U.S. Securities & Exchange Commission
SEC Seal
Home | Previous Page
U.S. Securities and Exchange Commission

Speech by SEC Staff:
Rebuilding Ethics and Compliance in the Securities Industry


Mary Ann Gadziala

Associate Director, Office of Compliance Inspections and Examinations
U.S. Securities and Exchange Commission

New York, NY
June 23, 2005

Remarks before the NYSE Regulation First Annual Securities Conference

The Securities and Exchange Commission disclaims responsibility for any private publication or statement of any SEC employee or Commissioner. This speech expresses the author's views and does not necessarily reflect those of the Commission, the Commissioners, or the other members of the staff.

The Securities Exchange Act of 1934 states that securities in transactions are affected with the national interest, and must be conducted so as to protect interstate commerce and to insure the maintenance of fair and honest markets in such transactions. Similar language is found in the Investment Company Act of 1940, which also enumerates actions that adversely impact the public interest and the interest of investors. These general mandates require that market participants operate with the highest ethical standards and integrity and comply with all laws and rules intended to achieve these goals. As implied by the title of this session - "Rebuilding Ethics and Compliance in the Securities Industry" - ethics and compliance have not lived up to required standards and are in need of rebuilding. The first step in this process is to acknowledge that there is a problem and to set in motion appropriate responses to address the problem. I believe that has been achieved to a great extent through a well-publicized series of significant enforcement cases, as well as rules specifically requiring codes of conduct and effective compliance programs in securities firms. The next steps involve effective implementation of the corrective actions and, perhaps more importantly, a comprehensive evaluation to identify potential risks and problems followed by proactive actions to prevent future transgressions.

Looking back, there is no shortage of examples of high profile enforcement actions that called to our attention the need for strengthening the compliance and ethics culture in the securities industry. A few examples are:

  • Cases of accounting fraud in connection with Enron and World Com.
  • Research analyst conflicts cases.
  • Numerous actions involving late trading and market timing.
  • Common failures to provide "breakpoint" discounts on the sale of mutual funds shares.

Cases like these and others made industry participants, regulators, and legislators all recognize the need for an enhanced focus on compliance and ethics, and the need to begin to take corrective actions and launch proactive initiatives.

Some laws and rules recently promulgated require effective ethics and compliance programs. For example, section 406 of the Sarbanes-Oxley Act directs the SEC to issue rules requiring each issuer to disclose whether it has established a code of ethics for its senior financial officers, and if not, the reason therefor. The statute defines a code of ethics for this purpose as such standards as are reasonably necessary to promote: (1) honest and ethical conduct, including the ethical handling of actual or apparent conflicts of interest between personal and professional relationships; (2) full, fair, accurate, timely, and understandable disclosure in the periodic reports required to be filed by the issuer; and (3) compliance with applicable governmental rules and regulations. The Commission implemented this provision with rules for public issuers of securities and registered investment management companies. In doing so, the Commission supplemented the statutory definition by also defining the code of ethics to include prompt internal reporting of code violations and accountability for adherence to the code.

In 2003, the New York Stock Exchange (NYSE) and the National Association of Securities Dealers (NASD) proposed, and the SEC approved, new corporate governance listing standards (NYSE Listed Company Manual Section 303A.10 and NASD Rule 4350(n)). These new standards require issuers listing on the NYSE or the Nasdaq Stock Market to adopt a code of conduct applicable to all of their directors, officers, and employees, which must include compliance procedures or an enforcement mechanism.

In December 2003, the SEC adopted Rule 38a-1 under the Investment Company Act of 1940 and Rule 206(4)-7 under the Investment Advisers Act of 1940. These rules require each registered investment company and investment adviser to adopt and implement written policies and internal control procedures reasonably designed to prevent violation of the federal securities laws, to review the policies and procedures annually for adequacy and effectiveness, and to designate a chief compliance officer. In July 2004, the Commission adopted Rule 204A-1, requiring each registered investment adviser to adopt a written code of ethics that sets forth standards of conduct expected of advisory personnel and addresses conflicts that arise from personal trading by them.

With respect to broker-dealers, NASD Rule 2110 requires members, in the conduct of business, to observe high standards of commercial honor and just and equitable principles of trade. NASD IM-2310-2 states that implicit in all relationships with customers and others is the fundamental responsibility of fair dealing within the ethical standards of NASD rules. NASD Rule 3013 requires each member firm to designate a chief compliance officer. The Rule also requires each member's chief executive officer or equivalent officer to certify annually to having in place a process to establish, maintain, review, modify and test policies and procedures reasonably designed to achieve compliance with NASD and Municipal Securities Rulemaking Board rules, and the federal securities laws. It also requires the chief executive officer to hold one or more meetings with the chief compliance officer in the preceding 12 months to discuss the process. NASD Rule 3010(a) requires member firms to establish and maintain a system to supervise the activities of each registered representative and associated person that is reasonably designed to achieve compliance with applicable securities laws and regulations, and with NASD rules.

NYSE Rule 401 generally requires NYSE members to adhere to the principles of good business practice in the conduct of their business affairs. NYSE Rule 342 requires that each office, department, or business activity of a member or member organization (including foreign incorporated branch offices) must be under the supervision and control of the member or member organization establishing it and of the personnel delegated such authority and responsibility. NYSE Rule 342.23 requires members and member organizations to develop and maintain adequate internal controls over each of their business activities and to include procedures for independent verification and testing of those controls. And NYSE Rule 342.30 requires member firms to prepare and submit to its top management a report on the organization's supervision and compliance efforts over the last year.

These are only a few examples of laws and rules mandating effective supervisory and compliance programs at securities firms. However, specific requirements and procedures are not enough. A firm must have a culture of compliance instilled from the top down to promote a compliant and high integrity atmosphere at a firm. In order to evaluate the compliance culture and compliance function at an organization, SEC examiners conduct comprehensive compliance examinations. These examinations are enterprise-wide, top down reviews. Examiners are not looking for any standardized approach, but rather expect each firm to design an effective program, taking into account its business mix, products offered, customers, geographic dispersion, size, complexity, systems and other relevant factors.

The comprehensive compliance examination begins with the development of an understanding of the firm's business and organizational structure. This helps define the appropriate scope of compliance coverage and the compliance control structure of the enterprise. Examiners evaluate the compliance "culture"- that is, the overall environment and the way compliance issues are handled. Since the board and top management are those ultimately responsible for overall compliance, examiners will look at compliance policies they issue - the tone from the top. Top management will also be requested to self-report on any material compliance breaches and how they are being addressed.

One of the key aspects of the comprehensive compliance examination is the evaluation of how the enterprise identifies and deals with compliance risks. Among methods used to identify compliance risks are: a general risk analysis, self-assessments, branch exams, audits of compliance functions, new product reviews, and surveillance. Compliance risks may also be identified through external reviews, such as the SEC compliance examinations. A comprehensive analysis by a firm typically includes the identification of all existing and potential legal and compliance risks, assignment of the level of inherent risk (high, medium, low), and identification and rating of controls or mitigants. The greater the compliance risk, the more the firm should focus on compliance in the area.

Next, examiners evaluate the structure and coverage of the compliance program. Adequacy of resources, systems, reports, compensation, expertise and experience of compliance personnel, independence from business units, and access to top management are assessed. The compliance program should effectively cover all aspects of the firm's business activities. The supervisory structure and written supervisory procedures are also reviewed by the examination team. Supervision complements compliance. Compliance staff work with the supervisors - those with day-to-day business line responsibilities - to help ensure that written supervisory procedures are designed and implemented to achieve compliance with all relevant laws. Among areas reviewed by examiners are: the adequacy and coverage of procedures, the processes to keep informed on legal developments and to update procedures, supervisory controls, exception reports, handling of customer complaints, reports to senior management, systems to monitor supervisory activities, and corrective action. Employee supervision is also evaluated. SEC examiners assess hiring, background checks, registration, licensing, continuing education, personal trading, training, and heightened supervision, if appropriate.

The primary purpose of an SEC comprehensive compliance examination is not to identify violations and make enforcement referrals. Rather the primary purpose is to identify control weaknesses and areas where improvements might be made, in order to prevent violations from occurring.

One set of issues that has in recent times exposed financial firms to compliance and ethics risks are situations where a firm or its employees are faced with conflicts of interests. Conflicts of interests typically involve competing interests or responsibilities that require judgments and decisions in taking actions that impact the competing interests. Making the correct decision in a conflict situation is in some cases a matter of compliance where there is an applicable law. In cases where there is no specific law or the law may be subject to various interpretations, sound judgment and ethics play a role.

In general, the broad basis for actions involving conflicts of interests is the antifraud laws found in Sections 17(a) of the Securities Act of 1933, 10(b) and 15(c) of the Securities Exchange Act of 1934, 206 of the Investment Advisers Act, and 34(b) of the Investment Company Act of 1940.

Areas where conflicts may arise include:

  • Use of nonpublic material information for trading
  • Allocation of limited products, services, or opportunities
  • Use of services or products of affiliates or favored clients
  • Firm playing multiple roles in a transaction
  • Special incentives or payments for use or sale of products or services
  • Accounting, booking, or reporting to achieve other interests
  • Research or advice where firms are expected to provide unbiased services
  • Gifts and entertainment to or from clients.

In response to recommendations by SEC staff that firms should conduct comprehensive reviews of the conflicts of interests and potential conflicts at their organizations, many firms have undertaken this challenging, self-assessment process and made improvements to mitigate, control, or eliminate conflicts. These improvements may include enhanced policies and procedures, adoption of industry best practices, limits and controls, improved systems for surveillance, disclosures, enhanced employee awareness and training, and reviews and audits followed by actions to address identified deficiencies. As firms enhance their overall programs for ethics and compliance, attention should be given to the identification, assessment, and appropriate resolution of conflicts of interests.

Finally, I would like to say a few words about self-reporting compliance problems and cooperating with the SEC in investigating and resolving problems. As I mentioned, SEC examiners specifically request that firms self-report on any material compliance breaches during comprehensive compliance examinations. In October 2001, the SEC issued a Report of Investigation and Statement explaining its decision not to take enforcement action against a company it had investigated for financial statement irregularities. In so doing, the Commission articulated a framework for evaluating cooperation in determining whether and how to charge violations of the federal securities laws.

The Report identifies four broad measures of a company's cooperation:

  • Self-policing prior to the discovery of the misconduct, including establishing effective compliance procedures and an appropriate tone at the top;
  • Self-reporting of misconduct when it is discovered, including conducting a thorough review of the nature, extent, origins and consequences of the misconduct, and promptly, completely, and effectively disclosing the misconduct to the public, to regulators, and to self-regulators;
  • Remediation, including dismissing or appropriately disciplining wrongdoers, modifying and improving internal controls and procedures to prevent recurrence of the misconduct, and appropriately compensating those adversely affected; and
  • Cooperation with law enforcement authorities, including providing the Commission staff with all information relevant to the underlying violations and the company's remedial efforts.

The criteria are set forth in greater detail in the 21(a) Report issued in connection with the above case. Reduced charges, lighter sanctions, or mitigating language in documents the Commission uses to announce and resolve enforcement actions are examples of possible results of cooperative behavior and self-reporting. Enhanced communications between financial firms and regulators is another positive step in rebuilding ethics and compliance in the securities industry through appropriate prompt responses to compliance issues and early resolution of problems. We look forward to continuing progress in opening the lines of communication between our staff and securities firms.

In conclusion, the effective functioning of our capital markets, is highly dependent on maintaining the confidence of investors. Rebuilding and maintaining ethics and compliance in the securities industry is critical to maintaining the confidence that our markets are fair and honest, thus continuing to support a strong and vibrant U.S. economy.


Modified: 06/23/2005