Building Effective Relationships with Regulators
Keynote Address by Norm Champ
CFO Compliance & Regulation Summit
The Seaport Boston Hotel, Boston, MA
September 10, 2015
Thank you Aaron for that kind introduction. It is a privilege to be here in Boston at the CFO Compliance & Regulation Summit. It is encouraging to see compliance and regulation discussed at this conference across so many industries. So much of the public attention has been on compliance in the financial services industry but compliance and regulatory burdens extend across all sectors of the economy. It looks like you have an interesting set of panels and presentations lined up to help you with that task.
Today I will try to bring together my experience at the SEC in the Division of Investment Management and the Office of Compliance Inspections and Examinations to talk about how you can build effective relationships with regulators. Each business, no matter what the industry, must decide what strategy it is going to pursue with regulators. As a former CCO of an investment management business and a former regulator, I propose that you follow a strategy of constructive engagement with the regulator in your industry. I know there are those who disagree with that strategy and advocate a posture of avoidance of your regulator and even those who advocate a strategy of opposition to your regulator. I have dealt with that advice in my ten years in a regulated financial services business and seen it in action in five years as a regulator. I’m going to argue that the strategies of avoidance and opposition are misguided and that constructive engagement is the only viable choice for a business seeking an effective relationship with its regulator.
My experience in the Exam program emphasized how important it is to establish relationships with regulators. When firms were not known to the SEC and they had an issue of some type that involved the SEC, it put the company in a difficult spot. Members of the Board and management of such firms would scramble to get control of the situation and convince SEC staff that compliance or other procedures were adequate but they faced an uphill battle because they did not have a relationship with regulators. I convey this as an example of where you do not want to be in your relationship with regulators!
Depending on how regulated your industry is, each firm will have more or less contact with its regulators. I propose that you think about your relationships with regulators in four categories: 1. relationships in ordinary periods where no proposed regulation is being considered and no examination is underway, 2. relationships when a rule is proposed or likely to be proposed by your regulator, 3. relationships when you are being examined by your regulator and 4. relationships when your regulator is investigating your firm or individuals associated with your firm. It is critical for the success of your business and the success of your regulator that you interact with your regulator in a constructive way in each of these circumstances.
My Experience at the SEC
At present I am a Lecturer at Harvard Law School where I am teaching my class on Investment Management Law for the fifth semester. I am working on a book about my experiences at the SEC from 2010 to 2015 during which time we tackled such issues as the Volcker Rule, money market fund reform and the SEC’s relationship with the Dodd-Frank-created Financial Stability Oversight Council. The book is my account of how a hedge fund executive like me interested in public service left a partnership in a hedge fund in 2009 to join an SEC that was shell-shocked after Madoff and Stanford. I describe “leading change” inside a agency riddled with bureaucracy and civil service privileges that defy common sense. But I also honor those who gave it their all, including stories of quiet patriots, hardworking regulators and lawyers who toil 24-7 to protect the American investor and carry out the SEC’s historic mission “to protect investors, maintain fair, orderly, and efficient markets, and facilitate capital formation.”
I started at the SEC in January 2010 supervising examinations of firms involved in the investment management industry in New York and New Jersey. In the summer of 2010 I became the Deputy Director of the Office of Compliance Inspections and Examinations with responsibility for, among other things, supervising the National Exam Program for broker-dealers, investment advisers/investment companies, exchanges, clearing agencies and credit rating agencies and working on policy issues arising out of the passage of Dodd-Frank in July 2010. The senior leadership of OCIE, the regional offices, OCIE Director Carlo di Florio and I worked to reorganize the SEC’s examination program after the revelations that the SEC had examined firms run by Bernard Madoff and Allen Stanford, missing massive Ponzi schemes that each was running. Among the steps we took were to bring in more industry experts to help examiners with examinations, automating the exam report process so that exam reports are available to all offices and structuring examinations to put more supervisors in the field.
In July 2012 Chair Mary Schapiro appointed me the Director of the Division of Investment Management and I served in that position until February of this year. In the Division we developed the new Risk and Examination Office to better evaluate the risks presented by products and firms by analyzing data on the investment management industry. We also reorganized the Division to increase communication across the Division and provide more opportunities for staff development. We completed significant policy projects such as the adoption of money market fund reforms and the approval of a new type of Exchange Traded Mutual Fund last year.
In my five years at the Commission I had the privilege of serving under three Chairs, Mary Schapiro, Elisse Walter and Mary Jo White, all of whom have made refocusing the SEC to be more effective a top priority. Under their leadership the agency has become more data-driven to keep pace with developments in the industry. My service in the agency on behalf of American investors and markets was an honor and a privilege. It will always be the highlight of my career and I am grateful for the opportunity to have served at the SEC during a time when it faced significant challenges and changes.
In addition to my SEC experience, I am the former General Counsel and Chief Compliance Officer of an investment advisor to hedge funds so I have sat in the seat that many of you occupy now. I have both served as a Chief Compliance Officer and hired two Chief Compliance Officers. In my time as a partner in an investment management business I built relationships with regulators, primarily the SEC but also the Federal Reserve, over a period of many years. I then had the experience of “switching sides” and seeing what these relationships looked like from the regulator’s point of view.
The Four Times to Build Relationships with Regulators
There are of course wrongdoers in every industry who do not devote any time to relationships with regulators because they are actively evading regulation and enforcement. But that is a limited group in any industry. The vast majority of people are trying to do the right thing and meet the regulations that apply to their industry. I’d like to argue to you that engaging often and well with your regulators is the best path to complying with your regulatory burdens while running a profitable business.
In the spring I gave a speech where I outlined what I call the “Compliance Calculus” (SM) that any firm in a regulated business must undertake in deciding what resources to devote to its compliance effort. The speech is available on my website at normchamp.com. I posited that the goal of your compliance program should be to avoid a civil enforcement proceeding by a regulator or a criminal proceeding by the Department of Justice. I think we can all agree that these outcomes are to be avoided if possible.
While avoiding an SEC Enforcement civil action, or worse, a criminal action from the Department of Justice, may be a non-controversial goal for your firm, should your goal be perfect compliance such that an examination produces no deficiencies? When I wore my regulatory hat I certainly hoped that you would have that goal of no deficiencies. But the reality is that it is difficult to achieve a no deficiency result for a variety of reasons.
So if you set your goal such that you are willing to receive some deficiencies but nothing so serious as to result in a civil or criminal investigation, how do you develop your relationships with regulators to help you achieve this goal? I propose that there are four phases of your relationship with regulators: when things are quiet, when industry wide regulatory change is possible or proposed, when your firm is being examined and when your firm has drawn the attention of civil or criminal authorities.
When Things Are Quiet
The most important time to build a relationship with your regulator is when you have no current matters with your regulator. For everyone in this technology fueled age, we all feel like they are in fact no quiet times because it feels like there’s always too much work to do and not enough people to do it. But during the times when you are not engaged with the regulator about a rule making, examination or an investigation is the best time to develop your relationship with your regulator.
A word about being a regulator. I often likened being at the SEC as similar to those terrariums we had when we were kids. When I was in the investment management business there were always outsiders around whether they were sell side personnel, consultants, lawyers or accountants. At the SEC staff works in guarded offices and indeed, in DC, the elevators don’t even work unless you have a government issued ID card. There are no outsiders ever unless you are warned they are there. That kind of isolation is dangerous and I applaud the SEC’s efforts to reach out for more industry knowledge and data. Nonetheless, being a regulator is always a bit like flying blind.
Your regulator may have access to a tremendous amount of data about your industry and that may lead you to think that your regulator is on top of developments in your industry and even with your firm. The reality is that your regulator is a branch of the government. As such, your regulator is almost undoubtedly dealing with technology that is way behind the technology that you take for granted everyday.
So when things are quiet I urge you to approach your regulator and offer your assistance. One very simple way to provide that assistance is to meet with the regulator and let them know what you are seeing in your industry. What business developments are driving innovation and change in your industry? What holdover practices from earlier times do you feel have not caught up with current operations? What risks do you see in your industry in the future? These are topics that you are thinking about anyway in the course of managing your business and implementing sufficient compliance efforts for your business to comply with applicable rules and regulations. If you can convey your knowledge of these issues to your regulator, you’ll make your regulator better informed and better able to craft policies to address issues in your industry.
In the SEC’s Division of Investment Management we promoted communication with the asset management industry through the Senior Level Engagement program where senior members of IM leadership and senior members of OCIE leadership meet with the boards and senior managements of significant asset management firms. The SLE program was established as a collaboration between the National Exam Program and the Division of Investment Management as an opportunity to increase understanding of developments in the asset management industry and a mechanism for establishing a more robust and ongoing dialogue with the leadership of larger asset management firms.
I know that there are those in the financial services industry and I’m sure in other industries who argue that it is much safer to keep your distance from your regulator. The theory being that the less your regulator sees you, the less chance your regulator gets interested in your company. I understand the theory but I disagree with it completely. Constructive, and proactive feedback and input from regulated entities is immensely valuable to your regulator. It makes your regulator much more knowledgeable in internal discussions and it helps your regulator anticipate upcoming issues. These are all places you want to regulator to be.
If you are wondering what topics to address with the regulator, you have many to choose from. If you have topics on your mind from your observations of your business and the competitive landscape, those are the most valuable insights a regulator can get. But also make sure you stay informed and updated about the issues that are of concern to your regulator. At the SEC significant changes in the SEC’s Exam Program and the Division of Investment Management over the last five years have made this much easier. Many of the efforts in Investment Management and OCIE were to increase transparency both inside the Commission and outside the Commission. The Division of Investment Management created IM Guidance Updates where IM could speak directly to industry participants. The National Exam Program now publishes a series of risk alerts and annual exam priorities. Particularly this year the list of exam priorities was shorter than it had been in prior years. The IM Guidance Updates, Risk Alerts and Exam Priorities are a free window into the topics that are on the minds of SEC staff.
As a regulator it is better to get to know a registrant when they are not under a mushroom cloud. It is easier for your regulator to understand what you are doing and the steps you are taking when you and your regulator are not under fire for a failure at your company. This goes to my last point regarding building relationships when things are relatively quiet. If your regulator knows who you are and what you are trying to do with regard to compliance, you may get the benefit of the doubt when something does go wrong. I am not saying that you will escape a serious violation of the rules but you may get a lighter punishment. If the infraction is minor, you may get off with a warning. It is just human nature, if the regulators know who you are and have seen you trying to devote resources to compliance and act in good faith, they will have more understanding if something goes wrong, absent fraud or willful misconduct.
The converse is also true. If your regulator has no idea who you are and then you have a compliance problem, things may go worse for you. Remember, they don’t know you. They don’t know if you are a good player or a bad player because you stayed away from them. If something goes wrong you will be trying to convince your regulator that you are a responsible firm with a good compliance program. That is much more difficult if something has already gone wrong.
During a Rulemaking
When your regulator turns to an action like a proposed rule making that will impact your industry, you have another opportunity to build an effective relationship with your regulator. If you are already engaged with your regulator and communicating regularly you will have a distinct advantage in engaging on a rulemaking. If you are not already engaged with your regulator at that point, you should get engaged.
Your input to regulators on possible policies makes sense from the perspective of your interest in having the best rule possible and for building your relationship with your regulator. I can’t tell you how many times stakeholders came in to the SEC and pointed out possible issues with a proposed policy that we had not thought of before they raised the issue. On the other hand, I recall several times when stakeholders came in to complain about a rule after it was adopted. When I asked them if they had commented on the proposed rule before it was adopted, they often said they had not. It makes sense to spend some of your resources up front to try to make the rule as tailored as possible to address the problem it is intended to solve and minimize the unintended consequences. Government action will always have unintended consequences, often ones that cause a rule to achieve the opposite of what was intended. Your input can reduce those unintended consequences.
Working with your regulator when they are considering a rule it is particularly important to help the regulator with data. As I have mentioned, your regulator may not have the tools to use the data you file. One of the projects that the SEC is working on is updating the filings it receives on mutual fund holdings. It is doing so because one of those filings is still in DOS format. Yes, that DOS format. Do not underestimate the difficulties you regulator may be having with data.
At the SEC our rule proposals often asked for data about a particular issues and we often would not get any data from the industry. I know that there is an argument that says that industry is better off not sharing information with an SEC or another regulator. The idea behind this argument is that sharing information and data may lead the regulator to do something it wasn’t otherwise considering. I can assure you that attitude is frustrating for the regulators. Just like in industry, the vast majority of regulators are trying to do the right thing with the information they have. If you give them more information, you have a better chance of them coming out with a rule that will be well thought out and supported by the data.
During an Examination
If your firm is subject to an examination by the SEC or another regulator, you have another opportunity to build your relationship with your regulator. I realize there are those in the audience who might not have quite that reaction to an exam! I understand that an exam can be a tremendous expenditure of resources by your firm and can be a source of concern that examiners may find something that you may have overlooked. Nonetheless, an examination involves a sustained interaction with your regulator. In that examination you have an opportunity to present your firm in the best light and to address any questions the examiners may have.
You are in the best position to know your firm. For instance, if you are managing a fund that trades liquid public securities with widely available end-of-day quotes, then valuation is not the issue for you that it is for a hedge fund that invests in hard-to- value distressed debt. The examiners may not know that about your firm. SEC examiners from the Office of Compliance Inspections and Examinations will have done background work on your firm but they will not know all of the details. First and foremost you want to make sure that the examiners understand exactly what your firm does and who you are. I recommend a meeting early in the examination process where senior leadership of your firm provides a picture of the firm and its business.
In addition to making sure examiners understand your business, educate the examiners about your compliance program. Evaluating compliance comes down to two topics — standing and resources. What standing does the CCO have within the senior management of the company. Does the CCO have a relationship with other members of senior management such that the CCO has access to the information needed to understand where to allocate compliance resources. The most encouraging sign is to see CCOs that are well-integrated with management and understand both current business issues that might result in compliance questions but also understand where the business is going so that they can anticipate future compliance needs.
You need to show the examiners that compliance, has adequate funding to provide the staff and technology resources to accomplish your compliance program. While I was at the Commission we saw compliance programs that were lavishly funded but they did not appear to be sufficiently integrated into the business to be able to detect issues of mistreatment of clients. Conversely, a smaller compliance program staffed by knowledgeable individuals who are seamlessly integrated into the business and supported by technology that can make them even more effective can be entirely appropriate. As Commission staff often states there is no “one size fits all” approach to compliance. Programs must be the right size to detect and prevent compliance violations in the business.
If there is support for the compliance function from other groups within the firm, do not keep it to yourself. These other supports for compliance can include departments such as internal audit, risk management and the business units themselves. The degree of support the compliance function receives from these other departments within the firm can be an indicator of how likely it is the firm will identify problems that may impact clients and put in place policies and procedures to mitigate those conflicts.
The examiners will want to see that you are testing and reevaluating your compliance program as often as necessary. You will often hear SEC personnel say that a stale compliance manual is worse than no compliance manual at all. Keep your compliance program fresh and subject to constant review. If you enter a new business or expand to a different country, make sure that your program adjusts to the new facts. See if your program is producing exception reports. Compliance is a human endeavor. By definition, human endeavors make mistakes. The SEC is not going to believe it if your program uncovers no mistakes.
Examiners are a skeptical bunch. Do not assume that a good flip book showing all of the above will satisfy them. They are going to want to see records and files and have interviews to back up your description of your compliance program. After one particularly good compliance presentation, examiners then went in to the trade room and asked the firm’s head trader about allocation procedures. The head trader said that he was told to describe allocations a certain way but that wasn’t what the firm really did. Do not fall in to this trap. You are better off admitting a shortcoming in your compliance efforts than having it discovered by examiners.
The longtime Chief Counsel of the Exam program at the SEC had a great line: “the easiest way to turn an exam in to an Enforcement investigation is to treat it like an investigation from the start.” What John Walsh meant was that if a firm’s personnel were uncooperative and hostile with examiners, examiners would assume that the firm was concealing wrongdoing and act accordingly. If you are tempted to give the SEC examiners the worst conference room you have that is so small that the examiners knees bump under the table, I discourage you from doing so. You do not have to give the examiners the best conference room you have, after all they know you are running a business, but if you give the examiners a comfortable place to work you are showing them respect and they will reciprocate.
An examination gives you an opportunity for the regulator to understand who you are and what your firm is trying to do. Don’t waste this chance. If the examination does show an issue or a problem, you are far better off if you have been cooperative during the examination and explained your compliance efforts. Again, back to my human nature point. If you have been uncooperative and hostile and the examiners find something, I promise you they will take a less charitable view of any explanation that you give.
During an Investigation
If all of your best efforts do not work out and you come under investigation from the SEC or another regulator, are you past the point of maintaining a relationship with your regulator? While I hope that you don’t end up under investigation, I also would argue that all is not lost. During my time at the SEC, I worked with the Enforcement Division on many investigations. I can tell you that not all investigations end with charges against the firm involved.
If you find yourself under investigation, I recommend that you maintain a spirit of cooperation and continue to explain the facts that landed you in the investigation. As Deputy Director of the SEC’s Exam program, I saw investigations dropped because the firm involved was able to adequately explain its conduct. Remember also that Enforcement at the SEC likes to win its cases. If you have an explanation for facts that may seem to be a problem, Enforcement will listen. They would rather find out sooner rather than later. Don’t let your relationship with the regulator lapse just because you are under investigation. Keep up your effort to engage and to provide information that your regulator needs. You will have a better chance of the investigation being closed out without being charged.
I hope that this outline of the four phases of interaction with a regulator is helpful as you think about how to engage with your regulator. I have tried to reflect on engagement with regulators based on my five years at the SEC and the attitudes and outcomes that I saw inside the building. Thank you again for your time today and I wish you the best with your conference.