencies in how the funds are charging fees to their investors.[iii]   

Thankfully, the Commission has a dedicated enforcement staff that prosecutes a vast amount of misconduct.  Strong enforcement is critical for holding entities and individuals accountable, and for sending a strong deterrent message.  Unfortunately, enforcement actions are brought after the harm has occurred – the money often is gone, and the wronged investors can rarely be made whole. 

In addition, although the markets continue to grow by leaps and bounds, the Commission’s staffing and resources do not.  The data on this point is striking.  Over the last decade, the assets managed by SEC-registered investment advisers more than doubled to $55 trillion, and assets managed by registered investment companies now exceed $16 trillion. 

Yet over that same period, the number of SEC staff examining these advisers and companies has barely changed.  And these are just two of the many registrants under the Commission’s jurisdiction. 

This starkly illustrates why we – the Commission and each of you – must continue to work together.  We must leverage our collective resources to promote a strong culture of compliance that prevents misconduct before it occurs, and that corrects problems before they grow into serious violations.  This benefits our entire economy. 

The Role of Gatekeepers

So who is in a position, either within or outside a firm, to help?  In effect, who are the gatekeepers that are able to disrupt or prevent misconduct?  Certainly auditors and outside legal counsel can play this role.  As most of you know, it doesn’t stop there.  Executives, compliance officers, in-house counsels, and boards of directors also can help.    

Each of these persons is in a unique position to monitor and promote legal compliance.  Accountants and lawyers provide services that issuers need to access our capital markets. And their services are provided to multiple firms, which enables them to promote compliance broadly. 

Internal gatekeepers play just as vital a role in compliance.  Compliance officers must design, test, and update firm policies.  Firm management and the board generally must approve these policies and monitor compliance with them.  Executives, hopefully with the help of a good Chief Compliance Officer (CCO), must establish a strong “tone at the top.”  Because, as we all know, the compliance function won’t work without buy-in and commitment at the top. 

A recurring theme in many of the cases that I review each week is the failure of some of these important players or gatekeepers to disrupt or prevent misconduct.  This troubles me greatly, and I know it troubles all of you as well. 

How can the Commission help you make prevention more effective?  What are the best incentives?  Carrots?  Sticks?  Or both? 

First, let’s talk about sticks.  The Commission recently imposed a $200 million penalty against a large bank for misstating financial results and lacking effective internal controls.  This breakdown in controls, a core part of compliance, contributed to billions – yes billions – in trading losses.  The penalty was unprecedented for this type of case and is one of the largest penalties in the history of the Commission.  Yet it amounted to a tiny fraction of the firm’s net income for just one quarter.

If our actions become nothing more than a footnote in the litigation reserve section of a firm’s financial statements, or a brief media storm that can be easily weathered before it is back to business as usual, have we been effective? 

Or is it more effective to hold individuals to account?  The people who could have, and should have, prevented the harm?  This may help empower each of you in making the case to your clients and your firms that they should heed your advice. 

I applaud our enforcement staff for bringing some tough and important cases.  For example, we recently brought a financial fraud case against the Chief Financial Officer of a large public company,[iv] a case against a Chief Compliance Officer for violations of custody and compliance rules,[v] and a case against the directors of an investment company for failing to properly oversee the fair valuation of fund securities.[vi]

But one gatekeeper that often is absent from the list of cases I see every week are the lawyers.  Lawyers often serve as trusted advisers, and they give advice on almost every corporate transaction.  They prepare and review disclosures that investors rely upon – disclosures that are at the core of the Commission’s regulatory program.  And in most cases, they do a good job.  But when lawyers provide bad advice or effectively assist in a fraud, sometimes their involvement is used as a shield against liability for both themselves, and for others. 

Are we treating lawyers differently from other gatekeepers, such as accountants?  I think we should carefully review the role that lawyers play in our markets, with a view towards how they can better help deter misconduct and prevent fraud. 

Another critical partner is the CCO.  Many of you in the audience are CCOs, and I appreciate the important work that you do each day.  The CCO is a relatively new position, and the role has evolved significantly over time.[vii]

It is clear to me that the vast majority of CCOs are working hard and getting good results.  But many of you are nonetheless concerned about possible enforcement actions against CCOs.  There is a concern that charging CCOs will have the unintended consequence of weakening the compliance function.  I have heard it said that these cases may lead to a drop in the quality of CCOs, because the best candidates will not be willing to serve.  And those CCOs that remain willing to assume the role will be less effective because, for example, they may avoid certain functions such as participating in firm committees.  That is not the intention. 

If you read the facts in the cases we bring, you will see that they are not cases against CCOs that were promoting compliance.  Instead, they are cases against CCOs that were assisting fraud, ignoring red flags, not asking the tough questions, and not demanding answers. 

These cases should empower you within your firms to continue to be vigilant and assertive.  And know that we “have your back” when others try to prevent you from doing your job.  For example, the Commission recently brought a case against a portfolio manager for misleading the firm’s CCO by forging documents to conceal his failure to report personal trades.[viii]   

While these enforcement cases are important, carrots to incentivize the right behavior may be even more critical.  This, of course, raises an important threshold question – what is the right behavior?  It will depend on the type of gatekeeper, the role that he or she plays, and the facts and circumstances of each case.  For some gatekeepers, such as accountants, the role is well-defined.  For others, such as CCOs, it is less so. 

This creates uncertainty, which I believe is at the heart of the concerns that I’ve heard about CCO liability.  We owe it to you to remove some of this uncertainty so that you can fully unleash your power to prevent harm.    

One way to do this is for the Commission to provide guidance that sets clearer expectations on what it means to act appropriately.  And when those expectations are met, a CCO can have comfort that he or she will not face liability.   

What are the right expectations for CCOs?  Again, I need your input.  Should the Commission establish a minimum baseline of conduct for CCOs?  It could contain basic obligations, such as requiring the CCO to establish and implement policies, and escalate issues that arise.  And to whom should the CCO escalate issues?  Executives at the firm?  The board?  A firm committee?  And what happens if the CCO receives an unsatisfactory response?  There are no easy answers here, but we must make the effort to bring guidance and clarity to you on these issues.  And we need your help to get it right.

Attestations

I’d like to wrap up by discussing another tool that can strengthen your voice – attestations. 

I personally believe that having an executive sign an attestation leads to a more rigorous internal assessment of a firm’s business and regulatory capabilities.  Nothing focuses the mind like signing your name.  This strengthens a firm’s compliance program.  And it gives you some heft when making the case to your firms to bolster compliance.

In addition to the better known attestations from the Sarbanes-Oxley Act, attestations have been applied in other areas.  For example, chief executive officers of broker-dealers are required to make an annual certification concerning the strength of their compliance policies and procedures,[ix] and the new Volcker Rule includes one too. 

We should be considering attestations in new areas.  Should there be one for registered municipal advisors?  Or one for lawyers on the accuracy of issuer disclosures?     

Although attestations have costs, they can dramatically help avoid even greater costs down the road. 

Conclusion

I have covered a lot and want to leave you with two key thoughts.  First, compliance is a bedrock of good markets.  Second, we need your help to make compliance as strong as possible.  The American public and our financial markets are counting on us.   



[i] See, e.g., Mariassunta Giannetti and Tracy Yue Wang, Corporate Scandals and Household Stock Market Participation (January 2014).

[ii] In the Matter of Transamerica Financial Advisors, Inc., SEC Release No. IA-3808 (April 3, 2014).

[iii] Andrew J. Bowden, Spreading Sunshine on Private Equity (May 6, 2014).

[iv] SEC v. Diamond Foods Inc., SEC Release No. 22902 (January 9, 2014).

[v] In the Matter of Parallax Investments, LLC, SEC Release No. IA-3726 (November 26, 2013).

[vi] In the Matter of J. Kenneth Alderman, Jack R. Blair, Albert C. Johnson, James Stillman R. McFadden, Allen B. Morgan Jr., W. Randall Pittman, Mary S. Stone, and Archie W. Willis, SEC Release No. IC-30557 (June 13, 2013).

[vii] See Securities Industry and Financial Markets Association, White Paper: The Evolving Role of Compliance (March 2013).

[viii] In the Matter of Carl D. Johns, SEC Release IA-3655 (August 27, 2013).

[ix] Financial Industry Regulatory Authority Rule 3013.