U.S. Securities & Exchange Commission
SEC Seal
Home | Previous Page
U.S. Securities and Exchange Commission

Speech by SEC Staff:
Remarks at the CCOutreach National Seminar


Carlo V. di Florio1

Director, Office of Compliance Inspections and Examinations
U.S. Securities and Exchange Commission

SEC Headquarters
Washington, D.C.
January 26, 2010

Thank you Chairman Schapiro. Good morning everyone.

I share Chairman Schapiro's sentiment and respect for the incredibly important role that Chief Compliance Officers play in protecting our capital markets. I also share the sentiment of the fundamental principle that Chairman Schapiro articulated — that investor interests should come first.

Very early this morning I went for a jog on the National Mall. I had worked late last night, had not completed as much as I had hoped to, and was tired and hungry. I was nearing the end of my jog, so I slowed my pace down as I approached my hotel. Just then I heard a sound. As the sound got closer, it became clear that it was made by a group of Marines running. I am sure they too were tired and hungry. But unlike me, they were carrying a log on their shoulders. It was an enormous log — I cannot imagine how much it weighed. They had to run together in lock-step in order to carry the log and run their path. And I am sure their path was a lot longer than mine.

I stopped and watched them for a moment. And, I thought that this served as an interesting metaphor for our conference here today. Just as we, as a public, look to the Marines to protect the safety and security of our country, the public looks to us — the very talented and dedicated SEC and FINRA staff, the examination corps, and Chief Compliance Officers in the industry — to protect the transparency, integrity, and accountability of the capital markets and the firms operating in the capital markets.

As I watched the Marines run off, I picked up my pace. I found a little more energy, just as you find more energy when you are asked to do more with less, with fewer resources, and are asked to work harder and longer. I am mindful of the incredibly important work that you are doing, whether you are a regulatory examiner or a Chief Compliance Officer in the industry , so I want to thank you first and foremost in my first discussion with you as OCIE's Director.

Since subsequent panels will focus on specific compliance risks, hot topics, and issues, I will focus on general compliance programs. I thought that I would share with you my view, and what I believe is a view shared by many in the examiner corps and by the Chief Compliance Officers community, on what the fundamental elements or pillars are for an effective compliance and ethics program. I will reflect on just ten of these elements today. I look forward to having a robust dialogue with you around these elements and others going forward:

  • Governance is the first element. It plays a critically important role in having an effective compliance and ethics program and in ensuring that the program has the necessary independence , standing, and authority to be effective.

  • Second is culture. Culture is a key measure of whether a program is effective or not. It is the first thing that employees tune in to — there is nothing employees notice more than when the leaders in a culture say one thing and do another. So, culture is a critical enabler of effective compliance programs.

  • Third are incentives and rewards. These can either be key enablers of effective compliance and ethics programs or, if poorly structured, they can be leading indicators of where the risk decisions and products reside.

  • Fourth are risk assessment and a risk-based approach. Just like the SEC, you have limited resources, so you must allocate your resources to their highest and best use. Thus, you must make sure that your key risks are identified and covered adequately and effectively.

  • Fifth are policies and procedures. Awareness of policies and establishing basic policies are critical. However, tailoring those policies and procedures to your business model, your products, your business network, the conflicts of interest in your business model, and other key tailoring components is very important.

  • Sixth are communication and training. Similar to policies and procedures, while awareness training is good, it is really training that is roles-based and that lets each critical partner in the compliance program understand their roles and responsibilities that is the most effective.

  • Seventh are monitoring, testing and reporting. This collective process is critical to maintaining the health of the system, checking the health of the system, identifying possible issues, and making sure that they are addressed effectively.

  • Eighth are investigations and enforcement. These help ensure that the program is firm, fair, and consistent in its application.

  • Ninth is issues management process. This process is critical because issues can get ahead of us or behind us without having been adequately addressed. However, a good issues management process that helps us identify issues, escalate them quickly, analyze them critically, and action them timely is fundamental to an effective compliance program.

  • Tenth is an on-going improvement process. This is the process that lets us make sure that our compliance program is effective and healthy, that it is keeping pace with the rapidly changing market environment , complexity environment, and product and service environment.

I trust that many of you also share the appreciation that, to be effective, compliance and ethics programs cannot exist in silos. Instead, I believe they need to be ingrained in the DNA of the organization and the decision-making framework of the organization. They need to be imbedded in the business process and at the table when strategic decisions are being made and new products are being developed. They need to be an integral part of performance measurement and management processes. And, they need to be part of the way business is done. After all, compliance programs and the work that you do every day add tremendous business value. They protect the business, they enhance the brand, they ensure that reputation is protected and that reputation risk is managed.

Chairman Schapiro touched on many of the reforms and improvements that we are making, so I won't repeat them. You will also hear about specific compliance programs over the course of the day. We look forward to dialoguing with you around them today. However, I would like to note a few key themes Chairman Schapiro touched on:

  • The harmonization and integration of our joint examination program and the critical importance of that initiative.

  • The efforts to continue improving and enhancing our risk-based approach to examination preparation and execution and drawing on sources of data, broadly, to make sure that risk assessment is strategic as we allocate resources according to their highest and best use.

  • Third-party asset verification, which is very new in our program, but also something that we will continue to enhance through a risk-based approach going forward.

I would like to close by thanking you for coming together today to celebrate this joint broker-dealer and investment adviser seminar. I am very excited to join this dialogue, I am very excited to join the tremendously talented and dedicated SEC and OCIE examination teams, and I very much look forward to having an on-going dialogue with you.

Thank you very much.



Modified: 03/22/2010