Tuesday, November 4, 2008

OCIE's Director Speaks about Compliance Incentives

On Thursday, October 30, Lori Richards, Director of the SEC's Office of Compliance Inspections and Examinations, addressed the 2008 Willamette Securities Regulation Conference about ways to foster, and create incentives for, strong compliance.  Richards started off the substance of her address by listing three conditions vital to effective compliance:
  • The first requirement for compliance is that a person must understand their obligations. This is obvious to you, I'm sure, but I'm amazed at the number of times that SEC examiners find deficient practices and the person responsible claims they did not understand either that they had an obligation or its precise nature. For example, we often find that firms are not aware of compliance obligations with respect to new rules. It sometimes takes time for people to learn about and understand their obligation. This is why effective education and training are so important. For our part, we"ve included new rules in our CCOutreach programs, which are designed to help chief compliance officers learn techniques and strategies to strengthen their own firms" compliance programs. We also created a "plain English" summary of key provisions of the Investment Advisers Act and emailed it to some 10,000 advisory firms! In addition, we seek to provide clear explanations of the law and new rules whenever possible.
  • The second requirement for compliance is that the person must be able to discharge their compliance obligations. Compliance obligations must not be unattainable. At the Commission, the SEC engages in a notice and comment process before implementing new rules, which provides us with input about (among other things) the feasibility of the proposed rule in practice.
  • It is the third requirement for compliance — a person"s willingness to comply — that is perhaps the most complicated because it is inherently human and relies on an individual"s own behavioral characteristics. For example, some people will be willing to comply because they place intrinsic value on doing what"s right. As well, people"s willingness to comply will be greater if they perceive that there is significant downside in not complying. This is why both regulators and compliance personnel spend so much time warning people about the harm that will befall them — for example, losing their job, their reputation, or their freedom — if they don"t comply. This is deterrence — the "stick" — and it"s a powerful motivator and indispensable in the toolkit of any compliance professional.
The thrust of Richard's speech, though, was that, in addition to deterring non-compliance, people are more willing to follow the rules "when they perceive that there are positive benefits to doing so." 
Human beings are purposeful, and will behave in certain ways if they perceive they will be rewarded for doing so. This is where we get to incentives — the "carrot" — the positive reward for undertaking the behavior we seek. I think that there has been limited focus on incentives in securities compliance, and I wanted to discuss some of my thoughts on this topic with you today.
She stressed that the responsibility to establish the right kinds of incentives for compliance, and an overall culture of compliance rests with managers and leaders, and that sufficient importance and resources must be allocated to compliance by them. 
As a starting point, the firm"s compliance and internal controls infrastructure must be strong enough to underpin these incentives — this means that the firm must compensate its compliance staff adequately and ensure that they have sufficient resources to do the job. The responsibility to ensure a strong culture of compliance and a compliant organization, however, rests with managers and leaders of the firm.
Richards listed some ways firms might create better incentives for compliance for employees:
  • Be clear about expectations. Managers and employees should be aware that compliance with the firm"s internal risk management and compliance policies is expected, and performance expectations should be explicit on this point.

  • Reward managers who achieve compliance. Managers could be compensated in part based on their branch"s or unit"s compliance activities (results of surveillance reviews, internal reviews, customer satisfaction levels). Positive results get higher compensation.

  • Reward managers who cultivate a culture of compliance. Many organizations are measuring their employees" attitudes towards ethics and compliance by the use of surveys. Some firms then tie a component of their senior managers" compensation to the attitudes expressed by their unit"s employees. Positive results get higher compensation.

  • Make strong compliance an advertised goal. In industrial plants, firms advertise the number of days with a "clean" safety record — to remind employees about the importance of safety on the job. Other organizations could take a lesson and publicize the number of days without a customer complaint, arbitration, or aggrieved customer.

  • Reward employees for considering compliance issues. Employees could be incentivized to approach compliance staff early on with questions about compliance — well before the deal, or the product or the transaction is launched.

  • Consider new incentives. While sales incentives may be a part of the fabric of the securities business, wouldn"t a reward based on the satisfaction levels of the clients of the registered representative or advisory representative be more meaningful? (satisfaction could be measured by, for example, whether the investor believes that the financial adviser understands the investor"s needs, objectives, and risk tolerance; is responsive; effectively invests their funds; adequately discloses risks and costs; and provides understandable explanations about investment options). Wouldn"t that type of reward incentivize the kind of long-term relationships that firms so want to develop?

  • Incentives impact risk. Because incentives drive behavior, an organization"s risk-assessment process could take into account the incentives that exist that encourage and reward compliance, and could identify areas and employees who do not operate with these incentives. Firms could include the latter as areas that may present higher risk and may warrant closer review. In addition, when organizations conduct special reviews or inquiries of compliance breakdowns, they could include an evaluation of the role that incentives played.
The full text of Ms. Richard's October 30 address is available at:  http://www.sec.gov/news/speech/2008/spch103008lar.htm