SEC COMMISSIONER GALLAGHER'S REMARKS ON EVOLVING ROLE OF COMPLIANCE

FROM:  U.S. SECURITIES AND EXCHANGE COMMISSION 

Introductory Remarks at The Evolving Role of Compliance in the Securities Industry Presentation

Commissioner Daniel M. Gallagher

Washington, D.C.

May 12, 2014

Thank you, David [Blass].  I’m very pleased to be here this morning to kick off today’s discussion of a timely and critical topic: the evolving role of compliance professionals.  I’d be remiss if I didn’t begin by expressing my thanks to the team responsible for today’s event: Mike Stone, who suggested the event in the first place, our panelists Howard Plotkin and Jerry Baker, and David Blass [and Steve Benham] from the Division of Trading and Markets, who worked with our panelists to put together today’s event.  It’s very heartening to me that there are people like Mike, Howard, and Jerry who are willing to so generously volunteer their time to help the Commission better understand the myriad and complicated challenges facing today’s compliance professionals.  I often speak of the scoundrels and miscreants in the securities industry; it’s a genuine pleasure to be here today with folks from the other end of the spectrum.

In recent years, a variety of factors have combined to significantly expand the scope and complexity of the issues facing compliance officers at securities firms.  Today’s compliance personnel have to address an ever-broadening array of complex and novel financial products, new trading and communication technologies, and multiple, diverse market venues.  They must do so in the face of an unprecedented torrent of new laws and regulations promulgated in response to the financial crisis, most particularly the Compliance Officer and Securities Attorney Full Employment in Perpetuity Act of 2010, or as it’s more commonly known, Dodd-Frank.  

And although securities firms have been generally increasing the amount of resources they devote to compliance matters, compliance budgets have increased in a linear manner while the demands faced by compliance officers have increased exponentially.  A member of the House Financial Services Committee, citing a study issued by the Committee,[1] stated, “It will take over 24 million man hours to comply with Dodd-Frank rules per year.  It took only 20 million to build the Panama Canal.”[2]  On the plus side, at least Dodd-Frank has caused fewer deaths by malaria or yellow fever.

Our system of oversight for regulated entities such as broker-dealers and investment advisers is predicated upon the active participation of compliance personnel.  It is a system of shared responsibility, in which the Commission oversees the firms that, in turn, oversee their associated persons, with SROs providing an additional level of oversight for broker-dealers.  Broker-dealer and investment adviser firms in essence serve as the first line of defense in this system, and the system does not work if firm legal and compliance officers are too timid to jump into the difficult regulatory issues firms face on a regular basis.

All the more important, then, that the Commission does everything in its power to encourage a robust, effective compliance function at the entities we regulate.  This includes, crucially, providing additional certainty on the topic of “failure to supervise” liability.  The Exchange Act vests the Commission with the authority to impose sanctions on a person associated with a broker-dealer if that person “has failed reasonably to supervise, with a view to preventing violations of the provisions of [the securities] statutes, rules, and regulations, another person who commits such a violation, if such other person is subject to his supervision.”[3]  Nearly identical language in the Investment Advisers Act grants the Commission the same authority with respect to associated persons of investment advisers.[4]

The Commission’s ability to impose sanctions for failures to supervise is a valuable part of our regulatory toolkit, encouraging a broker-dealer or investment adviser’s managers and executives to proactively monitor subordinate employees’ compliance with laws and regulations.  We must make sure, however, that our rules establishing failure to supervise liability do not act as a deterrent to in-house legal and compliance officers, discouraging them from departing from their clearly delineated roles.

After all, we don’t want compliance officers or in-house attorneys spending their days drafting policies and sending out memoranda while avoiding interaction with the individuals governed by those policies or the recipients of those memos out of fear of being deemed a supervisor and subjecting themselves to liability.  Indeed, we want to encourage such personnel to bring their expertise to bear in addressing important, real-world compliance issues and in providing real-time advice for concrete problems the firms and their employees face.

To do so, we need to provide guidance that is as clear as possible on our position on supervisory liability for legal and compliance personnel.  In this vein, I was especially pleased when last September, the Division of Trading and Markets, in an effort led by David Blass, issued a set of FAQs on the topic of failure to supervise liability.[5]  The feedback on these FAQs has been very positive, and I hope and expect that we will continue to address new or unsettled issues in this manner.

Events like today's training complement outward-facing initiatives such as the FAQs by providing our own staff with informed and current guidance on compliance issues, and I'm glad to be able to add my enthusiastic support.  Once again, thank you to our panelists, and thanks as well to the SEC staff here today for taking advantage of this wonderful opportunity to learn from our distinguished guests. I wish you all a productive and educational training.


[1] Dodd-Frank Burden Tracker (spreadsheet), House of Representatives Committee on Financial Services, available at http://financialservices.house.gov/uploadedfiles/dodd-frank_pra_spreadsheet_7-9-2012.pdf.

[2] Rep. Randy  Randy Neugebauer, quoted at Dodd-Frank Burden Tracker, House of Representatives Committee on Financial Services, available at http://financialservices.house.gov/burdentracker/default.aspx.

[3] 15 U.S.C. 78o(b)(4)(E)

[4] 15 U.S.C. 80b-3(e)(6).

[5] Frequently Asked Questions about Liability of Compliance and Legal Personnel at Broker-Dealers under Sections 15(b)(4) and 15(b)(6) of the Exchange Act, U.S. Securities and Exchange Commission, Division of Trading and Markets, available at http://www.sec.gov/divisions/marketreg/faq-cco-supervision-093013.htm.

REMARKS BY CFTC COMMISSIONER O'MALIA AT CFTC COMPLIANCE FORUM

FROM:  COMMODITY FUTURES TRADING COMMISSION 
Keynote Address by Commissioner Scott D. O'Malia, Edison Electric Institute CFTC Compliance Forum, Washington, DC
October 17, 2013

The topic of today's conference is "Compliance and Implementation Issues." I must say such a topic gives us plenty of room to have a wide-ranging discussion, as there are so many questions and concerns regarding industry compliance and on-going implementation.

As we all know, the Dodd-Frank Act was enacted following the G-20 agreement in Pittsburgh in September 2009 to undertake comprehensive financial reform. The G-20 agreement proposed four main objectives of derivatives reform. First, report all data to a data repository. Second, require that all standardized derivatives contracts be exchange traded "as appropriate." Third, require clearing to be done through central counter parties. Fourth, impose higher collateral charges for all uncleared over-the-counter (OTC) products.

Since the passage of Dodd-Frank, the CFTC has been busy with an aggressive schedule of rule promulgation. Today we have finalized just over 60 rules including Dodd-Frank and non-Dodd Frank rule.

This new regulatory regime has had a profound impact on market structure as it has imposed new obligations, higher levels of transparency, and higher standards for risk management. Many of these new rules will have a positive impact on financial markets.

However, I have serious concerns about the Commission’s rule making process and schedule, as well as the statutory foundation of many rules and their overall impact on end-users.

Today, I would like to discuss three topics. First, I would like to address the implementation of the rules, both in terms of compliance already under way and what we need to think about going forward. Second, I would like to discuss the regulatory impact on end-users. Finally, I would like to discuss my concerns about the Commission’s preparedness to oversee the implementation of the Dodd-Frank regulatory regime.

The Process: Sacrificing Transparency and Certainty for Speed

From the beginning of my time at the Commission, I have been very concerned with the Commission's rulemaking process. As you may know, I have been disappointed with the Commission’s failure to develop a transparent rulemaking schedule that would enable market participants to plan for compliance with the massive new obligations imposed by these rules. In addition, I believe the Commission has rushed the rulemaking process, prioritizing getting rules done fast over getting them done right. This approach has compromised the legal soundness and consistency of our rules.

Stark evidence of the Commission’s flawed rules, and their unachievable compliance deadlines, can be seen in the massive number of exemptions and staff no-action letters issued to provide relief from them. To date, we have issued over 130 exemptions and staff no-action letters. That amounts to more than two exemptions for every rule passed. In nearly two dozen cases, the relief provided is for an indefinite period of time – thus making them de facto rulemakings, which didn't go through the Administrative Procedure Act or proper cost-benefit analysis. It is clear that the Commission has abused the no-action relief process.

Market participants are confused regarding the application of our rules, and how or when they must be applied. Further, since the Commission doesn't vote on staff no-action letters, they don't appear in the Federal Register. And you won't find the exemptive letters in our rulebook either. This lack of transparency and consistency will drive a compliance officer crazy.

One area where the Commission has made one of its biggest process fouls is the lack of robust cost-benefit analysis. Without a doubt, the comprehensive nature of the Dodd-Frank regulatory regime will have a significant cost impact on all market participants, and yet the Commission has failed to conduct appropriate and rigorous quantitative and qualitative analysis of our proposed rules. Understanding whether the benefits of the rules outweigh the costs is a common sense tool to determine the least burdensome solution to the problem.

The Commission has so far been able to get away with such inadequate cost-benefit analysis because the current governing statute sets a low bar. I support Congressional efforts to revise our statutory cost-benefit obligations in order to require the Commission to undertake a more rigorous quantitative and qualitative analysis, putting us on par with other federal agencies. I support Chairman Conaway's efforts (H.R. 1003) and hope the House and Senate will pass this legislation.

Implementation: What's Coming

While I have a longer list of process fouls committed by the Commission, I would like to turn to upcoming rules that will have a significant impact on end-users in particular.

The Commission is currently considering the position limit rule do-over. When I say the Commission, I mean that literally. During the shutdown there is no staff available to discuss this rule proposal. We can't make revisions. We can't ask questions about the rationale or justification. We can't even discuss with staff whether or not the proposed limits would have an appropriate impact to curb "excessive speculation."

The Commission is pursuing a dual track on position limits. Later this year, an appeals court will hear our argument urging it to overturn a federal district court’s ruling to vacate the original position limit rule. The district court found that the Commission failed to provide a finding of necessity as directed by the statute. Simultaneously, we are drafting a nearly identical rule arguing more strenuously that Congress made us do it, and that Congress really didn't want to know whether these rules are "necessary" or "appropriate."

Frankly, I find it interesting that the proposed rule will argue on one hand that Congress wanted position limits and that we aren't bound to apply an appropriateness standard – and then, on the other hand, argue in the cost-benefit analysis that these rules are well considered and will have the intended impact based on our analysis.

Another important rulemaking that will be before the Commission shortly is the application of capital and margin for all OTC trades. While I am pleased that the international community has worked together to make the standards consistent, make no mistake: these rules will increase the cost of hedging. End-users will be spared from mandatory margin exchange. However, nobody will receive a break from the new capital charges. These are new costs imposed on banks to offset the risk posed by OTC trades. Needless to say, these costs will be passed on to end-users.

I agree with Sean Owens, an economist with Woodbine Associates, who stated that under Dodd-Frank, "end users face a tradeoff between efficient, cost-effective risk transfer and the need for hedge customization. The cost implicit in this trade off include: regulatory capital, funding initial margin, market liquidity and structural factors."1

There is no doubt that these new requirements will have serious economic consequences for financial markets. And regulators should not take this lightly. In an effort to coordinate with international regulators, the Commission will re-propose its capital and margin rules. But even under the more accommodating margin requirements, the Commission must evaluate additional costs to end-users by conducting an in-depth cost-benefit analysis.

Happy Anniversary: 1st Anniversary of Futurization

It was one year ago, almost to the day, that the energy markets switched from trading swaps to futures. This huge shift was triggered by the then-impending effective date of the swap and swap dealer definitions. To avoid trading swaps and being caught in the unnecessary, costly and highly complex de minimis calculation imposed on swap dealers, energy firms shifted their trading from swaps to futures, literally overnight.

Based on the complexity of our swaps rules and the cost-efficiency of trading futures, it makes sense that participants would make this change. I'm interested to hear more from end-users like you how this shift has impacted your hedging strategies.

I must warn you that there are several more changes coming up that will continue to impact energy markets. First, the Commission is considering a draft futures block rule that will be proposed to limit the availability of block trades.

Second, as I noted before, OTC margin and capital rules will increase the cost of OTC bilateral deals. This draft rule should be published by the end of the year.

Third, the European Union (EU) is considering whether it will find acceptable the U.S. rules allowing a minimum one-day margin liquidation requirement for futures and swaps on energy products. Europe might not recognize U.S. centralized counterparties as qualified and, as a result, ban EU persons from accessing these markets. The EU is insisting on a two-day margin liquidation minimum. I am told that this would have the practical effect of increasing margin requirements for energy trades by 40 percent. I’m not sure how this will be resolved, but I suspect it will be closely tied to U.S. recognition of the European regulatory regime.

End-Users

Now let me turn to my second topic: how our rules treat end-users.

Congress was very clear about protecting end-users from Dodd-Frank's expansive regulatory reach. As a result, many end-users assumed that they wouldn't be impacted by these rules. Clearly, they are no longer under such misconceptions.

The swap dealer definition is a good example of how the Commission failed to accurately interpret Dodd-Frank and broadly applied the swap dealer definition to all market participants. The Commission ignored the express statutory mandate to exclude end-users from its reach. The swap dealer final rule requires entities to navigate through a complex set of factors on a trade-by-trade basis, rather than provide a bright line test. While I appreciate that the Commission set an $8 billion de minimis level to exclude trades from a dealer designation, it remains challenging to determine what is in and what is out from this safe harbor.

As part of the complexity of the swap dealer definition, the Commission has applied inconsistent and incoherent requirements around bona fide hedging as part of the dealer calculation. The hedge exclusion from the dealer definition applies only to physical, but not financial, transactions. The Commission should apply a consistent definition for hedging.

Another complexity that the Commission has imposed on end-users is the definition of a volumetric option. Specifically, to determine whether a volumetric option is a forward or a swap, the rule applies a seven-part test. But the real kicker is that under the seventh factor, contracts with embedded volumetric optionality may qualify for the forward contract exclusion only if exercise of the optionality is based on physical factors that are outside the control of the parties. This is in contradiction to how volumetric options have been traditionally used by market participants, makes no sense and provides absolutely no certainty for market participants.

The Commission has seemingly gone out of its way to create complex rules that generally result in an outcome of heads we win, tails you lose. We need to clean up the definition and create reliable and well-defined safe harbors. If we don't, I would encourage Congress to revisit the statute.

Commission Readiness: The Consequences of a “Ready, Fire, Aim” Approach

Let me move now to my third main topic: Commission readiness to properly oversee the implementation of its Dodd-Frank regulatory regime. There are two questions I have regarding this issue. The first question is pretty straightforward: is the Commission prepared to effectively oversee the new swaps markets? I believe the answer to this question is "no."

Take the area of registration. The Commission’s new swaps regime has created multiple new categories of Commission registrants, and in each category there has been an inconsistent and uncertain process with the bar constantly moving for applicants. For example, it has been ten months since the first swap dealer application arrived. Today, we have 89 temporarily registered applications totaling over 180,000 pages and we haven’t signed off on single application as complete or final.

With regard to swap data repository (SDR) registration, it has taken the Commission eight to ten months to register just three SDRs under temporary status. We have exceeded our own self-imposed limit of 180 days in some cases and we still haven’t issued a final SDR determination.

As for the registration of swap execution facilities (SEFs), while we have registered 18 entities under a temporary basis, I can only imagine how long it will take for a SEF to secure final approval, especially when we admit that we didn’t read the rulebooks in order to meet the arbitrary October 2 effective date. My guess is that it will be a long and painful process as we insist on evolving revisions to SEF rulebooks while trading is going on.

Another area where the Commission has not been adequately prepared to do its job is in connection with swap data being submitted under new reporting regulations. Despite imposing aggressive compliance requirements on the market, the Commission doesn't have the tools in place to effectively utilize the new data being reported to SDRs, and it doesn't have a surveillance system in either the futures or swaps market that I would regard as adequate or modern.

Today, the data we receive from SDRs requires extensive cleaning and changes to make it useful. As chairman of the Commission’s Technology Advisory Committee (TAC), I have devoted significant TAC attention and resources to aid this effort. Stemming from our TAC meeting in April, a working group including Commission staff and the SDRs has been established and is working to harmonize data fields to aid in our ability to easily aggregate and analyze data across SDR platforms. It will take time before we are able to access, aggregate and analyze data efficiently.

I am also disappointed with our current stance on the oversight of SEFs. Despite the October 2 start-up date for SEFs, the Commission relies on self-regulatory organizations to send data via Excel spreadsheet. There is no aggregation capacity and I am not aware of any plan to automate this process for the less than two thousand swap trades that occur on a daily basis.

My second question: is the Commission sufficiently familiar with the readiness of the market to adapt to our rules? The answer to this question is also "no." As I discussed earlier, evidence of this failure can be found in the Commission’s extensive use of no-action relief tied to arbitrary deadlines. The Commission needs to do a better job of understanding the significant compliance challenges facing market participants as a result of new regulations.

Pre-Trade Credit Checks: Time for the TAC to Revisit the Issue

Let me give you a brief example of one challenge we are dealing with today. The Commission has been working toward a goal of straight-through processing of trades and clearing to prevent any trade failures due to credit issues. Just recently, the Commission has started insisting that SEFs provide functionality to pre-check all trades for adequate credit at the futures commission merchant (FCM) to guarantee a trade. In general, I support this objective. However, market participants were not prepared to comply with this new requirement by October 2, the date SEFs began operation.

Consistent with the Commission’s practice of issuing last-minute ad-hoc relief, the day before the SEF start-up date, staff issued a delay of the pre-trade credit checks for one month until November 1. We are just two weeks away from this new deadline and it is clear that not all SEFs, FCMs, credit hubs and customers are fully interconnected. Without end-to-end fully tested connectivity, I suspect trades will continue to be done over the phone – stalling limit order book trading.

This is a topic that we discussed at the recent TAC meeting on September 12. It was clear at that meeting that the pieces were not in place and additional time is needed.

With the arbitrary November 1 deadline looming and the Commission yet to provide confused swap market participants with necessary guidance on a host of unresolved issues, often stemming from a lack of clarity in the SEF rules, I believe additional time is required. The Commission has not provided adequate time to complete the on-boarding process and conduct the technology testing and validation that is necessary. We should also consider phasing in participants, similar to our approach with clearing, in order to avoid a big bang integration issue.

Again, I offer to use the TAC to identify a path forward if that will be useful, but the issues identified in September still remain.

Conclusion

In many respects it is quite remarkable the work that has been accomplished – by both the Commission and the market – to put in place trade reporting, mandatory clearing, and now the first stages of swap exchange trading. However, the Commission process by which all of this was accomplished is certainly not to be replicated.

We need to continue to make sure we follow Congressional direction to protect end-users and focus more on outcomes rather than setting arbitrary timetables tied to an individual agenda. Rather than relying on the ad-hoc no-action process, the Commission should take responsibility of fixing the unworkable rules – swap data reporting and the swap dealer definition come to mind.

If we are going to impose rules, let’s make sure they are informed by data and will not interfere with the fundamental function of hedging and price discovery in the markets – I’m thinking about position limits and our proposed futures blocks.

Finally, let's keep an eye on the costs – putting these markets out of reach for commercial hedgers doesn't help anyone. Let's sharpen the pencil and consider all the options. There is no reason why we should not be able to quantify the solution as the most cost-effective rule for the market.

Thank you again for the opportunity to speak with you today.

1 See Sean Owens, Optimizing the Cost of Customization, Review of Futures Market (July 2012).

Last Updated: October 17, 2013

THE ROLE OF COMPLIANCE AND ETHICS IN RISK MANAGEMENT

The following excerpt is from the SEC website: "Speech by SEC Staff: by Carlo V. di Florio Director, Office of Compliance Inspections and Examinations1 NSCP National Meeting October 17, 2011 Thank you for inviting me to speak at this event. The work you all do is incredibly important, and we appreciate and respect your critical contributions to investor protection and market integrity. Today I would like to address two related topics that are growing in importance: the heightened role of ethics in an effective regulatory compliance program, and the role of both ethics and compliance in enterprise risk management. The views that I express here today are of course my own and do not necessarily reflect the views of the Commission or of my colleagues on the staff of the Commission. In the course of discussing these two topics, I would like to explore with you the following propositions: Ethics is fundamental to the securities laws, and I believe ethical culture objectives should be central to an effective regulatory compliance program. Leading standards have recognized the centrality of ethics and have explicitly integrated ethics into the elements of effective compliance and enterprise risk management. Organizations are making meaningful changes to embraced this trend and implement leading practices to make their regulatory compliance and risk management programs more effective. Ethics and the Federal Securities Laws The debate about how law and ethics relate to each other traces all the way back to Plato and Aristotle. I am not the Director of the Office of Legal Philosophy, so I won’t try to contribute to the received wisdom of the ages on this enormous topic,2 except to say that for my purposes today, the question really boils down to staying true both the spirit and the letter of the law. Framed this way, ethics is a topic of enormous significance to anyone whose job it is to seek to promote compliance with the federal securities laws. At their core, the federal securities laws were intended by Congress to be an exercise in applied ethics. As the Supreme Court stated almost five decades ago, [a] fundamental purpose, common to [the federal securities]… statutes, was to substitute a philosophy of full disclosure for the philosophy of caveat emptor and thus to achieve a high standard of business ethics in the securities industry…. “It requires but little appreciation . . . of what happened in this country during the 1920's and 1930's to realize how essential it is that the highest ethical standards prevail” in every facet of the securities industry.3 Of course, what has happened through the financial crisis I believe is yet another reminder of the fundamental need for stronger ethics, risk management and regulatory compliance practices to prevail. Congress has responded once again, as it did after the Great Depression, with landmark legislation to raise the standards of business ethics in the banking and securities industries. The manner in which the federal securities laws are illuminated by ethical principles was well illustrated by the Study on Investment Advisers and Broker-Dealers that the Commission staff submitted to Congress earlier this year pursuant to Section 913 of the Dodd-Frank Act (“913 Study”).4 As described in the 913 study, in some circumstances the relationship is explicit, such as the requirement that each investment adviser that is registered with the Commission or required to be registered with the Commission must also adopt a written code of ethics. These ethical codes must at a minimum address, among other things, a minimum standard of conduct for all supervised persons reflective of the adviser’s and its supervised persons’ fiduciary obligations.5 In other circumstances, an entire body of rules is based implicitly on ethical precepts. This is the case with the rules adopted and enforced by FINRA and other self-regulatory organizations, which “are grounded in concepts of ethics, professionalism, fair dealing, and just and equitable principles of trade,” giving the SROs authority to reach conduct that may not rise to the level of fraud.6 This has empowered FINRA and other SROs to, for example, not require proof of scienter to establish a suitability obligation, ,7 to develop rules and guidance on fair prices, commissions and mark-ups that takes into account that what may be “fair” (or reasonable) in one transaction could be “unfair” (or unreasonable) in another,8 and to require broker-dealers to engage in fair and balanced communications with the public, disclose conflicts of interest, and to undertake a number of other duties.9 In addition to approving rules grounded on these ethical precepts, the Commission has also sustained various FINRA disciplinary actions utilizing FINRA’s authority to enforce “just and equitable principles of trade,” even where the underlying activity did not involve securities, such as actions involving insurance , tax shelters, signature forgery, credit card fraud, fraudulent expense account reimbursement, etc.10 Other ethical precepts are derived from the antifraud provisions of the federal securities laws. The “shingle” theory, for example, holds that by virtue of engaging in the brokerage business a broker-dealer implicitly represents to those with whom it transacts business that it will deal fairly with them. When a broker-dealer takes actions that are not fair to its customer, these must be disclosed to avoid making the implied representation of fairness not misleading. A number of duties and conduct regulations have been articulated by the Commission or by courts based on the shingle theory.11 Another source by which ethical concepts are transposed onto the federal securities laws is the concept of fiduciary duty. The Supreme Court has construed Section 206(1) and (2) of the Investment Advisers Act as establishing a federal fiduciary standard governing the conduct of advisers.12 This imposes on investment advisers “the affirmative duty of ‘utmost good faith, and full and fair disclosure of all material facts,’ as well as an affirmative obligation to ‘employ reasonable care to avoid misleading’” clients and prospective clients. As the 913 Study stated, Fundamental to the federal fiduciary standard are the duties of loyalty and care. The duty of loyalty requires an adviser to serve the best interests of its clients, which includes an obligation not to subordinate the clients’ interests to its own. An adviser’s duty of care requires it to “make a reasonable investigation to determine that it is not basing its recommendations on materially inaccurate or incomplete information.”13 While broker-dealers are generally not subject to a fiduciary duty under the federal securities laws, courts have imposed such a duty under certain circumstances, such as where a broker-dealer exercises discretion or control over customer assets, or has a relationship of trust and confidence with its customer.14 The 913 Study, of course, explores the principle of a uniform fiduciary standard. Concepts such as fair dealing, good faith and suitability are dynamic and continue to arise in new contexts. For example, the Business Conduct Standards for Securities-Based Swap Dealers (SBSDs”) and Major Security-Based Swap Participants (“MSBSPs”), required by Title VII of the Dodd-Frank Act and put out for comment last summer, include proposed elements such as a requirement that communications with counterparties are made in a fair and balanced manner based on principles of fair dealing and good faith; an obligation to disclosure to a counterparty material information about the security-based swap, such as material risks, characteristics, incentives and conflicts of interest; and a determination by SBSDs that any recommendations that they make regarding security-based swaps are suitable for their counterparties. Of course the Business Conduct Standards have not been finalized, but the requirements of Title VII requiring promulgation of these rules, as well as the content of the rules as proposed, illustrate that ethical concepts continue to be a touchstone for both Congress and the Commission in developing and interpreting the federal securities laws. The Relationship Between Ethics and Enterprise Management. Ethics is not important merely because the federal securities laws are grounded on ethical principles. Good ethics is also good business. Treating customers fairly and honestly helps build a firm’s reputation and brand, while attracting the best employees and business partners. Conversely, creating the impression that ethical behavior is not important to a firm is incredibly damaging to its reputation and business prospects. This, of course, holds true equally for individuals, and there are plenty of enforcement cases that tell the story of highly talented and successful individuals who were punished because they violated their ethical and compliance responsibilities. Another way of saying this is that a corporate culture that reinforces ethical behavior is a key component of effectively managing risk across the enterprise. As the Committee of Sponsoring Organizations of the Treadway Commission (“COSO”) put it, in articulating its well-established standards of Internal Control and Enterprise Risk Management: An entity’s strategy and objectives and the way they are implemented are based on preferences, value judgments, and management styles. Management’s integrity and commitment to ethical values influence these preferences and judgments, which are translated into standards of behavior. Because an entity’s good reputation is so valuable, the standards of behavior must go beyond mere compliance with the law. Managers of well-run enterprises increasingly have accepted the view that ethics pays and ethical behavior is good business.15 In the wake of the financial crisis, enterprise risk management is a rapidly evolving discipline that places ethical values at the heart of good governance, enterprise risk management and compliance. For example, organizations such as COSO, the Ethics Resource Center (ERC), the Open Compliance and Ethics Guidelines (OCEG) and the Ethics & Compliance Officer Association (ECOA) have developed detailed guidance, from the board room to business units and key risk, control and compliance departments, on implementation of effective enterprise risk management systems. Industry and sector specific guidance has flowed from these general standards. As COS notes, integrity and ethical values are the pillars of an effective compliance culture. The effectiveness of enterprise risk management cannot rise above the integrity and ethical values of the people who create, administer, and monitor entity activities. Integrity and ethical values are essential elements of an entity’s internal environment, affecting the design, administration, and monitoring of other enterprise risk management components.16 Nowhere should this be more true than in financial services firms today, which depend for their existence on public trust and confidence to a unique degree. Expectations are rising around the world for a stronger culture of ethical behavior at financial services firms of all types and sizes. As the Basle Committee on Banking Supervision recently stated: A demonstrated corporate culture that supports and provides appropriate norms and incentives for professional and responsible behaviour is an essential foundation of good governance. In this regard, the board should take the lead in establishing the “tone at the top” and in setting professional standards and corporate values that promote integrity for itself, senior management and other employees.17 As the standards for ethical behavior continue to evolve, your firms’ key stakeholders – shareholders, clients and employees will increasingly expect you to meet or exceed those standards. In my first speech here at the SEC outlined ten elements I believe make an effective compliance and ethics program. These elements reflect the compliance, ethics and risk management standards and guidance noted above. They also reflect the U.S. Federal Sentencing Guidelines (FSG), which were revised in 2004 to explicitly integrate ethics into the elements of an effective compliance and ethics program that would be considered as mitigating factors in determining criminal sentences for corporations. These elements include: Governance. This includes the board of directors and senior management setting a tone at the top and providing compliance and ethics programs with the necessary resources, independence, standing, and authority to be effective. NEP staff have begun meeting with directors, CEOs, and senior management teams to better understand risk and assess the tone at the top that is shaping the culture of compliance, ethics and risk management. Culture and values. This includes leadership promoting integrity and ethical values in decision-making across the organization and requiring accountability. Incentives and rewards. This includes incorporating integrity and ethical values into performance management systems and compensation so the right behaviors are encouraged and rewarded, while inappropriate behaviors are firmly addressed. Risk management. This includes ensuring effective processes to identify, assess, mitigate and manage compliance and ethics risk across the organization. Policies and procedures. This includes establishing, maintaining and updating policies and procedures that are tailored to your business, your risks, your regulatory requirements and the conflicts of interest in your business model. Communication and training. This includes training that is tailored to your specific business, risk and regulatory requirements, and which is roles-based so that each critical partner in the compliance process understands their roles and responsibilities. Monitoring and reporting. This includes monitoring, testing and surveillance functions that assess the health of the system and report critical issues to management and the board. Escalation, investigation and discipline. This includes ensuring there are processes where employees can raise concerns confidentially and anonymously, without fear of retaliation, and that matters are effectively investigated and resolved with fair and consistent discipline. Issues management. This includes ensuring that root cause analysis is done with respect to issues that are identified so effective remediation can occur in a timely manner. An on-going improvement process. This includes ensuring the organization is proactively keeping pace with developments and leading practices as part of a commitment to a culture of ongoing improvement. In addition to the effective practices above, the NEP has also seen firms that have focused on enhancing regulatory compliance programs through effective integration of ethics principles and practices. These include renaming the function and titles to incorporate ethics explicitly; elevating the dialogue with senior management and the board; implementing core values and business principles to guide ethical decision-making; integrating ethics into key leadership communications; and introducing surveys and other mechanisms to monitor the health of the culture and identify emerging risks and issues. The Relationship of Compliance and Ethics with Enterprise Risk Management. We can expand the discussion above beyond compliance and ethics to address enterprise risk management and risk governance more broadly. These same program elements, and ethics considerations, are equally critical, but the scope of risks expands beyond regulatory risk to also include market, credit and operational risk, among others. The roles and responsibilities also expand to include risk management, finance, internal audit and other key risk and control functions. Whether we’re talking about compliance and ethics or we’re talking about ERM, it is important to clarify fundamental roles and responsibilities across the organization. . The business is the first line of defense responsible for taking, managing and supervising risk effectively and in accordance with the risk appetite and tolerances set by the board and senior management of the whole organization. Key support functions, such as compliance and ethics or risk management, are the second line of defense. They need to have adequate resources, independence, standing and authority to implement effective programs and objectively monitor and escalate risk issues. Internal Audit is the third line of defense and is responsible for providing independent verification and assurance that controls are in place and operating effectively. Senior management is responsible for reinforcing the tone at the top, driving a culture of compliance and ethics and ensuring effective implementation of enterprise risk management in key business processes, including strategic planning, capital allocation, performance management and compensation incentives. The board of directors (if one exists in the organization) is responsible for setting the tone at the top, overseeing management and ensuring risk management, regulatory, compliance and ethics obligations are met. While compliance and ethics officers play a key role in supporting effective ERM, risk managers in areas such as investment risk, market risk, credit risk, operational risk, funding risk and liquidity risk also play an important role. As noted above, the board, senior management, other risk and control functions, the business units and internal audit also play a critical role in ERM. As ERM matures as a discipline, it is critical that these key functions work together in an integrated coordinated manner that supports more effective ERM. Understanding and managing the inter-relationship between various risks is a central tenet of effective ERM. One needs only reflect on the financial crisis to understand how the aggregation and inter-relationship of risks across various risk categories and market participants created the perfect storm. ERM provides a more systemic risk analysis framework to proactively identify, assess and manage risk in today’s market environment. OCIE Considerations As I discussed earlier, there is an ethical component to many of the federal securities laws. When NEP staff examines, for example, an investment adviser’s adherence to its fiduciary obligations, or a broker-dealer’s effective development, maintenance and testing of its compliance program, our examiners are looking at how well firms are meeting both the letter and spirit of these obligations. In addition, our examiners certainly examine specific requirements for ethical processes, such as business conduct standards. There is another way in which the ethical environment within a firm matters to us. As you know, our examination program has greatly increased its emphasis on risk-based examinations. How we perceive a registrant’s culture of compliance and ethics informs our view of the risks posed by particular entities. In this regard we have begun meeting boards of directors, CEOs and senior management to share perspectives on the key risks facing the firm, how those risks are being managed and the effectiveness of key risk management, compliance, ethics and control functions. It provides us an opportunity to emphasize the critical importance of compliance, ethics, risk management and other key control functions, and our expectation that these functions have sufficient resources, independence, standing and authority to be effective in their roles. These dialogues also provide us an opportunity to assess the tone at the top that is shaping the culture of compliance, ethics and risk management in the firm. If we believe that a firm tolerates a nonchalant attitude toward compliance, ethics and risk management, we will factor that into our analysis of which registrants to examine, what issues to focus on, and how deep to go in executing our examinations. Finally, I would end by sharing with you that we are also embracing these leading practices. We recently created our own program around compliance and ethics. For the first time, we have a dedicated team focused on strengthening and monitoring how effectively we adhere to our own examination standards. We are in the process of finalizing our first Exam Manual, which we set forth all of our key policies and standards in one manual. We have also established a senior management committee with oversight responsibility for compliance, ethics and internal control. On the risk management front, we are also making good progress. We have recruited individuals with expertise and established a senior management oversight committee here as well. In short, we are also committing ourselves to a culture of ongoing improvement and leading practices. Conclusion Thank you for inviting me to speak here today. I hope that my remarks, both about ethics and compliance as well as our priorities for the first months of our new fiscal year, will be helpful to you and help you to perform your critical compliance functions more effectively. I invite your feedback, whether regarding the points that I made, or the points that you think I missed. I now invite your questions. -------------------------------------------------------------------------------- 1 The Securities and Exchange Commission, as a matter of policy, disclaims responsibility for any private statements by its employees. 2 For a deeper plunge into the relationship between law and ethics, a classic exchange on this subject can be found in Positivism and the Separation of Law and Morals, H.L.A. Hart, 71 Harvard L. Rev. 529 (1958) and Positivism and Fidelity to Law: A Reply to Professor Hart, L.L. Fuller, 71 Harvard L. Rev. 630 (1958). 3 SEC v. Investment Research Bureau, Inc., 375 U.S. 180, 186-87 (1963), quoting Silver v. New York Stock Exchange, 373 U.S. 341,366 (1963). 4 Study on Investment Advisers and Broker-Dealers as Required by Section 913 of the Dodd-Frank Wall Street Reform Act (January 2011) at 62 (available at http://www.sec.gov/news/studies/2011/913studyfinal.pdf) (“913 Study”). 5 Advisers Act Section 204A, and Advisers Act Rule 204A-1. 6 913 Study at 51. 7 Id. 8 Id. at 66. 9 Id. at 52. 10 Id. at 52-53 and cases cited therein. 11 Id. at 51, citing Guide to Broker-Dealer Registration (April 2008), available at http://www.sec.gov/divisions/marketreg/bdguide.htm. 12 SEC v. Capital Gains Research Bureau, Inc., 375 U.S. 180, 194 (1963); 913 Study at 21. 13 Id. at 22 (quoting Concept Release on the U.S. Proxy System, Investment Advisers Act Release No. 3052 (July 14, 2010) at 119. 14 Id. at 54 and cases cited therein. 15 Enterprise Risk Management- Integrated Framework, Committee of Sponsoring Organizations of the Treadway Commission (September 2004) at 29. 16 Id. at 29-30. 17 Basel Committee on Banking Supervision, Principles for Enhancing Corporate Governance (October 2010) at 8.