Understanding Risk Management and Compliance, April 2012


Published on

Understanding Risk Management and Compliance, April 2012

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Understanding Risk Management and Compliance, April 2012

  1. 1. _____________________________________________________________International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  2. 2. International Association of Risk and Compliance Professionals (IARCP) 1200 G Street NW Suite 800 Washington, DC 20005-6705 USA Tel: 202-449-9750 www.risk-compliance-association.com Welcome to the April 2012 edition of the International Association of Risk and Compliance Professionals (IARCP) newsletterDear Member,The European Central Bank (ECB) tries hard to understand theDodd Frank Act (so do we).We start from an interesting “we would thereforeappreciate some clarification from you” letter fromthe European Central Bank to the US CommodityFutures Trading Commission.The part of the letter I like: “We thereforerespectfully ask the Commissions toexercise their definitional authority…”  _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  3. 3. What is the letter about?The point?“We are therefore concerned about how Title VII of the Dodd-Frank Actwill apply to the official operations of the ECB and the Eurosystem, andwe would therefore appreciate some clarification from you in this regard.To the extent that your agency is preparing implementation rules to theDodd-Frank Act, we would with all due respect seek from you dueconsideration to the above arguments, as well as to international comity,so that the case of International Organizations (such as the ECB) and offoreign central banks are addressed in the final regulations in a mannerfitting with their official status and tasks.In that direction, please note that the ECBs -and the Eurosystems-mandate requires them to perform public tasks that are broadlycomparable to those attributed in the United States to the Federal ReserveSystem, which necessarily require the ECB to conduct operations in thefinancial markets, including OTC derivatives.These are activities that would, if conducted by a private sector entity,necessarily fall within the ambit of Title VII of the Dodd-Frank Act. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  4. 4. In contrast, we note that if those same transactions were entered into bythe Federal Reserve System, they would be expressly excluded from thedefinitions of "swap" and "security-based swap" contained in theDodd-Frank Ad.We set out attached some considerations on the ECB and its mandate,and its status under U.S. Law.The point on which we seek regulatory clarification is whether officialtransactions such as those entered into by the ECB and by the nationalcentral banks of the Eurosystem would be captured by the definitionsof "swap" and "security-based swap" contained in the Dodd-Frank Act.Clearly, our practice to date has been to transact with private sectorentities on market standard documentation for swaps, but given that wehave so far and would in the future only be entering into such transactionspurely in execution of our public mandate - and it is to be noted that weare not authorised to enter into such transactions on any other basis - wesuggest that the transactions that we enter into should not be interpretedand legally defined in the same way as otherwise similar transactionsentered into by private commercial entities:• First, the considerations involved in the management of foreign reservesare not amenable to control and supervision in the same way asprivate-sector profit-maximising transactions.Indeed, as an institution of the European Union, we are not subject tosupervision or licensing requirements and suggest that it would beinappropriate to be subjected to supervisory requirements by a non-EUauthority in respect of a part of our activities.In particular, we are concerned that external control of our activitiesmight not be sufficiently sensitive to the practice of managing foreignreserves and could thus frustrate the ECBs performance of the mandatethat it has been given by the TFEU. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  5. 5. • Second, performance of our mandate can require us to act confidentiallyin certain circumstances.Please note that in certain occasions central banks market activities, ifsubject to public disclosure and external supervision, may causesignalling effects to other market players and finally hinder the policyobjectives of such actions (the CCP itself would also have a privilegedview on the whole set of cleared central bank transactions).This is probably the reason behind the exemption given by Dodd-FrankAct to the Federal Reserve System (a similar exemption to the ECB andother central banks and comparable international institutions is foreseenin the proposed draft EU Regulation on Central Clearing of OTCderivatives in course of definition in Europe).Certain of the requirements of the Dodd Frank Act, if applicable to theECB, could compromise the ECBs ability to take such actions.In this regard, it is noted that the ECB has worked closely with theFederal Reserve System in responding to the financial crisis, and shouldnot be compromised by implementation of the Dodd-Frank Act in itsability to respond similarly in the future.• Third, the specificity of role and functions of central banks make theiruse of CCPs, and other private financial market infrastructures for thatmatter, a very sensitive issue, particularly in times of crisis.For instance, if a central bank were to become a clearing member of aCCP it would need to contribute to the CCP default procedures.In case of crisis, this could force a central bank to eventually absorb otherparticipants and possible the CCPs losses, thereby raising sensitivemoral hazard issues.• Fourth, this may introduce inconsistency between EU and USlegislation concerning the central bank obligations to use designatedCCPs _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  6. 6. The abovementioned arguments apply mutatis mutandis to the nationalcentral banks of the Eurosystem.As you of course know, Congress has vested the Commissions with therulemaking authority to further define certain terms, including "swap"and "security-based swap, and such joint rulemaking on the definition ofthe terms "swap" and "security-based swap" is to be done inconsultation with the Board of Governors.In light of the above, we therefore respectfully ask the Commissions toexercise their definitional authority under the Dodd-Frank Act to definethe terms "swap" and "security-based swap", as used in the CommodityExchange Act and Securities Exchange Act, respectively, to exclude anyagreement, contract or transaction a counterpatty of which is a PublicInternational Organisation such as the ECB, or indeed a national centralbank of a market economy.We stand ready to elaborate on any of the matters raised above, includingwith respect to the size and risk management of our US dollar interest ratederivatives portfolio activities to the extent that this would be helpful toyou.” _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  7. 7. Cayman Islands – An OverviewThe three Cayman Islands, Grand Cayman, Cayman Brac and LittleCayman, are located in the western Caribbean about 150 miles south ofCuba, 460 miles south of Miami, Florida, and 167 miles northwest ofJamaica.George Town, thecapital, is on thewestern shore ofGrand Cayman.Grand Cayman, thelargest of the threeislands, has an area of about 76 square miles and is approximately 22miles long with an average width of four miles.Its most striking feature is the shallow, reef-protected lagoon, the NorthSound, which has an area of about 35 square miles. The island islow-lying, with the highest point about 60 feet above sea level.Cayman Brac lies about 89 miles northeast of Grand Cayman.It is about 12 miles long with an average width of 1.25 miles and has anarea of about 15 squaremiles.Its terrain is the mostspectacular of the threeislands.The Bluff, a massivecentral limestoneoutcrop, rises steadilyalong the length of the island up to 140 ft. above the sea at the eastern end.Little Cayman lies five miles west of Cayman Brac and is approximatelyten miles long with an average width of just over a mile. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  8. 8. It has an area of about 11 square miles. The island is low-lying with a fewareas on the north shore rising to 40 ft. above sea level.There are no rivers onany of the islands. Thecoasts are largelyprotected by offshorereefs and in some placesby a mangrove fringethat sometimes extendsinto inland swamps.Geographically, the Cayman Islands is part of the Cayman Ridge, whichextends westward from Cuba. The Cayman Trench, the deepest part ofthe Caribbean at a depth of over four miles, separates the three smallislands from Jamaica.The islands are also located on the plate boundary between the NorthAmerican and Caribbean tectonic plates.The tectonic plates in Cayman’s region are in continuous lateralmovement against each other.This movement, with the Caribbean plate travelling in an eastwarddirection and the North American plate moving west, limits the size ofearthquakes and there has never been an event recorded of more thanmagnitude 7.It is not unusual for minor tremors to be recorded. Many residents don’teven notice them. However in December 2004 a quake of 6.8 magnituderocked Grand Cayman and everyone noticed. The earthquake, short induration, opened some small sinkholes but otherwise didn’t cause anydamage.Christopher Columbus first sighted Cayman Brac and Little Cayman on10 May 1503. On his fourth trip to the New World, Columbus was en routeto Hispaniola when his ship was thrust westward toward "two very small _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  9. 9. and low islands, full of tortoises, as was all the sea all about, insomuchthat they looked like little rocks, for which reason these islands werecalled Las Tortugas."A 1523 map show all three Islands with the name Lagartos, meaningalligators or large lizards, but by 1530 the name Caymanas was being used.It is derived from the Carib Indian word for the marine crocodile, which isnow known to have lived in the Islands.Sir Francis Drake, on his 1585-86 voyage, reported seeing "great serpentscalled Caymanas, like large lizards, which are edible."It was the Islands ample supply of turtle, however, that made them apopular calling place for ships sailing the Caribbean and in need of meatfor their crews. This began a trend that eventually denuded local waters ofthe turtle, compelling local turtle fishermen to go further afield to Cubaand the Miskito Cays in search of their catch.The first recorded settlements were located on Little Cayman andCayman Brac during 1661-71.Because of the depredations of Spanish privateers, the governor ofJamaica called the settlers back to Jamaica, though by this time Spain hadrecognised British possession of the Islands in the 1670 Treaty of Madrid.Often in breach of the treaty, British privateers roamed the area takingtheir prizes, probably using the Cayman Islands to replenish stocks offood and water and careen their vessels.The first royal grant of land in Grand Cayman was made by the governorof Jamaica in 1734.It covered 3,000 acres in the area between Prospect and North Sound.Others followed up to 1742, developing an existing settlement, whichincluded the use of slaves.On 8 February 1794, an event occurred which grew into one of Caymansfavourite legends -- The Wreck of the Ten Sail. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  10. 10. A convoy of more than 58 merchantmen sailing from Jamaica to Englandfound itself dangerously close to the reef on the east end of GrandCayman.Ten of the ships, including HMS Convert, the navy vessel providingprotection, foundered on the reef. With the aid of Caymanians, the crewsand passengers mostly survived, although some eight lives were lost.The first census of the Islands was taken in 1802, showing a population onGrand Cayman of 933, of whom 545 were slaves. Before slavery wasabolished in 1834, there were over 950 slaves owned by 116 families.Though Cayman was regarded as a dependency of Jamaica, the reins ofgovernment by that colony were loosely held in the early years, and atradition grew of self-government, with matters of public concern decidedat meetings of all free males. In 1831 a legislative assembly wasestablished.The constitutional relationship between Cayman and Jamaica remainedambiguous until 1863 when an act of the British parliament formally madethe Cayman Islands a dependency of Jamaica.When Jamaica achieved independence in 1962, the Islands opted toremain under the British Crown, and an administrator appointed fromLondon assumed the responsibilities previously held by the governor ofJamaicaThe constitution currently provides for a Crown-appointed Governor, aLegislative Assembly and a Cabinet.Unless there are exceptional reasons, the Governor accepts the advice ofthe Cabinet, which comprises three appointed official members and fiveministers elected from the 15 elected members of the Assembly.The Governor has responsibility for the police, civil service, defence andexternal affairs but handed over the presidency of the LegislativeAssembly to the Speaker in 1991. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  11. 11. Cayman Islands, Banking StatisticsOverviewThere were a total of 234 banksunder the supervision of theBanking Supervision Division atthe end of December 2011.The fundamentals of the bankingsector remain sound and theindustry in general has beenrelatively resilient in a very challenging market environment.Banks continue to consolidate and restructure in search of costefficiencies, and improvements in operational risk management andgovernance.As of September 2011, total assets were reported at US$1.607trillion down from the same period of the previous year where total assetsstood at US$1.725 trillion. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  12. 12. _____________________________________________________________International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  13. 13. The Cayman Islands is recognised as one of the top 10 internationalfinancial centres in the world, with over 40 of the top 50 banks holdinglicences here.Over 80 percent of more than US$1 trillion on deposit and booked throughthe Cayman Islands, represents inter-bank bookings between onshorebanks and their Cayman Islands branches or subsidiaries.These institutions present a very low risk profile for money laundering.Basel IIThe Cayman Island Monetary Authority (CIMA) is implementing theBasel II Framework.The Basel II Framework describes a more comprehensive measure andminimum standard for capital adequacy that seeks to improve on theexisting Basel I rules by aligning regulatory capital requirements moreclosely to the underlying risks that banks face.The Framework is intended to promote a more forward looking approachto capital supervision that encourages banks to identify risks and todevelop or improve their ability to manage those risks.As a result, it is intended to be more flexible and better able to evolve withadvances in markets and risk management practices.A key objective of the revised Framework is to promote the adoption ofstronger risk management practices by the banking industry.Banks to Which Basel II Applies The Basel II Framework applies to banks that are locally incorporated inthe Cayman Islands (Category A and B banks), all home regulated banksand host regulated banks (subsidiaries of foreign banks), with or withouta physical presence.Branches of foreign banks operating the Cayman Islands, will not berequired to maintain a separate capital requirement, and as such will beexcluded from the local Basel II requirements. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  14. 14. However, these foreign banks including the operations of the CaymanIslands branches must maintain the minimum capital adequacyrequirements as stipulated by their home jurisdictions.Implementation PhasesCIMA proposes to apply the Basel II Framework in twophases leveraging a practical measured approach.First PhaseThe first phase of the implementation was completed on December 31,2010 and comprised the following Pillar 1 approaches: • Credit Risk – Standardized • Market Risk – Standardized • Operational Risk – Basic Indicator Approach and The StandardizedApproachThe first phase of the Basel II implementation includes Pillar 2 –Supervisory Review Process and Pillar 3 - Market Discipline.Second PhaseThe second phase of the CIMA Basel II implementation will beconsidered for implementation after 2012.It will include considering the implementation of advanced approaches,specifically Pillar 1 – Credit Risk – Advanced Approaches (IRB),Operations Risk – Advanced Measurement Approaches (AMA) andMarket Risk – Internal Risk Management Models.Industry InputSince the majority of banks impacted by the application of the Basel IIFramework are members of the Cayman Island Bankers Association(CIBA), CIMA has established a joint CIMA/CIBA Basel II WorkingCommittee.The primary objective of the working committee is to provide banks andCIMA a forum for consultation, discussion and agreement on Basel II _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  15. 15. related issues. CIMA proposes to obtain the majority of feedback on BaselII related issues from the CIBA/CIMA Basel II Working Committee.CIMA also proposes to communicate directly with those banks that arenot members of CIBA or those banks that have principal agents that arenot members of CIBA.However, these banks will not have the benefit of consultation orparticipation in discussions on Basel II issues with the majority ofimpacted banks.Banks wishing to participate in the CIBA consultations and discussionsshould contact CIBA directly.Basel iiiThis is the next step, but we have no timeline yet.According to Reina Ebanks, Head of Banking Supervision, CaymanIslands Monetary Authority at the Opening of the FSI & CGBS Seminar -Regional Seminar on Capital Adequacy & Basel III George Town, GrandCayman, Cayman Islands February 22-24, 2011:“It is good that so many of our colleagues from regulatory bodies in theCaribbean region have seen the value of this seminar and have seized thisopportunity to participate.I also appreciate the involvement of our local industry partners who willserve as presenters.We all have experiences to share, and by sharing those experiences wewill learn from each other.The Cayman Islands Monetary Authority believes strongly in thenecessity and benefits of professional training.We have always sought to ensure that our own staff members have everyopportunity to enhance the skills that are necessary for the Authority toeffectively carry out its role. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  16. 16. The regulatory reform package of the Basel Committee addressesidentified weaknesses of the pre-crisis banking sector and outlines severalmeasures to promote a more resilient banking sector.The objective of the reforms is to improve the banking sector’s ability toabsorb shocks arising from financial and economic stress, thus reducingthe risk of spill over from the financial sector to the real economy.The new global standards referred to a “Basel III” cover bothfirm-specific and broader, systematic risks. At this 3 day seminar ourpresenters who are experts in their field are expected to cover specificaspects of Basel III.One of the things you learn quickly as a regulator is how rapidly changesoccur within today’s financial systems and how interconnected andinterdependent they are.The international financial crisis underscored this forcefully, but it is notgoing to change it.Products will continue to evolve; markets will continue to change; ways ofdoing business will continue to be constantly challenged by newinnovations despite the new regulations and standards put in place as aresult of the crisis.However, one of the strong lessons which it has taught us as regulators isthat, in order to stay ahead of the curve, we must expand our knowledgeof the markets and products we are charged with regulating and the roleof the different jurisdictions, large and small, that are part of the globalmarketplace.We must apply that knowledge efficiently in our day-to-day operations.We must cooperate as regulators at the organizational level.We must engage in dialogue and we must take joint action.This is necessary if we are to regulate effectively without stiflinglegitimate business and economic growth.” _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  17. 17. _____________________________________________________________International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  18. 18. Remarks before the Institute of International Bankers, AnnualWashington ConferenceCommissioner Jill E. Sommers, March 5, 2012Important partsI would like to touch on a few developments and give my thoughts on thecurrent state of derivatives regulation both here in the US and abroad.Since September of 2010, the Commission has held 24 public meetings tovote on various Dodd-Frank matters and has issued nearly 60 proposedrules, notices, or other requests seeking public comment, and hascompleted 28 final rules, interim final rules, and exemptions.I think we are about at the half-way mark with at least twenty more rulesto go, including the most significant rules like definitions of a swap dealerand swap.We have one meeting scheduled for March and four more meetingsscheduled for April and May.The ProcessWhen it comes to the rulemaking process, I believe a reasonable,measured approach is critical.Swap markets developed without our involvement, and we have littleexperience with these markets. The truth is we don’t know what the fullimpact of our rules will be, and we don’t know whether the assumptionswe operate under are valid. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  19. 19. Given this knowledge gap, it makes sense to start with a broader, moreflexible approach, and become narrower and more restrictive only asnecessary and after we have sufficient experience and data to make thesedecisions.Unfortunately the Commission has not taken this sensible approach.By way of example, last month the Commission held an open meeting toconsider a final rule related to business conduct standards and a proposedrule related to block trading.Dodd-Frank mandates that the Commission specify the criteria fordetermining what constitutes a large notional swap transaction—or blocktrade— for particular markets and contracts.In determining appropriate block trade sizes, Congress has directed thatthe Commission take into account whether public disclosure oftransactions will reduce market liquidity.This requires a balancing act—if the block threshold is set too low, therewill be reduced transparency in the market.If the block threshold is set too high, there will be reduced liquidity in themarket.Setting block sizes for swaps is not an easy task, and absent robust data,comprehensive analysis, and the benefit of market experience, we couldseverely harm liquidity at this critical regulatory juncture where we seekto bring more swaps onto swap execution facilities.The proposal, which passed by a 3-2 vote, recommends utilizing aformula to determine block size whereby only the largest 6% of all interestrate swaps and credit default swaps would be block trades.This proposal ignores Congress’ mandate that we take into account theimpact of public disclosure on liquidity.We now run the risk of sacrificing liquidity at the altar of transparency. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  20. 20. More troubling, the rule writing team only had access to 3 months’ worthof transaction data, and that transaction data dates back to the summer of2010.In writing these rules we are relying on stale data, and far too little of it.This is just one instance where we have proposed rules without sufficientdata, robust analysis, and complete knowledge of their impact.ExtraterritorialityI am guessing that the issue first and foremost on many of your minds isextraterritoriality.As everyone in this room knows, the swaps market is a global market.Harmonizing our rules to the greatest extent possible with the SEC, otherUS regulators and our foreign counterparts is absolutely crucial forensuring that we accomplish the overall global objectives of reducingsystemic risk and limiting opportunities for regulatory arbitrage.As required by Dodd-Frank, and in keeping with the commitmentsreached by the G-20 leaders in Pittsburgh in September of 2009,Commission staff has been in constant contact with our counterparts inLondon, the European Union and Asia.These issues are very complex, and the possibility of divergent viewsamong international regulators is very real.The challenge lies in building a consistent philosophy for how theregulatory frameworks of many nations fit together to ensure cross-borderswap activities are not disrupted.In Dodd-Frank Congress expressed intent for the statute to apply toactivities abroad in certain circumstances, but was not crystal clear on theparameters.While the statute gives us some direction, the Commission is consideringhow broadly or narrowly it intends to interpret the scope of this limitation. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  21. 21. Setting the precise scope of Dodd-Frank with respect to the cross-borderactivities of foreign entities is necessary to preserve the continuity ofglobal business operations and the risk management tools that swapsprovide.To that end, I expect the Commission to issue proposed guidance on thisissue in the coming weeks; however, it is my understanding the scope ofthe guidance will only speak to who will be required to register as a USswap dealer or major swap participant.The Commission intends to tackle other issues such as clearing andmarket infrastructure in subsequent guidance.I am deeply concerned that there has not been adequate coordinationwith the SEC and the international regulatory community.Of even greater concern to me is that the Commission appears to beconsidering a piecemeal approach to issues of extraterritoriality byproposing guidance in stages rather than by proposing onecomprehensive rule that will give market participants some degree ofcertainty and the entire framework we are considering.I cannot imagine the global consequences of an inconsistent approach tothese issues by the SEC and CFTC.I have spoken to many foreign entities and foreign regulators who arevery interested in how far the CFTC intends to reach into the operationsof entities located overseas.I believe this is one of the single most important issues the Commissionwill address during the implementation of Dodd/Frank.There has been an enormous amount of congressional interest and if wedo not get this one right, I am confident Congress will step in. I wouldlike to see the CFTC propose a joint rule or at the least a coordinated rulewith the SEC.The CFTC has a long history of international cooperation and recognitionfor comparable foreign regulatory regimes. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  22. 22. This is not the time for us to abandon policies that have worked well forus over decades of international practice.VolckerI am also going to guess that the other important issue on your mind isthe much discussed “Volcker rule”.The CFTC waited until January of this year to put out its Volckerproposal, notwithstanding the fact that other US regulators put out theirversion of Volcker last October.The proposal is lengthy and extremely complex and I do not think wespent sufficient time to fully consider all of its implications. I am troubledthat this is the path the Commission has chosen.Given that we waited until January to propose our version of Volcker, wellafter other regulators issued proposals and received comments, we had aunique opportunity to take into consideration the comments filed withthose other agencies.Unfortunately, even with the lag time and the benefit of comment letterswe proposed a rule that is virtually identical to the other agencies’proposed Volcker rule.I had concerns about what the CFTC would do if other agenciesre-propose their rules.I hope we will be prepared to withdraw our proposal and join are-proposed Volcker Rule with the other agencies.Otherwise, it seems as if we have put ourselves on a separate track, whichI fear will needlessly complicate an already convoluted and likelyunworkable set of rules.Central bankers and regulators from around the world have expressedconcern that the rule, which as proposed would apply to the USoperations of foreign banks, may also extend to a firms’ operationsoutside the US. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  23. 23. Many countries in Europe and Asia have weighed in, and many industrybodies such as yours have filed helpful comment letters too.In fact, the CFTC, Treasury and other regulators received over 17,000comment letters. We have seen these concerns voiced by high rankingofficials, such as Bank of Canada Governor Mark Carney, EU FinancialServices Commissioner Michel Barnier, and FSA chairman Lord AdairTurner.For example, the UK and Japanese finance ministers weighed in sayingthat, without an exemption from the rule, their governments’ borrowingcosts would rise.Japan and Britain have called on the US to rewrite the Volcker rule givenconcerns that it could reduce liquidity in sovereign debt markets at acrucial moment for some European governments.Japanese Finance Minister Jun Azumi and his British counterpart GeorgeOsborne pointed out that Volcker may be the "wrong prescription," withunintended consequences.Of particular concern to other nations is the fact that, while the new rulemay adversely impact market liquidity in stocks and corporate andgovernment bonds, there is an exemption that allows the banks to buy USgovernment securities -- but not other sovereign debt instruments.As a consequence, explained Azumi and Osborne, "it could reduceliquidity in non-US sovereign markets, making it more difficult, costlierand riskier for countries to issue and distribute debt."Government debt and related obligations are a major part of the bankingsector’s liquid assets.I believe that we need to really consider, especially at this troubled time inthe sovereign debt markets, whether this exclusion should be applied in abroad manner that allows banks, especially those outside the US, toengage in liquidity management using assets accepted as liquid reservessuch as foreign sovereign debt. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  24. 24. Second, after reviewing the many critical comments we shouldre-evaluate the foreign banking entities exemption.I do not believe this exemption should be narrower than is required byDodd-Frank.At a minimum, we could clarify that use of US financial infrastructure(e.g. clearing, settlement, and trade facilitation) would not make thetransaction subject to the rule.It is critical for US regulators to come together and form a reasonableapproach to the many difficult issues included in the prohibitions andrestrictions on proprietary trading.The implications of this rule will most definitely be felt around the globe.International UpdateAs you know, I chair the Commission’s Global Markets AdvisoryCommittee and have participated for the last three years in the TechnicalCommittee meetings of IOSCO and so am particularly sensitive tointernational regulatory issues.As a quick recap on other jurisdictions, we continue to monitor theprogress of the European Market Infrastructure Regulation (EMIR), theMarkets in Financial Instruments Directive (MIFID) and the relatedMarkets in Financial Instruments Regulation (MIFIR), as well as theproposed revisions to the Market Abuse Directive (MAD) and the BaselCommittee on Banking Supervision and IOSCO joint working group onmargin requirements for uncleared derivatives.A political agreement on EMIR was reached last month; however, anofficial version has yet to be released publicly.Based on conversations with our European Commission (EC)counterparts, EMIR will come into force on January 1, 2013, but will notbe applied until later in 2013. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  25. 25. More specifically, authorization of CCPs will not occur until mid-2013 andwe do not have an estimated date for when trade repositories will enterinto force.With regard to MiFID and MiFIR, we expect that the EuropeanParliament will consider them at some point this summer.All three of these proposals are the EU’s responses to the commitmentsmade by G-20 leaders in 2009 to address less regulated parts of thefinancial system, such as OTC derivatives, and to improve the oversightand transparency of commodity derivative markets.MAD/MAR: The European Commission has also proposed regulationsto increase the number of commodity derivatives and OTC derivativesthat are covered by the market abuse regime.The proposals extend the market manipulation prohibition toinstruments whose value relates to exchange traded instruments.So for instance, an OTC derivative referenced to a contract traded on ICEFutures Europe would fall within the new Directive.These updated regulations now include prohibitions against attemptedmanipulation, where the old rules only covered actual manipulation.I should also point out that the new regulation gives the member statesmore enforcement tools and criminalizes certain insider trading andmarket manipulation offenses.We expect these proposals will also be taken up by the EuropeanParliament this summer.The IOSCO Task Force on OTC derivatives (TF) has been busy. Here’s asense of where various work is in the pipeline:- the report on requirements for mandatory clearing;- the TF’s “Follow on analysis to the report on trading”; and _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  26. 26. - the report on OTC Derivatives Data Reporting and Aggregation Requirements, which is the joint work of the TF and the Committee on Payment and Settlement Systems (CPSS)were all approved before or during the Feb. 2012 Tokyo TechnicalCommittee Meeting.The last report left for the task force to take up, the report on OTCDerivatives Market Intermediaries’ oversight, is nearly finished and likelyto be approved at the May IOSCO Annual meeting in Beijing.Lastly, on the international front, I would like to report that the BaselCommittee on Banking Supervision and IOSCO has established a jointworking group on margin requirements for uncleared derivatives.The group includes representatives from more than twenty regulatoryauthorities, including the CFTC, and has held two in-person meetingsand numerous conference calls.The topics discussed have included:- the purposes of margin;- the instruments subject to margin;- entities subject to margin;- categorization of counterparties;- calculation of margin;- eligible collateral;- segregation of collateral;- treatment of affiliates; and- cross-border issues.The group is working toward issuing a consultative paper mid-year.US regulators will coordinate with the international effort, and my hope isthat US regulators will not take up the final rulemaking on margin _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  27. 27. requirements for uncleared derivatives until after the internationalstandards have been settled.Finally, I will turn to recent developments in Asia.JapanThe Japanese legislature passed the Amendment to the FinancialInstruments and Exchange Act (“FIEA”) in May 2010.This amendment gave the Japanese financial regulator, the JFSA, theauthority to regulate OTC derivatives.The JFSA expects the implementing cabinet ordinance and othermeasures to be finalized by November 2012.Hong KongThe Hong Kong Monetary Authority (“HKMA”) and Hong KongSecurities and Futures Commission (“SFC”, together with the HKMA,the “Hong Kong Authorities”) released a consultation paper on theirproposed OTC regulatory regime in October 2011.The Hong Kong Authorities propose amending the Securities andFutures Ordinance to set out a general framework for the regulation of theOTC derivatives market, which includes providing relevant rulemakingpowers to the HKMA and SFC.Hong Kong is working to adopt these regulations by the end of 2012.SingaporeOn February 13, 2012 the Monetary Authority of Singapore (“MAS”)published a consultation paper with proposals to meet the G20 mandateon the trading, clearing and reporting of OTC derivatives.To implement the recommendations of the international standard settingbodies, MAS proposed to expand the scope of the Securities and FuturesAct (“SFA”) to mandate central clearing and reporting of OTC derivativescontracts, as well as regulate market operators, clearing facilities, traderepositories and market intermediaries for OTC derivatives contracts. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  28. 28. Generally there is a fair amount of consistency between jurisdictions. Ofcourse there are some areas where coordination and cooperation areessential.I know the concept of indemnity in the context of swap data repositoriesis an issue, as well as the desire by some for a central bank exemptionfrom the registration, public reporting and clearing requirements ofDodd-Frank.There is also a conflict regarding the open access to CCP’s rules which wefinalized in October of last year.The rules prohibit a DCO from setting a minimum adjusted net capitalrequirement of more than $50million for any person that seeks to becomea clearing member in order to clear swaps.This very low number has generated concern from other authorities.As you all know very well, market regulators around the globe are workingdiligently to respond to the commitments made at the G-20 level.Considering the scope of the work for all of these jurisdictions, I think theprogress made up to this point has been remarkable.We will continue our efforts at the Commission coordinating with ourglobal counterparts and will probably be working to establish appropriaterules and regulations for many years to come.ConclusionIn closing, I would like to convey my persistent grief regarding theprocess the Commission is using to finalize these very important rules.I believe we should be crafting all of our regulations in a way that willallow them to stand the test of time and to not favor one market segmentover another.I believe that it is crucial for the marketplace and for market participantsthat we get these rules right and that we finalize them in a way that isreasonable and to not politicize them. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  29. 29. It would not be a good outcome if we are re-writing most of these rules inthe next couple of years because the rules do not reflect the useful inputwe have received from the market.We consistently reject reasoned comments from industry professionalswith little justification in our cost benefit analysis to support thoserejections.I have been hopeful for the past year that things would change when westarted finalizing rules, and especially the rules that are so integral to thenew regulatory framework, but things have not changed.I am no longer optimistic; I do not believe that these rules have a chanceof withstanding the test of time but instead believe that this Commissionwill be consumed over the next few years using our valuable resources torewrite rules that we knew or should have known would not work whenwe issued them. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  30. 30. Proposed Rules to Help Prevent and Detect Identity Theft, fromthe Securities and Exchange CommissionThe Securities and Exchange Commission announced a rule proposal tohelp protect investors from identity theft by ensuring that broker-dealers,mutual funds, and other SEC-regulated entities create programs to detectand respond appropriately to red flags.The SEC issued the proposal jointly with the Commodity FuturesTrading Commission (CFTC).Section 1088 of the Dodd-Frank Act transferred authority over certainparts of the Fair Credit Reporting Act from the Federal TradeCommission (FTC) to the SEC and CFTC for entities they regulate.The proposed rules are substantially similar to rules adopted in 2007 bythe FTC and other federal financial regulatory agencies that werepreviously required to adopt such rules.The rule proposal would require SEC-regulated entities to adopt a writtenidentity theft program that would include reasonable policies andprocedures to: Identify relevant red flags. Detect the occurrence of red flags. Respond appropriately to the detected red flags. Periodically update the program.The proposed rule would include guidelines and examples of red flags tohelp firms administer their programs.The proposal will be published in the Federal Register with a 60-daypublic comment period.SummaryThe Commodity Futures Trading Commission (“CFTC”) and theSecurities and Exchange Commission (“SEC,” together with the CFTC, _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  31. 31. the “Commissions”) are jointly issuing proposed rules and guidelines toimplement new statutory provisions enacted by Title X of theDodd-Frank Wall Street Reform and Consumer Protection Act.These provisions amend section 615(e) of the Fair Credit Reporting Actand direct the Commissions to prescribe rules requiring entities that aresubject to the Commissions’ jurisdiction to address identity theft in twoways.First, the proposed rules and guidelines would require financialinstitutions and creditors to develop and implement a written identitytheft prevention program that is designed to detect, prevent, and mitigateidentity theft in connection with certain existing accounts or the openingof new accounts.The Commissions also are proposing guidelines to assist entities in theformulation and maintenance of a program that would satisfy therequirements of the proposed rules.Second, the proposed rules would establish special requirements for anycredit and debit card issuers that are subject to the Commissions’jurisdiction, to assess the validity of notifications of changes of addressunder certain circumstances.DATES: Comments must be received on or before May 7, 2012.All comments must be submitted in English, or if not, accompanied by anEnglish translation.Proposed Identity Theft Red Flags RulesSections 615(e)(1)(A) and (B) of the FCRA, as amended by theDodd-Frank Act, require that the Commissions jointly establish andmaintain guidelines for “financial institutions” and “creditors” regardingidentity theft, and prescribe rules requiring such institutions and creditorsto establish reasonable policies and procedures for the implementation ofthose guidelines. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  32. 32. The Commissions have sought to propose identity theft red flags rulesand guidelines that are substantially similar to the Agencies’ final identitytheft red flags rules and guidelines, and that would provide flexibility andguidance to the entities subject to the Commissions’ jurisdiction.To that end, the proposed rules discussed below would specify:(1) Which financial institutions and creditors would be required todevelop and implement a written identity theft prevention program(“Program”);(2) The objectives of the Program;(3) The elements that the Program would be required to contain; and(4) The steps financial institutions and creditors would need to take toadminister the Program.Which Financial Institutions and Creditors Would Be Requiredto Have a ProgramThe “scope” subsections of the proposed rules generally set forth thetypes of entities that would be subject to the Commissions’ identity theftred flags rules and guidelines.Under these proposed subsections, the rules would apply to entities overwhich the Commissions have recently been granted enforcementauthority under the FCRA.The Commissions’ proposed scope provisions are similar to the scopeprovisions of the rules adopted by the Agencies.The CFTC has tailored its proposed “scope” subsection, as well as thedefinitions of “financial institution” and “creditor,” to describe theentities to which its proposed identity theft red flags rules and guidelineswould apply. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  33. 33. The CFTC’s proposed rule states that it would apply to futurescommission merchants (“FCMs”), retail foreign exchange dealers,commodity trading advisors (“CTAs”), commodity pool operators(“CPOs”), introducing brokers (“IBs”), swap dealers, and major swapparticipants.The SEC’s proposed “scope” subsection provides that the proposed rulesand guidelines would apply to a financial institution or creditor, asdefined by the FCRA, that is:• A broker, dealer or any other person that is registered or required to beregistered under the Securities Exchange Act of 1934 (“Exchange Act”);• An investment company that is registered or required to be registeredunder the Investment Company Act of 1940, that has elected to beregulated as a business development company under that Act, or thatoperates as an employees’ securities company under that Act; or• An investment adviser that is registered or required to be registeredunder the Investment Advisers Act of 1940.The entities listed in the proposed scope section are the entities regulatedby the SEC that are most likely to be “financial institutions” or“creditors,” i.e., registered brokers or dealers (“broker-dealers”),investment companies and investment advisers.The CFTC has determined that the proposed identity theft red flags rulesand guidelines would apply to these entities because of the increasedlikelihood that these entities open or maintain covered accounts, or posea reasonably foreseeable risk to customers or to the safety and soundnessof the financial institution or creditor from identity theft.The proposed scope section also would include other entities that areregistered or are required to register under the Exchange Act.The section would not specifically identify those entities, such asnationally recognized statistical ratings organizations, self-regulatory _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  34. 34. organizations, and municipal advisors and municipal securities dealers,because, as discussed below, they are unlikely to qualify as “financialinstitutions” or “creditors” under the FCRA.The proposed scope section also would not include entities that are notthemselves registered with the Commission, even if they registersecurities under the Securities Act of 1933 or the Exchange Act, or reportinformation under the Investment Advisers Act of 1940.• The Commissions solicit comment on the “scope” section of theproposed identity theft red flags rules.• Should the SEC’s proposed scope section specifically list all of theentities that would be covered by the rule if they were to qualify asfinancial institutions or creditors under the FCRA?Are the entities specifically listed in the proposed rule the registeredentities that are most likely to be financial institutions or creditors underthe FCRA? Should the SEC exclude any entities that are listed?Should it include any other entities that are not listed?Should the SEC include entities that register securities with the SEC orthat report certain information to the SEC even if the entities themselvesdo not register with the SEC?Definition of Financial InstitutionAs discussed above, the Commissions’ proposed red flags rules andguidelines would apply to “financial institutions” and “creditors.”The Commissions are proposing to define the term “financial institution”by reference to the definition of the term in section 603(t) of the FCRA.That section defines a financial institution to include certain banks andcredit unions, and “any other person that, directly or indirectly, holds atransaction account (as defined in section 19(b) of the Federal ReserveAct) belonging to a consumer.” _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  35. 35. Section 19(b) of the Federal Reserve Act defines a transaction account as“a deposit or account on which the depositor or account holder ispermitted to make withdrawals by negotiable or transferable instrument,payment orders of withdrawal, telephone transfers, or other similar itemsfor the purpose of making payments or transfers to third parties orothers.”Accordingly, the Commissions are proposing to define “financialinstitution” as having the same meaning as in the FCRA.The CFTC’s proposed definition, however, also specifies that the term“includes any futures commission merchant, retail foreign exchangedealer, commodity trading advisor, commodity pool operator,introducing broker, swap dealer, or major swap participant that directly orindirectly holds a transaction account belonging to a customer.”The SEC is not proposing to mention specific entities in its definition of“financial institution” because the SEC’s proposed scope section listsspecific entities subject to the SEC’s rule.Definition of CreditorThe Commissions are proposing to define “creditor” to reflect a recentstatutory definition of the term.In December 2010, President Obama signed into law the Red FlagProgram Clarification Act of 2010 (“Clarification Act”), which amendedthe definition of “creditor” in the FCRA for purposes of identity theft redflag rules and guidelines.The Commissions’ proposed definition of “creditor” would refer to thedefinition in the FCRA as amended by the Clarification Act.The FCRA now defines a “creditor,” for purposes of the red flags rulesand guidelines, as a creditor as defined in the Equal Credit OpportunityAct (“ECOA”) (i.e., a person that regularly extends, renews or continues _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  36. 36. credit, or makes those arrangements) that “regularly and payment of debtor to incur debts and defer its payment or to purchase property or servicesand defer payment therefor.”The Agencies defined “credit” in the same manner in their identity theftred flags rules.The SEC’s proposed definition would include “lenders such as brokers ordealers offering margin accounts, securities lending services, and shortselling services.”These entities are likely to qualify as “creditors” under the proposeddefinition because the funds that are advanced in these accounts do notappear to be for “expenses incidental to a service provided.”The proposed definition of “creditor” would not include, however, CTAsor investment advisers because they bill in arrears, i.e., on a deferred basis,if they do not “advance” funds to investors and clients.The Elements of the ProgramThe proposed rules set out the four elements that financial institutionsand creditors would be required to include in their Programs.61 Theseelements are identical to the elements required under the Agencies’ finalidentity theft red flag rules.First, the proposed rule would require financial institutions and creditorsto develop Programs that include reasonable policies and procedures toidentify relevant red flags for the covered accounts that the financialinstitution or creditor offers or maintains, and incorporate those red flagsinto its Program.Rather than singling out specific red flags as mandatory or requiringspecific policies and procedures to identify possible red flags, this firstelement would provide financial institutions and creditors with flexibilityin determining which red flags are relevant to their businesses and thecovered accounts they manage over time. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  37. 37. Given the changing nature of identity theft, the Commissions believe thatthis element would allow financial institutions or creditors to respond andadapt to new forms of identity theft and the attendant risks as they arise.Second, the proposed rule would require financial institutions andcreditors to have reasonable policies and procedures to detect red flagsthat have been incorporated into the Program of the financial institutionor creditor.This element would not provide a specific method of detection.Third, the proposed rule would require financial institutions and creditorsto have reasonable policies and procedures to respond appropriately toany red flags that are detected.This element would incorporate the requirement that a financialinstitution or creditor assess whether the red flags detected evidence arisk of identity theft and, if so, determine how to respond appropriatelybased on the degree of risk.Finally, the proposed rule would require financial institutions andcreditors to have reasonable policies and procedures to ensure that theProgram (including the red flags determined to be relevant) is updatedperiodically, to reflect changes in risks to customers and to the safety andsoundness of the financial institution or creditor from identity theft.As discussed above, financial institutions and creditors would be requiredto determine which red flags are relevant to their businesses and thecovered accounts they manage.The Commissions are proposing a periodic update, rather thanimmediate or continuous updates, to be parallel with the final identitytheft red flags rules of the Agencies and to avoid unnecessary regulatoryburdens. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  38. 38. Proposed Amendments Conforming PCAOB Rules and Formsto the Dodd-Frank ActDATE: Feb. 28, 2012SPEAKER: Daniel L. Goelzer, Board MemberEVENT: PCAOB Open Board MeetingLOCATION: Washington, DCThese proposals would revise the Boards rules in light of theDodd-Frank Act and would also make an assortment of other updatingand clarifying changes.The principal PCAOB impacts of the Dodd-Frank Act are to give theBoard regulatory authority over auditors of securities brokers anddealers and to empower the Board to share non-public inspectioninformation with foreign regulators.The new law also made some technical changes to the Boardsauthority unrelated to those two objectives, such as clarifying that theBoard retains enforcement jurisdiction over people who violate Boardrules or standards, but leave the accounting profession before theBoard has a chance to commence disciplinary action against them.Clearly, the Board needs to conform its rules to changes in the statutesthat govern its work, and I support the proposals.To the extent they flow from Dodd-Frank, the amendments the staffhas proposed should be largely non-controversial.However, mixed in with this regulatory housekeeping are some moresignificant issues. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  39. 39. I hope that investors, public companies, broker-dealers, and auditorswill not let their eyes glaze over as they wade through the regulatoryminutiae and miss the nuggets of policy.I would particularly direct attention to three areas.First, as we have discussed at other public meetings, mostbroker-dealers are small, non-public companies.The rules that work for public company auditors may not always makesense for closely-held, mom-and-pop operations.For example, the Board is not proposing to extend the requirement foraudit committee pre-approval of auditor non-audit services tobroker-dealer engagements.The Board is, however, proposing to apply the same prohibitionagainst the auditor providing tax services to individuals who areinvolved in the financial reporting process to broker-dealer auditors asalready apply to issuer auditors.While in general the lines drawn in the proposed amendments makesense, I have doubts about the personal tax services provision.As the proposing release explains, the Board adopted that part of itsindependence rules in 2005, in response to situations in which theauditors tax advice to corporate executives seemed to be in conflictwith the best interests of the public company.Clearly, the auditor should not be involved in situations in whichcorporate insiders responsible for financial reporting cause apublicly-held company to structure their compensation in a way thatreduces the insiders taxes, but increases the companys.But it is far from clear — at least to me — that the same concerns applyto privately-held brokerage firms, especially ones that are owned by asingle individual or a small group of partners. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  40. 40. In those cases, the conflict between the audit client and the insider does not exist, since there are no public shareholders. Second, there are some significant proposals in this release that would affect public company auditors. For example — The Board is proposing to require the filing of a special report if a registered accounting firm resigns, declines to stand for re-appointment, or is dismissed from an issuer audit engagement and the issuer fails to file the required Form 8-K report with the SEC. This proposed change addresses the potential risk posed when issuers (including significant subsidiaries) change auditors, but fail to notify the Commission and the investing public. The Board is also proposing to revise it annual reporting form, Form 2, to reflect the Dodd-Frank requirement that certain foreign public accounting firms must designate the Board or the Commission is the firms agent for service of process under Section 106 of the Act. Designating such an agent makes it more feasible for the Commission to compel foreign firms to produce work papers in SEC investigations. In effect, the proposal would require firms to indicate in their annual reports to the Board whether or not they have complied with this new law. I have no particular problem with these proposals, but they may raise issues of the extent to which the Board should use its authority to require firms to file reports as a lever to encourage compliance, or to compensate for non-compliance, with other laws or with the SECs 8-K requirements. Commenters may want to consider that issue. Finally, these amendments include changes to the rules that govern Board disciplinary proceedings, including increasing the level of fines, specifying the burden of proof with respect to affirmative defences, and encouraging affidavits in support of Wells submissions. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  41. 41. While I dont think any of these will have a major effect on the wayBoard enforcement proceedings are conducted, those who regularlypractice before the Board should certainly pay attention to them.PCAOB enforcement practitioners may also have ideas for other waysin which the procedural framework that governs the enforcementprocess could be improved.As the Board gains more experience with its new authority underDodd-Frank, I expect that further revisions to the Boards rules andprocedures will be necessary.In the meantime, I hope that commenters will provide any insightsthey may have on the practical application of these proposals and onwhether there are other amendments that should be considered now.I want to close by recognizing the staff members who have workedhard over the last several months to prepare this release and the relatedrule changes.The work was, I am sure, at some points interesting and stimulating,but at others tedious, if not mind-numbing.The main authors of the release were Nancy Doty, Associate GeneralCounsel, and Vincent Meehan, Assistant General Counsel. Bob Burns,Associate General Counsel, also played a key role. Thanks to all of youfor your efforts. Thanks also to our colleagues at the SEC for theirhelpful suggestions. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  42. 42. Proposed Auditing Standard on Related Parties and ProposedAmendments on Significant Unusual TransactionsDATE: Feb. 28, 2012SPEAKER: Daniel L. Goelzer, Board MemberEVENT: PCAOB Open Board MeetingLOCATION: Washington, DCNon-arms length transactions with company insiders, or with entitiescontrolled by insiders, have a long and notorious history in the annalsof fraudulent financial reporting.Similarly, for nearly a century, every accounting student has learnedabout the possibilities and perils of period-end window-dressing andother kinds of form-over-substance maneuvers intended to produce anaccounting effect rather than to promote a business purpose.And, as the idea of pay-for-performance has become businessorthodoxy during the last several decades, the risk that accountingmeasures may be manipulated to meet compensation-triggeringtargets has become painfully obvious.Competent auditors are of course already well-aware of these risks,and competently performed audits already address them.The hunt for transactions and relationships with friendly parties, andfor unusual transactions with material financial reportingconsequences, is — or at least should be — a key part of any audit.Nevertheless, the Boards inspection findings, the SEC and PCAOBenforcement dockets, and the newspaper headlines all make clear thatthere is considerable room for improvement.However, I do not think it is the case that undetected related partydealings, or financial statements that are misleading because they _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  43. 43. elevate form-over-substance, are principally the result of weak auditing standards. The root causes often lie in lack of professional skepticism, lack of proper training and technical competence, and lack of adequate time and audit effort. I do agree, however, that strengthening the standards in these areas is a necessary step on the road to reducing the incidence of misleading financial reporting and better protecting investors and increasing their confidence. The proposals the Board is considering seek to move auditing down that road in several ways. For example — Auditors would be required to perform specific procedures to determine whether there are related parties that management has failed to identify. The proposal would explicitly recognize the risk that management may fail to disclose all related party transactions and would tell the auditor how to respond when that occurs. The underlying theme of the proposed standard is the need for heightened skepticism where related parties are involved. Similarly, auditors would be required to perform specific procedures to identify significant unusual transactions and to obtain an understanding of the business purpose — or lack thereof — once such transactions are identified. The proposal would also require the auditor to evaluate whether significant unusual transactions have been appropriately accounted for and adequately disclosed. Further, while Auditing Standard No. 12 already requires the auditor to consider the risks of material misstatement associated with _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  44. 44. a companys financial relationships with senior management, the proposal would be more focused. It would expressly require the auditor to obtain an understanding of relationships, including compensation, with "executive officers" and, in particular, to read executive officers employment and compensation contracts.The proposals would also sharpen the requirements around what theauditor must tell the audit committee about related party andsignificant unusual transactions and when the committee must betold.For example, the proposed standard would require that the auditorprovide the audit committee with the auditors assessment of thecompanys accounting and disclosure regarding transactions withrelated parties, prior to the issuance of the auditors report.The proposal would also require the auditor to inform the auditcommittee if significant related party transactions that have not beenappropriately authorized, or that appear to lack a business purpose,come to the auditors attention.In my view, these communications requirements are criticalcomponents of what the Board is seeking to accomplish.In many cases, the sorts of abuses these proposals address areevidence of both a financial reporting break-down and a corporategovernance break-down.The board of directors needs to be promptly armed with informationso that it can take appropriate action.I support issuing these proposals for comment.Of course, to make sure that final standard setting in this areaaccomplishes its investor protection goals, it is important thatcommenters tell the Board what the practical effect would be on the _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  45. 45. way audits are conducted.Also, if commenters have other ideas about ways to strengthenauditing in these areas, I would encourage them to give the Boardtheir suggestions.I want to thank the staff members who have worked on this proposal. Iparticularly want to acknowledge the efforts of Deputy Chief AuditorGreg Scates, Associate Chief Auditor Brian Degano, and AssistantChief Auditor Nick Grillo.They have been ably supported with advice and input from OCAsCounsel, Karen Burgess, and by Associate General Counsel Bob Burnsand Assistant General Counsel Nina Mojiri-Azad. Thanks to all of youfor your hard work and commitment to this important project. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  46. 46. Proposed Auditing Standard on Related Parties and ProposedAmendments on Significant Unusual TransactionsDATE: Feb. 28, 2012SPEAKER: James R. Doty, ChairmanEVENT: PCAOB Open Board MeetingLOCATION: Washington, DCThank you for your summary of the proposed standard andamendments before us today and thank you all for your hard workdrafting these proposals.This proposal contemplates additional audit procedures intended toimprove the auditors evaluation of the identification of, accountingfor, and disclosure about related parties and significant unusualtransactions.The Board is considering this proposal because related partytransactions and significant unusual transactions have played arecurring role in financial failures, from those that led to theSarbanes-Oxley Act to those recently alleged in certain emergingmarket companies.Auditors have a unique vantage point from which to identify impropertransactions.We want this proposal and the related amendments to sharpenauditors focus and help them be more effective in their investorprotection role.We have been mindful to build on our existing risk assessment _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  47. 47. standards to align those concepts with this proposal.Accordingly, these changes are intended to make audits moreefficient, more effective and integrated with the overall audit approach.This proposal should also enhance the auditors understanding of theissuers financial arrangements with its senior officers.Members of our Standing Advisory Group have noted the importanceof additional guidance to auditors in this high risk area, precisely toavoid misdirected or fruitless attempts to audit related partytransitions effectively.Proposed Auditing Standard on Related Parties and ProposedAmendments on Significant Unusual TransactionsDATE: Feb. 28, 2012SPEAKER: Lewis H. Ferguson, Board MemberEVENT: PCAOB Open Board MeetingLOCATION: Washington, DCI support the release of the proposed standard dealing with relatedparties that would supersede AU 334, as well as the proposedamendments to AU 316, Consideration of Fraud in a FinancialStatement Audit, to strengthen the auditors evaluation of significantunusual transactions, and the amendments to PCAOB standards thatwould address the auditors consideration of a companys financialrelationships and transactions with its executive officers.Taken together, these new standards further elucidate and strengthenthe Boards risk assessment standards set forth in Auditing Standards8 through 15.Related party transactions, significant and unusual transactions, andtransactions between a company and its executive officers may or maynot overlap, but together they encompass types of relationships and _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  48. 48. transactions that may be especially vulnerable to fraud or materialmisstatement of financial statements.Indeed, an examination of the major financial frauds and financialstatement restatements in recent years, both in the U.S. and abroad,reveals that one or more of the relationships or types of transactionsaddressed by these proposals have been present in many of thesecases.The PCAOBs own inspection results have shown that some auditorshave not given adequate consideration to the risks of materialmisstatement from related party transactions.Our inspection results have also revealed deficiencies in someauditors consideration and understanding of off-balance sheetstructures which can also be a source of material misstatement.These facts suggest two things to me:1) that the types of relationships and transactions addressed by theBoards proposals deserve special scrutiny by auditors and2) that audit committees should be informed in detail of the workperformed by auditors in these areas so that they can fully understandtheir meaning and implications.These new standards should both clarify for auditors those areas thatthe Board believes require special attention and should insure thataudit committees are better informed about them.With respect to related parties, auditors should ascertain frommanagement information about the identity, background, nature ofthe relationship, types of transactions and business reasons for thetransactions as well as whether they were authorized in accordancewith company policy.These rules are designed to give the auditor an understanding of theeconomic substance and business rationale for the transaction, an _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  49. 49. understanding that should make abuses easier to spot.The amendments to AU 316 will require auditors to perform specificprocedures to identify significant unusual transactions, to understandand evaluate the business purpose of such transactions and to evaluatewhether they have been appropriately accounted for and adequatelydisclosed.Additionally, other amendments will require auditors to performprocedures to obtain an understanding of the companys financialrelationships and transactions with its executives, to obtainrepresentations from management that there are no otherarrangements, whether oral or written, concerning such relationshipsand transactions that have not been disclosed.The amendments will also emphasize the auditors existingresponsibilities to communicate possible fraud to management, theaudit committee and under certain circumstances the U.S. Securitiesand Exchange Commission.Together, the proposed changes should provide clearer guidanceabout the types of investigative and analytic steps that auditors need toundertake in connection with types of relationships and transactionsthat experience has shown are particularly subject to abuse.If they operate as intended they may improve the analytical rigor withwhich auditors approach such matters and the understanding of auditcommittees of such transactions.If, as hoped, this is the case, investors will be the beneficiaries.I want to acknowledge and express my appreciation for the dedicatedof the Office of the Chief Auditor and the General Counsel on theproposals and specifically Greg Scates, Brian Degano, Nick Grillo,Bob Burns and Nina Mojiri-Azad. We look forward to receivingcomments on these proposals. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  50. 50. Proposed Auditing Standard on Related Parties and ProposedAmendments on Significant Unusual TransactionsDATE: Feb. 28, 2012SPEAKER: Jay D. Hanson, Board MemberEVENT: PCAOB Open Board MeetingLOCATION: Washington, DCThe standards we are proposing today "raise the bar" for whatauditors are required to do in auditing related party transactions andother transactions deemed to be significant and unusual.Investors have been harmed in the past by frauds perpetuated inconnection with related parties as well as surprised by the significanceof related party transactions and significant unusual transactions notdisclosed to them.These proposed standards are intended to address both problems.Many years ago, as a young audit senior, I was responsible fordetecting a fraud at a client.As it turned out, the fraud went to the highest level of the organization.The business was struggling to meet its cash needs and found"creative" ways to obtain more money from its asset based lender.The creative ways ultimately crossed the line. In reviewing the auditresults, it became clear that too many things failed to add up.Several related parties had been identified and disclosed in the past,and as I dug deeper into these related parties, I encountered morequestions than answers.The simple question, "where is this related party located?" was metwith evasive answers. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  51. 51. The answer to the question of how many employees the related partyhad — zero — was troubling and created serious doubt about whetherthe related party was actually providing any services.As I began to understand the flow of transactions, or, rather, the flowof funds, it became clear how the lender was being defrauded.Unfortunately, the business did not have an audit committee, and theCEO was deeply involved in the fraud.Ultimately, the CEO pled guilty to charges against him and died inprison.This is but one example of many similar scenarios, some of which arenot discovered until great harm has been done to investors.In some cases, related party transactions involve difficultmeasurement and recognition issues that pose a risk of materialmisstatement in the financial statements; in other cases, related partytransactions have been used — as in the situation I encountered — toengage in fraud.The auditing standard addressing related parties dates back almost 30years to 1983, and the standard we are proposing today is the result of afresh look at this important topic.It is intended to strengthen the existing audit procedures foridentifying, assessing and responding to the risks of materialmisstatement associated with a companys related party transactions.Complementing this proposed standard are proposed amendments tostrengthen the auditors identification and evaluation of significantunusual transactions, along with a series of amendments to standardsaddressing related matters, such as transactions and relationships withexecutive officers.The changes we are proposing today attempt to apply acomprehensive and common sense approach to the auditors work to _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  52. 52. identify and understand related party transactions, significant and unusual transactions, and their respective implications. The proposed related party standard requires auditors: to consider the fraud risks posed by the relevant transactions; to conduct procedures to identify related parties, including by asking management to identify such relationships and the resulting transactions; to discuss relevant relationships and transactions with the audit committee, including inquiring about any concerns that audit committee members may have about any related party relationships; to conduct specified procedures to understand the transactions, including their business purpose and the companys accounting and disclosures; and to consider all other evidence revealed during the auditors work that may be relevant to the auditors evaluation. Similar to the proposed standard on related parties, the proposed amendments to AU sec. 316 are intended to focus auditors on the identification and evaluation of significant unusual transactions. Identifying such transactions — broadly defined in the proposed amendments as significant transactions outside the normal course of business or that otherwise appear to be unusual due to their timing, size or nature — may be difficult. However, it is a procedure that is vital to protecting the interests of investors. The proposed amendments would require auditors to inquire about such transactions with a variety of parties, to understand and consider the implications of the companys internal controls related to such transactions, and to review other information that comes to light during the performance of the audit that may evidence significant _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  53. 53. unusual transactions.The amendments also would require auditors to design and performspecific audit procedures intended to address the risks of materialmisstatement uniquely presented by significant unusual transactionsand to facilitate a clearer understanding by auditors of the businesspurpose of such transactions.As I noted earlier, the proposed standard, Related Parties, and theproposed amendments regarding significant unusual transactions alsoare intended to complement each other.For example, while Appendix A to the new related parties standardprovides guidance to auditors on examples of information that couldindicate the existence of transactions with related parties, it may alsohelp auditors to identify significant unusual transactions.At the same time, the new procedures required in connection with theauditors evaluation of significant unusual transactions may also helpthe auditor identify related parties or transactions with related partiesthat were previously undisclosed to the auditor.I believe that the proposed standard and proposed amendments —through the increased focus on related party and significant unusualtransactions, and the increase in audit procedures required in theseareas — will increase investor confidence in the financial statementsand serve the public interest.However, I am, as always, interested in the costs associated with theproposals, and whether there are any unintended consequences thatwe should consider before adopting final standards.In crafting the proposed standard and other amendments, weconsidered what burdens would be imposed on auditors and theirclients.For example, in connection with the proposed requirements relating tothe auditors work to understand the companys financial relationships _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  54. 54. and transactions with its executive officers, we thought carefully aboutwhat procedures to require in order to obtain the maximum benefitwithout imposing unreasonable burdens, and I believe we have struckan appropriate balance.Cost-benefit analysis has been a much discussed topic recently in thecontext of financial regulation.Many believe, and I agree, that it is difficult to monetize or otherwisequantify the benefits of such regulations.Nevertheless, we can explain the benefits and consider the costs ofimplementing our proposals.In that vein, I encourage commenters to provide us with your views onthe benefits to investors of the amendments that we have proposed, aswell as to let us know whether management or auditors anticipatesignificant cost increases as a result of the additional procedures.Are some firms already performing the proposed procedures, even ifnot currently required?If not, consider whether you can try to apply the proposed standardand provide us with feedback on your experiences. Are there otherprocedures that firms or audit committees have found effective inthese areas?Do investors or audit committees believe that we have missed anysteps that should be required?Do audit committee members believe that more should be done, orthat additional items should be discussed by the auditor and the auditcommittee?I look forward to receiving thoughtful comments on these questionsand many others posed in the release.In the meantime, I would like to join my fellow Board members in _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  55. 55. thanking members of the Office of the Chief Auditor and of the Officeof General Counsel for their hard work, particularly Greg Scates, BrianDegano, Nick Grillo, Karen Burgess, Bob Burns, and NinaMojiri-Azad.As usual, their work is exemplary. I would also like to thank the staff ofthe SEC who took time to provide their views; we always benefit fromtheir expertise and perspective. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  56. 56. Gabriel Bernardino, Chairman of EIOPAStability and growth – A balancing actGala Dinner of the Institutional Money Congress,Ladies and Gentlemen,I am very pleased to be here with you tonight.First of all I would like to thank the organizers for their invitation todeliver this short dinner speech.It is my pleasure as Chair of EIOPA, the European Insurance andOccupational Pensions Authority, based in Frankfurt, to welcome you tosuch an important congress.The Institutional Money Congress is known as a significantcommunication platform for institutional investors, providing an idealforum for professional exchange between internationally renowned assetmanagers and institutional investors.This year it will also be an opportunity to debate the challenges posed byrecent regulatory initiatives, such as Solvency II and Basel III, anddiscuss their possible effects on the investment policies of financialinstitutions.As for challenges I think there is no doubt that the development andimplementation of these regimes requires significant effort not only fromregulatory and supervisory authorities, but also from the industry. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  57. 57. The more these issues are discussed, the easier we will build up a newfinancial culture based on robust standards of solvency, enhanced riskmanagement and increased consumer protection.And by launching discussions and different workshops on such topics,the Institutional Money Congress creates a basis for this culture.Because only by discussing, by exchanging views we can reach a fullunderstanding of the regimes by all market participants.Let me start by using this opportunity to make some remarks about thepossible consequences of Solvency II on the investment behaviour ofinsurers and more generally on the financial markets.It is clear that applying capital charges for investment risk may encourageinsurers to shift to less volatile investments, especially when the expectedfinancial returns of risky assets do not offset the additional capitalrequirement.However, as insurers are aware of the changing regulation and have beenrebalancing their portfolios accordingly, there should not be anysignificant sudden portfolio reallocations.Most importantly, a reduction of investment risk could also be achievedby an improvement in asset liability management, especially on long termguaranteed products.That is the purpose of the strong focus of Solvency II on enhancing riskmanagement policies and practices.Controlling and ensuring sound and prudent management is far moreimportant than the capital calculations, because management errors bytheir nature cannot be compensated by capital requirements.As a consequence of a greater focus on asset liability management,insurers could be willing to invest more in relatively highly ratedcorporate bonds since they offer higher yield and would providediversification benefits within the fixed income portfolio. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  58. 58. Therefore, easier access to financing could be granted to firms with highcredit ratings, which will translate into a lower cost of capital and wouldtherefore contribute to higher investment and economic growth.Overall, regulatory regimes are always a result of a balancing act betweendifferent objectives.I am convinced that Solvency II will provide an appropriate basis forincreased policyholder protection and will contribute to reinforcingfinancial stability, while allowing insurance companies to continue toplay their role as long term investors.In a recent paper one of your distinguished guests, Prof. Thomas Sargent,discussed where to draw the line between stability and efficiency.In my opinion this is a fundamental question for the policy decisions tobe taken in the coming years.We need to decide what we want to privilege: security or growth.If we want both, and I believe we should, then we need to be prepared tocollectively accept some risks.One of the major consequences of the financial crisis was the fall ofconfidence and trust in the financial sector and increase in suspicion onall areas of financial innovation.Unfortunately, the benefits of financial innovation have beenovershadowed by the costs of some activities that went really bad.I believe regulators and the industry need to take a fresh look at this area.Financial innovation tools can be a useful way for investors to protectthemselves against unavoidable risks.However, they should be used to facilitate risk transfer and access tofunding within the real economy and not to help institutions to arbitrageregulations and make balance sheets look safer than they are. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  59. 59. In order to increase long term stability and regain consumer confidencein the financial system we need to proceed with the reforms not only byadapting regulation but also by changing behaviour.We should encourage realistic risk assessment and pricing.Market participants should take concrete steps to promote responsiblebusiness conduct.Overall we also need to reinforce preventive risk based supervision andtimely enforcement.We have all been witnessing during the last years systemic risks causedby excessive leverage combined with risky financial products as well asinadequacies in financial regulation and supervision.Various uncertainties around the global financial system are still at place.In the modern highly integrated environment financial stability can bealready thought of as an international public good.All countries benefit from the stability of the world financial system as awhole.But at the same time all countries experience certain costs when thesystem is unstable.So it became clear that without more effective supervision it will not bepossible to address further systemic risks in the financial system.This calls for international coordination.A number of different international bodies such as G20 and the FinancialStability Board are currently working on these issues in their differentspheres of influence.EIOPA for example is contributing to the development of a commonframework for supervising internationally active insurance groups and _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com