Spot a problem in financial markets and a predictable sequence of events ensues: regulators come up with a new rule intended to solve it; the financial services industry whines that the new rule is unnecessary; and critics grumble that new rules won’t change anything because even the existing ones aren’t properly enforced.
One way all sides might be made happier is by paying more attention to compliance. When the financial services industry’s critics complain that rules aren’t being adequately enforced, they are half-right. Frequently, the rules aren’t being followed; but the problem is largely one of compliance.
The enforcement records of the regulators may deserve their share of scorn, but the reason that rules often prove to be ineffective on a day-to-day basis isn’t because of lax enforcement. Regulators could hardly be expected to turn every minor rule violation into an enforcement case. Their resources are far too limited for that; the existing process is slow enough without adding countless new cases to the docket; and the effects to those facing charges would probably often be disproportionate to the offence.
So, when it comes to policing the mainstream financial services industry, members of which are largely seeking to play by the rules, regulators should be shifting their focus from enforcement to compliance, argues Joel Wiesenfeld, securities lawyer and partner with Torys LLP in Toronto.
At a recent industry conference hosted by the Ontario Securities Commission, Wiesenfeld suggested that enforcement actions against well-intentioned industry players for relatively minor infractions are just too costly, in terms of: the reputations of the accused; the financial liability to shareholders of firms that face sanctions; and to the enforcement function, whose scarce resources are being used to pursue such cases.
“I would like to see a change in focus,” he says. “I think regulators can go a lot further in ensuring compliance without [resorting] to the prejudice of an enforcement investigation and proceeding. Enforcement resources should be reserved for intentional misconduct or for those most egregious cases in which compliance measures fail, not used at the drop of a hat for technical infractions, negligence and other examples of non-compliance.”
Another primary benefit of improved compliance is that it is an alternative to creating new rules in response to every perceived market failure or regulatory gap. Regulations are perpetually being reformed, and the fallout from the unprecedented financial crisis of the past year has surely intensified the pressure for sweeping rule changes.
Yet, as Julie Dickson, superin-tendent with the Office of the Superintendent of Financial Institutions, argued in a recent speech, just as much thought needs to be given to how regulators supervise financial services firms: “This is because a financial sector with strong regulatory rules [such as robust capital requirements] but with weak supervision of risk management practices is not a safe and sound financial sector. Effective supervision can often be a better way to deal with a risk, rather than imposing a new rule.”
This idea is echoed by Maureen Jensen, senior vice president of surveillance and compliance with the Investment Industry Regulatory Organization of Canada, who recalls that at the height of the financial crisis in late 2008, IIROC’s response was to examine how to make firms more compliant.
“You don’t do that by making new rules,” she says. “You have to do things differently to help them be more compliant; you have to push compliance down directly into the firms. Not that firms weren’t already trying to be compliant, but our focus was: ‘Instead of making all kinds of new rules, let’s look at how we can elevate the game for the firms’.”
The problem, from the investors’ point of view, is that neither financial services firms nor public companies routinely live up to all of their regulatory obligations. Not only have weaknesses in regulatory supervision been identified as one of the contributing factors of the recent financial crisis, but regulators’ compliance reviews also frequently turn up numerous deficiencies. And although these deficiencies typically aren’t major problems, their persistence can’t be conducive to investor confidence — particularly when firms don’t fully comply with explicit requirements.
For example, according to the OSC’s annual compliance report for fiscal 2009, its ordinary field reviews of portfolio managers revealed an average of 15 deficiencies per firm; on average, six of those were deemed “significant.” Meanwhile, the OSC’s reviews of limited market dealers found an average of five deficiencies per firm, two of which were considered “significant.”
@page_break@Similarly, when regulators focus on a specific issue, they also tend to find frequent lapses. For example, the regulators’ inquiries into the collapse of the asset-backed commercial paper market in 2008 found that dealers sold millions of dollars worth of the stuff, despite the fact many didn’t understand what they were selling.
And it’s not just the financial services industry that falls short; public companies are also often found to be lacking. Back in September, the Canadian Securities Admini-strators announced the results of its review of issuers’ compliance with the requirements that firms adopt effective internal controls and that senior executives certify that fact. Less than 40% of the firms reviewed were found to be in full compliance with the requirements. (Of the 251 firms reviewed, 157 were not in complete compliance: 77 of them had to refile their certificates, while the other 80 were asked to improve future filings.)
More recently, the CSA conducted a review of issuers’ compliance with executive-compensation disclosure requirements. Of the 70 firms reviewed, just eight had to revise their disclosures; but “most” of the companies were asked to improve their disclosure in future filings.
The good news is that because of the persistent lack of complete compliance, regulators are putting increased emphasis on that function.
The CSA’s latest effort to improve dealer compliance is embedded in its registration reform effort, which was implemented earlier this autumn. Among many other things, this initiative introduces a requirement for firms to have a registered chief compliance officer and an “ultimate designated person” — measures that regulators hope will foster a “culture of compliance” and a new level of accountability within firms.
The self-regulatory organizations are also stepping up their game. Jensen says IIROC’s redoubled efforts to improve compliance are built around the idea that it must “drive a culture of compliance” at the firms themselves. To do that, she says, “We have to give them more information; we have to tell them what our expectations are; we have to be very direct and very clear when they are not toeing the line [by explaining] what’s wrong and how to go about mitigating it.”
This was the motivation behind IIROC’s first consolidated compliance review report, which was published this past summer and incorporated the combined findings of IIROC’s financial operations, business conduct, trading conduct and compliance teams. The report highlights the most common deficiencies IIROC is finding throughout the industry in all facets of the business. The underlying goal is to alert firms’ management, not just to their own lapses but also to the sorts of issues arising elsewhere in the industry in the hope that their spread can be avoided.
Additionally, IIROC has also carried out a number of sweeps targeting specific issues. Last year, it tackled the failure of the ABCP market; forthcoming reports will reveal the results of sweeps dealing with principal-protected notes and branch supervision.
These efforts reflect the regulator’s desire to ensure that its efforts are being delivered effectively and efficiently. To do that, Jensen says, “You have to know what’s going on in the market, you have to know what are the new issues or new products that firms are selling, and you have to know how they are selling these products.”
Along with the sweeps, IIROC is trying to improve efficiency by dismantling its own internal silos, so that different parts of its compliance function work better together and data on firms are more easily shared across the organization.
IIROC is also improving communication with other regulators, particularly its U.S. counterpart, the Financial Industry Regulatory Authority, Jensen says. IIROC and FINRA have collaborated on a couple of cross-border compliance reviews, she adds, with FINRA examiners riding shotgun on an IIROC review, and vice versa. This is particularly important, Jensen says, because when it comes to scrutinizing firms that operate in the U.S., the regulators’ view of a firm’s business ends at the border.
IIROC has also collaborated with FINRA on policy issues, such as the guidance the two regulators issued in the summer concerning the sales of leveraged and inverse exchange-traded funds.
Finally, IIROC reviewed its internal practices in light of the Madoff and Stanford cases in the U.S. One result has been the introduction of a whistleblower service, which, Jensen says, has generated some solid leads. The U.S. scandals also revealed the importance of co-operation between regulators, she notes. As many financial services institutions operate in different areas of the business under different regulators, she says, it’s at the margins between jurisdictions where compliance problems can fester.
At the Mutual Fund Dealers Association of Canada, many of the same sorts of strategies are in evidence. Karen McGuinness, vice president of compliance with the MFDA, says the SRO has always tried to be proactive in its efforts to foster compliance by providing enough guidance to firms so that they can comply with the rules.
Earlier this year, the MFDA issued a bulletin outlining the common problems uncovered in its compliance exam and offered advice on how to resolve these issues.
“We have always provided information to members on the compliance deficiencies,” McGuinness notes, “but this was the first time we also provided guidance.”
More recently, the MFDA issued a bulletin spelling out the recommended content for firms’ policy manuals in recognition of the fact that a lack of policies and procedures is a common deficiency. The SRO has also boosted guidance around issues such as suitability, supervision and “know your product.”
“Overall, we are seeing improvement in the supervisory systems in place at members from when we first began the examination process,” McGuinness notes, adding that this translates into better inves-tor protection and client service.
That may be the case, but the problem is that much of this sort of improvement takes places behind the scenes; it’s not something that investors can readily understand or assess. As Wiesenfeld said at the OSC roundtable: “There are no ‘perp walks’ in compliance; there are no splashy endings, no large fines, no high-profile persons or companies brought down. There are no media exposés. Progress is incremental.”
In other words, compliance is well-intentioned work that often goes unappreciated. But, if improved compliance leads to fewer new rules and enforcement cases, the industry should welcome it. IE
A solution to the industry’s ills
Lax enforcement is not the reason rules are ineffective; rather, the problem is largely one of compliance
- By: James Langton
- December 7, 2009 December 7, 2009
- 13:03