Remarks at National Society of Compliance Professionals National Membership Meeting
Chair Mary Jo White
Oct. 22, 2013
Good morning. It is a real pleasure to be here in welcome and familiar territory for me with an expert group of compliance professionals.
Your work is invaluable to the critical mission of protecting investors and ensuring the integrity of our markets.
You are on the front lines, working day in and day out in an effort to prevent people from cutting corners, stepping over the line, and violating the securities laws and regulations.
The simple fact is that when firms do not implement and enforce a comprehensive set of policies, procedures, and systems to govern and supervise their employees, it increases the likelihood that an investor somewhere will be harmed.
And when firms do not fully and fairly disclose conflicts, it increases the chance that an investor will be deprived of the opportunity to make fully-informed investment decisions.
This is precisely what we – and you – want to prevent. Your work is extremely important to us as well as to investors because you are positioned to prevent infractions from happening in the first place, rather than coming to our attention only after harm has been done.
But it is not just investors who benefit from the work you do to create a strong compliance program and a strong compliance culture. Your firms also benefit because your work protects the business and ensures that reputational risk is managed. As a result, the livelihoods of all those who work alongside of you are safeguarded.
And at the SEC, we rely on you.
We rely on you because as much as we strive to be everywhere we can be, our resources are limited and always stretched. Take, for example, the 450 incredibly dedicated professionals we have to examine investment advisers and investment companies.
They are tasked with inspecting nearly 11,000 registered advisers who advise approximately 9,700 mutual funds and ETFs and 30,000 private funds. That is a 24-to-1 ratio of examiners to registrants and a nearly 90-to-1 ratio of examiners to funds – far larger than that of almost every other financial regulatory agency.
Because we rely so heavily on you, one of the cornerstones of our examination program is to support your efforts to create a comprehensive compliance environment within your firms – one in which individuals at every level understand the importance of compliance and working with you to comply.
As an agency, we try to send a clear message about the importance of compliance to your boards and senior management. We work to proactively provide you with the information that helps you focus and target your resources in vulnerable areas that we believe may be overlooked. And we work to structure the most effective exams we can to supplement your efforts.
We have a great deal of respect for you and are far more interested in helping you succeed before an examination than we are in catching your firm in a violation in the course of an examination.
That is what is best for investors, and that is what matters most.
A Strong Line of Defense Against Non-Compliance
So at the SEC, we see you as a critical line of defense against violations of the securities laws and regulations, inadequate policies, procedures and systems, and inadvertent errors – all of which may harm investors or your firms. But you are not and should not be the only line of defense.
There are many others who need to play a key role in defending against non-compliance, and helping you. They include:
- The managers of business units who, in striving to meet their targets, must also manage risks and stay in compliance with their firms’ own policies and the law.
- The internal auditors who need to have the skills, stature and independence to effectively review the books, ensure that the numbers are bona fide and that there are no control deficiencies.
- The CEO and senior executive team, who in addition to focusing on the bottom line must instill a culture in the biggest producer and the most junior employee that they are expected and encouraged to do the right and ethical thing, and escalate problems if they are not resolved.
And there is the board of directors, who must oversee all of it.
In short, an effective compliance and risk management program does not rest with you alone, it is an organization-wide effort and responsibility. And the culture of compliance and ethics must be set at the top.
That is why one of the pillars of our support for you is outreach to the men and women who staff the other lines of support and who should be significantly assisting you.
But you are uniquely important. You are dedicated compliance officers who provide advice and support to your entire organization. You are charged by your firms to be expert in the laws, rules, and regulations that apply to your company. You counsel business managers, senior executives, and the board about how to achieve their business objectives while staying in bounds. And you test your firms’ controls and identify weaknesses, which you escalate if necessary. It is, in short, you who set the bar, provide the expert guidance, and serve as the example for everyone.
So for us at the SEC, the question is not, “Who do we rely on most heavily to ensure compliance with the rules?” Because we know it is you.
Instead, the questions we ask are:
- Do you have the necessary resources and access to training to enable you to advise your firms as they navigate competitive, highly complex, rapidly changing markets?
- Do you have the tools to test for, detect and address compliance failures?
- Do you have the necessary independence, access, authority and support to do your jobs effectively, and ensure that your firms adopt, implement and enhance effective compliance controls?
- In short, are you empowered by your firms to do what you need to do?
We want the answer to each of these questions to be “yes.” We want to encourage companies to give you the recognition that you deserve, the resources that you need and the authority that your role demands, so you can succeed and, as a result, our markets are safe and can succeed.
Needless to say, we want to encourage you to engage and become involved when you see an issue that raises a concern. We do not want you to hesitate to become involved and provide advice when issues arise, and to engage in the remediation of issues. That is your job. And we do not want you to be concerned that by engaging, you will somehow be arbitrarily construed to be a supervisor, and expose yourselves to potential supervisory liability.
As our recent staff guidance makes clear, compliance officers do not become supervisors solely because they provide advice concerning compliance issues to business line personnel.
Supporting the Role of Compliance Officers
Engagement with Senior Executives and the Board
As we all know, the culture of compliance must be set and lived at the very top of every company. So our effort to empower you starts at the top as well.
We have launched an initiative to help us focus on and assess the “tone at the top.” It is an outreach effort in which senior examiners and other SEC officials engage with executives and boards at firms. We do this through in-person meetings with CEOs, senior business managers, heads of compliance and other control functions as well as the chairs of the audit and risk committees of the board.
During these meetings, one of the things we ask about and assess is the standing, authority, and resources of compliance personnel within the organization and its affiliates. We look to see whether your role is woven into the fabric of the firm.
And by engaging senior management and the members of the board in this dialogue, we seek to promote the role of compliance and ensure that the firms recognize and acknowledge the importance we place on your role.
We understand, and we know you understand, that compliance must be an enterprise-wide effort. And we are working hard to ensure that those with whom you work understand that as well.
Another way we are empowering you is by being transparent about our priorities and exam observations. Recognizing that you – like we – do not have infinite resources, we now highlight practices, policies, and procedures that show or suggest a pattern of non-compliance throughout the industry.
This can help you focus on areas for additional scrutiny and provide encouragement to your management to support your efforts to take the appropriate remedial steps.
An example of this effort is our risk alerts.
We use risk alerts to pool and share our findings related to a common issue that we derive from a series of examinations. The risk alerts lay out the most frequently observed instances of non-compliance, whether as a result of intentional acts or misunderstandings about what the rules require. We recently published risk alerts on a wide range of areas, including on illegal options trading and compliance with the custody rule.
In the case of the custody rule, we highlighted failures by investment advisers to recognize when they are deemed, under the rule, to have custody of their clients’ assets and to arrange for surprise audits by independent accounting firms in those circumstances.
Similarly, we recently issued a risk alert on Rule 105 of Regulation M – a rule that generally bans firms from improperly participating in public offerings soon after short selling those same stocks. It is a very important rule but, as our exams discovered, a rule often not observed. Its objective is to protect a stock offering from potential manipulation by short sellers who artificially depress market prices and guarantee themselves a profit while reducing the company’s offering proceeds and diluting shareholder value. It is obviously a rule that underlies the integrity of our markets.
Unfortunately, however, our examinations and enforcement investigations revealed that a surprisingly large number of investment advisers and broker-dealers have either ignored or overlooked the rule in designing and implementing their policies and procedures.
The risk alerts we issue are one way we try to help you and your firms identify common mistakes and deficiencies so that you can take prompt action to find and correct any such problems you may have.
In addition to our risk alerts, which are generally tailored to a specific issue or set of issues, we are also being more transparent about our priorities and observations on a broader scale.
Earlier this year, the examination program published its list of current priorities, which include broad areas of focus critical to all of our registrants. These include fraud prevention and detection, corporate governance, and technology, as well as more specific initiatives unique to regulated financial institutions.
Other current priorities of the examination program include a focus by our broker-dealer exam team on potential violations of the market access rule and unsuitable sales of high-yield securities, and a focus by our investment adviser exam team on potential conflicts of interest of investment advisers in allocating trades among their client accounts.
We have heard from many of you that you find our risk alerts useful and that you appreciate our published statements of exam priorities. This type of transparency certainly makes sense from our end and we intend to continue to publish our exam priorities each year and periodically share risk areas as we see them emerging. Such an approach allows us to best leverage our compliance efforts with yours.
Communication between us is important. And for the past few years, the exam program has sponsored compliance outreach conferences on a variety of topics. We use these opportunities to promote a better understanding of our examination priorities, common findings of deficiencies, and other issues essential to building an effective and up-to-date compliance programs.
We think this interaction is particularly valuable because it gives you the opportunity to ask questions, to explore the nuances of our examination goals in more detail, and to give us feedback on our efforts.
A More Sophisticated Examination Program
Our efforts to empower you are rooted in our overall objective that your compliance programs be state of the art. And in encouraging you and your firms to work toward that goal, we try to lead by example, constantly striving to improve and strengthen our exam program.
A better exam program means a more effective focus on real challenges firms face and on issues that matter most to investors. And when we sit down with you and your team or you and your board, we are able to focus – and, again, help you focus – on issues, as we see them, that present significant risk to investors and your firms’ reputations.
As you know, in the last several years, we have continued to hone and improve the implementation of a risk-based strategy across the entire examination program, focusing resources on entities and business practices that we believe pose the greatest risks to investors and markets.
We have become more adept at collecting and analyzing large data sets to help us do this.
The Risk Analysis Examination – our RAE initiative – is a prime example of the flexible and innovative way in which we are more efficiently and effectively conducting examinations to identify and address significant compliance issues. The RAE team uses quantitative analytics to examine clearing firms and large broker dealers by downloading all transactions cleared by the firm over the prior year or two and then subjecting that data to a broad range of queries designed to identify problematic behavior.
In one exam that was recently completed, the RAE team collected and analyzed over 400 million transactions. And the next exam is expected to analyze more than twice that many.
Armed with this data, the RAE team is – and has been – able to identify a wide range of problematic behavior including:
- Unsuitable recommendations, misrepresentations and inadequate supervision.
- Inadequate supervision of “reverse churning,” a practice where a client who trades infrequently is placed in a fee-based account.
We intend for this new capability to empower you as well.
As regulators, we do not often have tools that enable us to analyze the metrics of a business that are not available to the people who run it. But through the efforts of the RAE team and others, we now can do that. Some of our new tools should allow us to detect and inform you about activities, trends, and issues of which you may be unaware.
Our ability to do that may also help you persuade your firms to devote the resources you need to create more sophisticated and effective monitoring programs.
We also want to use our enforcement program to support your efforts.
Recently, the SEC filed its first-ever charge against an individual for misleading and obstructing a compliance officer of an investment adviser. That, as you may know, is a violation under Rule 38a-1(c) of the Investment Company Act.
The action came about after our examiners discovered that an assistant portfolio manager had forged and altered brokerage statements, trade pre-approvals and other documents. He also attempted to conceal from his firm’s chief compliance officer his involvement in more than 600 unauthorized personal trades – many of which involved securities held or acquired by funds managed by the firm. In resolving the case, the portfolio manager agreed to pay $345,000 including a $100,000 penalty, and accept a five-year bar from the industry.
This was a very important case because it held the portfolio manager directly accountable, not only for his substantive violations, but also for obstructing the compliance officer’s work.
We want your firms to know, at every level, how important your work is to investors and to us. And we will be looking for more cases to bring to drive that message home.
Closely Coordinating With Enforcement
The close working relationship our examination team has with our enforcement staff is one aspect of our multi-faceted compliance effort.
One good example of our cross-agency collaboration is the Compliance Program Initiative.
Through this joint effort, the Enforcement Division’s Asset Management Unit, the examination staff and others are teaming up to identify and recommend enforcement actions against registered advisers who have failed to adopt or implement an adequate compliance program after being notified repeatedly of deficiencies by our staff.
The Compliance Program Initiative underscores the critical function that effective compliance programs and personnel play in protecting the investing public from fraud. And it is a particularly timely effort now that hundreds of private fund advisers have recently registered with the Commission for the first time under the Dodd-Frank Act. The compliance program rules of the road need to be learned and followed from the outset.
The Commission to date has brought six settled actions as part of this initiative, and more are in the pipeline. In one of these cases filed in 2012, we charged a registered investment adviser who had gone five years without addressing the compliance deficiencies that we identified in a 2005 exam. Those deficiencies included inadequately tailoring its compliance manual to its business as well as making inaccurate or inconsistent statements in its filings.
When we conducted a subsequent exam, our examiners not only found that the deficiencies identified earlier were not remedied, but also that the firm had failed to enforce its written code of ethics and neglected for several years to conduct the required annual review of its compliance program.
This case involved charges against the firm and not the compliance officer. Although we occasionally bring enforcement actions against compliance personnel, compliance officers who perform their responsibilities diligently, in good faith, and in compliance with the law are our partners and need not fear enforcement action.
On another front, two years ago, our examination program created specialized working groups in several subject matter areas. Today, these areas include securities valuation, marketing and sales practices, fixed income and municipal securities, structured and complex products, equity market structure and trading practices, microcap fraud, transfer agents, private funds, and investment companies. The groups are made up of professionals from across the agency with specialized knowledge in these subject matter areas.
Through this effort, we are bringing to bear in our examinations expertise from across the Commission, which we believe makes our exams more focused on a broader range of problems occurring in the industry.
These working groups are bearing fruit.
In one action, our specialized unit for fixed income and municipal securities built a case that was triggered by press reports of financial misstatements by local municipal entities. We began a municipal surveillance initiative to examine whether those entities raised capital in the municipal markets during the time period of those misstatements. The team identified significant violations which ultimately resulted in several major cases, including a recently settled action.
The path of investigation to charging and settlement was pretty straightforward. After reading a news story about financial irregularity involving a county’s public hospital system, the examination team focused on whether the senior managing underwriter and the county, as the issuer of an $83 million bond offering, knowingly concealed financial difficulties.
The examination led to an enforcement referral and settlement after finding that the hospital system operator was aware that its financial situation was deteriorating, resulting in a non-operating loss in a single year of $244 million. This was more than four times the figure disclosed in the official statement provided to investors.
The close coordination between our enforcement and exam programs is nothing new. Some have suggested that it leads people to be more defensive in dealing with our examiners, fearing that any compliance failure will result in an enforcement action.
Openness with our examiners is, of course, required and it continues to be provided to us, as we would expect. But let me also assure you that we do not think that every deficiency warrants an enforcement response. Indeed in the vast majority of cases, we address instances of non-compliance through engagement with the registrant, deficiency letters, and other approaches short of an enforcement action.
So we fully expect that your firms will continue to work with our examiners to fix any deficiencies promptly – whether you detect them or whether we detect them through our exams – which is essential to strong compliance. And that is what we are seeing.
You have a very tough job in a complex industry where the stakes for all concerned are extremely high. We recognize that and have tremendous respect for the work you do. For our part, we will do everything we can to help empower you so you can do your jobs even more effectively.
It is a privilege to work with you as you serve your firms and fulfill our mutual mission to protect investors and our markets. We do that by working to ensure scrupulous compliance with laws, rules, and regulations, which give the markets a level playing field and make ours the strongest and most desirable capital markets in the world. You and the work of your people deserve much of the credit for that. Thank you for all you do and for inviting me here today.
 Recently, the Division of Trading and Markets published guidance related to liability that may arise under the Exchange Act in connection with the role and duties of chief compliance officers and other compliance and legal personnel at broker-dealers. The guidance notes that “[a]s a general matter, the staff does not single out compliance or legal personnel. Rather we encourage compliance officers and other compliance and legal personnel to take strong and vigorous action regarding indications of misconduct.” http://www.sec.gov/divisions/marketreg/faq-cco-supervision-093013.htm.
 The guidance further notes that “[c]ompliance and legal personnel play a critical role in efforts by broker-dealers to develop and implement an effective compliance system throughout their organizations, including by providing advice and counsel to business line personnel. Compliance and legal personnel do not become "supervisors" solely because they have provided advice or counsel concerning compliance or legal issues to business line personnel, or assisted in the remediation of an issue. If their responsibilities or authorities extend beyond compliance and legal functions such that they have the requisite degree of responsibility, ability or authority to affect the conduct of business line personnel, additional inquiry may be necessary to determine if they could be considered supervisors of the business line personnel.” http://www.sec.gov/divisions/marketreg/faq-cco-supervision-093013.htm.
 Custody Rule Sec. IAA Sec. 206 and Rule 206(4)-2 http://www.sec.gov/about/offices/ocie/custody-risk-alert.pdf.
 The published priorities memorandum sets out specific initiatives in each of the major program areas of the SEC's examination program: (i) investment advisers and investment companies; (ii) broker-dealers; (iii) market oversight (i.e., exchanges and self-regulatory organizations); and (iv) clearance and settlement (i.e., transfer agents and clearing agencies).
 Exchange Act Rule 15c3-5.
 See http://www.sec.gov/news/press/2011/2011-248.htm; http://www.sec.gov/litigation/admin/2012/ia-3441.pdf; http://www.sec.gov/News/PressRelease/Detail/PressRelease/1365171485256; and http://www.sec.gov/litigation/admin/2013/ia-3537.pdf.