Speech by SEC Staff:
"Regulation, Compliance and Responsibility"
Keynote Address at Structured Products Americas


Mary Ann Gadziala

Associate Director, Office of Compliance Inspections and Examinations
U.S. Securities and Exchange Commission

Coral Gables, Florida
May 4, 2006

The Securities and Exchange Commission disclaims responsibility for any private publication or statement of any SEC employee or Commissioner. This speech expresses the author's views and does not necessarily reflect those of the Commission, the Commissioners, or the other members of the staff.

Thank you very much for inviting me to deliver a keynote address at your inaugural "Structured Products Americas" conference. I am delighted to be able to share some of my thoughts on this important segment of the international capital markets. My principal focus today will be on the potential risks of complex structured finance products (in contrast to simple and standard products) and the management of these risks by financial institutions that originate or participate in them.

As you know, complex structured finance transactions are innovative financing techniques creating customized financing and investment products to suit the financial needs of customers. These transactions have experienced dramatic growth in recent years, and they have become increasingly more complex. Being customized, they are often unique, illiquid, and difficult to price. When used appropriately, they can add positive contributions to the efficiency of markets, risk management, and to the welfare of customers and overall financial and economic development. They may diversify risks, allocate cash flows, or reduce costs. Recent experience has also demonstrated that such transactions, particularly the most unique and complex, may expose institutions to elevated levels of risks - credit, market, risk modeling and operational risks. They may also subject firms to heightened legal and reputational risks. As demonstrated by the Enron transactions, which I will describe in more detail later, legal and reputational risks may also arise because of illegal activity by a firm's customer through transactions that are used by the customer to circumvent regulatory or financial reporting requirements, evade tax liabilities, or further other illegal or improper behavior by the firm's customer. Structured finance transactions, like so many other innovations are meant to improve the quality or efficiency of life. But when abused or misused, they may have negative consequences.

While there is no legal or technical definition consistently used to describe every possible type of structured finance transaction, many academic and regulatory studies note several characteristics. Three key characteristics of these customized structured products often cited are: (1) cash-based or synthetic linking of pooling of assets; (2) delinking the credit risk of the pooled assets from the originator of the credit, often through transfer to a special purpose vehicle (SPV) or other entity with a finite life; and (3) splitting or tranching the resulting liabilities within the structured product based primarily on risk levels, consequently producing different returns. Of course, there are structured products that may not have some or all of these characteristics - for example, transactions structured for principal protection, tax minimization, accounting cosmetics, or monetizations.

There is no doubt that structured financings have grown exponentially both in size and complexity in recent years. However, the imprecise definitions and non-public customized market for these products make it difficult to estimate the precise dollar amount of aggregate transactions. Nevertheless, recent research has provided some insights. Studies have estimated total funded structured finance issuances in 2000 was approximately $400 billion, rising to more than $1 trillion in 2004. The Bank for International Settlements (BIS) reported in November 2005, that credit default swaps bought, rose from $4.46 trillion (notional amounts) in December 2004 to $7.65 trillion in June 2005. BIS also reported that, according to their semiannual survey, notional amounts of OTC derivatives outstanding had risen to $270 trillion. It should also be noted that both origination and holdings of these complex financial products are concentrated in a very small percentage of the largest financial firms. This may raise concerns about general market stability risk due to concentration. Based on any measure, it is clear that structured finance and other derivative products are experiencing continuing significant and concentrated growth. With these developments, comes increasing responsibility to properly manage associated risks and to ensure that these complex products are used within the confines of the law.

The use of innovative financial products has become an increasingly significant means for credit transfers and enhanced risk management. However, this increased efficiency is only effectuated if all parties involved - the credit originator, the creator of the structured product, and the purchaser of the tranched liabilities or other portions of the products, have risk modeling and management capabilities that parallel their own respective risks, and that they conduct their activities consistent with all applicable laws. As a twenty-five year veteran of various regulatory and supervisory regimes and a current official in the U.S. Securities and Exchange Commission's (SEC's) Office of Compliance Inspections and Examinations, my focus for the remainder of my remarks will be on the critical role of risk management for those firms involved in any aspect of the design, offer, purchase or sale of structured finance products - particularly those involving complex structured finance transactions (CSFTs).

Structured finance transactions cover many different products with varying levels of complexity. Standard public mortgage-backed securities transactions, asset-backed commercial paper conduit transactions, or simple derivatives or collateralized loan obligations used for hedging are typically not considered complex. However, there are other more complex variations of structured finance transactions. Risk management may be particularly challenging with respect to such CSFTs because of their complexity. Complexity may arise, for example, from the loss distribution of underlying assets in the pool. In addition, tranching raises analytical complexity as it involves unique covenants for the allocation of principal and interest payments received from the pool, loss distribution, and redirection of cash flows under stress and other scenarios. Other risks involve the interaction of multiple sub-transactions within a CSFT, conflicts of interests, non-performance by third parties, legal risks from bankruptcies, and incomplete documentation and assignments. There is also the risk of being viewed as assisting potential violations by customers who may be using the products for illegal tax, accounting or other purposes.

As I mentioned earlier, some of the more vivid examples of the misuse of complex structured finance transactions that resulted in significant financial and reputational costs to financial firms may be exemplified by the Enron transactions. The negative consequences not only affected the institutions involved, but cast a pall and consequent regulatory and congressional suspicions highlighting the inappropriate and sometimes fraudulent use of these innovative products.

In January 2003, the U.S. Senate Permanent Subcommittee on Investigations concluded a year long review and issued a document entitled "Report on Fishtail, Bacchus, Sundance, and Slapshot: Four Enron Transactions Funded and Facilitated by U.S. Financial Institutions." The Subcommittee concluded that each of these transactions involved deceptive and misleading information in Enron's financial statements resulting in an appearance that Enron was in better financial condition than it was in fact. The Subcommittee also found that some U.S. financial institutions designed, participated in, and profited from complex financial transactions "explicitly intended to help U.S. public companies engage in deceptive accounting or tax strategies." The Subcommittee further concluded that certain financial firms had misused structured finance vehicles to "carry out sham transactions, that [had] no legitimate business purpose and [misled] investors, analysts and regulators…." Again, these are the conclusions of the Subcommittee.

On January 6, 2003, the Subcommittee, by letter, asked the Federal Reserve (FRB), Office of the Comptroller of the Currency (OCC) and the SEC to immediately initiate a joint review of financial firms participating in complex structured finance products with U.S. public companies to identify practices and transactions that might facilitate deceptive financial reporting. The Subcommittee further stated that the agencies should issue joint guidance on acceptable practices and take all necessary steps to ensure financial firms subject to their jurisdiction stopped participating in these unacceptable transactions.

On May 13, 2004, the FRB, OCC, SEC, FDIC, and Office of Thrift Supervision (Agencies) issued for public comment a proposed "Interagency Statement on Sound Practices Concerning Complex Structured Finance Activities" (Proposed Statement) (69 FR 28980, Exchange Act Release No. 34-49695). The document recognized the benefits of innovative structured finance products and the active role regulated financial firms have played in developing, structuring, arranging, and participating in these transactions for their own use and to facilitate customer needs. The Agencies also noted the critical role of regulated financial intermediaries in "ensuring the integrity of financial markets and maintaining the trust and public confidence essential to the proper functioning of the capital markets." This critical role is essential in their participation in CSFTs.

In general, the Proposed Statement indicates that financial institutions offering CSFTs should maintain comprehensive, formal, firm-wide policies and procedures. These policies and procedures should provide for the documentation of credit, market, operational, legal and reputational risks that may be associated with CSFTs. The Statement notes that the board of directors of a financial institution has ultimate responsibility for establishing risk tolerances and ensuring that a strong risk control framework is in place.

The Proposed Statement recommended that an institution's policies and procedures define what constitutes a CSFT, particularly those that may expose an institution to heightened legal and reputational risks. The Statement includes examples of characteristics that may indicate a CSFT or series of such transactions involves elevated levels of legal or reputational risk and therefore should be subject to heightened review by the institution. Among the examples of CSFTs that may involve elevated risks are transactions that appear to:

These are not defined as illegal or inappropriate CSFTs, but rather are transactions that may have elevated risks, requiring heightened risk management controls.

The Proposed Statement notes that one of the major elevated legal risks associated with CSFTs is where the transaction is used by a customer to circumvent regulatory or financial reporting requirements, evade taxes, or further some other illegal or improper behavior on the part of the customer. There is a risk that the financial institution may be charged with primary liability, or aiding and abetting or causing such a violation. (See, Letter from Annette L. Nazareth, Director, Division of Market Regulation, SEC, to Richard Spillenkothen and Douglas W. Roeder, dated December 4, 2003, available at http://www.federalreserve.gov/boarddocs/srletters/2004 and www.occ.treas.gov).

The Proposed Statement describes a number of internal controls and risk management procedures that the Agencies believe are particularly useful to ensure that CSFT activities of financial institutions are conducted consistent with the law, and that risks associated with these activities are effectively managed. These include the following ten controls:

The Agencies received numerous comments on the Proposed Statement. Comments are available for review on each of the Agency's websites. In general, I am pleased to report that many of the commenters supported the Agencies' efforts to provide guidance. They agreed that a policy statement describing the types of risk management procedures and internal controls that may help financial institutions identify and mitigate the legal and reputational risks associated with CSFTs would be an effective tool to preserve the integrity of international capital markets. Almost all of the commenters suggested that the Agencies should adopt a more principles-based approach. This would be expected to provide greater flexibility to design, implement, and evaluate appropriately customized internal control processes for CSFTs. Some commenters asserted that the proposed procedures and controls for CSFTs would be prescriptive and burdensome. They contended this could increase the potential liability of financial institutions that participate in a CSFT to their customers or shareholders and, thus, increase their legal risks. The Agencies are continuing to review and evaluate those comments with the goal of very soon publishing a revised Interagency Statement.

The principle that financial institutions should develop and maintain robust control and risk management infrastructures is not a new one. The Agencies, as noted in their Proposed Statement, have long expected financial institutions to develop and maintain robust control infrastructures. These infrastructures should enable them to identify, evaluate and address the risks associated with their business activities, and to conduct their activities in accordance with applicable statutes and regulations. This begins with a strong risk management and compliance culture embedded in the entire financial institution. The focus on compliance and risk management should be a part of all decision-making at the institution. The banking agencies have published numerous documents on the need for strong controls and risk management. And the SEC recognized the importance of these concepts in its regulations for all organizations choosing to become Consolidated Supervised Entities (CSEs) in order to take advantage of the use of their internal mathematical modules and value at risk to compute regulatory capital charges. The rules require a CSE to establish, document and maintain a system of internal risk management controls to assist with its business activities, including market, credit, leverage, liquidity, legal and operational risks (Rule 15c3-4 of the Securities Exchange Act of 1934).

Concerns raised by the Enron transactions, and the results of related Agency staff evaluations of the controls and risk management surrounding participation in CSFT activities, suggest that enhanced control infrastructures at financial firms participating in CSFTs are an integral component for effective protection against the elevated risks that may be associated with such activities. The Proposed Statement is not a rule, but rather it provides useful guidance for firms to consider in making any necessary improvements to existing control infrastructures. Many firms have already adopted the guidance issued in the Proposed Statement. These firms have taken meaningful steps to enhance their control infrastructures relating to CSFTs. This should reduce the potential for a repeat of the consequences associated with the Enron problems.

The critical importance of effective internal controls and risk management has been recognized by regulatory, academic, industry, and other groups for many years. For example, one of the earliest comprehensive pronouncements on risk management was the publication in 1993 by the Group of Thirty entitled "Special Report on Global Derivatives: Derivatives Practices and Principles" (See, http://riskinstitute.ch/136160.htm). The Public Company Accounting Oversight Board, with approval of the SEC on June 17, 2004, issued Auditing Standard No. 2, "An Audit of Internal Control over Financial Reporting Performed in Conjunction with an Audit of Financial Statements" (See, http://www.pcaobus.org/Standards/index.aspx). This standard specifies procedures that highlight the importance of strong internal controls. In September 2004, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) published the "Enterprise Risk Management - Integrated Framework" that describes the essential components of enterprise-wide risk management in better limiting risk exposures and providing top management and the organization's board with assurances regarding achievements of overall goals (See, http://www.coso.org/publications.htm). In March 2005, the Joint Forum of the Basel Committee on Banking Supervision, together with the International Organization of Securities Commissions, and the International Association of Insurance Supervisors, published a report on "Credit Risk Transfer" that contains a significant discussion on risk management issues (See, http://www.iosco.org/library/pubdocs/pdf/IOSCOPD194.pdf). And on July 27, 2005, the Counterparty Risk Management Policy Group released its report, "Toward Greater Financial Stability: A Private Sector Perspective" (See, http://www.crmpolicygroup.org/docs/CRMPG-II.pdf). This report focuses on risk management, risk monitoring, and enhanced transparency to reduce risks of system financial shocks. All of these documents offer valuable insights and recommendations for financial firms to consider in designing and enhancing effective risk management systems.

More recent concerns with structured finance products, particularly credit default swaps, have centered on operations and legal risks associated with a processing backlog. Incomplete confirmations and unapproved assignments raised concerns. In September 2005, the President and Chief Executive Officer of the Federal Reserve Bank of New York challenged 14 major financial institutions to resolve the problems. The industry responded with a plan in October. In February 2006, the group announced it had fulfilled its commitments to improve the infrastructure supporting the credit derivatives market by: implementing the new ISDA protocol for novation of trades; increasing electronic confirmation processing; reducing the backlog of unconfirmed trades; and working to improve the credit derivatives settlement process. In addition, the Committee on Payment and Settlement Systems, a forum for the central banks of the Group of Ten countries, has set up a group to assess the current risk management practices with respect to the post-trade processing infrastructure in the OTC derivatives markets related to concerns about assignment practices and confirmation backlogs in the credit derivatives market. As these and other risks associated with structured products are identified, risk management controls should likewise be improved to address such concerns.

We in the SEC examination program continue to focus significant resources reviewing internal controls and risk management systems of securities firms as well as those organizations that have been approved as CSEs. A basic concept to keep in mind is that risk management is not a one-time assessment and system design. It should involve a dynamic and continuous process of assessing risks and ensuring that the controls at each financial institution are commensurate with risks undertaken. As the risks change, so should the relevant controls. The elevated risks of CSFTs and the need for consideration of improved risk management controls that I have discussed, are just a few examples of such newly identified risks and risk controls. Firms and regulators working together should continue to be vigilant in identifying new risks and ensuring that appropriate and effective risk management controls are implemented by financial firms. Thank you for allowing me to share these thoughts with you.