Speech by SEC Staff:
Remarks before the Institute of International Bankers' Annual Regulatory Examination and Compliance Seminar

by

Mary Ann Gadziala

Associate Director, Office of Compliance Inspections and Examinations
U.S. Securities and Exchange Commission

New York, NY
October 27, 2005

Perspectives on Examination Issues for International Financial Organizations

I am delighted to have this opportunity to share with you as members of the international financial community some of my views from the perspective of the U.S. Securities and Exchange Commission's examination program. Based upon data from the Institute of International Bankers, you are an organization that represents international financial institutions from over 30 countries with assets of over $4 trillion. That is quite an expansive and diverse audience. I hope that this forum and future gatherings with you and your representatives allow an open dialog where we can share views and concerns from each of our perspectives - regulators and the industry. Open and frequent communication can lead to prompt and effective resolution of concerns and should foster a mutual understanding of our respective goals.

With that in mind, I would like to focus my remarks on the efforts of our examination program to work towards enhancing our coordination, consistency and information sharing-- within the bounds of existing laws-- among the many regulatory bodies to which you may be subject. This has been a recent topic of discussion at a number of conferences I have attended as well as a number of industry reviews and reports. While your concerns with laws and rules that you may view as inconsistent and duplicative must be addressed to the legislative, regulatory, and other entities that create them, I believe there is much we can do within the examination program. This involves working with our colleagues, who implement examination programs at other regulatory entities, to enhance coordination and leverage off each others work. We are also communicating with them about examination procedures to promote consistent interpretation of laws and rules during the examination process. As we work together to establish this objective it is important to keep in mind that each regulatory jurisdiction has its own specific responsibilities for investor protection and market stability and integrity, and all efforts towards coordination and consistency must align with those regulatory interests.

The fragmentation of securities industry regulation offers significant challenges within our own country as we not only have 50 state jurisdictions, but also have a system of about twenty self-regulatory organization ("SROs"), all of whom have examination responsibilities. Since the signing in 1995 of a Memorandum of Understanding promoting coordination among these securities regulators, we have worked hard to achieve that goal. However, the need for coordination in the U.S. goes beyond securities regulators. As firms continue to expand their use of organization-wide compliance and control systems, it has become increasingly necessary for us to coordinate our examination efforts with other regulators, for example, bank regulators. This is particularly important in such areas as anti-money laundering (AML), risk management, business continuity planning (BCP), and other areas where integrated operations within and among financial services organizations are critical to effective business operations and the implementation of the law. Even larger challenges arise when we add the international community to the regulatory mix. Here discussions continue among the many participants in such groups as IOSCO, the Basel Committee on Banking Supervision, and others. We in the examination program look forward to further coordination to reflect any advancements in international coordination efforts by these and other groups as they occur at the policy and statutory level.

So now let me turn to some of our recent coordination efforts in the Commission examination program. A main focus at the current time is risk management at consolidated supervised entities (CSEs). As you are no doubt aware, the Commission, last June, adopted rule amendments that establish a voluntary, alternative method of computing deductions to net capital for certain broker-dealers [Federal Register, Release 34-49830, Alternative Net Capital Requirements for Broker-Dealers That Are Part of Consolidated Supervised Entities]. The alternative method allows very highly capitalized firms - with tentative net capital of at least $1 billion and net capital of at least $500 million - that have developed strong internal risk management practices, including mathematical risk measurement models, to use those practices for regulatory purposes. (There is also an early warning level of $5 billion for tentative net capital.) In addition, the CSE Rule responds to international developments that require firms operating in the European Union (EU) to demonstrate that they have consolidated supervision at the holding company level in the U.S. that is "equivalent" to EU consolidated supervision. As a condition to the use of the alternative method for computing capital, a broker-dealer's ultimate holding company and affiliates, or CSE, must consent to group-wide Commission supervision. CSE status imposes certain recordkeeping, notification, and reporting requirements on the CSE, including a capital adequacy measurement consistent with the standards adopted by the Basel Committee.

Provided that it does not have a principal regulator, the CSE and its affiliates are subject to examinations by the Commission. As examiners, it is our responsibility to assess the CSE's efforts in establishing, documenting, and maintaining a system of internal risk management controls to assist it in managing the risks associated with its business activities. These include market, credit, leverage, liquidity, legal and compliance, and operational risks. Generally, the examination team will focus on products that have generated the most profits for the firm and that are booked in the broker-dealer or unregulated material affiliates (UMAs). Depending on the firm, some of these products include interest rate derivatives, mortgage and real estate loans, commodities, private equity, credit derivatives, municipal derivatives, and foreign exchange products. To date, the CSE examinations conducted have involved organizations that do not have a "principal regulator". They have been comprehensive and thorough, involving about 15 examiners, several months of audit work, and significant testing of control implementation and systems.

For the most part, the CSEs examined had well-developed internal risk management systems. Some risk management issues that may require continued attention are: making sure that technology employed for back office operations, surveillance, compliance and risk management keeps pace with the new technology, and complex innovations in business activities; ensuring that control groups are among the principal players in new product approvals; putting more emphasis on developing and formalizing legal and compliance internal risk management controls and surveillance and monitoring systems; reporting and documenting reports of material compliance and control matters up the line to senior management; conducting regular assessments of all firm risks to ensure comprehensive coverage and controls; having complete up-to-date procedures and documented controls and exceptions to effectively control risks and to provide firm management with the information needed to direct appropriate improvements; and providing adequate resources and authority to all compliance and control groups so they can effectively fulfill their responsibilities.

The vast number of your organizations already have an ultimate holding company that has a principal regulator, such as the Federal Reserve. Your organizations may nevertheless choose to apply to the Commission in order to use the alternative capital calculations for your U.S. broker-dealer. In this case, we would not be conducting the exhaustive risk management examinations of the overall CSE that we have conducted where the SEC is the principal consolidated supervisor. Our examination of risk management and capital would be limited to the U.S. broker-dealer. However, please recognize that in some cases the systems and controls implemented at the broker-dealer are maintained at the holding company level, and as in past examinations of the broker-dealer, our examiners may need access to such information to effectively evaluate the implementation of risk controls at the broker-dealer.

You should also be aware that we have frequent communications with the Federal Reserve staff to discuss our examination approach and general findings at CSEs both to coordinate with respect to organizations where we may have joint jurisdiction as well as to discuss general examination principles and procedures. We intend for these discussions and information sharing to promote appropriate consistency, coordination of risk assessment, and a more holistic approach to examinations.

Another coordinated effort of which I am certain you are aware -- since we met with your representatives several times to discuss the issues -- is the work involving risk management for complex structured finance activities. This was an interagency effort from its inception -- Congressional hearings, the examination process, and then a proposed interagency statement on sound practices. The process began with Senate hearings by the Permanent Subcommittee on Investigations on "Four Enron Transactions Funded and Facilitated by U.S. Financial Institutions." Subsequent to the Congressional hearings in 2003, on what were viewed by the Subcommittee as deceptive accounting and tax transactions connected to Enron, members of the Subcommittee requested that the Commission and banking agencies initiate a joint review of banks and securities firms participating in complex structured finance transactions (CSFTs) and issue joint guidance on acceptable and unacceptable structured finance products, transactions and practices. Staff of the Commission and banking agencies conducted examinations of the financial institutions that were the most significant participants in the CSFT market and produced a draft statement on sound practices. The agencies published for comment the "Interagency Statement on Sound Practices Concerning Complex Structured Finance Transactions" last year.

The regulatory agencies stated that they have long expected financial institutions to develop and maintain robust control infrastructures that enable institutions to fully identify, evaluate and address all dimensions of risk associated with their business activities. The Statement went on to say that financial institutions also must conduct their CSFT activities in accordance with applicable laws and regulations, noting that financial institutions that violate the law may be subject to enforcement action and civil or criminal penalties. The Statement describes the types of internal controls and risk management policies and procedures that agency examiners found to be useful in assisting financial institutions to identify, manage and address effectively the potentially heightened risks that may arise from certain CSFTs. The Statement is not a rule, but rather from the Commission perspective, any material weaknesses in a financial institution's internal controls may be considered in weighing the existence of and evaluating potential violations of the federal securities laws.

Another area where U.S. agencies have worked in close coordination is in drafting and implementing the "Interagency Paper on Sound Practices to Strengthen the Resilience of the U.S. Financial System." The final paper was published in 2003. The three year implementation deadline is fast approaching and a report to Congress on progress in this area is due next year. This initiative is another example where the regulatory agencies have found it is imperative to work together as closely as possible. Trading and other operational systems are integrally connected during the trade, execution, and payments processes. The interdependencies were painfully evident in the post September 11 environment. It was a direct result of this tragic experience that the agencies worked together to quickly produce the Interagency Paper. The paper identifies sound practices, with specified implementation time frames, which focus on minimizing the immediate systemic effects of a wide-scale disruption on critical financial markets. While the Interagency Paper applies to only a small group of the most significant market participants, the SROs have issued rules requiring all members to have business continuity plans. The recent hurricanes and other disasters have demonstrated the importance of such plans for all financial services firms.

Joint agency action on the Interagency Paper was only a first step. Coordinated follow-up and implementation is essential to ensuring that all interrelated financial activities are prepared to work in unison in the face of any future wide-scale disruptions. It is for that reason that all the continuing reviews, work with the firms, and other aspects of implementation have been done jointly by the Commission and all the banking agencies, with cooperation among industry participants, as well. The bank regulators are currently working together on examiner guidance on business continuity testing. While the Commission examination program already has BCP testing procedures in place, we are considering the draft banking guidance to determine if further consistency with their approach is appropriate.

Another area where consistency and coordination are critical is in enforcing compliance with AML rules and laws. There are numerous ongoing efforts in this area including development of joint examination modules by the SROs and Commission staff, and development of joint examiner guidance by the banking agencies. Commission staff is now considering the extent to which the joint banking guidance may be useful in our exams. We have a number of coordinating groups, both formal and informal, that meet regularly to discuss and coordinate AML issues. To the extent legally permissible, industry participants and regulators share information in order to piece together money laundering and potential terrorist financing schemes that might otherwise go undetected. While the Commission is not the enforcement agency for money laundering violations themselves, we can use our examinations to ensure that firms have robust programs to detect evidence of money laundering and file useful suspicious activity reports to appropriate enforcement agencies. We continue to enhance coordination, information sharing and consistent compliance interpretations during AML examinations and expect this work to continue.

These are only a few examples where coordination and efforts towards consistent examination approaches are underway. There may be other areas that might benefit from further cooperative efforts among examination programs of various regulatory agencies. With your assistance and an open dialog, we may be able to identify such areas. These efforts may assist not only in enhancing the efficient operation of large organizations and the overall interconnected financial markets, but also in reducing regulatory burdens and producing benefits to improve the efficiency and effectiveness of regulatory examination programs.

Much of the coordination work that has been done in our broker-dealer examination program has been among U.S. regulatory agencies. At the international level, we do have Memoranda of Understanding to share information and we engage in discussions with our fellow examination personnel. However, the trend in the markets is towards continued globalization at an intensifying pace. While work is being done with respect to international regulatory convergence at the policy levels, it is not too early for those of us in the examination programs to increasingly engage in forward-thinking discussions that will set us on similar paths on a global basis.

I look forward to hearing your views on areas where the examination programs can work towards more coordination and cooperation with other regulatory agencies. Thank you for allowing me to share these thoughts with you.

http://www.sec.gov/news/speech/spch102705mag.htm