Speech by SEC Commissioner:
Remarks before the Bank Insurance and Securities Association's Legislative, Regulatory and Compliance Seminar
Commissioner Cynthia A. Glassman
U.S. Securities and Exchange Commission
October 8, 2003
Thank you, Kathleen. It is a pleasure to be here today. Before I go any further, let me make the standard disclaimer that the views I express here today are my own and not necessarily those of the Commission or the staff.
In case any of you wondered what would be left for the Commission to do after Sarbanes-Oxley, let me assure you that we seem to have no shortage of work. We have our regular enforcement calendar - which seems to have beaten last year's record - it's like the Energizer bunny - it just keeps on going! In addition, we're continuing to work on the broker rules under Gramm-Leach-Bliley, we're reviewing the comments received in response to the concept release on credit rating agencies, and we have important market structure and self-regulatory organization governance issues to address. The staff hedge fund report is out, and I've just come from an open meeting at which the Commission voted to publish two new rule proposals for comment: a proposal to increase shareholder access to the director nomination process, and two proposals relating to the creation of a consolidated supervision structure for certain investment bank holding companies.
The topic I'd like to address today, however, is the role of compliance personnel in the changing regulatory environment. Having an effective compliance program has never been more important for a broker-dealer, bank, insurance company or any other company. Risks change over time, but right now, regulatory and reputational risk are among the most critical risks companies face.
As compliance specialists, you are your companies' first line of defense against regulatory problems. Based on my private sector consulting experience, I appreciate how difficult your job can be. I've seen the tension between what the business people want to do - the new products, the new strategies, the new marketing campaigns they want to roll out yesterday - and what the compliance people believe is permissible under the rules and, just as important, what is advisable in the regulatory environment. You are not always the most popular people in your organizations, and your success is hard to measure. For you, no news is good news. In the last couple of years, however, that adage has taken on new meaning. The good news really is not seeing your company's name in an SEC enforcement action!
But the more effective you are, the better off your companies will be, and the better off your customers and investors will be. So today I'd like to discuss two issues on the Commission's radar screen that may give you some context for re-focusing your compliance programs and making them more effective. These two issues are corporate governance and conflicts of interest.
As the financial scandals that led to Sarbanes-Oxley unfolded, we saw example after example of company executives bent on meeting Wall Street expectations and willing to do whatever it took to make that happen. The fraudulent financial and accounting schemes at some companies succeeded because the gatekeepers - the accountants, analysts, attorneys and corporate directors -- failed to do their jobs and stand up to management.
Sarbanes-Oxley was Congress' response to the governance crisis in our corporate community and the tremendous loss of investor confidence that resulted. The purpose of the legislation - and the rules the Commission adopted to implement it - was to incent good corporate behavior and improve the "tone at the top." The certification of financial information in companies' periodic reports by CEOs and CFOs, fuller disclosure of off-balance sheet arrangements, restrictions on the use of non-GAAP pro forma information and the requirement for a management report on internal controls over financial reporting are rules designed to encourage the integrity and transparency of corporate financial reporting.
Sarbanes-Oxley also addressed the need for the gatekeepers to be independent and to live up to their important responsibilities. Our auditor independence rules reinforce the requirement that auditors be truly independent of the company. The terms of the global settlement and the SRO rules on analyst conflicts were designed to promote the independence and integrity of research analysts. They provide structural and other reforms intended to minimize the conflicts among analysts and the investment banks that employ them so that research reports are more impartial and more accurate. The "up the ladder" reporting requirements for attorneys practicing before the SEC, and audit committee independence standards contained in exchange and Nasdaq listing criteria, are other rules designed to strengthen the independence and integrity of the gatekeepers.
Sarbanes-Oxley also provided disincentives for bad corporate behavior, and the trend is clearly toward ratcheting up civil and criminal sanctions. Prison time for securities violators may be the ultimate deterrent to fraud, but more aggressive pursuit of disgorgement, higher civil penalties, and the wider imposition of officer and director bars in SEC enforcement actions will surely have a deterrent effect as well.
I believe Sarbanes-Oxley and the rules we adopted were a necessary and appropriate part of our efforts to improve the quality of corporate governance and to restore investor confidence. As an aside, I would like to hear if any of our rules are not accomplishing their objectives or are creating unintended consequences. But even assuming our rules are on the right track, it will take more than compliance with the letter of the law to convince investors that corporate officers and directors have gotten the message. It will take compliance with the spirit of the law to persuade investors that corporations are committed to ethical behavior. That's what Chairman Donaldson means when he says that "doing the right thing" should be part of the DNA of a company and everyone in the company from top to bottom.
Unfortunately, we still have a way to go in the financial services arena before the Chairman's vision becomes a reality. In July, we settled actions against two banks, JP Morgan Chase and Citigroup, for helping Enron mislead its investors by characterizing what were essentially loan proceeds as cash from operations. Last month, we announced settled administrative and civil actions against AIG, the insurance company, and an AIG employee, among others, for their role in a financial fraud at a public company, Brightpoint, Inc. AIG marketed a "non-traditional" insurance product designed to "smooth" the financial statement impact of losses. Brightpoint bought the product from AIG, and recorded an insurance receivable in the amount of certain unanticipated losses, which materially reduced total losses. In reality, the so-called insurance premiums Brightpoint paid to AIG were simply cash deposits, which AIG returned to Brightpoint as insurance claim payments.
So what does "doing the right thing" mean for the compliance officer of a financial services firm? As a first step, it means re-examining your compliance program from a risk management perspective. In my former life as a risk management consultant, I began my engagements with four simple questions. What could go wrong that could materially affect the company's performance? How do you know that it's not going wrong? What do you do if it is? And how do you prevent it from going wrong in the future?
One of the bigger risks your organizations face these days stems from conflicts of interest. The conventional wisdom has always been that the securities industry is rife with conflicts, but I don't think everyone recognized just how rife! The director of our Enforcement Division, Steve Cutler, recently challenged financial services firms to conduct systematic, top-to-bottom reviews of their business operations to identify conflicts of interest, disclose them and attempt to minimize their potentially harmful consequences. I urge you to take a look at this speech on our website. It includes a lot of good - and very smart -- advice.
There seem to be conflicts everywhere we look these days: from various forms of analyst conflicts; to brokers recommending Class B mutual fund shares - which earned them a higher commission -- when their customers could have purchased Class A shares at a reduced cost; to recent allegations that certain mutual funds, including two bank-sponsored funds, and fund managers permitted a hedge fund to engage in trading practices that benefited fund management, but disadvantaged their retail investors.
It is critical that you work with management to analyze your business and figure out where conflicts of interest and other risks lie. Look for conflicts in your profit centers or other situations in which your firm could be in the position of favoring the interests of some customers over others or where your firm could prefer its or its employees' interests over the interests of customers.
Once you've identified potential conflicts, review your compliance systems and procedures to make sure they address these conflicts and any other situations in which significant problems could arise. Educate your sales staff, business people and supervisory personnel about conflicts, and be sure to emphasize the regulators' new focus on this issue.
You can't rest on your laurels once your risk management review is completed. If this environment has taught us anything, it's that we can no longer assume that the way things have always been done is necessarily the right way to do them. Re-examine the types of business you do and the way you do business on a regular basis. This will put you and your management in the best position to anticipate where your greatest risks are and to prepare for them.
There are two rule proposals out for comment right now that build on this concept of keeping management focused on compliance. In February, the Commission published for comment proposed rules requiring mutual funds and investment advisers to maintain comprehensive compliance policies and procedures and designate a chief compliance officer. The NASD has a proposal out for comment that goes further by requiring broker-dealer CEOs to certify the adequacy of their compliance and supervisory policies and procedures.
The Commission and the NASD are still considering the comments received on their respective proposals. But whatever the fate of these particular proposals, the message is clear. Management will be held responsible for inadequate and ineffective compliance programs. As a result, management will clearly have an incentive to take a new look at the compliance function and work with you to make sure you have the best program you can.
These two proposals are indicative of another trend. As the number of regulated entities increases and regulatory issues become more complex, the Commission's inspection and examination capabilities are stretched - even with our new resources. Improving the quality of compliance programs among broker-dealers and mutual funds helps the Commission and its self-regulatory partners to make the best and smartest use of our resources. If our staff can achieve a comfort level with a firm's basic compliance procedures, they will be able to focus their attention on specific areas as determined by our own risk management assessments.
I also believe that the Commission needs to practice what it preaches. The Commission needs to undertake our own risk management analysis. We need to look at the way we function, identify areas in which we need to increase the transparency of our processes, and evaluate our programs to make sure that they are achieving our primary objectives of protecting investors and our markets. Do we have the right technology to carry out our programs effectively? Are we thinking strategically? Do we have the right intelligence - the right industry outreach - to prioritize our inspection, examination and enforcement goals? How can we be more proactive - not just reactive?
There are also many policy issues that we need to re-examine in the current environment. The self-regulatory structure is a prime example. As a result of the Chairman's calling on the SROs to review their governance practices, corporate governance issues and conflicts of interest have come to the surface in some of our self-regulatory organizations in a very dramatic fashion. Clearly, we expect the SROs to set the standard for good governance and to embrace corporate governance standards no less rigorous than they require of their listed companies. But it is time for the Commission to re-evaluate the existing self-regulatory model. We need to look at ways in which the conflicts of interest inherent in the SRO structure can be minimized consistent with the protection of investors, and be open to new options and new solutions. We have a window of opportunity on this issue right now, and we need to take advantage of it.
Which brings me back to Chairman Donaldson's appeal to companies to "do the right thing." Keep up your continuous review of your compliance policies and procedures and take steps to assess your areas of risk. And even if you start this process only to prevent bad things from happening, you may soon find yourselves starting to make good things happen and changing the culture of compliance within your firms. Not only will this aid the Commission and our self-regulatory partners in our mission to protect investors, I truly believe that the market will reward firms with ethical cultures. Your efforts can really make a difference.
And by the way, when your business people start complaining about all the new rules they have to comply with, feel free to blame us! Keep up the good work!
Thank you. I'd be happy to take some questions.