Speech by SEC Commissioner:
Remarks on Sarbanes-Oxley's Lessons For Broker Dealers before the NASD Fall Securities Conference

by

Commissioner Cynthia A. Glassman

U.S. Securities and Exchange Commission

Scottsdale, Arizona
October 17, 2003

Good morning, and thank you Elise for your kind introduction. Before beginning, I should note the standard disclaimer that the views expressed today are my own and not necessarily those of the Commission or its staff.

We have spent so much time at the Commission on corporate scandals that it's nice to be talking to a different audience about a different subject for a change. Not that times haven't been tough on brokerage firms as well, especially in the court of public opinion. For instance, I recently heard a story about a very successful stockbroker who went back to his old high school to let his old teachers know how well he was doing. As he entered the school, he saw a dog attacking one of the students. Risking personal injury, he bravely subdued the dog and allowed the student to escape. The following day the newspapers ran a story with the headline, "Valiant student saves boy from ferocious dog." When the stockbroker saw the story, he called the paper to inform them that the story was incorrect because he was, in fact, a successful Wall Street broker, not a student. The following day the newspaper re-ran the story under the new headline, "Pompous stockbroker kills school mascot."

So, what does this have to do with you? The short answer is that perception counts for a lot in the securities business. The vast majority of brokers are decent and honest - at least I hope they are - and try in good faith to help clients achieve their financial objectives. However, the small percentage of dishonest brokers out there can cause damage disproportionate to their numbers. Because of the level of trust clients place in securities professionals, the clients are vulnerable to abuse. As too many of our enforcement cases demonstrate, even a single bad actor can easily cost customers and firms millions of dollars.

I have been a Commissioner at the SEC for almost two years now. When I started, people often asked me what the biggest surprise was. My answer is still the same: The number and scope of enforcement actions. I am constantly amazed both at what the perpetrators think they can get away with, and at how vulnerable the victims are. And I am constantly asking, "What were they thinking?"

At the SEC, we are constantly trying to balance the need to deter the small number of bad brokers from hurting their clients with the desire to avoid placing unnecessary burdens on the industry as a whole. In trying to strike this balance, the recent corporate scandals and the regulatory response to them have some lessons for both regulators and the securities industry.

Tone at the Top Matters

Thinking back to this time a year ago, my life was very balanced. It was 50% Sarbanes and 50% Oxley. Sarbanes-Oxley was one of the most significant pieces of securities legislation since the New Deal. While Sarbanes-Oxley is not aimed directly at broker-dealers, the issues that the legislation addresses are as relevant to securities firms as they are to any other business. One of the most important lessons of Sarbanes-Oxley is that governance matters. Put another way, "good" governance can channel decision-making in the right direction so that the company complies with the law, and honors its legal and ethical duties to owners, customers and even competitors. "Bad" governance on the other hand, can lead to, or at least enable, "bad" decisions. That general message of Sarbanes-Oxley applies with equal force to securities firms.

Another lesson you will find in Sarbanes-Oxley and the Commission's rules is that the "tone at the top" matters. While that might be a nice slogan for a tee-shirt or bumper sticker, Sarbanes-Oxley makes it very clear that the CEO of a company is responsible for the company's culture. Included in the firm's culture is its ethics, how it treats customers, employees and shareholders, and how it manages conflicts of interest. Most relevant to all of you, it also includes the compliance culture. And there are very real consequences - in the form of serious penalties - that make ensuring a good compliance culture more than just a catchy slogan.

The notion that tone at the top matters is one of the most important lessons for a head of a broker-dealer to remember. At some securities firms, I am afraid that the CEO may consider compliance a necessary evil that interferes with the firm's "real" business. With that cultural tone set at the top, the relationship between the CEO, operations personnel and registered representatives on the one hand, and the compliance department on the other, is not likely to be a productive one.

One important way for the CEO to set the right tone at the top is to give full support to the chief compliance officer, both in theory and in practice. This support can take many forms. For starters, firms need to recruit and hire qualified people and give them the authority to do their job. The compliance officer should have sufficient seniority and authority to take the actions necessary to keep the firm in compliance. This is, after all, the individual most directly charged with personifying the firm's conscience.

Full support also means giving the compliance officer the budget and resources needed to run an effective compliance program. As with any other part of a firm's operations, you cannot expect to have a successful compliance program if you starve the budget of the person responsible for implementing it.

Further, support from the top means more than just money or a position that looks good on paper. It is also means moral support and backing up the compliance department when it comes to making difficult decisions. It is not always easy for a compliance officer to do the right thing, especially when confronted by a top producing salesman who has an idea that will make the firm a lot of money. Saying "no" usually costs the firm business in the short term. As hard as it is to say "no" under ordinary circumstances, it becomes nearly impossible if the CEO does not support the compliance department's decision, or worse overrules it. That destroys the standing of the compliance department in the eyes of the firm's representatives, and encourages them to go even further over the line in the future. Ultimately the decision to let a questionable transaction go forward is a foolish one because the firm is likely to have to unwind the transaction down the road in any event, in addition to possibly paying penalties.

One way Sarbanes-Oxley seeks to reinforce senior management's responsibility for public companies' corporate reporting is with a requirement that CEOs and CFOs certify the accuracy of their financial reports. The certification requirement makes clear that these executives are personally responsible for the content of their company's reports. The certification requirement has had a positive effect because it forces CEOs and CFOs to focus on their reporting, and to make sure that they have the facts necessary to make an informed judgment about the adequacy of the disclosures.

Along the same lines, the NASD recently proposed to have broker-dealer CEOs and chief compliance officers certify that the firm has adequate compliance procedures. As with Sarbanes-Oxley, a certification requirement for broker-dealer CEOs would drive home what some tend to forget - namely, that they have direct and ongoing responsibility for ensuring that the firm has adequate policies and procedures in place. Theoretically, the certification requirement should not be a big deal, because any CEO who is not in a position to tell the public that the firm has adequate procedures in place is not adequately focused on compliance and is not doing his job. Whether or not NASD adopts a compliance certification for broker-dealer executives, CEOs should understand that compliance is one of their most important jobs. They can and should be held responsible if they fail to ensure that the firm has adequate compliance procedures in place.

Importance of Information

Another lesson from Sarbanes-Oxley that translates to the broker-dealer world is the importance of making sure relevant information reaches somebody who can take meaningful action. One of the issues exposed by the corporate scandals was the absence of adequate procedures to ensure the proper flow of information to decision-makers. In an operating company, among the most important mandates for senior officers and directors is that they seek out bad news. Some corporate CEOs apparently thought it was an excuse that they were too disengaged from their business to be held responsible for fraud that was happening on a grand scale. Such a claim is untenable. It is imperative that firms have adequate procedures to gather material information, and, further, to make sure that the information percolates up to someone who can take meaningful action to fix the situation. A "head in the sand" approach is not acceptable.

One way Sarbanes-Oxley deals directly with this issue is through a requirement that corporate audit committees have procedures for receiving information about possible financial fraud, and provisions protecting whistleblowers from retaliation. Similar procedures could be very useful to a broker-dealer. While compliance personnel cannot be everywhere, people in the field often have a good idea about what their colleagues are up to. The message to all representatives (and other personnel, for that matter) should be that everyone has a stake in compliance. Now, I do not mean that you should give your employees hidden microphones to spy on each other; but, when employees witness behavior that concerns them, there needs to be an effective process to get that information to an appropriate person. The process should allow for anonymous tips, and employees need to know that the information will be taken seriously and that they will not face retaliation for information provided in good faith.

Compliance as an Integral Part of Strategic Planning

Along the same lines, I would like to spend a few minutes talking about the critical role compliance has to play in senior management's ongoing strategic planning. The Commission has indicated in the enforcement context that a broker-dealer's CEO can delegate responsibility for the day-to-day operation of the compliance program, as long as the delegation is reasonable.¹ In my view, that is a fundamentally sound approach. It takes into account the fact that most chief executives do not have the expertise or time to devote to being an effective compliance officer. Put another way, at most firms compliance is a full-time job, and a CEO with another full-time job is not likely to be able to devote the energy necessary to do it effectively.

The ability to delegate day-to-day compliance responsibilities does not, however, mean that the CEO has no ongoing accountability for the compliance program. Compliance has to be part of the firm's overall business strategy, and the CEO needs to be intimately familiar with - and involved in - the implementation of the compliance program. Think about it this way: No CEO would delegate responsibility for marketing or product development and then just forget about it. Can you imagine the head of a firm saying to the chief marketing officer: "We're rolling out an important new marketing initiative next month - you design and implement it and I don't need to be involved at all"? The obvious answer is of course not. The scenario seems completely farfetched because in our minds we take it for granted that CEOs have ultimate accountability for the success or failure of marketing programs. Therefore, we naturally assume that they will be involved enough to make sure the project is headed in the right direction, and that it has the resources necessary to be a success.

The idea of CEOs absolving themselves of any involvement in compliance should give us an equally strong reaction of disbelief. Just as marketing strategies change over time to adapt to new products and circumstances, so too must compliance strategies. What may have been a reasonable approach to compliance when a firm had 20 representatives in a single office obviously is not reasonable for a firm with 200 representatives spread across the country. The CEO plays an integral role in ensuring that the firm's compliance strategy remains up to date and on target.

Management's focus on a long-term, strategic approach to compliance is in everyone's best interest. It fosters a culture that, more than any written procedures, will help ensure that fraud does not occur, and if it does that it is isolated to the rogue broker and detected quickly. Senior managers also have a self-interest in taking a strategic approach to compliance because it decreases the risk that they will be held personally responsible for any misconduct that does occur.

On the other hand, the consequences of failing to take a strategic approach to compliance can be very serious for broker-dealers. I personally have very little sympathy for firms that tolerate widespread misconduct or cut corners to make a quick buck, and then plead for mercy in Commission enforcement actions when the misconduct inevitably comes to light. The Commission is determined to deal severely not only with those who directly violate their client's trust, but also with those who failed to prevent misconduct despite being in a position to do so. No set of policies can prevent all fraud. But to my mind, if a firm or its senior managers want leniency from us, then they had better be able to show that they took significant steps to prevent misconduct before it occurred, and also took swift corrective action once it was uncovered.

When it comes to failures to supervise, in my opinion the Commission is much more willing than in the past to pursue the full range of available disgorgement claims. We also will not hesitate to impose suspensions or bars on people whose failure to carry out their responsibilities in a way that exhibits an unfitness to be in the securities industry.

From a strategic planning point of view, you also have to consider that failing to act now could cause you to lose the flexibility and control you currently have over your compliance program. A common remedy in failure to supervise cases resulting from an inadequate supervisory structure is an undertaking by the firm to retain an independent consultant to review the firm's procedures, and make recommendations regarding how to improve them. The firm often not only pays the consultant's fees, but also consents to be bound by the consultant's recommendations. The consultant may insist, among other things, that the firm increase its supervision, hire additional staff and conduct more frequent inspections of branch offices. The recommendations might also include structural changes such as having the compliance officer report outside broker-dealer management responsible for sales production (for example, to the general counsel). If you face the cost and intrusiveness of these procedures, it will no doubt make any past scrimping look penny wise, and pound foolish.

Perhaps most important, though, is the cost a single rogue broker can have on an entire firm's reputation. A broker who mishandles a client's account destroys not only that individual client's trust, but also the reputation of the firm as a whole. In an important and very real way, the industry's honest brokers are also victims anytime one of their colleagues commits a fraud.

If your goal is to get as much money as possible in the door today - even if it leaves shortly thereafter in the form of fines and litigation settlements - then you may be tempted to look the other way. I respectfully suggest that firms that cut corners on compliance jeopardize the long-term profitability - and ultimately viability - of the firm. A company's reputation is a valuable asset, and in the securities industry it is a firm's most valuable asset. Failure to safeguard this reputational asset with first-rate governance and compliance procedures is a serious failure in strategic thinking. Remember that although there are a lot of business risks inherent in running a securities firm, regulatory risk - which is manageable - probably poses the single greatest potential doomsday scenario, capable of shutting the doors of even the most prestigious firm forever.

Finally, you should all be aware of the role banks and broker-dealers allegedly played in facilitating some of the most serious misconduct we've seen coming out of the corporate scandals. If systemic problems are allowed to fester in the securities industry, then you can be sure that there will be a public outcry for a legislative or regulatory response along the lines of Sarbanes-Oxley. Conflicts of interest in compensation and in building business come to mind as potential watershed issues for broker-dealers, the way accounting frauds were for public companies. The Sarbanes-Oxley response to perceived systemic problems was to put significant restrictions on certain business practices, and to impose quite detailed corporate governance procedures on all public companies. Except in extreme circumstances, I ordinarily prefer tailored solutions to a one-size-fits-all approach. When it comes to things like supervision, you operate under a very general mandate to have procedures reasonably designed to prevent and detect fraud. That leaves you the flexibility to design procedures that are appropriate for your firm and business. The easiest way to lose that flexibility is to use it unwisely.

Compliance Has to be Part of the Team

Much of what I have said today has dealt with the need for a broker-dealer's senior management to support the compliance department to make it effective. I do not, however, want to give the impression that I view compliance's job as purely reactive, or merely as saying "no." That knee-jerk approach will unnecessarily build an "us" versus "them" mentality.

Instead, the street has to run both ways. If compliance officers expect to get support from management, then they need be partners with management, both in facilitating the compliance culture I spoke of earlier, and also in building the firm's business. You should always try to work constructively toward acceptable solutions. If someone proposes an idea that crosses the line, give them a thorough explanation for why the approach is not appropriate, and try to come up with acceptable alternatives. Your feedback as to why an idea will not fly will show operations and marketing people that you have given the issue thoughtful consideration, and it will also provide a valuable opportunity to educate them about regulatory requirements. Over time, managers and brokers hopefully will be more likely to bring ideas to compliance if their expectation is that they will get useful input instead of just a negative response. Your job will be much easier if you are invited to the table at the outset when new products or marketing strategies are developed.

Conclusion

I would like to close by noting that although Sarbanes-Oxley has a lot of technical provisions, and not all of them are relevant for you, you would be wise to abide by the spirit of Sarbanes-Oxley. Otherwise, you run the risk of someday facing Sarbanes-Oxley II, the sequel, a story about scandals in the broker-dealer industry. None of us wants that. Let's face it, sequels are never as entertaining as the originals, and that is definitely one in which you don't want a starring role. So if there is one thing you remember from my remarks today, I hope it is this: Think about what you are doing from the perspective of your customers. Are you doing the right thing for them? If you are, then I won't ever be asking about you - in an enforcement action - "What were they thinking?"

Thank you. I'd be happy to take your questions.

¹ See, e.g., Thomas F. White, 51 S.E.C. 1194 (1994).

http://www.sec.gov/news/speech/spch101703cag.htm