Remarks at The 2013 National Compliance Outreach Program for Broker-Dealers

by

Commissioner Daniel M. Gallagher

U.S. Securities and Exchange Commission

Washington, D.C.
April 9, 2013

Thank you, Carlo [di Florio], for the kind introduction. As most of you know, Carlo has done an amazing job as the head of OCIE for the last several years. He came to public service at a tough time for the SEC, and his contributions to the agency have been outstanding. Carlo doesn´t allow sacred cows — he evaluates every situation methodically and coolly, and then endeavors to find the right answer, not necessarily the convenient one. Carlo has become a good friend and valued colleague to me over the years, and you will be hard pressed to find another public servant who works as hard as him yet can do it with a sincere smile.

Since I´m standing before a room full of compliance officers, it´s especially important for me to deliver the standard disclaimer that my remarks today are my own and do not necessarily reflect the views of the Commission or my fellow Commissioners.

First, let me thank you all for taking part in today´s program. Events like this are an invaluable tool for regulators and market participants alike — not least of all because we get to see who the early frontrunners are for the next America´s Funniest Compliance Officer contest. As I´m sure you all know, that´s a real contest that was last held in 2011, although, given that there were only a handful of contestants who turned out to compete, maybe it´s more likely that none of you knew. In case you missed it, the winner brought down the house with a joke about a priest, an Irishman, a Frenchman and Rule 15a-6. It was hysterical — not Reg. M hysterical, but still hysterical.

All joking aside, it is essential that we as regulators and you as compliance officials continue to engage in this type of open dialogue and coordination to promote a robust culture of compliance across the securities industry. Indeed, your work is key to enhancing the Commission´s ability to protect investors and ensure that the markets in which they put their capital to work remain fair and efficient, a result which is in all of our best interests.

Over the past few years, a variety of factors have combined to significantly expand the scope and complexity of your responsibilities as compliance officers. Some of this shift can be attributed to the evolution of the securities markets — today, compliance officers at securities firms must deal with an array of increasingly complex financial products and trading and communication technologies, as well as numerous and diverse market venues. Moreover, as a recent Wall Street Journal blog posting put it, compliance officers are increasingly viewing themselves as business people as well, not merely "the in-house killjoys and nags of caricature."1 This, in turn, has brought compliance officers into areas that lie outside of the traditional broker-dealer compliance function, for example, risk management activities. In a 2011 study of compliance officers in the financial services industry, only 25% of respondents who held the title of Chief Compliance Officer reported spending more than 90% of their time on compliance.2 Although CCOs at broker-dealers reported spending more time on compliance compared to CCOs at investment advisers.3

And then there is the overwhelming volume and pace of new and anticipated regulations in response to the financial crisis. New rules proposed or implemented by the SEC, CFTC, and other agencies pursuant to the Dodd-Frank Act have already tremendously increased burdens on compliance departments throughout the securities industry.4 For example, last year, the House Financial Services Committee estimated that it will take 24 million man hours every year in order for the private sector to comply with Dodd-Frank rules.5 In addition to Dodd-Frank, other new rules issued by the SEC and the SROs have added to the already heavy compliance burden at broker-dealer firms. In a 2011 survey of broker-dealer compliance officers, almost 72% of respondents indicated that FINRA know-your customer and suitability rules would have a high impact on the operation of their firms, compared to 64% for a uniform broker-dealer/investment adviser standard, 44% for the Volcker Rule, and 58% for OTC derivatives regulation.6 This wave of new regulation, coupled with the continued weak economy, is undoubtedly contributing to continuing consolidation in the broker-dealer industry.7

At the same time, the resources devoted to compliance at securities firms both large and small, while generally increasing, may not be sufficient to keep pace with the demands faced by compliance officers in today´s busy regulatory environment. Despite the passage of Dodd-Frank in 2010, in one survey of broker-dealer compliance officers a year later, nearly 48% of respondents anticipated no change or a reduction in their compliance budgets for 2011.8 Similarly, in another 2011 survey of compliance professionals in the financial services industry, 74% of all respondents indicated that their 2011 budget would be about the same as their 2010 budget.9 And this issue transcends the broker-dealer space; in a survey of CCOs at Fortune 1000 companies conducted in 2012, almost half (47%) of all respondents indicated that they did not have sufficient resources to manage their compliance programs effectively, and a combined 53% indicated that their compliance budgets had either not changed or decreased from 2011 to 2012.10

With compliance officers now being asked to do more with less resources — often in areas outside the core compliance function — the potential liability facing individual compliance officers has also increased. Last month, SIFMA published a White Paper titled The Evolving Role of Compliance. One topic highlighted in the White Paper is failure-to-supervise liability — more specifically, the uncertainties that remain regarding "when regulators will deem the performance of Compliance functions to be supervisory activities, thereby exposing Compliance to the risks associated with being deemed a supervisor."11 The White Paper "urge[s] regulators to work with Compliance professionals to develop reasonable standards for determining when the performance of job functions constitutes supervisory, rather than Compliance, activities."12

As many of you know, since I became a Commissioner, I have spoken on several occasions about the need to resolve the lingering uncertainties surrounding what makes a person a "supervisor" and the actions such a person must take in order to carry out his or her supervisory duties satisfactorily. I believe that "failure-to-supervise" should mean just what it says. Regulators should be focusing on the business-line supervisors, not the compliance official who steps in and takes action in good faith, even if the results of his or her actions are less than ideal.

I worry, however, that the Commission´s current position on supervisory liability skews in the opposite direction, reducing the risks of liability only for those who intentionally chose inaction over action. As we pursue clarity on this issue, we must avoid establishing a rigid set of expectations based on bright-line rules that further discourage compliance officers from acting out of fear that any "wrong" decision they make might subject them to heightened regulatory scrutiny. Rather, an optimal compliance regime requires a flexible regulatory framework that incentivizes compliance officers to fully engage in the many difficult regulatory and business decisions that firms face every day.

To be sure, the vast majority of failure-to-supervise cases will not be close calls. Nevertheless, I believe that the Commission has an obligation to provide regulated entities with clarity on supervisory liability in those close cases that do arise. As I have said in the past, I remain hopeful that the Commission will soon constructively address the lingering uncertainties surrounding failure-to-supervise liability, and I encourage you to provide us with your input on this topic.

Thank you again for your attention and I hope that you enjoy the remainder of today´s program.


1 Nick Elliot, Risk and Compliance Journal; The Morning Risk Report: "There´s Too Much Compliance," Wall St. J. (Apr. 5, 2013).

2 See National Registry Services Compliance Compensation Study 2011, http://www.sec.gov/cgi-bin/goodbye.cgi?www.nrs-inc.com/Global/White%20Papers/NRS%20Compliance%20Compensation%20Study%202011_web.pdf.

3 See id.

4 See, e.g., Karen Kroll, Dodd-Frank Heaps New Requirements on Broker-Dealers, Compliance Week (July 19, 2011).

5 See U.S. House of Representatives, Committee on Financial Services, Dodd-Frank Burden Tracker, http://www.sec.gov/cgi-bin/goodbye.cgi?financialservices.house.gov/burdentracker/.

6 See Ernst & Young Compliance Perspectives on New Regulations 2011, http://www.sec.gov/cgi-bin/goodbye.cgi?www.ey.com/US/en/Industries/Financial-Services/Banking---Capital-Markets/Compliance-perspectives-on-new-regulations-2011---Companies-speak-out-on-the-impact-of-Dodd-Frank-and-FINRA-initiatives.

7 See, e.g., Ann Marsh, Small B-Ds Close, But Reps Remain Steady, Financial Planning Magazine (May 2, 2012).

8 See E&Y Compliance Perspectives on New Regulations 2011.

9 See NRS Compliance Compensation Study 2011.

10 See Consero Group, LLC 2012 Chief Compliance Officer Data Survey, http://www.sec.gov/cgi-bin/goodbye.cgi?consero.com/wp-content/uploads/2012/12/Consero-2012-Chief-Compliance-Officer-Data-Survey1.pdf.

11 Securities Industry and Financial Markets Association, The Evolving Role of Compliance (March 2013), at 10, http://www.sec.gov/cgi-bin/goodbye.cgi?www.sifma.org/issues/item.aspx?id=8589942363.

12 Id. at 11.