Understanding Risk Management and Compliance, March 2012


Published on

From the International Association of Risk and Compliance
Professionals (IARCP) -

1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Understanding Risk Management and Compliance, March 2012

  1. 1. _____________________________________________________________International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  2. 2. International Association of Risk and Compliance Professionals (IARCP) 1200 G Street NW Suite 800 Washington, DC 20005-6705 USA Tel: 202-449-9750 www.risk-compliance-association.com Welcome to the March 2012 edition of the International Association of Risk and Compliance Professionals (IARCP) newsletterDear Member,Do you want to register a domain ending in ‘.bank’ or ‘.fin’? Youcan forget it, according to the European Banking Authority(EBA) because of “great potential for misuse by unscrupulousindividuals”[Note: Unscrupulous = lack of moral standards or conscience. Theunscrupulous person is without scruples of conscience, and disregards, orhas contempt for, laws of right or justice with which he or she is perfectlywell acquainted, and which should restrain his or her actions ]Ok, I can think of some persons that are just like that.Can you imagine some guys that manage to register domains with namesthat could belong to a well-known bank … from countries wheretrademark protection is not a priority… and the lawyers that travel firstclass to fight this?Comments of the European Banking Authority (EBA) to theInternet Corporation for Assigned Names and Numbers(ICANN) on the planned Top Level Domain Names .bank and.fin23 February 2012 Comments _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  3. 3. In June 2011, the ICANN Board of Directors approved a ‘New GenericTop Level Domain Programme’ that allows the implementation ofadditional generic top-level domains (gTLDs).[Note: A generic top-level domain (gTLD) is one of the categories oftop-level domains (TLDs) maintained by the Internet Assigned NumbersAuthority (IANA) for use in the Domain Name System of the Internet.The core group of generic top-level domains consists of the com, info,net, and org domains.Historically, the group of generic top-level domains included domains,created in the early development of the domain name system, that arenow sponsored by designated agencies or organizations and are restrictedto specific types of registrants.Thus, domains edu, gov, int, and mil are now considered sponsoredtop-level domains, much like the many newly created themed domainnames (e.g., jobs).The entire group of domains that do not have a geographic or countrydesignation (see country-code top-level domain) is still often referred toby the term generic TLDs.]Under this programme new gTLDs such as ‘.bank’ and ‘.fin’ could beestablished and assigned to companies or individuals claiming to befinancial intermediaries or banks.The EBA has had the opportunity to examine the issue of the envisagednew Top Level Domains (TLDs) ending in ‘.bank’ and ‘.fin’ in detail andto discuss it in the latest meeting of its Board of Supervisors in December2011.It has come to the conclusion that there are many supervisory concernssurrounding the operation of the proposed TLDs by the ICANN, relating _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  4. 4. mostly to the great potential, according to the EBA view, for misuse byunscrupulous individuals, and that, therefore, any plans for theiroperation should ideally be discontinued.It is the view of the EBA that potential mitigating measures such as thosewhich, we understand, are envisaged by the ICANN (creation of separateentity for the registration and control of these TLDs, or other technicalways to ensure the security of the system) do not necessarily mitigate thefinancial supervisors’ concerns.The potential for consumers of financial services to over-rely on whatmight be perceived as ‘regulatory endorsement’ of the companiesoperating under such TLDs is immense, and the risk for new types offraud and ‘phishing’ can be enormous.The same can be said of the danger for confusion regarding the operationof legitimate websites by ‘true’ financial institutions and regulatedentities.This could lead to the need for them to establish costly and complex legalor commercial initiatives in order to safeguard their trademarks fromfrauds and abuses. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  5. 5. Remarks (at the Practising Law Institute’s SEC Speaks) byChairman Mary L. Schapiro, U.S. Securities and ExchangeCommission, Washington D.C., Feb. 24, 2012Parts of the speechTwenty years ago when I first served as an SEC commissioner, thefinancial world was a very different place. The Dow was inching towardsthe 3000 mark. Derivatives were barely a blip on the radar. A portableMacintosh weighed 16 pounds. And all you could do on a cell phone wastalk.For most SEC staff, the biggest market disruption in living memory wasthe “Black Monday” crash of 1987 – a near-cataclysmic experience to besure, but one that paled in comparison to the crisis of 2008.So, when President Obama asked me to return and serve as Chairman, Iknew the agency would be challenged on a level at which no SEC hadever been challenged before: Challenged to restore confidence in markets that had nearly self-destructed. Challenged to address risks that could jump from market to market like wildfire, incinerating each in turn. Challenged to bring a pre-crisis mindset into a post crisis-era. Challenged to prove that the agency could and would step up to play its role, aggressively and effectively.Given the scope of the financial crisis and the fallout from the Madoffscandal, it was no surprise that some were calling for the agency to bedisbanded. But, the investing public and policymakers understood theimportance of our mission – to protect investors and ensure the integrityof our markets. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  6. 6. And the men and women of the SEC were eager to meet these challengeshead on.That was no surprise to me. From my earlier years with the SEC, I knewwell that the individuals who serve are a dedicated and talented team, ableand eager to rise to the occasion. I knew we’d come through – and I ampleased by how far we have come.And, so I would ask anyone who currently works – or has previouslyworked – at the SEC to stand and be recognized.Thank you.Our commitment to evolve helped to drive a consensus, inside andoutside the SEC, that the better solution was not to shutter the agency,but to strengthen it – to demand more aggressive and efficient actionfrom us, and for us to embrace needed reforms and better adjust to thenew world in which we were operating.And that’s what the SEC’s leadership team set out to do. We redesigned the SEC, investing in technology and human capital, and significantly improving operations. We put in place a new operating strategy, rooted in an entrepreneurial attitude and a collaborative approach. We immediately began to execute on an agenda that would better protect investors and reduce the chances of another systemic shockwave.I knew, as we found our footing after the financial crisis and began toimplement this strategy, that every move would be watched by many eyes.What I didn’t realize was that the SEC’s energetic response to thechallenges we faced would lift the agency’s profile to heights rarely seensince the days of Joe Kennedy and The New Deal. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  7. 7. I welcome the attention. It gives rise to needed debate about importantissues and challenges us to be our best.But, I sometimes worry that the tendency of observers to focus onindividual rules or discrete actions distracts them from the big picture.What the agency has accomplished is greater than the sum of the ruleswe’ve adopted and the cases we’ve brought: we have fundamentallychanged the agency in ways that will allow us to carry out our missionmore effectively than ever in the 21st Century.And it’s not just that we’ve accomplished a great deal over the last threeyears. It’s that we’re now fundamentally better equipped to perform at aneven higher level in the years to come.Redesigning the SECInvesting for Continued SuccessA first priority was to make better use of SEC resources, carefullyinvesting overdue budget increases in people and technology andimproving management in ways that allowed us to make the most of ourfunds.When I returned to the SEC, I saw how much the staff was being asked todo, and how little they were being given to do it.Although the agency experienced a brief period of funding growthfollowing Sarbanes-Oxley, the budget failed to keep up with inflation inthe years leading up to the financial crisis.Despite continued growth in the markets, the number of employeesactually fell. And with oversight, examination and enforcement staffstretched to the limit, operations and IT needs were put on the backburner – investments in new IT fell by half.During my term, we have been fortunate to experience a modest fundingturnaround – increases that we were determined to invest strategically. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  8. 8. We wanted not just to grow, but to grow more efficient as well – growingin ways that would expand capacity faster than the budget numbers wererising. We broadened our hiring approach, searching for recruits with financial industry backgrounds and specialized experience. We now have traders, asset managers, academics and quants on staff in addition to attorneys, economists and accountants, giving us a correspondingly greater insight into the technologies and practices that drive today’s financial markets. We increased the training budget to more than double what it was in 2009, helping staff to keep pace with the changes in the market. We significantly upgraded our case management system. Overworked attorneys and paralegals can now take advantage of vastly improved research capabilities – and we are deploying an agency-wide eDiscovery tool that will expand our ability to parse evidence and drill down on key subjects. Perhaps our most reported IT investment has been our new system for handling the thousands of tips, complaints and referrals we receive each year. And an ongoing series of upgrades is allowing us to better triage the information we receive as well as compare the data more effectively – opening new investigations, routing tips to existing investigations or discovering emerging trends that need to be watched.Managing EffectivelyTogether with wise investments, we also have been finding ways toimprove agency operations. Within the various divisions and offices, we’ve created “managing executive” positions to handle important support areas, freeing legal, examination and other professionals to focus their skills on mission-critical work. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  9. 9. We are outsourcing responsibilities like leasing and financial management reporting to other agencies, focusing on core strengths and deploying people and resources accordingly. And we’re implementing a number of management recommendations resulting from the Dodd-Frank mandated study of agency operations.After three years of intense effort, the SEC is simply a sounder agency ona fundamental level, deploying people and technology more effectivelyand maximizing the impact of our limited resources.It’s all part of an effort to be more effective for years to come. But it shouldnot suggest in any way that our work is done.Instilling Entrepreneurial LeadershipParallel to our investments in people and tools, we began to put in place anew approach.We wanted to be more entrepreneurial – moving to diminish or head offthreats within the markets, trusting our teams to recognize these threatsand move rapidly without the need for top-down guidance in every case.This approach has flourished, and while we don’t have time to discussevery office and division, I’d like to offer a few as examples of how it isimproving our efforts.Corporation FinanceOne place to look is the Division of Corporation Finance, which is run bySEC Speaks co-Chair Meredith Cross, and which has been particularlyaggressive in enhancing its structure and focus.In the last year, Corp Fin established new groups to concentrate closelyon three systemically critical facets of the financial world: the largest _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  10. 10. financial institutions, structured finance products, and capital marketstrends.These offices will help ensure that investors have clear information aboutitems that could – without the sunlight of disclosure – turn into malignanttrends or dangerous practices.In addition, Corp Fin’s disclosure teams have been proactive in targetingspecific disclosure issues which have potentially significantconsequences. They’ve prompted companies to provide critical information about the potential financial impact of repatriating cash held overseas. They’ve raised questions about whether companies are properly disclosing their litigation contingencies. And they’ve worked with our enforcement, accounting and international units to combat an uptick in problems with reverse mergers by stepping up scrutiny of related filings.Corp Fin also is taking a lead in providing companies guidance on howexisting disclosure rules apply to emerging and fast-changing marketrealities, issuing guidance – where possible – before inadequate oroutdated disclosure practices harm investors.The staff issued guidance regarding the way financial services firmsshould disclose their exposure to European sovereign debt in time forthese firms to use it when they prepare their annual reports – helping toprovide investors with adequate, granular financial information even asthe situation remains fluid.And the staff issued guidance regarding companies’ obligations todisclose material cyber-security risks and attacks – clearly an area ofgrowing concern to investors.Additionally, in reviewing the most recent wave of IPOs, Corp Fin quicklystopped problematic revenue recognition practices. And they halted the _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  11. 11. use of misleading non-GAAP measures before these practices – prevalentduring the tech bubble of the 90s – could take root again.Similarly, disclosure teams acted swiftly when the right of investors tohave their day in court was threatened – by objecting to a mandatoryarbitration provision that was included in governing documentsconnected with a company’s IPO.The results of these changes aren’t always eye-catching. But we areconvinced that increased focus on systemically significant market sectorsis a necessary shift in a post-crisis world.We know that our proactive efforts to provide guidance have provedhelpful to many companies as they grapple with disclosure issues.And we believe, based on our own review of disclosure statements, thatinvestors are getting information that is both more complete and morerelevant than in the past.Office of Compliance Inspections and Examinations (OCIE)Perhaps the areas in which changes in organization and approach havebeen most apparent are in our examination and enforcement units.In both, new leadership has managed significant organizational changesand – just as important – encouraged an aggressive and proactiveapproach.Over the last two years, OCIE has put in place a new NationalExamination Program.The program has brought changes in the way examination teams areassembled – OCIE now precisely matches examiners’ skills with theunique challenges each examination offers.Examination materials are now standardized. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  12. 12. And working with the Division of Risk, Strategy and FinancialInnovation, this national exam program greatly expands the use ofrisk-based targeting.Better targeting and more effective examinations are paying off. Over thelast two years, 42 percent of exams have identified significant findings –up by a third since 2009.And over that same period, the percentage of exams resulting in referralsto Enforcement has risen by half, from 10 percent to 15 percent.One such referral involved a fund which had come into our sights throughour risk-based targeting efforts.During the resulting examination, the fund admitted to an error in itstrading algorithm, which it had previously failed to report – a failure thatcost investors more than $200 million.Thanks to the work of the exam team and enforcement staff, the fundagreed to a settlement – returning the money to wronged investors almostbefore they knew they had been wronged and paying a $25 millionpenalty.Division of EnforcementMeanwhile, the Enforcement Division – led by today’s other co-ChairRob Khuzami –revamped its operations, putting additional talentedattorneys back on the front lines, creating specialized units, andstreamlining procedures.Those reforms are already producing record results. I won’t steal all ofRob’s thunder, but last year the SEC brought a record 735 enforcementactions, including some of the most complex cases we’ve ever worked on.And we obtained orders for $2.8 billion in penalties and disgorgements.What’s most satisfying is that last year we returned more than $2 billion towronged investors. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  13. 13. If Congress agrees with my request to raise the caps on what we canobtain, we would have the ability in appropriate cases to return evenlarger sums to wronged investors.In the area of financial crisis-related cases, we filed charges against nearly100 individuals and entities – actions against Goldman Sachs, Citigroup,J.P. Morgan and top executives at Countrywide, Fannie Mae and FreddieMac. And more than half of the individuals charged were CEOs, CFOs orother senior officers.It should come as no surprise that there are more actions to come.This division also realized significant gains from its AberrationalPerformance Inquiry – another collaborative effort with Risk Fin andOCIE which uses quantitative analytics to search for hedge fund adviserswhose claimed returns are unusual enough to raise a red flag.In December, as a result of one of the aberrational performance sweeps,we charged four hedge fund advisers for inflating returns, overvaluingassets and other actions that materially misled and harmed investors.OCIE, RiskFin, and Enforcement are working together through differentanalytic initiatives to target various types of misconduct.These initiatives are particularly important to the SEC’s efforts to detectfraud before complaints are received.And one can draw direct lines between Enforcement’s earlierrestructuring and its current results.For instance, one unit created during the reorganization – the AssetManagement Unit – took the time to survey a group of firms that wereactively communicating through social media.In the process, they learned about the various approaches firms wereusing – getting a sense of those that were legitimate and those that mightnot be. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  14. 14. Shortly thereafter, a staff member who was familiar with the surveynoticed something irregular in the operation of an Illinois-basedinvestment adviser.In short order, the ensuing investigation uncovered the fact that theadviser was offering more than $500 billion in fictitious securities throughvarious social media websites, garnering significant attention frommultiple potential buyers.Again, the agency acted before investors were harmed by suing theadviser last month and effectively halting the fraud.But rather than just stopping there, Enforcement teamed up with OCIE,the Investment Management division and our Investor Education office.And on the same day that we shut down the fraud, we released twopublications – one that will help investors recognize, avoid, and reportsimilar scams, and another one that will help investment advisers keeptheir communications in compliance.It’s hard to quantify the results of efforts like these – to know how muchsavings won’t be poured into fraudulent offerings or what tips might arisefrom the publications we’ve released.But we think this is important and that this aggressive and coordinatedapproach is yielding superior results across the agency – and willcontinue to do so going forward.Recommitting to our Investor Protection MissionYet another priority in recent years has been rededicating ourselves to ourinvestor protection mission – an important task if we were to bolster theconfidence so necessary for our markets to thrive.That meant strengthening the regulatory structure and pulling back theveil that covered portions of our financial system. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  15. 15. That is why – even before Dodd-Frank – we set out to address theresiliency of money market funds, insist upon more meaningfulinformation regarding municipal securities and require more informationfrom investment advisers, among other initiatives.The Dodd-Frank ActWith the passage of Dodd-Frank our responsibilities expandeddramatically.And I am proud of the across-the-board progress we are making againstthese mandates.Of the more than 90 mandatory rulemaking provisions, the SEC hasproposed or adopted rules for more than three quarters of them, not tomention a number of the rules stemming from the dozens of otherprovisions that give the SEC discretionary rulemaking authority.And we already have completed 12 studies called for by Congress.We could talk for hours about Dodd-Frank, but let me just touch on a fewhighlights. In the area of corporate governance, we have finalized rules concerning shareholder approval of executive compensation and "golden parachute" arrangements. Led by the Division of Investment Management, we have adopted new rules that have already resulted in approximately 1,200 hedge fund and other private fund advisers registering with the SEC. It’s a process by which they agree to abide by SEC rules and provide critical systemic risk information that can give regulators better insight into their practices. And we have established a whistleblower program that is already providing the agency with hundreds of higher-quality tips, helping us to avoid investigatory dead-ends and – at the same time – _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  16. 16. prodding companies to enhance their internal compliance programs.In another area, response to the meltdown of the mortgage-backedsecurities market, the SEC has proposed rules that will protect investorsby: Increasing dramatically investors’ visibility into the assets underlying all types of asset backed securities. Requiring securitizers – in conjunction with our banking colleagues – to keep skin in the game, giving them an incentive to double-check originators’ underwriting practices. Changing the practices of the rating agencies whose gross mis-ratings of billions of dollars of mortgage-backed securities were kerosene on kindling.OTC DerivativesNext up will be the final proposals to essentially build, from the groundup, a new regulatory regime for over-the-counter derivatives.The over-the-counter structure of the derivatives market has longpresented a risk to the financial system.In October 1993, I addressed a Symposium for the Foundation forResearch in International Banking and Finance about the potentialproblems.At that time I said “nothing will interrupt the progress of the derivativesmarket more abruptly than a financial crisis that is perceived to be causedor exacerbated by unregulated activity in those markets.”Back then, of course, the notional value of interest rate and currencyswaps was $4.7 trillion, which seemed like an extraordinary figure. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  17. 17. I was concerned that this potentially useful financial innovation mightpresent significant systemic risk for various reasons, including: theopacity of the derivatives market; weak or non-existent capital, marginand clearing and settlement requirements; and the concentration ofderivative transactions among a relatively small number of institutions.While others shared these concerns, in 2000, Congress specificallyexcluded most derivatives transactions from regulation.And by mid-2008, as the repercussions of the mortgage-backed securitiesmarket’s collapse were echoing throughout the financial system, thenotional value of the derivatives market had increased more than ahundred-fold, and was approaching $700 trillion.Title VII of Dodd-Frank addresses challenges in the OTC derivativemarket underscored by the events of 2008, by bringing the derivativesmarket into the daylight.The SEC is working with the CFTC to write rules that strengthen thestability of our financial system by: Increasing centralized clearing of swaps and ensuring that capital and margin requirements reflect the true risks of these products. Improving transparency to regulators and to the public by shedding light on opaque exposures and assisting in developing more robust price discovery mechanisms. Increasing investor protection by enhancing security-based swap transaction disclosure, mitigating conflicts of interest, and improving our ability to police these markets.Next Steps on Implementing Title VIIIt is my hope that, in the near term, we will complete the last remainingproposals regarding capital, margin, segregation and recordkeepingrequirements. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  18. 18. But, we are already beginning to transition to the adoption phase. As afirst step, I expect the Commission to soon finalize rules that furtherdefine who will be covered by the new derivatives regulatory regime and,next, what will constitute a security-based swap.Finalizing these definitions will be a foundational step, defining the scopeof the new regulatory regime and letting market participants knowwhether their current activities will subject them to the substantiverequirements we will be adopting in the coming year.Beyond this, the Commission staff is continuing to develop a plan for howthe rules will be put into effect.The plan should establish an appropriate timeline and sequence forimplementation and avoid a disruptive and costly “big bang” approach.And at all stages of implementation, those subject to the new regulatoryrequirements will be given adequate time to comply.International Application of Title VIIWhile some issues are stand-alone concerns, certain issues cut across theentirety of our implementation of Title VII.Among the most important, given the global nature of the derivativesmarket, is the international impact of our rules.We are working hard to coordinate with our foreign counterparts to helpachieve consistency among approaches to derivatives regulation.There has been significant progress on the international level.Our cross-border approach must strike a balance between sufficientdomestic regulatory oversight and the realities of the global market.A “one-size-fits-all” approach is neither feasible nor desirable.In the near term, the Commission intends to address the most salientinternational issues in a single proposal. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  19. 19. This will give interested parties an opportunity to consider, as anintegrated whole, our approach to cross-border transactions and theregistration and regulation of foreign entities engaged in suchtransactions with U.S. parties.Money Market FundsDespite the breadth of Dodd-Frank, there are other gaps in the regulatorysystem that threaten investors that we are working to address.One high-profile area of interest is money market funds. As you know,when the Reserve Primary Fund broke the buck in 2008, it set off a run soserious that the federal government was forced to step in and guaranteethe multi-trillion dollar industry.It was a shock that reverberated across the market and compelled us totake action. And so, two years ago, we adopted regulations making themix of investments these funds can hold more liquid and less risky. But,at the time, I said we needed to do more.That is because money market funds remain susceptible to runs and to asudden deterioration in quality of holdings.We need to move forward with some concrete ideas to address thesestructural risks.We’ve spent lots of time and outreach reviewing many possibleapproaches.There are two serious options we are considering for addressing the corestructural weakness: first, float the net asset value; and second, imposecapital requirements, combined with limitations or fees on redemptions.It’s hard to miss the hue and cry being raised by the industry againsteither of these approaches. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  20. 20. But the fact is investors have been given a false sense of security bymoney market fund sponsor support and the one-time Treasuryguarantee.Funds remain vulnerable to the reality that a single money market fundbreaking of the buck could trigger a broad and destabilizing run.Should that happen, the government will not have the tools it had in 2008.Then, Treasury used the Exchange Stabilization Fund to stop the run.But Congress eliminated that option when it passed TARP legislation.Today, the money-market fund industry and, by extension, the short-termcredit market, is working without a net.To the extent that there’s a deadline, it’s the pressure that we should feelfrom living on borrowed time.We’ve been incredibly deliberate about this. The President’s WorkingGroup report on reform options was issued in October 2010.We’ve had extensive public comment.And we held a roundtable with the Financial Stability Oversight Councilon money market funds and systemic risk last May.Consolidated Audit TrailFinally, we’re working to improve the SEC’s capacity to regulate andinvestigate. And so another major initiative is the consolidated audit trail.Standardizing reporting across trading platforms would seem to be anobvious move, serving investors on two levels: aiding in the investigationof suspicious trading activities, insider trading, or market manipulationand allowing more rapid and accurate reconstruction of unusual marketevents. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  21. 21. The complexity of the undertaking, however, has necessitated a detailedand extended rulemaking process, including a thoughtful review of themany comments received since we first proposed the system’s creation.The contours of the regulation are being finalized and will be consideredby the full Commission. But, regardless of the details, the broader resultmust be a mechanism that gives the agency the ability to rapidlyreconstruct trading – something that doesn’t exist today.In addition, while the initial proposal will be for an audit trail trackingorders and trades in the equity markets, I believe that the system shouldeventually be expanded to include fixed income, futures and othermarkets.It is important that we get a structure in place sooner rather than later sothat the heavy lifting of working through the technical nuances of thesystem can begin.We expect to adopt a final rule in the months ahead.After that, I anticipate that the exchanges and FINRA will be required tosubmit a detailed blueprint, which in turn would be subject to publiccomment and a separate Commission approval.ConclusionI’m proud to have the opportunity to work at the SEC during anexceedingly productive period in its history.The SEC has accomplished much and we are on the verge of furthercritically important rulemakings that will strengthen the structure of thefinancial markets and enhance the agency’s ability to oversee thosemarkets and pursue investors’ interests.However, just as important as the cumulative effect of theseaccomplishments, are improvements in the culture, management,approach and attitude of the agency as an institution and the staff whomake it work – improvements that all regulatory agencies should undergo _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  22. 22. – and that will allow the SEC to continue to function at a high level in theyears ahead.No one can predict what challenges will arise, what new threats to marketstability will emerge, what fraudsters and manipulators will try down theroad.But whatever does happen, the SEC is now materially better able toenforce the law and to identify and manage threats.The burst of activity isn’t just a result of circumstances – a reaction to thefinancial crisis. It’s an indication that the SEC is evolving in step with therapidly changing markets.It has been a busy time. But there are a lot proud people who – even as wefinish what is on our plates today – are looking ahead to an equallyproductive future. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  23. 23. Data privacy rules into effect in ChinaThe new regulations have been issued by the Ministry of Industry andInformation Technology (MIIT) and cover the collection, storage and useof personal information by Internet companies.Data privacy has become a high priority in China after some interestingcases at the end of 2011, involving the disclosure of names, addresses,telephone numbers and email addresses of users by Internet companies,including Dangdang, Jingdong and Alipay.In the new regulations we have a definition of personal information -information for a user that, alone or in conjunction with otherinformation, could be sufficient to identify the userThere are several new privacy law developments in China. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  24. 24. “Unreasonably Feeble”Opening Statement of Commissioner Scott D. O’Malia Regarding OpenMeeting on One Final Rule and One Proposed Rule1February 23, 2012Important parts of the speechThe latest issue of The Economist features an article titled“Over-regulated America” that features as its archetype for excessive andbadly-written regulation our own Dodd-Frank Act.The problem, the article points out, is that rules that sound reasonable ontheir own may impose a huge collective burden due, in part, to theircomplexity.Part of the problem is that we, as The Economist points out, are under theimpression that we can anticipate and regulate for every eventuality.In our hubris, The Economist warns, our overreaching tends to defeat ourgood intentions and creates loopholes and perhaps unintentionalsafe-harbors, leaving our rules ineffectual and subject to abuse.The solution The Economist offers isn’t so unfamiliar, at least to thisCommissioner. It is rather simple. It is just that: Rules need to be simple.Echoing President Obama’s 2011 Executive Order 13563 “ImprovingRegulation and Regulatory Review” (which applies equally toindependent federal agencies such as the Commodity Futures TradingCommission (the “Commission” or “CFTC”) per a subsequent ExecutiveOrder), The Economist advises that we ought to cut out the verbiage andfocus on writing rules that articulate broad goals and prescribe only whatis strictly necessary to achieve them. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  25. 25. In my own words, in several prior statements, I have argued that we mustensure that regulations are accessible, consistent, written in plainlanguage, guided by empirical data, and are easily understood.I cautioned that, with each piecemeal rulemaking, we risk creatingredundancies and inconsistencies that result in costs—both opportunitycosts and economic costs—without corresponding benefits.Consistent with Executive Order 13563, which reaffirms prior guidanceon the subject of regulatory review issued in the 1993 Executive Order128665 as well as Office of Management and Budget (“OMB”) guidanceto federal agencies with respect to said Executive Order, agencies like theCFTC must go out of their way to ensure responsible rulemaking by,among other things, undertaking thorough cost-benefit analyses, bothqualitatively and quantitatively, to ensure that new rules do not imposeunreasonable costs.I accepted wholeheartedly the mission put upon this administration bythe President to “root out regulations that conflict, that are not worth thecost, or that are just plain dumb.”Today, in furtherance of that mission, I will not support the final rulesgoverning various internal business conduct standards for futurescommission merchants, introducing brokers, swap dealers and majorswaps participants (the “Internal Business Conduct Rules”).These rules fail to articulate necessary and clear performance objectives,are needlessly complex, and create a collective burden without the benefitof even an appropriate baseline cost-benefit analysis.The fact that OMB’s Office of Information and Regulatory Affairs hasconcurred with our determination that this set of rules qualifies as a“Major Rule” under the Congressional Review Act with an annual effecton the economy of more than $100 million without a fulsome discussion ofanticipated costs, let alone an analysis based on reasoned assumptions or _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  26. 26. evaluation of the impacts of this rulemaking against the pre-statutorybaseline, is regulatory malpractice in my book.While we set the bar low here at the Commission for our cost-benefitanalyses, and accept what is “reasonably feasible,” this rulemaking isnothing but unreasonably feeble.Time for a Review of our Cost-Benefit AnalysesAfter reviewing the Internal Business Conduct Rules, I have reached atipping point and can no longer tolerate the application of such weakstandards to analyzing the costs and benefits of our rulemakings.Our inability to develop a quantitative analysis, or to develop a reasonablecomparative analysis of legitimate options, hurts the credibility of thisCommission and undermines the quality of our rules.I believe it is time for professional help, and I will be following up thisstatement with a letter to the Director of the OMB seeking anindependent review of the Internal Business Conduct Rules to determinewhether or not this rulemaking fully complies with the President’sExecutive Orders and the OMB guidance found in OMB Circular A-4.To the extent that OMB finds any concerns with the Commission’seconomic analysis, I hope that it will provide specific recommendationsas to how the Commission can improve its cost-benefit analysis andanalytical capabilities.A Cost-Benefit Analysis without Costs?Lest anyone think that I am inadvertently waiving a work-product orother privilege, the Commission’s May 13, 2011 internal Staff Guidance onCost-Benefit Considerations for Final Rulemakings under theDodd-Frank Act (“Staff Guidance”) was made public as Exhibit 2 to the _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  27. 27. CFTC’s Office of Inspector General’s June 13, 2011 Review ofCost-Benefit Analyses Performed by the CFTC in Connection withRulemakings Undertaken Pursuant to the Dodd-Frank Act, which isavailable on the CFTC’s website.While it is not my intent to walk you through the Staff Guidance (or theInspector General’s report for that matter), I do think it warrants attentionfor the inattention it gives to both the principles of Executive Orders13563 and 12866 and OMB guidance found in Circular A-4 (“OMBCircular A-4”).More specifically, and among other things, the Staff Guidance providesthat each rulemaking team should, “incorporate the principles ofExecutive Order 13563 to the extent they are consistent with section 15(a)[of the Commodity Exchange Act] and it is reasonably feasible to do so.”Keep in mind that while Section 15(a) of the Commodity Exchange Actrequires the CFTC to consider the costs and benefits of its proposedregulations, the Commission has interpreted the language of section 15(a)to neither require quantification of such costs and benefits, nor to requirethe agency to determine whether the benefits exceed costs or whether theproposed rules are the most cost-effective means of reaching goals.“Rather, section 15 simply requires the Commission to ‘consider the costsand benefits’ of its action.”That was a direct quote from the Federal Register.Further, under the Staff Guidance—and clearly consistent with theCommission’s interpretation of section 15—rulemaking teams need onlyquantify costs and benefits “to the extent it is reasonably feasible andappropriate to address comments received.”As additional guidance, staff is advised that “reasonably feasible andappropriate” means “the extent to which (i) certain analyses, quantitativeor qualitative, is [sic] needed to address comments received _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  28. 28. (“appropriate”) and (ii) whether such an analysis may be performed withavailable resources (“reasonably feasible”).Accordingly, our interpretation of our duties pursuant to section 15(a) andStaff Guidance provides that we need not quantify the costs or benefits ofour rules unless we need to do so in order to respond to comments, andthat we can do so with whatever resources are immediately at ourfingertips.As for the Executive Orders, it appears that we will incorporate theirprinciples only when they neatly align with our own interpretation ofsection 15(a), and only when we can do so without utilizing the resourcesimmediately within our coffers.Setting the Bar LowSetting the bar this low is pretty remarkable. Indeed, formerCommissioner and Acting Chairman William P. Albrecht recentlyremarked that expecting any detailed cost-benefit analysis of theproposed Dodd-Frank rules is impossible in part because, “[T]he CFTChas never had to develop CBA expertise.”Commissioner Albrecht advised that, “A good starting point might be torequire more detailed analysis of the costs of alternative means ofaccomplishing a particular goal.This would help the agency develop CBA expertise and should, over time,lead to a deeper understanding of the costs of regulation.”I believe that Commissioner Albrecht’s advice is already well-articulatedin both Executive Orders and OMB Circular A-4 as incorporated directlyinto the Staff Guidance. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  29. 29. However, the Commission skirts these requirements and apparentlyrefuses to develop expertise.Instead, the Commission limits itself to responding to comments, butonly when it doesn’t require any analysis beyond that which it did for theproposal.Pick Any Baseline You LikeAdditionally, as in today’s final rulemaking, the Commission hasdetermined, in contradiction of OMB guidance directly on point, that insetting the baseline for comparison of the costs and benefits of regulatoryalternatives, it may set the “baseline” to incorporate the costs ofstatutorily mandated rulemakings, regardless of how the CFTC hasinterpreted the statutory goals and regardless of the existence ofalternative means to comply with such goals.Thereby, the Commission is relying on an arbitrary presumption that,“To the extent that ... new regulations reflect the statutory requirementsof the Dodd-Frank Act, they will not create costs and benefits beyondthose resulting from Congress’s statutory mandates in the Dodd-FrankAct.”What does this mean? Well, according to the Commission in thisrulemaking, it means that for commenters who “posit that there is nobenefit to be derived from internal business conduct standards asmandated by Congress and that the mandated provisions do not generatesufficient benefits relative to costs or contribute to the purposes (e.g.mitigating systemic risk and enhancing transparency) of the Dodd-FrankAct. ...these commenters’ concerns fall outside the Commission’sregulatory discretion to implement sections 4s and 4d of the CEA and failto raise issues subject to consider[ation] under section 15(a).” _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  30. 30. That is, the Commission will ignore comments related to requiredrulemaking provisions that mirror statutory language in spite of the factthat the Commission always has some level of discretion in determiningthe means to achieve such mandates. Rather the Commission willconsider comments on new regulations “that reflect the Commission’sown determinations regarding implementation of the Dodd-Frank Act’sprovisions. ... It is these other costs and benefits...that the Commissionconsiders with respect to the section 15(a) factors.”It is unacceptable that the Commission ignores pre-Dodd-Frank realityand establishes its own economic baseline for its rulemakings.This practice defies not only common sense, but rigorous and competenteconomic analysis as well.I will briefly highlight how these rules not only fail to include a rational,rigorous, and sustainable cost-benefit analysis, but fail to articulatenecessary and clear performance objectives, are complex, and create anunjustifiable cumulative burden within this rule and when consideredwith other CFTC regulations and those of prudential regulators.Does the Technology Exist?With regard to recordkeeping requirements, the Internal BusinessConduct Rules impose a substantial burden on Swap Dealers (“SDs”)and Major Swap Participants (“MSPs”) to maintain extensive audiorecordings including the requirement to tag each taped conversation andmake it searchable by transaction and counterparty.Understandably, section 4s(g) does require the maintenance of such dailytrading records for each counterparty and that they be identifiable witheach swap transaction. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  31. 31. However, in spite of enormous technological challenges it is unclear as towhether or not the Commission undertook any independent effort todetermine the technical challenges of implementing such a system,including, whether such technology currently exists, the costs ofacquiring and installing such technology, and whether such a systemcould be developed and/or installed within the timetable set by theCommission.The Commission has failed the fundamental test in Circular A-4 toestablish an appropriate baseline and consider a range of alternatives withassociated costs and benefits. Although the Commission modified its original proposal to not requireeach telephone record to be kept as a single file, it fails to quantify thespecific cost of complying with a costly and technically challengingmandate.Moreover, in determining that such audio recordings are to bemaintained for a one-year period, the Commission provides no analyticalsupport for this retention period over a more reasonable six-month periodother than to say that such period will be “most useful for theCommission’s enforcement purposes.”Unreasonably FeebleIronically, the SDRs were created in the Dodd-Frank Act to facilitatemarket transparency and reporting.The Commission could provide greater transparency into its owncost-benefit analysis by disclosing its assumptions and data to support itsconclusions.OMB Circular A-4 outlines standards for transparency with the followingdirection, “A good analysis should be transparent and your results mustbe reproducible. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  32. 32. You should clearly set out the basic assumptions, methods and dataunderlying the analysis and discuss the uncertainties associated with yourestimates.”It goes on to recommend that, “To provide greater access to youranalysis, you should generally post it, with all the supporting documents,on the internet so the public can review the findings.”I presume the Commission feels that this level of compliance is notappropriate, given that the commenters failed to demand it, and is simplynot reasonably feasible.Conclusion...But Only For NowI believe our reasonably “feasible standard” as articulated in our ownStaff Guidance has caused us to miss any marker for identifying andusing the best, most innovative and least burdensome tools to meet theregulatory ends laid out in section 4s of the Commodity Exchange Act.We should be held accountable for not only failing to even attempt tomeet the goals set by the President, but for deliberately eschewing them.I agree with Chairman Albrecht that the CFTC ought to be required toundertake more rigorous cost-benefit analyses.I believe all of our analyses should be more rigorous. While it may notsolve all of our problems with putting out complex and inefficientregulations, as noted by Chairman Albrecht, it should help.I will be sending a letter to Acting OMB Director Jeffrey Zientsrequesting his assistance in determining just how far off the baseline theCommission has fallen.If OMB Circular A-4 means anything at all, then OMB should take actionand hold the Commission to the Circular’s standards. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  33. 33. Public Company Accounting Oversight BoardReflections on the State of the Audit ProfessionJay D. Hanson, to the American Accounting Association, AuditingSection, Mid-Year Meeting, Savannah, GAGood Morning,I am very honored to be here this morning to address this distinguishedgroup of individuals who have devoted their careers to the developmentand improvement of the profession that I joined over thirty years ago,when I graduated from college in Minnesota and joined McGladrey andPullen as a young accountant.A great deal has happened since then. While accounting has always beena dynamic and evolving profession, its greatest changes have occurred inthe last decade, since the collapse of Enron, the bankruptcy of WorldComand the subsequent passage of the Sarbanes-Oxley Act of 2002.Before "SOX," as so many affectionately call this landmark legislation,the auditing profession in the United States was subject to self-regulation,and, in response to major corporate bankruptcies and concerns about thequality of public company audits in 1970s, the American Institute ofCertified Public Accountants ("AICPA") established a variety ofmeasures to enhance oversight over the practice of auditing, includingthe Auditing Standards Board, the SEC Practice Section, and the QualityControl Inquiry Committee.Nevertheless, the 1980s featured the Savings & Loan crisis and a numberof other high profile corporate bankruptcies, followed by a series of casesinvolving earnings management in the 1990s.Things came to a head in 2001 and 2002 with the discovery of financialreporting and auditing improprieties at some of the largest publiccompanies in the United States: Enron, Global Crossing, Adelphia, Tyco,Qwest Communications, Xerox. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  34. 34. This resulted in a national crisis of confidence in the integrity andreliability of public company financial reporting and a focus on the needfor enhancements in internal controls over financial reporting andcorporate governance.Early in the summer of 2002 both houses of Congress were consideringlegislation that would, among other things, increase regulation of publiccompanies and their auditors.Then, on July 15, 2002, WorldCom announced an overstatement in itscash flow of over $3.8 billion, resulting in the single largest bankruptcyever filed in the United States.Less than two weeks later, Congress passed the Sarbanes-Oxley Actalmost unanimously, resulting in the most significant legislation relatingto the federal securities laws since 1934.Before I go further I must tell you that the views I express today are mypersonal views and do not necessarily reflect the views of the Board, anyother Board member, or the staff of the PCAOB.Consistent with the Sarbanes-Oxley Act, the PCAOB commencedoperations in 2003, building programs to meets its four statutoryobligations: registration, inspections, enforcement and standard setting.Initially conducting only limited inspections of the four largest firms, theBoard quickly ramped up its operations and inspected 99 audit firms in2004 and 281 in 2005 (including 15 firms located outside the UnitedStates).Currently, over 2300 firms, including foreign firms from 85 jurisdictions,are registered with the PCAOB.To date, the Board has conducted over 1800 inspections, including _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  35. 35. inspections in 37 jurisdictions outside the United States.Likewise, the Board has actively pursued its standard setting andenforcement obligations.The Board has issued publicly 45 disciplinary orders — many withmultiple parties sanctioned — while other cases remain pending invarious stages investigation or litigation and must be kept confidential bythe Board.Enforcement actions have been brought for auditors failure to complywith applicable auditing standards and certain provisions of the securitieslaws, independence violations, and failure to cooperate with Boardprocesses such as inspections, investigations, and the requirements to fileannual reports and pay annual fees.Sanctions imposed by the Board have ranged from censures andsuspensions to practice bars and revocations of firm registrations, bothtemporary and permanent.Several enforcement matters also resulted in orders for firms or individualauditors to pay monetary penalties.Since its inception, the Board also has issued 15 auditing standards —including, for example, on audit documentation, internal controls, auditplanning, engagement quality review, and risk assessment — and hassubstantially amended a number of interim standards — including, forexample, AU 325, AU 411, AU 508, AU 350 and AU 329.More recently, the Board issued concept releases or proposals to triggerwide-ranging discussions about potential changes to certain fundamentalaspects of auditing, including the auditors report, audit transparency,and auditor independence, objectivity, and skepticism. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  36. 36. Thus, the Board has evolved over time, from a start-up institution focusedon establishing a comprehensive, consistent oversight system to amaturing regulatory organization with the experience and resources toadapt to changing times and new challenges.And many challenges there are indeed! The accounting profession as awhole is facing difficult questions as a result of the increasing complexityof business transactions and cutting edge financial instruments which areappearing more frequently not only in the financial statements offinancial institutions but many other types of companies as well.Management and their accountants increasingly must tackle fair valuemeasurements and management estimates, consistent with newaccounting standards and EITF guidance in connection with derivatives,securitizations, consolidations, debt/equity issues, revenue recognition,leases and other issues.At the same time, in the wake of the financial crisis, the work ofaccountants is subject to increased scrutiny by regulators and investors,particularly in the areas of disclosures and internal controls over financialreporting.Auditors also must master these accounting challenges, whilesimultaneously overcoming the difficulties associated with auditingnumbers increasingly subject to measurement uncertainty.Fair value estimates of financial instruments established through the useof third party pricing services are proving particularly difficult to audit.First, auditors have to consider whether management itself did enoughwork to understand how the pricing services arrived at their results,including the techniques used, the judgments made, and the controls thatare in effect. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  37. 37. Likewise, under PCAOB standards, the auditors cannot simply rely onthe values established by managements third party pricing services.Rather, they must "get behind" the numbers by doing some testing andcritically evaluating the methodologies and assumptions of management.Because this is such a challenging area, the PCAOB convened a PricingSources Task Force last year to assist the Boards Office of the ChiefAuditor to gain insight into issues related to auditing the fair value offinancial instruments.This group of investors, financial statement preparers, auditors andrepresentatives of pricing services and brokers met three times in 2011 todiscuss the valuation of financial instruments that are not actively tradedand the use of third-party pricing sources to value such instruments.The Office of the Chief Auditor is evaluating the input received from theTask Force and may develop some additional guidance for auditors.In addition to such technical challenges, auditors face pressures relatedto tight deadlines, as well as fee pressures, demands for client service, andbusiness development expectations, all of which may undermineincentives to conduct comprehensive, high quality audits.At the same time, auditors face criticism from those who believe that theydid not do enough, in the years or months leading up to the recentfinancial crisis, to sound an alarm about the risks and uncertaintiesassociated with certain companies.PCAOB inspections also present a challenge to auditors, but one that Ihope and believe can provide an effective counter- balance to fee andclient service pressures by focusing auditors on the requirements ofPCAOB standards and reminding them of their ultimate responsibility toprotect the interests of investors. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  38. 38. I firmly believe that PCAOB inspections, standard setting andenforcement activities have had a substantial, positive impact on auditquality since the PCAOBs establishment, but we are not without ourcritics.The audit profession, among others, has expressed concerns, often in theform of letters in response to our draft inspection reports, but also inmeetings with the Board, in connection with Board advisory groups, andin other forums.One frequent comment from audit firms is that PCAOB inspections aretoo tough, and that the PCAOB inspections staff does not respect theprofessional judgment exercised by auditors.Some auditors believe that the positions taken in inspections set anunreasonably high bar and constitute de facto standard setting by theinspection teams.Others charge that the PCAOB takes too long to do pretty mucheverything, including issuing inspection reports and setting newstandards.One result of our activities, according to some, is that the best andbrightest auditors become frustrated and leave the profession, havingconcluded that the negatives — such as their interactions with the Board,increased scrutiny and criticism by investors, and intensifying fee andother pressures — outweigh the positives of continuing to audit publiccompanies.The Board is very cognizant of these concerns and has gone to greatlengths to ensure that its inspectors are experienced, well-trainedprofessionals who understand and respect the practice and the businessof auditing. Consistency and fairness are our mantras. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  39. 39. Our inspection process has evolved over time, and our internal processeshave been improved to facilitate a consistent approach to inspectionsacross firms.Much of the time that passes after inspection field work ends and beforethe report is issued is spent on quality control.Our inspectors compare notes about the interpretation of standards; theyinvolve the Office of the Chief Auditor when in doubt, and we have anumber of individuals in the Inspections Division dedicated exclusivelyto reviewing inspection reports for consistency, clarity and fairness.This process is necessarily time-consuming, but we are taking steps tostreamline certain processes and to eliminate delays where possible.In that context, let me talk a little more about our inspection process,both in terms of how we operate and what we are finding.PCAOB inspections are not intended to establish or provide reportspresenting a balanced view of the strengths and weaknesses of eachinspected firm.We do not provide grades to firms (as much as doing so might be popularwith this particular audience).Consistent with the requirement in the Sarbanes-Oxley Act that PCAOBinspections "assess the degree of compliance of each . . . firm . . . withth[e] Act, the rules of the Board, the rules of the Commission, orprofessional standards,"[1] our inspectors specifically look for auditdeficiencies and inspect those engagements where they are most likely tofind them.Inspections are therefore risk-based, both in terms of the engagementsand audit areas that are selected for review. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  40. 40. Our inspectors work closely with our Office of Research and Analysis todetermine what industries or specific issuers present higher levels of auditrisk.Within each audit engagement selected, inspectors choose the mostchallenging and high risk audit areas, in order to test the firms abilityappropriately to address those challenges and risks.Some have criticized this approach, suggesting that we should reviewaudits more randomly.But in order to have the greatest impact on audit quality, in order to helpauditors learn from our inspections, and in order to achieve our goal ofprotecting investors, we need to allocate our limited resources to findingthose audits that do not measure up to our standards, rather thanspending our time reviewing those that do.So what have we found? Common inspection findings reported by theBoard in late 2010, based on inspections conducted in 2007 through 2009during the height of the financial crisis, included instances whereauditors appear not to have complied with PCAOB auditing standards incertain audit areas, including, for example, fair value measurements,impairment of goodwill, indefinite-lived intangible assets, and otherlong-lived assets, allowance for loan losses, off-balance-sheet structures,revenue recognition, inventory and income taxes.Our results in 2010 showed an alarming increase in inspection findings,particularly, as I noted earlier, in the area of fair value.In the context of fair value, PCAOB inspectors have observed that: - Auditors did not obtain a sufficient understanding of the valuation methods or assumptions used by external valuation services utilized by management; _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  41. 41. - Auditors did not test, or test sufficiently, the operating effectiveness of internal controls over various aspects of issuers valuation processes to support the degree of reliance placed by the firms on those controls; - Auditors did not evaluate significant differences between independent estimates used or developed by firms and the fair values recorded by management in the financial statements; and - Auditors did not test, or test sufficiently, significant, difficult-to-value securities, for example, by limiting procedures to inquiries of issuer personnel or extending to year-end conclusions regarding the valuation of investment securities that were reached at an interim date without taking into account volatile market conditions.PCAOB inspection findings related to valuations and fair value issues ingeneral are not limited to financial instruments, however.Inspectors have also found deficiencies in connection with the valuationof non-financial measurements, for example in the areas of businesscombinations and goodwill impairment, and with other managementestimates, such as allowance for loan losses and valuation of inventoryand income tax valuation allowances.In the context of multi-national audits, the Board also has reported thatsome U.S.-based firms issuing audit reports based on work performed byfirms outside the United States were not properly applying PCAOBstandards.As a result of these findings, the Board in July 2010 issued a Staff AuditPractice Alert to remind registered firms of their obligations when usingthe work of other firms or using assistants engaged from outside the firm. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  42. 42. The alert describes the circumstances under which the firm issuing theaudit report may use the work and reports of another auditor.The alert also explains that auditors who engage assistants from outsidethe firm are governed by the same standards regarding planning the auditand supervising assistants that apply when audit work is performed byassistants who are partners of, or employed by, the auditors firm.So what does all of this mean for you — the educators of futureaccountants and auditors and the leaders in research relating to thisimportant profession?Unlike their predecessors five or more years ago, recent and futuregraduates of accounting programs received their training in thepost-Sarbanes-Oxley world.They benefit from the renewed focus by accountants and auditors oninvestor protection, auditor independence, and internal controls.I was pleased to see in the AAAs Statement of Responsibilities thecommitment to "developing in students an appreciation for theimportance of ethics and professionalism as well as technical expertise."Your agenda for this meeting also provides several opportunities fordiscussion of research relating to auditor ethics, independence, andprofessional skepticism, and I applaud you for your continued focus onthese important topics.As I mentioned earlier, however, the pressures faced by auditors oncethey begin to practice in the real world may chip away at some of theimportant investor protection priorities instilled by all of you.It is up to the firms that the students ultimately join to continue toemphasize the importance of these important principles, and I challenge _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  43. 43. them to do so through training and leadership by example.Beyond adhering to these overarching principles of auditor conduct,however, one question we should ask is whether auditors are otherwiseequipped for the business world of the 21st Century, and whether thereare things we can do collectively to make sure that they are.It is difficult, if not impossible, for accounting programs to teach in realtime the accounting developments emerging on a daily basis in thebusiness world.There are certain trends, however, that may merit increased attention,due to the changing business models and accounting practices we haveobserved in recent years.I have already discussed some of the complexity in business models andtransactions that pose unprecedented challenges to accountants andauditors today.Fair value accounting and the auditing of fair value measurements andmanagement estimates play an increasingly important role in todayseconomy, yet even experienced auditors struggle with these issues everysingle day.Many universities and colleges have begun to include fair valueaccounting modules in their curriculum, but I urge you to considerwhether more can be done.Provide real world examples to your students, and address both theaccounting requirements and appropriate audit approaches.Cost accounting is an indispensable building block in any accountingeducation, but fair value accounting is an indispensable skill in todaysbusiness world. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  44. 44. Other developments that auditors increasingly encounter includecomplex intellectual property arrangements, rapid business cycles wherecompanies move quickly from start-up to IPO to merger and acquisitionor sell-out, and, of course, the expansion in the use of InternationalFinancial Reporting Standards.I know many of you incorporate these and other emerging themes intoyour teaching and research activities, and I applaud you for your efforts.We at the PCAOB also are trying to do our part to support future auditors.The Sarbanes-Oxley Act provides that all monetary penalties collected bythe PCAOB must be used to fund merit scholarships for students inaccredited accounting degree programs.In 2011, the Board implemented this requirement and announced theinauguration of its scholarship program, awarding 52 scholarships of$10,000 each to students around the country who demonstrated highethical standards and an interest and aptitude in accounting andauditing.PCAOB Board members and staff also frequently visit colleges anduniversities around the country to talk to accounting students about theauditing profession and the Boards work, and we periodically welcomegroups of students visiting Washington, D.C. to our headquarters fordiscussions with PCAOB staff and Board members.Finally, your academic research activities complement the work of theBoard to improve audit quality and enhance investor protection.The Board and Board staff review and consider the conclusions ofrelevant academic studies in formulating Board policies.We have benefited from academic studies looking at the efficacy and _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  45. 45. relevance of our regulatory activities.Some of you also may be current or former participants in the jointPCAOB-AAA research synthesis projects, while others may haveparticipated in the AAA Auditing Standards Committees work to providecomments to the Board in connection with our standard setting process.Several of your members also have served on our advisory groups or haveparticipated in our public round tables or the PCAOBs annual AcademicConference.Finally, some of you have visited us at the PCAOB to discuss yourresearch or to work with our staff on a variety of projects, and we welcomesuch opportunities to hear directly from you.So I would like to end by thanking you for inviting me to speak to youhere today and for your continued and tireless engagement in our sharedobjective of improving audit quality and enhancing investor protection. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  46. 46. Paris, 16 February 2012 - The Financial Action Task Force, the globalstandard-setter in the fight against money laundering and terroristfinancing, has revised the Recommendations after more than two years ofefforts by member countries.The Recommendations are used by more than 180 governments tocombat these crimes.The revisions, made with inputs from governments, the private sector,and civil society, provide authorities with a stronger framework to actagainst criminals and address new threats to the international financialsystem.The cost of money laundering and underlying serious crime is very large,estimated between 2 and 5% of global GDP.The revision will enable national authorities to take more effective actionagainst money laundering and terrorist financing at all levels - from theidentification of bank customers opening an account through toinvestigation, prosecution and forfeiture of assets.At the global level, the FATF will also monitor and take action to promoteimplementation of the standards.The revised FATF Recommendations now fully integrate counter –terrorist financing measures with anti-money laundering controls,introduce new measures to counter the financing of the proliferation ofweapons of mass destruction, and they will better address the launderingof the proceeds of corruption and tax crimes.They also strengthen the requirements for higher risk situations and allowcountries to take a more targeted risk-based approach.Giancarlo Del Bufalo, the President of the FATF, said: _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  47. 47. “Adoption of the revised Recommendations demonstrates countries’shared commitment to fight money laundering, terrorist financing andthe financing of the proliferation of weapons of mass destruction.”“The revised Recommendations include requirements for strongersafeguards in the financial sector, strengthened law enforcement toolsand improved international cooperation.”The main changes are:- Combating the financing of the proliferation of weapons of mass destruction through the consistent implementation of targeted financial sanctions when these are called for by the UN Security Council.- Improved transparency to make it harder for criminals and terrorists to conceal their identities or hide their assets behind legal persons and arrangements.- Stronger requirements when dealing with politically exposed persons (PEPs).- Expanding the scope of money laundering predicate offences by including tax crimes.- An enhanced risk-based approach which enables countries and the private sector to apply their resources more efficiently by focusing on higher risk areas.- More effective international cooperation including exchange of information between relevant authorities, conduct of joint investigations, and tracing, freezing and confiscation of illegal assets.- Better operational tools and a wider range of techniques and powers, both for the financial intelligence units, and for law enforcement to investigate and prosecute money laundering and terrorist financing. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  48. 48. NoteFor more information on the FATF Recommendations, please visit thepublication page on www.fatf-gafi.org/recommendationsInteresting part:INTERPRETIVE NOTE TO RECOMMENDATION 26(REGULATION AND SUPERVISION OF FINANCIALINSTITUTIONS)Risk-based approach to Supervision1. Risk-based approach to supervision refers to: (a) The general process by which a supervisor, according to its understanding of risks, allocates its resources to AML/CFT supervision; (b) The specific process of supervising institutions that apply an AML/CFT risk-based approach.2. Adopting a risk-based approach to supervising financial institutions’AML/CFT systems and controls allows supervisory authorities to shiftresources to those areas that are perceived to present higher risk.As a result, supervisory authorities can use their resources moreeffectively.This means that supervisors: (a) Should have a clear understanding of the money laundering and terrorist financing risks present in a country; and (c) Should have on-site and off-site access to all relevant information on the specific domestic and international risks associated with _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  49. 49. customers, products and services of the supervised institutions, including the quality of the compliance function of the financial institution or group (or groups, when applicable for Core Principles institutions).The frequency and intensity of on site and off-site AML/CFT supervisionof financial institutions/groups should be based on the money launderingand terrorist financing risks, and the policies, internal controls andprocedures associated with the institution/group, as identified by thesupervisor’s assessment of the institution/group’s risk profile, and on themoney laundering and terrorist financing risks present in the country.3. The assessment of the money laundering and terrorist financing riskprofile of a financial institution/group, including the risks ofnon-compliance, should be reviewed both periodically and when there aremajor events or developments in the management and operations of thefinancial institution/group, in accordance with the country’s establishedpractices for ongoing supervision.This assessment should not be static: it will change depending on howcircumstances develop and how threats evolve.4. AML/CFT supervision of financial institutions/groups that apply arisk-based approach should take into account the degree of discretionallowed under the RBA to the financial institution/group, andencompass, in an appropriate manner, a review of the risk assessmentsunderlying this discretion, and of the adequacy and implementation of itspolicies, internal controls and procedures.5. These principles should apply to all financial institutions/groups.To ensure effective AML/CFT supervision, supervisors should take intoconsideration the characteristics of the financial institutions/groups, inparticular the diversity and number of financial institutions, and thedegree of discretion allowed to them under the RBA. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  50. 50. Resources of supervisors6. Countries should ensure that financial supervisors have adequatefinancial, human and technical resources.These supervisors should have sufficient operational independence andautonomy to ensure freedom from undue influence or interference.Countries should have in place processes to ensure that the staff of theseauthorities maintain high professional standards, including standardsconcerning confidentiality, and should be of high integrity and beappropriately skilled. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  51. 51. Foreign Account Tax Compliance Act (FATCA) – looks like afull employment act for some risk and compliance officers…… in the States and in Europe now!!!The Foreign Account Tax Compliance Act (FATCA) is an importantdevelopment in U.S. efforts to improve tax compliance involving foreignfinancial assets and offshore accounts.Under FATCA, U.S. taxpayers with specified foreign financial assets thatexceed certain thresholds must report those assets to the IRS.This reporting will be made on Form 8938, which taxpayers attach to theirfederal income tax return, starting this tax filing season.In addition, FATCA will require foreign financial institutions to reportdirectly to the IRS information about financial accounts held by U.S.taxpayers, or held by foreign entities in which U.S. taxpayers hold asubstantial ownership interest.Non US firms are also affected: Foreign firms are required to provide withdetails of all U.S. persons who have foreign holdings of more than $50,000,otherwise foreign firms face a punitive 30% withholding tax on all U.S.income they receiveFebruary 17, 2012 – Commonwealth Bank announced it could drill downabout 50,000 client accounts to determine if there is any US beneficialownership connectionOffshore financial institutions must comply if they want to maintaincorrespondent banking relationships and access to the US market.08 February 2012 _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  52. 52. And what the Europeans do?The UK Government has issued a joint statement with the Governmentsof France, Germany, Italy, Spain and the United States, setting out anagreed approach to the US “FATCA” legislation, which aims to combatcross-border tax evasion. This focuses on an intergovernmental approach to informationexchange, which addresses certain legal difficulties and complianceburdens that would otherwise arise for financial institutions affected byFATCA. Welcoming the joint statement, David Gauke, Exchequer Secretary tothe Treasury, said:“The Government is committed to tackling tax evasion, wherever it takesplace.This joint statement builds on the close cooperation of all the countriesinvolved, and of the European Commission, in tackling cross-border taxevasion and provides a practical way forward that should reduce theburdens on the financial sector” .Joint Statement regarding an Intergovernmental Approach toImproving International Tax Compliance and ImplementingFATCAA. General Considerations 1. Building on their longstanding and close relationship with respect tomutual assistance in tax matters, the United States, France, Germany,Italy, Spain and the United Kingdom wish to intensify their co-operationin combating international tax evasion. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  53. 53. 2. On 18 March 2010 the United States enacted provisions commonlyreferred to as the Foreign Account Tax Compliance Act (FATCA), whichintroduce reporting requirements for foreign financial institutions (FFIs)with respect to certain accounts.France, Germany, Italy, Spain and the United Kingdom are supportive ofthe underlying goals of FATCA.FATCA, however, has raised a number of issues, including that FFIsestablished in these countries may not be able to comply with thereporting, withholding and account closure requirements because of legalrestrictions. 3. An intergovernmental approach to FATCA implementation wouldaddress these legal impediments to compliance, simplify practicalimplementation, and reduce FFI costs. 4. Because the policy objective of FATCA is to achieve reporting, not tocollect withholding tax, the United States is open to adopting anintergovernmental approach to implement FATCA and improveinternational tax compliance. 5. In this regard the United States is willing to reciprocate in collectingand exchanging on an automatic basis information on accounts held inUS financial institutions by residents of France, Germany, Italy, Spainand the United Kingdom.The approach under discussion, therefore, would enhance complianceand facilitate enforcement to the benefit of all parties. 6. The United States, France, Germany, Italy, Spain and the UnitedKingdom are cognizant of the need to keep compliance costs as low aspossible for financial institutions and other stakeholders and arecommitted to working together over the longer term towards achievingcommon reporting and due diligence standards. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  54. 54. 7. In light of these considerations, the United States, France, Germany,Italy, Spain and the United Kingdom have agreed to explore a commonapproach to FATCA implementation through domestic reporting andreciprocal automatic exchange and based on existing bilateral taxtreaties.B. Possible Framework for Intergovernmental Approach 1. The United States and a partner country (FATCA partner) would enterinto an agreement pursuant to which, subject to certain terms andconditions, the FATCA partner would agree to:- Pursue the necessary implementing legislation to require FFIs in its jurisdiction to collect and report to the authorities of the FATCA partner the required information;- Enable FFIs established in the FATCA partner (other than FFIs that are excepted pursuant to the agreement or in U.S. guidance) to apply the necessary diligence to identify US accounts ; and- Transfer to the United States, on an automatic basis, the information reported by the FFIs.2. In consideration of the foregoing, the United States would agree to:- Eliminate the obligation of each FFI established in the FATCA partner to enter into a separate comprehensive FFI agreement directly with the IRS, provided that each FFI is registered with the IRS or is excepted from registration pursuant to the agreement or IRS guidance;- Allow FFIs established in the FATCA partner to comply with their reporting obligations under FATCA by reporting information to the FATCA partner rather than reporting it directly to the IRS; _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  55. 55. - Eliminate U.S. withholding under FATCA on payments to FFIs established in the FATCA partner (i.e., by identifying all FFIs in the FATCA partner as participating FFIs or deemed-compliant FFIs, as appropriate);- Identify in the agreement specific categories of FFIs established in the FATCA partner that would be treated, consistent with IRS guidelines, as deemed compliant or presenting a low risk of tax evasion;- Commit to reciprocity with respect to collecting and reporting on an automatic basis to the authorities of the FATCA partner information on the U.S. accounts of residents of the FATCA partner 3. In addition, as a result of the agreement with the FATCA partnerdescribed above, FFIs established in the FATCA partner would not berequired to:- Terminate the account of a recalcitrant account holder;- Impose passthru payment withholding on payments to recalcitrant account holders;- Impose passthru payment withholding on payments to other FFIs organized in the FATCA treaty partner or in another jurisdiction with which the United States has a FATCA implementation agreement;4. The United States, France, Germany, Italy, Spain and the UnitedKingdom would:- Commit to develop a practical and effective alternative approach to achieve the policy objectives of passthru payment withholding that minimizes burden. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  56. 56. - Commit to working with other FATCA partners, the OECD, and where appropriate the EU, on adapting FATCA in the medium term to a common model for automatic exchange of information, including the development of reporting and due diligence standards. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  57. 57. “We are all suffering the effects of the ongoing financial crisis. It began inthe banking sector and has spread to public finances.It has led to necessary austerity programmes and impacted hard on thereal economy.Financial reform has a key role to play in stabilising the financial sector,removing the inadequacies and abuses which existed, and preventing ormitigating future crises.The EU is in the end phase of its biggest ever programme for financialservices reforms. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  58. 58. Around thirty measures have been proposed or adopted, including almostall the key ones agreed at the G20.My goal is for all new legislation to be in force by 2013.It is an achievable goal.But financial reform is about more than prevention of the next crisis.It can also play a role in remedying the present crisis, by favouringgrowth.This booklet explains our reforms, how they will contribute to stabilityand growth and how they help to re-establish a prosperous Europe.” _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  59. 59. The European Commission has proposed all the main pieces oflegislation linked to G20 commitmentThe bulk of these new rules is already going through the legislativeprocess.They ensure safe financial institutions, efficient and resilient markets andappropriate consumer protection.The programme is not yet finished, there is still a challenging roadahead, but the European Union is on the right track to have a newlegislative framework for financial services in place by 2013.A properly supervised financial system _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  60. 60. Strict supervision of the finance sector is essential. The crisis exposedserious deficiencies in cooperation between national supervisors.To address this, the EU has established new European SupervisoryAuthorities (ESAs), operational since January 2011: the EuropeanBanking Authority (EBA), the European Insurance and OccupationalPensions Authority (EIOPA)and the European Securities and MarketsAuthority (ESMA).These new European institutions work together with Member States’supervisors fostering harmonised rules and ensuring strict and coherentimplementation.More specifically, they can:• draw up specific rules for national authorities and financial institutions,• take action in emergencies, including banning certain products,• mediate and settle disputes between national supervisors and• ensure consistent application of EU lawIn addition, the European Supervisory Authorities have extensive powersin emergencies.If the EU Council decides that turbulent market conditions warrant theiruse, they coordinate national supervisors and impose the necessaryactions in a harmonised way across Europe.Such measures can include bans on short selling of securities forexample.A European Systemic Risk Board (ESRB) was also established to monitorthreats to the stability of the financial system. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com