Speech by SEC Chairman:
Remarks at SIFMA’s Compliance and Legal Society Annual Seminar
Chairman Mary L. Schapiro
U.S. Securities and Exchange Commission
Phoenix, Arizona (Video Presentation)
March 23, 2011
Good morning, and thank you for inviting me to participate in this year’s SIFMA C&L conference – even if it is from 2,000 miles away.
As I am sure you know, our budget situation prevents me from being with you in person.
But I hope that my involvement, and that of so many other senior SEC officials, shows how committed we are to working with you.
I thought I would take a few minutes to update on you on our activities.
Right now, one of the biggest items on our agenda is translating our portion of the Dodd-Frank Act into more than 100 individual rules.
And, one of the most challenging aspects of that effort is creating a comprehensive regulatory regime for the derivatives market.
As we proceed down that road, we recognize that applying new rules to an existing market could be disruptive. And so, we are determined to thoughtfully consider how to sequence the implementation of rules so that market participants have sufficient time to develop the infrastructure they need to comply.
We are eager to move quickly. But we understand that getting the rules right is more important than just getting them done. Your input will help to ensure that the implementation proceeds in an orderly manner.
As we work to create an entirely new regime for the derivatives markets, I want to be sure we continue our efforts to improve the existing structure of our equities markets – and to further bolster investor confidence. After all, confidence is essential to a healthy securities industry, to a dynamic financial marketplace and, ultimately, to a growing economy.
Unfortunately, in the last few years, investors have appeared less confident. And – for much of that time – investment has been migrating out of U.S. equities mutual funds. While a number of factors may have contributed to this migration, one reason may be a perception that the markets themselves contain risks that some investors are not willing to take.
I’m not talking about the financial risks that are at the core of any dynamic marketplace. I’m talking instead about risks that arise from flaws and inefficiencies within the structures, technologies and processes that make up the financial system.
The sudden volatility of May 6th, for instance, unnerved even the most sophisticated investors. And, for too many smaller investors, stop-loss orders triggered sales while share prices were tumbling, causing substantial losses when those share prices recovered minutes later.
Systems and technology can also be sources of risk, as can corporate cultures that under-emphasize compliance and risk management.
Unlike the financial risks inherent in investing, there is no upside to these risks -- no reward to investors for assuming them. They cost money, harm reputations and may present the possibility of significant damage.
Mitigating these risks takes more than regulatory oversight. It takes cooperation and determination at every level of the markets. As compliance and legal professionals, you are, in a sense, key partners with the SEC as we work together to address these risks.
To be clear: we have a strong platform on which to build. The structure of today’s markets offers high liquidity, low spreads, significant transparency and innovative investment options. But, there is room for improvement. As we saw last May, the technology and strategies that have brought these advantages have also brought new hazards, including the risk of sudden liquidity loss and resulting dramatic price drops.
Months before that episode, the SEC had already begun a thorough examination of equity market structure, with publication of a concept release. That same month, the SEC proposed a rule that effectively prohibits broker-dealers from providing unfiltered access to exchanges – a rule that was adopted this past November.
The events of May 6th increased the urgency of that examination.
In the immediate aftermath of that event, the SEC worked with the exchanges and FINRA to develop a series of rules that:
- Trigger circuit breakers for certain individual stocks.
- Clarify how and when erroneous trades would be broken.
- Effectively prohibit “stub quotes” in the U.S. equity markets.
Further, immediately after May 6, an SEC/CFTC Joint Advisory Committee met to assess the event, as part of its broader mission to support a consistent approach to issues of concern to both agencies. Last month, the committee issued a report acknowledging actions already taken and suggesting additional steps we might consider.
Among these recommendations is the adoption of a limit up/limit down regime for stocks experiencing rapid price movement. In fact, the exchanges and FINRA are already close to finalizing a proposal on limit up/limit down, and I expect it to be filed with the Commission and published for comment in the near future.
We’re also working with our CFTC colleagues on an initiative to update market-wide circuit breakers – which have only been triggered on one day in the past 20 years. We are particularly interested in whether there are ways to make these circuit breakers more meaningful and effective in today’s fast electronic markets.
The Advisory Committee recommended that the Commissions consider using the S&P 500 Index as the mechanism for triggering a trading halt, reducing at least the initial trading halt to a period as short as ten minutes, and allowing a halt to be triggered as late as 3:30 PM.
Finally, we continue to evaluate a staff recommendation that the SEC adopt rules creating a large trader reporting system and a consolidated audit trail. These rules would speed our analysis of events like May 6th, and they would enhance our enforcement efforts, as well.
As the markets become faster, more automated and more sophisticated, it is important that the SEC keep up with evolving conditions: learning from experience; working with market participants; and relying both on regulations and on incentives to minimize the possibility of damaging events.
Another, related source of risk is systems and technology that may break down when volume surges, or which may be vulnerable to intrusion from outside.
Nearly 25 years ago, on “Black Monday,” investors overwhelmed Wall Street’s existing automated systems during the selloff that drove the Dow’s most significant-ever one-day decline. Recognizing that automation, increasing volume and accelerating speed were hallmarks of modern exchanges, the SEC issued two Automation Review Policies.
These are policy statements, not rules. They set out expectations that market participants would acquire appropriate technology and assure its functionality -- with regular capacity planning and testing exercises, and with system vulnerability assessments. In addition, they set out Commission expectations that participants would undergo an annual independent review and notify the Commission staff of system outages and material system changes.
Today, with risks including algorithm-generated volume surges and malevolent hackers still very much with us, I believe the SEC should consider making ARP compliance mandatory. Such a regulation would require market participants to meet adequate standards for the capacity, resiliency, and security of their automated systems. These rules could apply to exchanges, alternative trading systems handling appreciable volume, clearing agencies, depositories and securities information processors.
In my view, these rules should reinforce the current expectation that registrants report systems changes, malfunctions and intrusions to the SEC and disclose material problems to the public.
This isn’t a new idea. In 2004 the GAO recommended that the Commission make ARP compliance mandatory. As the SEC catches up with the realities of today’s markets, it seems an appropriate moment to require that every entity in an interconnected system work to ensure its capacity, resiliency, and security.
But risks lurk not only in the electronic systems and the structure of our markets. They may also exist within the culture of individual enterprises.
That is why I am pleased that this is something that our Office of Compliance, Inspections and Examinations – and its Director Carlo di Florio – are focusing on.
Under Carlo, that office is using structural enhancements, improved skill sets, technology, and a risk-focused examination strategy to deliver a consistent, national examination program. One important aspect of this redesign of the examination program is engaging with the corporate governance structure of registrants around enterprise risk and internal controls. Our examiners will be looking to see if registrants have embraced “a culture of compliance,” including enterprise risk management, within their firms.
A comprehensive approach to enterprise risk management is important for several reasons. For example, inattention to risk management can lead to seemingly minor corner-cutting on compliance issues which eventually snowballs into a serious problem for management and investors.
And, without a commitment to good governance and risk management, silos can form and the interdependence between risk categories can be overlooked. What seems to be a manageable credit risk and a separate manageable liquidity risk may combine to do real damage.
Going forward, our examiners intend to focus on understanding how risk management is embedded in key business processes and decision-making at a number of levels.
It will ask questions like:
- How are the business units of an entity ensuring they are taking and managing risk effectively at the product and asset class level?
- Are key risk management, control and compliance functions structured and funded to be effectively embedded in the business process?
- How are senior managers ensuring effective oversight of enterprise risk management?
- And how is the internal audit process independently verifying and providing the board and senior management with assurance about the operating effectiveness of the risk management, compliance and control functions?
In addition to looking at key risk management issues, such as new product review and registrants’ model validation practices, our examiners will also seek to understand how effectively the firm is managing key risk and control processes.
For a financial industry that continues to see a great deal of consolidation, we will be paying particular attention to enterprise risk issues such as:
- Consolidation of disparate IT.
- Familiarity of new business units with risk management, internal audit and compliance functions.
- And business continuity planning.
These are issues that go beyond legal and compliance teams, beyond systems and procedures. Investors deserve – and we will be looking for – a commitment by boards and executives to make enterprise risk management part of a firm or corporation’s culture.
Financial risk is inherent in market economies. Rational investors accept this. But the threats that discourage investors are often the products of shortcomings in structures, systems and culture, not the products of market dynamics. They keep clients from coming through your doors, they limit access to capital, they create inefficiencies, and they discourage individuals from acting in their own best interests.
For these reasons it is important – particularly in this early stage of economic recovery – for us to inspire confidence by examining and eliminating, wherever feasible, existing threats to market stability and to the investors who keep those markets strong. This is, perhaps, a less glamorous pursuit than some we are engaged in today. But, it is a task that is just as essential for the future of our markets and our economy. And it is one we can only accomplish with your commitment and support.
I look forward to working with you to protect investors and strengthen the securities markets, by reducing unnecessary risks in the structures and firms that comprise it. Together, we can make the markets a more stable and rewarding environment for investors and professionals alike.