Speech by SEC Staff:
Luncheon Address at Practicing Law Institute:
Strengthening Supervision

by

Daniel M. Gallagher, Jr.

Co-Acting Director, Division of Trading and Markets
U.S. Securities and Exchange Commission

New York, New York
October 28, 2009

Good afternoon and thank you for the kind introduction. It is a pleasure to be here. Before I begin, I want to remind you that my remarks represent my own views and not necessarily the views of the Commission, the individual Commissioners, or my colleagues on the Commission staff.

When I was considering what I wanted to talk to you about today, I found myself thinking back past the most recent crises, and all the way to Enron and WorldCom — “the ghosts of scandals past” — and the lessons we learned from them. One very basic lesson — that has been brought home again in the current financial crisis — is that problems are frequently the product of both individual failings and a deficient culture. And problems are costly. Even when problems don’t result in regulatory sanctions, there is reputational risk. The disclosure of fraudulent activity or improper business practices may permanently damage a firm’s reputation, driving away customers and counterparties. In this day and age, in the shadow of Bear and Lehman, no firm can afford to lose the confidence of its customers and counterparties.

Now more than ever, firms need to take a long-term view on compliance. That means maintaining their support for compliance during stress periods and beyond. As Chairman Schapiro noted in a recent speech, strong compliance is even more essential when times are tough in the industry and the economy as a whole. While our oversight system needs strong and tough regulators, no regulator can be everywhere, at every moment, and at every interaction between investors and intermediaries. Regulators can write strong rules, conduct detailed examinations, and bring timely enforcement cases. But it’s those of you in the firms and on the ground who have the first-line obligation to help assure that your firms and your fellow employees are meeting their obligations to investors.

Cultivating a culture of compliance requires a sustainable effort. A one-time push is not enough. Employees will see such an effort for what it is and won’t believe it represents a true commitment to an ethical culture. Firms have to make sure, on a regular basis, that their policies and procedures are being followed. They must also guard against “creeping” noncompliance — business practices can change incrementally — and against institutional amnesia — it’s human nature for people, once they get through the immediate crisis, to forget their historical errors and jump into the next industry trend without proper risk reflection and planning.

Current market conditions have created challenges that firms have not experienced before, and placed greater stress on operational units and on compliance programs. Firms in many cases are being asked to do more with less —to strengthen controls while compliance budgets are being reduced. Clearly, there are pressures on the industry to cut costs, but when a firm cuts compliance, violations quite simply will be more likely to occur. I doubt that any regulator (certainly not the SEC) — or member of the public — would be sympathetic to a firm that develops problems after cutting its compliance budget. If violations occur in these circumstances, action should and will be taken.

As you know, our regulatory system is one of shared oversight responsibility. Self-regulation, with oversight by the Commission, is a basic premise of the Exchange Act. We talk about the regulatory pyramid, with the Commission at the top, overseeing the SROs that oversee the firms that, in turn, oversee their associated persons. To put matters into perspective: FINRA, by far the largest SRO, oversees nearly 4,800 brokerage firms, about 172,000 branch offices, and approximately 646,000 registered securities representatives.

I’d like to focus today on that first level of oversight conducted by the firms themselves that are responsible for training and educating their employees about applicable laws, regulations, and SRO rules, and for supervising their activities. Simply stated, the firms are the front line of defense. The Commission has long emphasized the responsibility of broker-dealers to supervise their employees, and the critical role played by the firms themselves in detecting and preventing market abuses. Effective supervisory systems are the foundation of a firm’s ability to ensure that its associated persons are appropriately dealing with customers, and that customers are protected. A broker-dealer must have — and implement — procedures that can reasonably be expected to detect and prevent securities laws violations. The procedures must be tailored specifically to the firm’s business. A broker-dealer must also have an appropriate system of follow-up and review if red flags are detected.

In other words, effective supervision is not static. It is not enough to establish policies and procedures. Firms must continually evaluate the effectiveness of their policies, procedures, supervisory systems and internal controls, and make appropriate changes when needed. In August, following reports that special recruitment programs at some firms are premised on enhanced compensation arrangements, Chairman Schapiro issued an open letter to remind broker-dealer chief executive officers of their supervisory responsibilities. The Chairman expressed concern that these arrangements could induce brokers to engage in conduct that is not in investors' best interest, and reminded CEOs that they have an obligation to police for such conflicts. She also reminded CEOs that, as their firms grow, their supervisory and compliance infrastructures should retain sufficient size and capacity. And, as you know, supervisory obligations are not determined solely by title. Depending on the circumstances and whether the person has the requisite degree of responsibility, ability or authority to affect the conduct of the employee whose behavior is at issue, they may extend to legal and compliance personnel. Earlier this month, on October 19, 2009, the Commission issued an order instituting proceedings against the former general counsel of Ferris, Baker Watts, Inc. for failure to supervise a broker in connection with a $50 million offering fraud and Ponzi scheme. The Order Instituting Proceedings alleges that the firm’s general counsel, Theodore Urban, had been warned repeatedly about unauthorized trades and other questionable activities of a registered representative yet failed to respond reasonably to the problems.

The question of whether and when legal and compliance officers may become liable for failure to supervise is not a new one. In 1992, in connection with the Gutfreund case, the Commission explained that an in-house lawyer — such as the general counsel in Urban — can be deemed a supervisor when other members of senior management “involve him as part of management’s collective response to the problem.” And once that person becomes involved in formulating management’s response to a problem, he or she is obligated to take affirmative steps to ensure that appropriate action is taken. Among other things, counsel could direct or monitor the investigation, make appropriate recommendations to limit the activities of a problematic employee, and verify that these recommendations or acceptable alternatives are implemented. If management fails to act, counsel should consider additional steps, including going to the board, resigning from the firm, or disclosing the matter to regulatory authorities. The Commission has been clear on this point. Once a person has supervisory obligations by virtue of the circumstances, he or she must either discharge those responsibilities or know that others are taking appropriate action. It is not sufficient for someone in this situation to be a “mere bystander” to events that occurred.

Also, as the world grows more complicated, in certain instances a firm’s oversight responsibilities — even if not formally labeled as “supervisory” — may extend beyond traditional securities brokerage activities. This is important because if an employee of a firm holds himself out as a professional member of a firm, the firm may be legally or reputationally at risk — or both — even if the particular business dealings do not directly involve the firm. This point was highlighted in the recent report of the FINRA Special Review Committee which recommended, among other things, that FINRA should more aggressively exercise its jurisdiction. The report noted that FINRA has the authority under its Rule 2010 to enforce “just and equitable principles of trade,” and that the Commission has affirmed FINRA disciplinary actions involving conduct related to insurance applications and premiums, tax shelters, the general entrepreneurial conduct of member firms, and even an employee’s use of a co-worker’s credit card.

In this regard, FINRA is proposing to transfer NASD Rule 3030 into the consolidated FINRA rulebook with changes that would require a member to make a determination whether an outside business activity raises investor protection concerns. If so, under the proposed rule change, the firm would be required to “implement procedures or restrictions on the activity to protect investors, or prohibit the activity.” In other words, even if full-blown supervision was not required, the firm would not be able to turn a blind eye to the activities of its reps.

FINRA also is seeking comment from its members on a proposal to expand its suitability requirements to apply to all recommendations of investment products, services, and strategies made in connection with a firm’s business, regardless of whether the recommendations involve securities.

And for firms with reps providing advisory services, dual-hatted employees are a continuing concern. As the RAND study made clear, investors are confused about the roles that brokers and advisers play. Under current law, the standards of conduct and legal duties owed to investors under those regimes are not consistent. It is important, therefore, that firms carefully consider how personnel can effectively “switch hats” between these roles in a way that the customer can understand:

• For firms with reps providing advisory services, dual-hatted persons must have a clear understanding of their duties under each regulatory regime, particularly when customers will have both brokerage and advisory accounts. This may be particularly challenging for persons who start off as investment advisers but later become registered reps or vice versa. You should ask yourself whether your supervisory system and training program adequately account for these factors.
   
• Firms should consider ways to simplify how a dual-hatted rep manages his or her obligations to brokerage and advisory customers. Firms should also consider procedures to manage conflicts associated with recommending advisory accounts to brokerage customers and vice versa.
   
• Firms that maintain their brokerage and advisory businesses in separate entities face some unique concerns.
   
  
  • For example, these firms may need to have procedures that guide employees in both entities on how to respond to red flags of potential violations within the other entity. These procedures should make clear when and how such red flags should be reported.
     
  • Areas of high risk should also be clearly identified, such as information flows between the entities that may cause violations of the securities laws.
     
• And finally, no matter how a firm is structured, it is important to effectively inform customers of the different services and obligations that attach to both brokerage and advisory accounts.

Looking forward more generally, Chairman Schapiro has endorsed the Administration’s view that, when investors receive similar services from similar financial service providers, they should receive the same level of protection — regardless of the label applied to that financial service provider. She has said that all financial service providers that provide personalized investment advice about securities should owe a fiduciary duty to their customers or clients. The fiduciary duty means that the financial service provider must at all times act in the best interest of customers or clients. In addition, a fiduciary must avoid conflicts of interest that impair its capacity to act for the benefit of its customers or clients. And if such conflicts cannot be avoided, a fiduciary must provide full and fair disclosure of the conflicts and obtain informed consent to the conflict. We will see how this issue is resolved through the legislative process.

In the interim, we are also working actively to implement the lessons learned in the course of the financial crisis, with enhanced attention to the role of back-office personnel. Historically, regulation of broker-dealers’ associated persons has focused on the customer-facing side of the business. This is a critical part of our mission, and sales practices and business conduct will continue to be issues of the first order in customer protection. Recent events, however, have caused us to look more closely at the role played by back-office personnel who are involved in effecting securities transactions.

“Back-office” personnel typically perform critical custody, accounting, transfer agency and account maintenance functions. They have an important role that must be performed with skill and integrity. While the broker-dealer, of course, has a duty to supervise all of its associated persons, including these persons, many back-office personnel may not be registered (or required to be registered) under current rules. This means that they don’t take qualification exams and don’t undergo continuing education. More fundamentally, they also may not be identified to the Commission or an SRO.

Most of the time the system works well but when the system breaks down, the consequences can be ruinous. In the Madoff case, for example, prosecutors allege that Bernard Madoff hired numerous employees with little or no prior pertinent training or experience in the securities industry and caused them to communicate with clients and generate false and fraudulent documents. Employees allegedly were instructed to research daily share prices for blue-chip stocks from the previous month or several months, and then to generate stock-trade confirmations for client accounts, which purported to show gains that were later applied to client accounts.^[1] While the Madoff situation is extreme — and hopefully an aberration — it is nonetheless instructive on how important it is to have knowledgeable, well-trained and well-supervised people in the back office and tat these people are identified to examiners as they propose for their exams.

Working closely with senior SEC staff, FINRA has committed to establish a new system to enhance the oversight and professional requirements of personnel performing back-office functions at broker-dealer firms. We have asked FINRA to look hard at the universe of back-office personnel and to cast the regulatory net as broadly as necessary to achieve the right level of back-office oversight for today’s firms.

How broad is necessary? Under FINRA rules currently, registration is optional for a representative who performs “legal, compliance, internal audit, back-office operations, or similar responsibilities for a member.” There is also a statutory carve-out for persons whose functions are “solely clerical or ministerial.” Beyond that, there are a wide range of functions, including recordkeeping, trade confirmation, trade settlement, internal audit and similar responsibilities housed in firms’ back offices.

Once the appropriate scope of back-office personnel is established, the next big question will be what kind of oversight is appropriate? Perhaps the answer will depend on the precise functions, as well as the person’s role at the firm. At a minimum, it would be important to identify readily any person that is subject to a statutory disqualification or has had other disciplinary history. This would be useful for the firms, as well as for regulators.

Beyond that, there are basic concepts of ethics and “standards of commercial honor and just and equitable principles of trade” that should be part of the firm culture and communicated to all employees, including those in the back-office.

Whether and how to qualify these persons is another question. Without pre-judging the issue, I’d note that there are many possible approaches. FINRA currently administers a number of examinations tailored to persons who perform a limited role. Perhaps new examinations could be similarly tailored. Continuing education requirements also might be appropriately scaled. There could also be a range of registration categories, with licensing and education requirements required for some functions and “notice” registration sufficient for others.

We’re not naïve enough to think we can necessarily prevent all fraud — but our goal is to foster an environment that is less hospitable to it. Establishing appropriate qualification and education requirements for this important segment of BD personnel should be a substantial step in the right direction. And I’d note in passing that we have some precedent in this regard. Those of you who know your Wall Street history might recall an earlier back-office crisis — in the late 1960’s, when trading volumes exploded and many firms were ill-equipped to handle the extensive paperwork. Although living through that crisis could not have been pleasant, it did spur a number of important reforms, including the creation of SIPC. As you can see, building on lessons learned is something we’ve done before.

^[1] Luchetti and Efrati, “Prosecutors Keep Hunting for Aiders and Abettors,” http://online.wsj.com/article/SB123674091456491881.html (March 11, 2009).

http://www.sec.gov/news/speech/2009/spch102809dmg.htm