U.S. Securities & Exchange Commission
SEC Seal
Home | Previous Page
U.S. Securities and Exchange Commission

Speech by SEC Staff:
Remarks at the 2010 NSCP National Meeting


Carlo V. di Florio1

Director, Office of Compliance Inspections and Examinations
U.S. Securities and Exchange Commission

Ronald Reagan International Trade Center
Washington, D.C.
November 1, 2010

The views I express here are my own and not necessarily the views of the SEC or its staff. As someone who consulted for fifteen years before joining the SEC, I have a unique appreciation for the hard work that you all do every day, trying to strengthen and improve the culture, the processes, and the compliance systems in your firms. This can be especially challenging in times of economic strain. We place a great deal of expectation and reliance on your work. We have shared objectives and look to you as key partners.

I thought that I would share with you first some perspectives on developments at the SEC broadly and then focus briefly on the Dodd-Frank Act (which one must touch on at any conference this year). Then I will talk about changes that are happening at the SEC’s national exam program and conclude with some specific hot topics in areas of interest to you.

The SEC reinvigorates itself. In 2010, under Chairman Schapiro’s leadership, the SEC took significant steps to reform its procedures, revamp its systems, bring complex enforcement actions, better target its examination efforts and adopt a series of rules intended to protect investors and promote fairness in the markets. In addition, it began working to fulfill its obligations under the recently-enacted Dodd-Frank Wall Street Reform and Consumer Protection Act.

As part of our effort to become one SEC, break down silos and create a strong culture of teamwork and collaboration, Chairman Schapiro has brought on new leadership in virtually every office and division at the Commission. The Commission has created an entirely new division of Risk, Strategy and Financial Innovation, which has been a great partner for my office, by raising our knowledge and awareness around new and emerging risks, how they impact our strategies and our programmatic areas and how we can become more risk-focused in our efforts. Like all of you in the industry, we are trying to allocate precious, limited resources to their highest and best use by taking a risk-focused strategy.

The Commission has also been raising its own standards internally in the same way that we place expectations on all of you as registrants. For example, for the first time we have our own Chief Operating Officer who is seeking greater operational efficiency and effectiveness. We have a new CFO who is focused on new controls and systems around financial management. We have a new Director of IT to bring critical technology to the agency so we can modernize and execute our regulatory mission and mandate more effectively. A lot of tremendous change is happening which will make us more efficient and effective in executing our mission and our mandate.

Enforcement. Before I provide an overview of changes in Exams, let me touch on some of the key changes that are happening in Enforcement. There has been a tremendous effort under Director Rob Khuzami to reinvigorate the Enforcement division. As you all know, enforcement is tackling some big, tough cases and not shying away from challenging issues. Enforcement has brought a series of financial crisis and mortgage-related enforcement cases, including State Street, Citigroup, Morgan Keegan, Goldman Sachs, ICP Asset Management and a TARP-related fraud action. They have also brought other significant actions, including proceedings charging Banc of America Securities with fraud in connection with the investment of proceeds of municipal securities, and actions charging Quadrangle Group and its former principal with participating in a kickback scheme to obtain investments from New York’s largest pension fund. Enforcement also participated in a nationwide operation, organized by the Financial Fraud Task Force, to target investment fraud. It included the initiation or resolution of 35 SEC actions against 130 defendants who improperly obtained approximately $1.8 billion from more than 20,000 investors.

Enforcement has also introduced new cooperation tools, similar to those used by criminal authorities, to secure the cooperation of persons who are on the “inside” by rewarding cooperation through reducing or foregoing charges and sanctions in connection with Commission investigations and related enforcement actions.

They have also restructured themselves to deploy more of their talented attorneys to the front lines on enforcement matters. They have created five new specialized units with which we work very closely. These units are focused on asset management, structured products, market abuse, municipal securities, and the Foreign Corrupt Practices Act areas.

One development that impacts all of us at the agency is the new Office of Market Intelligence in Enforcement which is the steward in the agency for our new consolidated system and platform for tips, complaints, and referrals. Much of the criticism that came from the Madoff or Stanford cases had to do with not effectively sharing information within the SEC, whether it was between offices and divisions or between regional offices or between silos within a particular program. Now all tips, complaints and referrals get logged into one centralized system. That helps us tremendously to bring together a risk profile around a registrant that may have tips, complaints, or referrals coming in from several different regions regarding numerous different individuals. One of those pieces of information in isolation might not reveal the magnitude of a problem, but by putting all that data together a registrant and related individuals may be seen in a different light. This will help us enormously to be more effective in our risk assessment and surveillance efforts.

Investor-focused rulemaking. The SEC has also had a very investor-focused and productive year with regard to new rule making.

  • We have adopted new custody rules protecting investors who entrust their assets to investment advisors.
  • We have a number of new rules to strengthen money market funds, such as disclosure, risk management and stress testing requirements.
  • With regard to credit rating agencies, the Commission has put in place a robust new regulatory framework, further strengthened by Dodd-Frank. Among other things, the Commission’s examination program will now be required examine all of the credit rating agencies every year around a very prescribed area of issues that Dodd-Frank sets forth and issue a public report.
  • We have done a lot with regard to municipal securities. One major theme of Commission rulemaking has been conflicts of interest. This is particularly true of the new pay to play rules in the municipal securities area with regard to advisors to pension funds and other municipal securities activities. We have also adopted new rules that provide investors and other market participants with more meaningful and more timely ongoing information regarding municipal securities.
  • Asset backed securities is another area, central to the financial crisis, that is the subject of ongoing Commission rulemaking, again involving the themes of transparency, accountability, and disclosure.
  • In the area of corporate governance generally, both the Commission and investors are focused on issues such as proxy access, proxy enhancements, getting better information on boards of directors, the leadership structure, how the board is overseeing compensation and how compensation practices are being revised to become more risk adjusted.

Market Structure. I have heard concern that, with all the new rules and myriad new studies that the SEC needs to work on with regard to Dodd-Frank, we may not be able to turn our attention to the critical market structure issues that we were focused on before Dodd-Frank. Chairman Schapiro has made clear that market structure is going to remain a priority. There was an excellent concept release issued last January. It is a very detailed analysis of the key risks inherent in our market structure and market fragmentation profile today and seeks public comment on some of those critical issues. The May 6th 2010 “flash crash” highlighted the importance of this topic. New circuit breaker rules and new alternative uptick trading rules have been put in place to protect investors when there is extreme volatility in the markets or in a particular stock.

The broader market structure agenda is concerned with targeting unfair practices with regard to topics like flash orders or dark pools. Is also seeks to strengthen our ability to have a consolidated view across the equity markets — for example the large trader reporting requirement, and a new consolidated audit trail proposal to allow us to track trading activity across the equity markets in a consolidated fashion. Market access issues are another important concern. So whether it is fairness and timeliness in data feeds, sponsored access, co-location — those are all issues that the Commission will continue to scrutinize on its market structure agenda.

Dodd-Frank Implementation. Let me just touch briefly on Dodd-Frank, particularly how it is impacting us in the National Exam Program and how it will undoubtedly impact many of you. First, there is significant transfer of responsibility through Dodd-Frank from the SEC to the states with regard to advisors with assets under management of under $100 million. We are working very closely with NASAA and the states to ensure smooth and effective transition. At the same time, on the private fund side we have a significant number of hedge funds and private equity firms becoming new registrants. We are making sure that we have the talent, the skills, the ability, and the tools to understand how we can effectively examine those critical sectors that have come into the portfolio. We also have in the previously unregulated area of derivatives and swaps a whole new regulatory regime that requires SEC rulemaking, as well as examination responsibility around five entirely new categories of registrants. Swap dealers, major swap participants, swap trading facilities, swap clearing facilities, and swap data repositories. There are also a host of new responsibilities in the municipal securities market.

One key area emphasized by Dodd-Frank concerns clearing agencies. They were a key part of the systemic risk backbone of the financial system, and there is a host of new responsibilities under Dodd-Frank placed on the Fed, the SEC and the CFTC to work together in regulating and examining clearing agencies - how they manage risk, how they manage their members and ensure fairness and consistency in the treatment of their members and the risks that their members bring on to clearing platforms.

National Exam Program. Let me now turn to specific changes that are happening in the examination program itself. We are making our program very strategically risk-based. We have created a new unit in the national exam program devoted to risk assessment and surveillance. This unit will take all of the various critical information feeds, both internal to the SEC as well as external data sources so that we can more effectively, efficiently, and strategically assess risk and determine which registrants present the greatest risk profile. This in turn will help us target which issues we want to focus on as we go to examinations at those registrants.

To be able to really execute a risk focused exam strategy, we also realized after taking a hard look at our own strategy, structure, people, processes and technology, that we needed to create a truly national exam program. We have been criticized from some quarters for having a confederation of regional exam programs that was perpetuating the silo entrapment of information. We realized that we needed to break down unnecessary restrictions on the free flow of information internally if we were to effectively assess risk. So, not dissimilar to many of your organizations, we are thinking about governance best practices. We have created a new national leadership team. We have an Executive Committee and key steering committees focused on improving consistency and excellence in all aspect of our operations, such as assessing risk, strengthening exam processes, as well as people, our workplace culture, technology and our own internal controls.

We are very focused on breaking down the silos in our own exam process, moving to a more open architecture where we pool examiners and make sure we get the right people to the right exams with the right expertise to do those exams effectively and efficiently. We have re-engineered our exam process end-to-end and tried to streamline and focus on those activities that add value and strip out activities that were taking a lot of time and effort but were adding only marginal utility. If I put myself in your shoes, you should sense that we have done much more work on the front end and behind the scenes before we come to your organization and are better prepared to conduct an effective examination when we come through your front door.

Compliance Program/ control environment. This involves understanding your business model, and the products, the assets classes, risks and conflicts that are inherent in that business model. It also means seeking an understanding of what kind of governance, risk management, compliance control frameworks you have put in place to mitigate and manage that risk profile and that business model. I want to emphasize that we are keenly aware of the lessons of Stanford and Madoff, where we were roundly criticized for losing the forest for the trees by honing in on some issues and missing broader, systemic and far more serious problems in the organization.

We will want an understanding of how risk management is embedded in key business processes and decision-making at five levels:

  1. How do the business units of an entity ensure they are taking and managing risk effectively at the product and asset class level in accordance with the risk appetite and tolerances set by the board and senior management of the whole organization?
  2. How are key risk management, control and compliance functions structured and resourced to ensure they are effectively embedded in the business process, while having the necessary independence, standing and authority to be effective in helping the organization identify, manage and mitigate risk?
  3. How is senior management structured to ensure effective enterprise risk management and oversight, and how is it ensuring risk management is embedded in key business processes, including strategic planning, capital allocation, performance management and appropriately aligning executive compensation incentives?
  4. How does the internal audit process independently verify and provide the board and senior management with assurance regarding the operating effectiveness of risk management, compliance and control functions?
  5. How is the board of directors (if one exists in the organization) staffed and structured to ensure it can effectively set risk parameters, foster an effective risk management culture, oversee risk-based compensation systems and effectively understand and oversee the risk profile of the firm?

We see far too many situations where the compliance officer was clearly not equipped, the auditors were clearly not appropriate, senior management clearly was not engaged, the board was not exercising oversight of responsibility, or there was no communication between risk management, finance and compliance. So we want to do that kind of strategic assessment quickly, but effectively on the front end and then dive into some of the specific risk issues that have brought us to your firm.

Finally, let me touch on priority focus topics in each programmatic area.

Investment Management. On the investment management side, there are five key areas of focus. First is valuation. We continue to have concerns about valuation in our examinations because of the incentive to over-value in order to collect higher fees. We are looking hard at the scope and quality of work by the external auditor on valuation. We want to leverage that work to the extent possible. We are also concerned with the governance framework around the valuation process.

A second key area in investment management is conflicts of interest. This is a very broad topic, which includes the classics — best execution, directed brokerage, insider trading. In addition to those, we are looking at cases where certain funds or accounts seemed to be favored over others — whether it is in the allocation of opportunities, trades, or expenses, and where typically there is some conflict of interest with regard to the advisor and that fund and account or with regard to a special client. We find that scenario often on exams and that will continue to be a focus of ours.

Third, in portfolio management we are looking to see if the strategy that is being advertised is the one that the adviser is actually applying. Where we see slippage from the strategy as advertised we tend to find a host of other control problems that follow.

Fourth, we scrutinize how performance is calculated in advertising. Performance is a great risk factor for us so we look for outlier performance or overly smooth performance and we hone in whether that outlier performance is driven by over-valuation or allocation or some other issue that we want to understand better.

And finally, as you all know, we continue to be very focused on asset verification and the custody rule. We are trying to get more efficient in our own practices, leverage the work of other external auditors and key control functions.

Broker-dealers. Turning to broker-dealers, we have a similar aim to take a broad initial scan around governance, risk management, compliance practices and the people involved in key functions. We are also very concerned with financial risk management of broker-dealers. Liquidity, valuation, concentration and funding are therefore critical issues from a risk management perspective. We also want to understand the products and services that pose particular risk. Complex structured products are therefore a key exam concern, as well as variable annuities, leveraged ETFs, municipal securities, and fixed income.

Moving on to sales practices, we are particularly focused on fraud or abusive sales practices in the retail distribution channel. We want to understand what you are doing to identify, mitigate and manage the risks in this area and ensure effective compliance supervision. This is a particular concern where there are distributed branches, particularly if there are registered representatives who have a disciplinary history. Those are all factors for us to help focus our risk assessment and help target firms.

With regard to trading practices we are concerned about best execution, and we are spending a lot of time and effort on understanding algorithmic trading, high frequency trading, sponsored access and key risk controls around these processes as technology drives so much of the speed and risk around the trading environment.

Conclusion. There are three main takeaways from what I have just said. First, I think it is important to focus on the key hot topics and risk areas that I talked about. Those will continue to be emphases in the national exam program. But the second key point is to focus on the system of checks and balances in both risk management and governance and how the business works together with the independent risk and control functions, management committees, audit and the board to ensure effective risks and controls. That systemic scan is going to be an important part of our work. Finally, you and your colleagues in other risk control functions need to be as proactive about risk as you can. We at the Commission are trying to do the same, as evidenced by our new Division of Risk Strategy and Financial Innovation. This division is helping us strengthen and enhance the way we think about risk just as I am sure many of your colleagues in risk management and other key governance functions in your organizations might be able to rethink, challenge, and strengthen some of the risk management and compliance practices that all of you manage day-to- day.

Thank you. I’m happy to take any questions that you may have.



Modified: 02/14/2011