Speech by SEC Staff:
What Makes Compliance a Profession?
John H. Walsh
Chief Counsel, Office of Compliance Inspections and Examinations
U.S. Securities and Exchange Commission
NRS Symposium on the Compliance Profession
April 11, 2002
Thank you. I am really pleased to be here today.
Before I do anything else, let me remind you that as a matter of policy the Securities and Exchange Commission disclaims responsibility for any private publication or statement by any employee or Commissioner. The views I am going to express are my own, and do not necessarily reflect those of the Commission, the Commissioners, or others members of the staff.
This Symposium is a great idea. Compliance involves a lot more than just keeping up with rules and regulations important as they are. To be successful in compliance you must understand its special nature.
Compliance is different. It is not litigation. It is not operations. It is not counseling. It is similar to all three, and you certainly have to appreciate how it relates to all three. But compliance places unique and special demands on its practitioners.
As a regulator, I often see the difference a skilled compliance practitioner can make. We are always delighted when we deal with a competent professional. We would much rather work with someone who understands the field.
Unfortunately, too often we have to deal with people who unwittingly create a false red flag and send us off on a wild goose chase. It can be pretty frustrating when we see something that makes us want to dig deeper, and then, in retrospect, after putting the firm through some difficult times, we can see that our concern was unnecessary.
Perhaps we were told something that was just plain wrong. Perhaps the firm acted like it had something to hide. Perhaps it managed to convince us that it would not even recognize, let alone voluntarily correct, the problems we found. All of these are surefire ways to make little problems into big problems or to create apparent problems, where in reality, there may be none at all.
Skillful compliance knows how to navigate through the process. On an examination, not too long ago, during our interview of a business manager, we discovered a significant weakness in a particular procedure. A compliance official was present. He said nothing to obstruct what the manager was saying. But, several hours later, he came back to the examination team, reported that as soon as the interview had ended he initiated an internal review of the procedure, and he presented us with the results. The situation was much better than the business manager had described, and steps were taken to remedy any possible confusion among other employees.
That is how you practice compliance. Do not obstruct. Do not cover up. Be alert to what is happening. Be proactive. Be accurate. And be remedial.
As I said, this Symposium is a great idea. It gives us a chance to talk about compliance and how we can handle its unique demands. But equally important, it gives us a chance to set aside our day-to-day concerns and take a longer view. From that perspective, one of the most important characteristics of the field is its close relationship with that familiar goal of the securities laws, the "public interest."
Just a month ago today, on March 11, Chairman Pitt addressed this issue. He told the SIA's Legal and Compliance Division that confidence in our capital markets cannot be maintained if the public believes you are only playing a game, that you take a literal reading of the law, and conclude if something is technically legal, it must be OK. Instead, he said, to preserve the public's confidence, you must apply professional standards of ethics and competence. In essence, you are professionals, not mere technicians, and your professionalism is vested with a public interest.
This leads to an interesting question. What makes compliance a profession? Some of you are lawyers or accountants, so you already belong to at least one profession. But my question is, what makes compliance a profession in its own right? What makes it more than just one of the many functions bundled into a securities firm?
I think this question has a practical significance. If we want to be professionals, we need professional standards to guide us. Today, I want to share my thoughts on what makes compliance a profession, and what some of those professional standards should be. Let's start by asking, what is a profession?
Louis M. Brandeis, Progressive writer, Supreme Court Justice, and one of the intellectual fathers of modern securities regulation, addressed this question in his 1914 book, Business-A Profession. Brandeis believed that business, including the business of finance, was ready to join law, medicine, and theology among the professions. He admitted that his views were idealistic, but he also believed they were highly pragmatic. Professional business, he believed, would enjoy a competitive advantage over its unenlightened rivals. As Brandeis put it, professional business could answer the narrow moneymaker, without vision or ideals, even on his own low plane of material success.
In Brandeis's view, a profession has three characteristics. First, it is an occupation for which the necessary training is intellectual, involving knowledge and learning as distinguished from skill. Second, it is an occupation pursued largely for others. Third, it is an occupation in which the amount of financial return is not the accepted measure of success. In my view, compliance satisfies all three.
First, the practice of compliance is a real intellectual challenge. The rules and regulations governing the securities business are complex, dynamic, and must be applied to a multitude of unpredictable situations. Moreover, many of the more important requirements are formulated as general duties, not bright-line regulations.
I am sure everyone here has to deal with some of these open-ended issues. Do your order handling practices comply with the duty of best execution? Is your supervision of remote offices adequate? Do you sufficiently train your employees in the more complex products in your inventory? If anyone ever tells you these questions have simple and straightforward answers, never listen to that person again. These issues can be addressed only through that hallmark of a true professional, expert judgment.
In many respects, however, the greatest intellectual challenge is posed by preventive compliance. Whether you are drafting policies and procedures, defining the scope of an exception report, or training branch office auditors, you do not have the luxury of responding to a specific situation. Instead, you have to imagine and prevent an unknown number of possible situations before they arise.
As a lawyer, the mechanics of prevention have always fascinated me. They operate in exactly the opposite direction of the way lawyers learn the law. In law school, we are given a fact pattern and tested on our ability to identify facts that trigger some relevant legal standard. Compliance is different. It turns the process completely around. It requires you to look at a rule, regulation, or duty, and ask, "How might people in the future knowledgeable, imaginative, creative people try and violate this standard?" In essence, you're given the law, and told to come up with all the possible fact patterns. To meet this intellectual challenge, once again, you need to draw on that hallmark of the true professional, expert judgment.
Second, Brandeis said that a profession is pursued for others. Lawyers have clients. Doctors have patients. Who does compliance have? I would suggest, customers.
Compliance personnel are the customer's advocates. They see the complaints. They see the exception reports. They see the advertising. They monitor the communications. They are in the best position to spot looming danger, and stop it, before the customer suffers serious harm. In other words, they are in the best position to turn that other familiar goal of the securities laws, the "protection of investors," into a reality.
The close relationship between compliance and customers shows up in a number of other areas. For example, compliance personnel are in the best position to bring the customer's perspective to the firm's decision-making such as in assessing the clarity and understandability of firm disclosures. They are also in the best position to make sure customers with complaints are treated fairly. Recently, a lot of attention has been given, in society at large, to the need to resolve more disputes before they reach litigation. Compliance is in the forefront of this type of informal dispute resolution. You can see this yourself if you think about some of the ways we describe how good compliance officials serve their employers. They are "great with customers." They "always find a way to resolve complaints." They "know how to make customers feel they were treated fairly."
Third and finally, Brandeis said, a profession must have some measure of success other than simply making money. What is the measure for compliance? I would like to suggest two. They are different. But, they are not contradictory. To describe them in two words, I would say "quality" and "ethics."
There is a striking similarity between compliance and modern quality management. Let's take a look.
Both quality and compliance focus on preventive systems. In quality, this has generally been labeled with the slogan "right the first time." In other words, instead of catching and correcting errors, you try to build quality into your product in the first place.
Compliance is similar. The Commission has said repeatedly, in enforcement actions based on a failure to supervise, that sitting back and waiting for problems is not adequate. You need to take proactive and preventive action. Compliance professionals know all about this. As we have seen, designing and implementing preventive systems is one of the distinguishing features of the practice of compliance.
Both quality and compliance also focus on institutionalizing themselves within a firm's routine operations. In quality management, this means training line employees so they understand the difference between conforming and nonconforming output.
Compliance is similar. Education, training, and awareness are key elements. Producers must know about the firm's expectations, and must incorporate those standards into their routine work. In essence, the more the organization runs itself in a compliant fashion, at the lowest levels, the more successful we should consider compliance.
Both quality and compliance focus on self-monitoring. Edward Deming, the modern quality guru, said that failing to inspect yourself is like "driving in the road without your lights on." In other words, as I interpret his remarks, you will be in the dark, and very dangerous.
An important part of this monitoring is to watch for patterns. Why? Because, Deming said, management generates most defects. Very few arise from spontaneous failures by individual employees. Moreover, every system, no matter how good, will generate defects. Variation is inherent. So, by watching for patterns in the inevitable defects, you can distinguish the noise problems the 'anyone can have a bad day' problems from those generated by a structural flaw in management's system. Having identified the structural problem, you can quickly correct it while the amount of defective output remains small.
Compliance is similar. Behind most compliance failures are systemic management problems: misguided compensation, unrealistic performance goals, uneven supervision. By carefully monitoring for recurrent red flags, compliance can identify the firm's structural flaws and fix them before serious harm is done. Every form of monitoring system, from sophisticated exception reports, to good old-fashioned customer complaints, can serve this purpose.
Finally, there is another way in which quality and compliance are similar, but this is less fortunate than the others. That is, business management often treats both as unproductive cost centers. The literature is full of examples of businesses that slashed quality in an effort to enhance short-term profits, only to find that they had destroyed the firm's long-term franchise. Compliance is often in a similar predicament. If viewed only as a regulatory cost center, it is a ready victim when the downsizing begins. For both quality and compliance, part of our mission is to convince management that we add substantial value to the competitiveness of the firm.
This often takes a negative tone: a recital of all the problems that follow a quality or compliance failure. I think this is fine. Management should recognize the risks it is running. But from a professional point of view, we should also emphasize the positive. We should view quality and compliance as affirmative goals, as part of the value we provide investors. For your part, you should define customer satisfaction to include confidence in your honesty and trustworthiness. For our part, we should ensure that full compliance is within the design specifications of the products and services you sell.
This leads to the second measure of success that I want to propose ethics. This is one of the foundational motives for federal regulation of the securities industry. But today, it is often forgotten, or taken for granted. I think the best way to describe it is in the words of those who introduced it into the regulatory regime.
In April 1933, the President of the United States and the President of the New York Stock Exchange met to talk about the future of securities regulation. Franklin D. Roosevelt had been President of the United States for only a few weeks. In those days, Presidents were still inaugurated in March. He took office in the midst of a terrible economic crisis. After a sharp crash on the Exchange, the country, and then the world, had fallen into a deep Depression. Prices deflated, unemployment soared, banks failed, and the stock market sank ever lower. By early 1933, equities had lost about 90% of their pre-crash value.
These were desperate times, calling for desperate measures. Many people thought capitalism was dead. Roosevelt's own advisers told him that the time had come for the federal government to step in and take over some of the core functions of the securities industry. A federal agency, they said, should plan and control the allocation of capital within the economy.
But in their conversation, Roosevelt and Richard Whitney discussed a very different regulatory vision. Roosevelt said that he wanted the securities industry to be governed by "a simple code of ethics." This code should be universal. It should apply to all of the securities markets. And by "simple," Roosevelt said, he meant simple enough for the public to understand. Whitney agreed. He thought it would be difficult to come up with a code simple enough for the public. But he told FDR that the Exchange's members were anxious to put their business "on a higher plane than it has ever been before."
At the time, Roosevelt's advisers opposed this policy as too conservative. Even in retrospect, we can see that a program based on ethical aspirations was indeed a conservative model of regulation. As FDR described his vision, he did not want to control the securities industry, he wanted to elevate its character, honesty, and honor. Only when business was conducted in this fashion, only when the public's trust was morally justified, would confidence and prosperity return.
Recent events in our securities markets, and the larger economy, demonstrate the continuing validity of this policy goal. Moreover, as Chairman Pitt noted in March, they also demonstrate the importance of professionalism in the compliance community. Because, if there is any group in the modern securities industry that is ready to meet this ethical challenge, that is ready to establish and enforce a simple code, simple enough for the public to understand, it is compliance.
I think compliance satisfies Brandeis's definition of a profession. Moreover, in these characteristics, we can see some of the professional standards that it should meet. The practice of compliance is an intellectual challenge that should be met through the exercise of expert judgment. Compliance should make sure the customer's interests, and the customer's perspective, are not forgotten. Finally, the successful practice of compliance should be measured by discrete and distinctive standards: does it prevent problems, does establish understandable ethics?
In sum, compliance is a profession. Just, I should note, as the title of this Symposium suggests. However, I do disagree with Brandeis in one respect. I think his definition is incomplete. In addition to his three elements, a profession should be aware of its status.
To be truly professional, compliance's special status must be recognized by its practitioners, by those who employ them, and by the members of the public who deal with them. All should respect the public interest that fills this work. Earning compliance that recognition and respect is part of our mission. This Symposium should play an important role in that process. I welcome it, and I am glad to be part of it.