2. International Association of Risk and Compliance
Professionals (IARCP)
1200 G Street NW Suite 800 Washington, DC 20005-6705 USA
Tel: 202-449-9750 www.risk-compliance-association.com
Welcome to the March 2012 edition of the International
Association of Risk and Compliance Professionals (IARCP)
newsletter
Dear Member,
Do you want to register a domain ending in ‘.bank’ or ‘.fin’? You
can forget it, according to the European Banking Authority
(EBA) because of “great potential for misuse by unscrupulous
individuals”
[Note: Unscrupulous = lack of moral standards or conscience. The
unscrupulous person is without scruples of conscience, and disregards, or
has contempt for, laws of right or justice with which he or she is perfectly
well acquainted, and which should restrain his or her actions ]
Ok, I can think of some persons that are just like that.
Can you imagine some guys that manage to register domains with names
that could belong to a well-known bank … from countries where
trademark protection is not a priority… and the lawyers that travel first
class to fight this?
Comments of the European Banking Authority (EBA) to the
Internet Corporation for Assigned Names and Numbers
(ICANN) on the planned Top Level Domain Names .bank and
.fin
23 February 2012 Comments
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
3. In June 2011, the ICANN Board of Directors approved a ‘New Generic
Top Level Domain Programme’ that allows the implementation of
additional generic top-level domains (gTLDs).
[Note: A generic top-level domain (gTLD) is one of the categories of
top-level domains (TLDs) maintained by the Internet Assigned Numbers
Authority (IANA) for use in the Domain Name System of the Internet.
The core group of generic top-level domains consists of the com, info,
net, and org domains.
Historically, the group of generic top-level domains included domains,
created in the early development of the domain name system, that are
now sponsored by designated agencies or organizations and are restricted
to specific types of registrants.
Thus, domains edu, gov, int, and mil are now considered sponsored
top-level domains, much like the many newly created themed domain
names (e.g., jobs).
The entire group of domains that do not have a geographic or country
designation (see country-code top-level domain) is still often referred to
by the term generic TLDs.]
Under this programme new gTLDs such as ‘.bank’ and ‘.fin’ could be
established and assigned to companies or individuals claiming to be
financial intermediaries or banks.
The EBA has had the opportunity to examine the issue of the envisaged
new Top Level Domains (TLDs) ending in ‘.bank’ and ‘.fin’ in detail and
to discuss it in the latest meeting of its Board of Supervisors in December
2011.
It has come to the conclusion that there are many supervisory concerns
surrounding the operation of the proposed TLDs by the ICANN, relating
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
4. mostly to the great potential, according to the EBA view, for misuse by
unscrupulous individuals, and that, therefore, any plans for their
operation should ideally be discontinued.
It is the view of the EBA that potential mitigating measures such as those
which, we understand, are envisaged by the ICANN (creation of separate
entity for the registration and control of these TLDs, or other technical
ways to ensure the security of the system) do not necessarily mitigate the
financial supervisors’ concerns.
The potential for consumers of financial services to over-rely on what
might be perceived as ‘regulatory endorsement’ of the companies
operating under such TLDs is immense, and the risk for new types of
fraud and ‘phishing’ can be enormous.
The same can be said of the danger for confusion regarding the operation
of legitimate websites by ‘true’ financial institutions and regulated
entities.
This could lead to the need for them to establish costly and complex legal
or commercial initiatives in order to safeguard their trademarks from
frauds and abuses.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
5. Remarks (at the Practising Law Institute’s SEC Speaks) by
Chairman Mary L. Schapiro, U.S. Securities and Exchange
Commission, Washington D.C., Feb. 24, 2012
Parts of the speech
Twenty years ago when I first served as an SEC commissioner, the
financial world was a very different place. The Dow was inching towards
the 3000 mark. Derivatives were barely a blip on the radar. A portable
Macintosh weighed 16 pounds. And all you could do on a cell phone was
talk.
For most SEC staff, the biggest market disruption in living memory was
the “Black Monday” crash of 1987 – a near-cataclysmic experience to be
sure, but one that paled in comparison to the crisis of 2008.
So, when President Obama asked me to return and serve as Chairman, I
knew the agency would be challenged on a level at which no SEC had
ever been challenged before:
Challenged to restore confidence in markets that had nearly
self-destructed.
Challenged to address risks that could jump from market to market
like wildfire, incinerating each in turn.
Challenged to bring a pre-crisis mindset into a post crisis-era.
Challenged to prove that the agency could and would step up to
play its role, aggressively and effectively.
Given the scope of the financial crisis and the fallout from the Madoff
scandal, it was no surprise that some were calling for the agency to be
disbanded. But, the investing public and policymakers understood the
importance of our mission – to protect investors and ensure the integrity
of our markets.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
6. And the men and women of the SEC were eager to meet these challenges
head on.
That was no surprise to me. From my earlier years with the SEC, I knew
well that the individuals who serve are a dedicated and talented team, able
and eager to rise to the occasion. I knew we’d come through – and I am
pleased by how far we have come.
And, so I would ask anyone who currently works – or has previously
worked – at the SEC to stand and be recognized.
Thank you.
Our commitment to evolve helped to drive a consensus, inside and
outside the SEC, that the better solution was not to shutter the agency,
but to strengthen it – to demand more aggressive and efficient action
from us, and for us to embrace needed reforms and better adjust to the
new world in which we were operating.
And that’s what the SEC’s leadership team set out to do.
We redesigned the SEC, investing in technology and human
capital, and significantly improving operations.
We put in place a new operating strategy, rooted in an
entrepreneurial attitude and a collaborative approach.
We immediately began to execute on an agenda that would better
protect investors and reduce the chances of another systemic
shockwave.
I knew, as we found our footing after the financial crisis and began to
implement this strategy, that every move would be watched by many eyes.
What I didn’t realize was that the SEC’s energetic response to the
challenges we faced would lift the agency’s profile to heights rarely seen
since the days of Joe Kennedy and The New Deal.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
7. I welcome the attention. It gives rise to needed debate about important
issues and challenges us to be our best.
But, I sometimes worry that the tendency of observers to focus on
individual rules or discrete actions distracts them from the big picture.
What the agency has accomplished is greater than the sum of the rules
we’ve adopted and the cases we’ve brought: we have fundamentally
changed the agency in ways that will allow us to carry out our mission
more effectively than ever in the 21st Century.
And it’s not just that we’ve accomplished a great deal over the last three
years. It’s that we’re now fundamentally better equipped to perform at an
even higher level in the years to come.
Redesigning the SEC
Investing for Continued Success
A first priority was to make better use of SEC resources, carefully
investing overdue budget increases in people and technology and
improving management in ways that allowed us to make the most of our
funds.
When I returned to the SEC, I saw how much the staff was being asked to
do, and how little they were being given to do it.
Although the agency experienced a brief period of funding growth
following Sarbanes-Oxley, the budget failed to keep up with inflation in
the years leading up to the financial crisis.
Despite continued growth in the markets, the number of employees
actually fell. And with oversight, examination and enforcement staff
stretched to the limit, operations and IT needs were put on the back
burner – investments in new IT fell by half.
During my term, we have been fortunate to experience a modest funding
turnaround – increases that we were determined to invest strategically.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
8. We wanted not just to grow, but to grow more efficient as well – growing
in ways that would expand capacity faster than the budget numbers were
rising.
We broadened our hiring approach, searching for recruits with
financial industry backgrounds and specialized experience. We
now have traders, asset managers, academics and quants on staff in
addition to attorneys, economists and accountants, giving us a
correspondingly greater insight into the technologies and practices
that drive today’s financial markets.
We increased the training budget to more than double what it was
in 2009, helping staff to keep pace with the changes in the market.
We significantly upgraded our case management system.
Overworked attorneys and paralegals can now take advantage of
vastly improved research capabilities – and we are deploying an
agency-wide eDiscovery tool that will expand our ability to parse
evidence and drill down on key subjects.
Perhaps our most reported IT investment has been our new system
for handling the thousands of tips, complaints and referrals we
receive each year. And an ongoing series of upgrades is allowing us
to better triage the information we receive as well as compare the
data more effectively – opening new investigations, routing tips to
existing investigations or discovering emerging trends that need to
be watched.
Managing Effectively
Together with wise investments, we also have been finding ways to
improve agency operations.
Within the various divisions and offices, we’ve created “managing
executive” positions to handle important support areas, freeing
legal, examination and other professionals to focus their skills on
mission-critical work.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
9. We are outsourcing responsibilities like leasing and financial
management reporting to other agencies, focusing on core
strengths and deploying people and resources accordingly.
And we’re implementing a number of management
recommendations resulting from the Dodd-Frank mandated study
of agency operations.
After three years of intense effort, the SEC is simply a sounder agency on
a fundamental level, deploying people and technology more effectively
and maximizing the impact of our limited resources.
It’s all part of an effort to be more effective for years to come. But it should
not suggest in any way that our work is done.
Instilling Entrepreneurial Leadership
Parallel to our investments in people and tools, we began to put in place a
new approach.
We wanted to be more entrepreneurial – moving to diminish or head off
threats within the markets, trusting our teams to recognize these threats
and move rapidly without the need for top-down guidance in every case.
This approach has flourished, and while we don’t have time to discuss
every office and division, I’d like to offer a few as examples of how it is
improving our efforts.
Corporation Finance
One place to look is the Division of Corporation Finance, which is run by
SEC Speaks co-Chair Meredith Cross, and which has been particularly
aggressive in enhancing its structure and focus.
In the last year, Corp Fin established new groups to concentrate closely
on three systemically critical facets of the financial world: the largest
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
10. financial institutions, structured finance products, and capital markets
trends.
These offices will help ensure that investors have clear information about
items that could – without the sunlight of disclosure – turn into malignant
trends or dangerous practices.
In addition, Corp Fin’s disclosure teams have been proactive in targeting
specific disclosure issues which have potentially significant
consequences.
They’ve prompted companies to provide critical information about
the potential financial impact of repatriating cash held overseas.
They’ve raised questions about whether companies are properly
disclosing their litigation contingencies.
And they’ve worked with our enforcement, accounting and
international units to combat an uptick in problems with reverse
mergers by stepping up scrutiny of related filings.
Corp Fin also is taking a lead in providing companies guidance on how
existing disclosure rules apply to emerging and fast-changing market
realities, issuing guidance – where possible – before inadequate or
outdated disclosure practices harm investors.
The staff issued guidance regarding the way financial services firms
should disclose their exposure to European sovereign debt in time for
these firms to use it when they prepare their annual reports – helping to
provide investors with adequate, granular financial information even as
the situation remains fluid.
And the staff issued guidance regarding companies’ obligations to
disclose material cyber-security risks and attacks – clearly an area of
growing concern to investors.
Additionally, in reviewing the most recent wave of IPOs, Corp Fin quickly
stopped problematic revenue recognition practices. And they halted the
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
11. use of misleading non-GAAP measures before these practices – prevalent
during the tech bubble of the 90s – could take root again.
Similarly, disclosure teams acted swiftly when the right of investors to
have their day in court was threatened – by objecting to a mandatory
arbitration provision that was included in governing documents
connected with a company’s IPO.
The results of these changes aren’t always eye-catching. But we are
convinced that increased focus on systemically significant market sectors
is a necessary shift in a post-crisis world.
We know that our proactive efforts to provide guidance have proved
helpful to many companies as they grapple with disclosure issues.
And we believe, based on our own review of disclosure statements, that
investors are getting information that is both more complete and more
relevant than in the past.
Office of Compliance Inspections and Examinations (OCIE)
Perhaps the areas in which changes in organization and approach have
been most apparent are in our examination and enforcement units.
In both, new leadership has managed significant organizational changes
and – just as important – encouraged an aggressive and proactive
approach.
Over the last two years, OCIE has put in place a new National
Examination Program.
The program has brought changes in the way examination teams are
assembled – OCIE now precisely matches examiners’ skills with the
unique challenges each examination offers.
Examination materials are now standardized.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
12. And working with the Division of Risk, Strategy and Financial
Innovation, this national exam program greatly expands the use of
risk-based targeting.
Better targeting and more effective examinations are paying off. Over the
last two years, 42 percent of exams have identified significant findings –
up by a third since 2009.
And over that same period, the percentage of exams resulting in referrals
to Enforcement has risen by half, from 10 percent to 15 percent.
One such referral involved a fund which had come into our sights through
our risk-based targeting efforts.
During the resulting examination, the fund admitted to an error in its
trading algorithm, which it had previously failed to report – a failure that
cost investors more than $200 million.
Thanks to the work of the exam team and enforcement staff, the fund
agreed to a settlement – returning the money to wronged investors almost
before they knew they had been wronged and paying a $25 million
penalty.
Division of Enforcement
Meanwhile, the Enforcement Division – led by today’s other co-Chair
Rob Khuzami –revamped its operations, putting additional talented
attorneys back on the front lines, creating specialized units, and
streamlining procedures.
Those reforms are already producing record results. I won’t steal all of
Rob’s thunder, but last year the SEC brought a record 735 enforcement
actions, including some of the most complex cases we’ve ever worked on.
And we obtained orders for $2.8 billion in penalties and disgorgements.
What’s most satisfying is that last year we returned more than $2 billion to
wronged investors.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
13. If Congress agrees with my request to raise the caps on what we can
obtain, we would have the ability in appropriate cases to return even
larger sums to wronged investors.
In the area of financial crisis-related cases, we filed charges against nearly
100 individuals and entities – actions against Goldman Sachs, Citigroup,
J.P. Morgan and top executives at Countrywide, Fannie Mae and Freddie
Mac. And more than half of the individuals charged were CEOs, CFOs or
other senior officers.
It should come as no surprise that there are more actions to come.
This division also realized significant gains from its Aberrational
Performance Inquiry – another collaborative effort with Risk Fin and
OCIE which uses quantitative analytics to search for hedge fund advisers
whose claimed returns are unusual enough to raise a red flag.
In December, as a result of one of the aberrational performance sweeps,
we charged four hedge fund advisers for inflating returns, overvaluing
assets and other actions that materially misled and harmed investors.
OCIE, RiskFin, and Enforcement are working together through different
analytic initiatives to target various types of misconduct.
These initiatives are particularly important to the SEC’s efforts to detect
fraud before complaints are received.
And one can draw direct lines between Enforcement’s earlier
restructuring and its current results.
For instance, one unit created during the reorganization – the Asset
Management Unit – took the time to survey a group of firms that were
actively communicating through social media.
In the process, they learned about the various approaches firms were
using – getting a sense of those that were legitimate and those that might
not be.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
14. Shortly thereafter, a staff member who was familiar with the survey
noticed something irregular in the operation of an Illinois-based
investment adviser.
In short order, the ensuing investigation uncovered the fact that the
adviser was offering more than $500 billion in fictitious securities through
various social media websites, garnering significant attention from
multiple potential buyers.
Again, the agency acted before investors were harmed by suing the
adviser last month and effectively halting the fraud.
But rather than just stopping there, Enforcement teamed up with OCIE,
the Investment Management division and our Investor Education office.
And on the same day that we shut down the fraud, we released two
publications – one that will help investors recognize, avoid, and report
similar scams, and another one that will help investment advisers keep
their communications in compliance.
It’s hard to quantify the results of efforts like these – to know how much
savings won’t be poured into fraudulent offerings or what tips might arise
from the publications we’ve released.
But we think this is important and that this aggressive and coordinated
approach is yielding superior results across the agency – and will
continue to do so going forward.
Recommitting to our Investor Protection Mission
Yet another priority in recent years has been rededicating ourselves to our
investor protection mission – an important task if we were to bolster the
confidence so necessary for our markets to thrive.
That meant strengthening the regulatory structure and pulling back the
veil that covered portions of our financial system.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
15. That is why – even before Dodd-Frank – we set out to address the
resiliency of money market funds, insist upon more meaningful
information regarding municipal securities and require more information
from investment advisers, among other initiatives.
The Dodd-Frank Act
With the passage of Dodd-Frank our responsibilities expanded
dramatically.
And I am proud of the across-the-board progress we are making against
these mandates.
Of the more than 90 mandatory rulemaking provisions, the SEC has
proposed or adopted rules for more than three quarters of them, not to
mention a number of the rules stemming from the dozens of other
provisions that give the SEC discretionary rulemaking authority.
And we already have completed 12 studies called for by Congress.
We could talk for hours about Dodd-Frank, but let me just touch on a few
highlights.
In the area of corporate governance, we have finalized rules
concerning shareholder approval of executive compensation and
"golden parachute" arrangements.
Led by the Division of Investment Management, we have adopted
new rules that have already resulted in approximately 1,200 hedge
fund and other private fund advisers registering with the SEC. It’s a
process by which they agree to abide by SEC rules and provide
critical systemic risk information that can give regulators better
insight into their practices.
And we have established a whistleblower program that is already
providing the agency with hundreds of higher-quality tips, helping
us to avoid investigatory dead-ends and – at the same time –
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
16. prodding companies to enhance their internal compliance
programs.
In another area, response to the meltdown of the mortgage-backed
securities market, the SEC has proposed rules that will protect investors
by:
Increasing dramatically investors’ visibility into the assets
underlying all types of asset backed securities.
Requiring securitizers – in conjunction with our banking
colleagues – to keep skin in the game, giving them an incentive to
double-check originators’ underwriting practices.
Changing the practices of the rating agencies whose gross
mis-ratings of billions of dollars of mortgage-backed securities
were kerosene on kindling.
OTC Derivatives
Next up will be the final proposals to essentially build, from the ground
up, a new regulatory regime for over-the-counter derivatives.
The over-the-counter structure of the derivatives market has long
presented a risk to the financial system.
In October 1993, I addressed a Symposium for the Foundation for
Research in International Banking and Finance about the potential
problems.
At that time I said “nothing will interrupt the progress of the derivatives
market more abruptly than a financial crisis that is perceived to be caused
or exacerbated by unregulated activity in those markets.”
Back then, of course, the notional value of interest rate and currency
swaps was $4.7 trillion, which seemed like an extraordinary figure.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
17. I was concerned that this potentially useful financial innovation might
present significant systemic risk for various reasons, including: the
opacity of the derivatives market; weak or non-existent capital, margin
and clearing and settlement requirements; and the concentration of
derivative transactions among a relatively small number of institutions.
While others shared these concerns, in 2000, Congress specifically
excluded most derivatives transactions from regulation.
And by mid-2008, as the repercussions of the mortgage-backed securities
market’s collapse were echoing throughout the financial system, the
notional value of the derivatives market had increased more than a
hundred-fold, and was approaching $700 trillion.
Title VII of Dodd-Frank addresses challenges in the OTC derivative
market underscored by the events of 2008, by bringing the derivatives
market into the daylight.
The SEC is working with the CFTC to write rules that strengthen the
stability of our financial system by:
Increasing centralized clearing of swaps and ensuring that capital
and margin requirements reflect the true risks of these products.
Improving transparency to regulators and to the public by shedding
light on opaque exposures and assisting in developing more robust
price discovery mechanisms.
Increasing investor protection by enhancing security-based swap
transaction disclosure, mitigating conflicts of interest, and
improving our ability to police these markets.
Next Steps on Implementing Title VII
It is my hope that, in the near term, we will complete the last remaining
proposals regarding capital, margin, segregation and recordkeeping
requirements.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
18. But, we are already beginning to transition to the adoption phase. As a
first step, I expect the Commission to soon finalize rules that further
define who will be covered by the new derivatives regulatory regime and,
next, what will constitute a security-based swap.
Finalizing these definitions will be a foundational step, defining the scope
of the new regulatory regime and letting market participants know
whether their current activities will subject them to the substantive
requirements we will be adopting in the coming year.
Beyond this, the Commission staff is continuing to develop a plan for how
the rules will be put into effect.
The plan should establish an appropriate timeline and sequence for
implementation and avoid a disruptive and costly “big bang” approach.
And at all stages of implementation, those subject to the new regulatory
requirements will be given adequate time to comply.
International Application of Title VII
While some issues are stand-alone concerns, certain issues cut across the
entirety of our implementation of Title VII.
Among the most important, given the global nature of the derivatives
market, is the international impact of our rules.
We are working hard to coordinate with our foreign counterparts to help
achieve consistency among approaches to derivatives regulation.
There has been significant progress on the international level.
Our cross-border approach must strike a balance between sufficient
domestic regulatory oversight and the realities of the global market.
A “one-size-fits-all” approach is neither feasible nor desirable.
In the near term, the Commission intends to address the most salient
international issues in a single proposal.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
19. This will give interested parties an opportunity to consider, as an
integrated whole, our approach to cross-border transactions and the
registration and regulation of foreign entities engaged in such
transactions with U.S. parties.
Money Market Funds
Despite the breadth of Dodd-Frank, there are other gaps in the regulatory
system that threaten investors that we are working to address.
One high-profile area of interest is money market funds. As you know,
when the Reserve Primary Fund broke the buck in 2008, it set off a run so
serious that the federal government was forced to step in and guarantee
the multi-trillion dollar industry.
It was a shock that reverberated across the market and compelled us to
take action. And so, two years ago, we adopted regulations making the
mix of investments these funds can hold more liquid and less risky. But,
at the time, I said we needed to do more.
That is because money market funds remain susceptible to runs and to a
sudden deterioration in quality of holdings.
We need to move forward with some concrete ideas to address these
structural risks.
We’ve spent lots of time and outreach reviewing many possible
approaches.
There are two serious options we are considering for addressing the core
structural weakness: first, float the net asset value; and second, impose
capital requirements, combined with limitations or fees on redemptions.
It’s hard to miss the hue and cry being raised by the industry against
either of these approaches.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
20. But the fact is investors have been given a false sense of security by
money market fund sponsor support and the one-time Treasury
guarantee.
Funds remain vulnerable to the reality that a single money market fund
breaking of the buck could trigger a broad and destabilizing run.
Should that happen, the government will not have the tools it had in 2008.
Then, Treasury used the Exchange Stabilization Fund to stop the run.
But Congress eliminated that option when it passed TARP legislation.
Today, the money-market fund industry and, by extension, the short-term
credit market, is working without a net.
To the extent that there’s a deadline, it’s the pressure that we should feel
from living on borrowed time.
We’ve been incredibly deliberate about this. The President’s Working
Group report on reform options was issued in October 2010.
We’ve had extensive public comment.
And we held a roundtable with the Financial Stability Oversight Council
on money market funds and systemic risk last May.
Consolidated Audit Trail
Finally, we’re working to improve the SEC’s capacity to regulate and
investigate. And so another major initiative is the consolidated audit trail.
Standardizing reporting across trading platforms would seem to be an
obvious move, serving investors on two levels: aiding in the investigation
of suspicious trading activities, insider trading, or market manipulation
and allowing more rapid and accurate reconstruction of unusual market
events.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
21. The complexity of the undertaking, however, has necessitated a detailed
and extended rulemaking process, including a thoughtful review of the
many comments received since we first proposed the system’s creation.
The contours of the regulation are being finalized and will be considered
by the full Commission. But, regardless of the details, the broader result
must be a mechanism that gives the agency the ability to rapidly
reconstruct trading – something that doesn’t exist today.
In addition, while the initial proposal will be for an audit trail tracking
orders and trades in the equity markets, I believe that the system should
eventually be expanded to include fixed income, futures and other
markets.
It is important that we get a structure in place sooner rather than later so
that the heavy lifting of working through the technical nuances of the
system can begin.
We expect to adopt a final rule in the months ahead.
After that, I anticipate that the exchanges and FINRA will be required to
submit a detailed blueprint, which in turn would be subject to public
comment and a separate Commission approval.
Conclusion
I’m proud to have the opportunity to work at the SEC during an
exceedingly productive period in its history.
The SEC has accomplished much and we are on the verge of further
critically important rulemakings that will strengthen the structure of the
financial markets and enhance the agency’s ability to oversee those
markets and pursue investors’ interests.
However, just as important as the cumulative effect of these
accomplishments, are improvements in the culture, management,
approach and attitude of the agency as an institution and the staff who
make it work – improvements that all regulatory agencies should undergo
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
22. – and that will allow the SEC to continue to function at a high level in the
years ahead.
No one can predict what challenges will arise, what new threats to market
stability will emerge, what fraudsters and manipulators will try down the
road.
But whatever does happen, the SEC is now materially better able to
enforce the law and to identify and manage threats.
The burst of activity isn’t just a result of circumstances – a reaction to the
financial crisis. It’s an indication that the SEC is evolving in step with the
rapidly changing markets.
It has been a busy time. But there are a lot proud people who – even as we
finish what is on our plates today – are looking ahead to an equally
productive future.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
23. Data privacy rules into effect in China
The new regulations have been issued by the Ministry of Industry and
Information Technology (MIIT) and cover the collection, storage and use
of personal information by Internet companies.
Data privacy has become a high priority in China after some interesting
cases at the end of 2011, involving the disclosure of names, addresses,
telephone numbers and email addresses of users by Internet companies,
including Dangdang, Jingdong and Alipay.
In the new regulations we have a definition of personal information -
information for a user that, alone or in conjunction with other
information, could be sufficient to identify the user
There are several new privacy law developments in China.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
24. “Unreasonably Feeble”
Opening Statement of Commissioner Scott D. O’Malia Regarding Open
Meeting on One Final Rule and One Proposed Rule1
February 23, 2012
Important parts of the speech
The latest issue of The Economist features an article titled
“Over-regulated America” that features as its archetype for excessive and
badly-written regulation our own Dodd-Frank Act.
The problem, the article points out, is that rules that sound reasonable on
their own may impose a huge collective burden due, in part, to their
complexity.
Part of the problem is that we, as The Economist points out, are under the
impression that we can anticipate and regulate for every eventuality.
In our hubris, The Economist warns, our overreaching tends to defeat our
good intentions and creates loopholes and perhaps unintentional
safe-harbors, leaving our rules ineffectual and subject to abuse.
The solution The Economist offers isn’t so unfamiliar, at least to this
Commissioner. It is rather simple. It is just that: Rules need to be simple.
Echoing President Obama’s 2011 Executive Order 13563 “Improving
Regulation and Regulatory Review” (which applies equally to
independent federal agencies such as the Commodity Futures Trading
Commission (the “Commission” or “CFTC”) per a subsequent Executive
Order), The Economist advises that we ought to cut out the verbiage and
focus on writing rules that articulate broad goals and prescribe only what
is strictly necessary to achieve them.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
25. In my own words, in several prior statements, I have argued that we must
ensure that regulations are accessible, consistent, written in plain
language, guided by empirical data, and are easily understood.
I cautioned that, with each piecemeal rulemaking, we risk creating
redundancies and inconsistencies that result in costs—both opportunity
costs and economic costs—without corresponding benefits.
Consistent with Executive Order 13563, which reaffirms prior guidance
on the subject of regulatory review issued in the 1993 Executive Order
128665 as well as Office of Management and Budget (“OMB”) guidance
to federal agencies with respect to said Executive Order, agencies like the
CFTC must go out of their way to ensure responsible rulemaking by,
among other things, undertaking thorough cost-benefit analyses, both
qualitatively and quantitatively, to ensure that new rules do not impose
unreasonable costs.
I accepted wholeheartedly the mission put upon this administration by
the President to “root out regulations that conflict, that are not worth the
cost, or that are just plain dumb.”
Today, in furtherance of that mission, I will not support the final rules
governing various internal business conduct standards for futures
commission merchants, introducing brokers, swap dealers and major
swaps participants (the “Internal Business Conduct Rules”).
These rules fail to articulate necessary and clear performance objectives,
are needlessly complex, and create a collective burden without the benefit
of even an appropriate baseline cost-benefit analysis.
The fact that OMB’s Office of Information and Regulatory Affairs has
concurred with our determination that this set of rules qualifies as a
“Major Rule” under the Congressional Review Act with an annual effect
on the economy of more than $100 million without a fulsome discussion of
anticipated costs, let alone an analysis based on reasoned assumptions or
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
26. evaluation of the impacts of this rulemaking against the pre-statutory
baseline, is regulatory malpractice in my book.
While we set the bar low here at the Commission for our cost-benefit
analyses, and accept what is “reasonably feasible,” this rulemaking is
nothing but unreasonably feeble.
Time for a Review of our Cost-Benefit Analyses
After reviewing the Internal Business Conduct Rules, I have reached a
tipping point and can no longer tolerate the application of such weak
standards to analyzing the costs and benefits of our rulemakings.
Our inability to develop a quantitative analysis, or to develop a reasonable
comparative analysis of legitimate options, hurts the credibility of this
Commission and undermines the quality of our rules.
I believe it is time for professional help, and I will be following up this
statement with a letter to the Director of the OMB seeking an
independent review of the Internal Business Conduct Rules to determine
whether or not this rulemaking fully complies with the President’s
Executive Orders and the OMB guidance found in OMB Circular A-4.
To the extent that OMB finds any concerns with the Commission’s
economic analysis, I hope that it will provide specific recommendations
as to how the Commission can improve its cost-benefit analysis and
analytical capabilities.
A Cost-Benefit Analysis without Costs?
Lest anyone think that I am inadvertently waiving a work-product or
other privilege, the Commission’s May 13, 2011 internal Staff Guidance on
Cost-Benefit Considerations for Final Rulemakings under the
Dodd-Frank Act (“Staff Guidance”) was made public as Exhibit 2 to the
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
27. CFTC’s Office of Inspector General’s June 13, 2011 Review of
Cost-Benefit Analyses Performed by the CFTC in Connection with
Rulemakings Undertaken Pursuant to the Dodd-Frank Act, which is
available on the CFTC’s website.
While it is not my intent to walk you through the Staff Guidance (or the
Inspector General’s report for that matter), I do think it warrants attention
for the inattention it gives to both the principles of Executive Orders
13563 and 12866 and OMB guidance found in Circular A-4 (“OMB
Circular A-4”).
More specifically, and among other things, the Staff Guidance provides
that each rulemaking team should, “incorporate the principles of
Executive Order 13563 to the extent they are consistent with section 15(a)
[of the Commodity Exchange Act] and it is reasonably feasible to do so.”
Keep in mind that while Section 15(a) of the Commodity Exchange Act
requires the CFTC to consider the costs and benefits of its proposed
regulations, the Commission has interpreted the language of section 15(a)
to neither require quantification of such costs and benefits, nor to require
the agency to determine whether the benefits exceed costs or whether the
proposed rules are the most cost-effective means of reaching goals.
“Rather, section 15 simply requires the Commission to ‘consider the costs
and benefits’ of its action.”
That was a direct quote from the Federal Register.
Further, under the Staff Guidance—and clearly consistent with the
Commission’s interpretation of section 15—rulemaking teams need only
quantify costs and benefits “to the extent it is reasonably feasible and
appropriate to address comments received.”
As additional guidance, staff is advised that “reasonably feasible and
appropriate” means “the extent to which (i) certain analyses, quantitative
or qualitative, is [sic] needed to address comments received
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
28. (“appropriate”) and (ii) whether such an analysis may be performed with
available resources (“reasonably feasible”).
Accordingly, our interpretation of our duties pursuant to section 15(a) and
Staff Guidance provides that we need not quantify the costs or benefits of
our rules unless we need to do so in order to respond to comments, and
that we can do so with whatever resources are immediately at our
fingertips.
As for the Executive Orders, it appears that we will incorporate their
principles only when they neatly align with our own interpretation of
section 15(a), and only when we can do so without utilizing the resources
immediately within our coffers.
Setting the Bar Low
Setting the bar this low is pretty remarkable. Indeed, former
Commissioner and Acting Chairman William P. Albrecht recently
remarked that expecting any detailed cost-benefit analysis of the
proposed Dodd-Frank rules is impossible in part because, “[T]he CFTC
has never had to develop CBA expertise.”
Commissioner Albrecht advised that, “A good starting point might be to
require more detailed analysis of the costs of alternative means of
accomplishing a particular goal.
This would help the agency develop CBA expertise and should, over time,
lead to a deeper understanding of the costs of regulation.”
I believe that Commissioner Albrecht’s advice is already well-articulated
in both Executive Orders and OMB Circular A-4 as incorporated directly
into the Staff Guidance.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
29. However, the Commission skirts these requirements and apparently
refuses to develop expertise.
Instead, the Commission limits itself to responding to comments, but
only when it doesn’t require any analysis beyond that which it did for the
proposal.
Pick Any Baseline You Like
Additionally, as in today’s final rulemaking, the Commission has
determined, in contradiction of OMB guidance directly on point, that in
setting the baseline for comparison of the costs and benefits of regulatory
alternatives, it may set the “baseline” to incorporate the costs of
statutorily mandated rulemakings, regardless of how the CFTC has
interpreted the statutory goals and regardless of the existence of
alternative means to comply with such goals.
Thereby, the Commission is relying on an arbitrary presumption that,
“To the extent that ... new regulations reflect the statutory requirements
of the Dodd-Frank Act, they will not create costs and benefits beyond
those resulting from Congress’s statutory mandates in the Dodd-Frank
Act.”
What does this mean? Well, according to the Commission in this
rulemaking, it means that for commenters who “posit that there is no
benefit to be derived from internal business conduct standards as
mandated by Congress and that the mandated provisions do not generate
sufficient benefits relative to costs or contribute to the purposes (e.g.
mitigating systemic risk and enhancing transparency) of the Dodd-Frank
Act. ...these commenters’ concerns fall outside the Commission’s
regulatory discretion to implement sections 4s and 4d of the CEA and fail
to raise issues subject to consider[ation] under section 15(a).”
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
30. That is, the Commission will ignore comments related to required
rulemaking provisions that mirror statutory language in spite of the fact
that the Commission always has some level of discretion in determining
the means to achieve such mandates. Rather the Commission will
consider comments on new regulations “that reflect the Commission’s
own determinations regarding implementation of the Dodd-Frank Act’s
provisions. ... It is these other costs and benefits...that the Commission
considers with respect to the section 15(a) factors.”
It is unacceptable that the Commission ignores pre-Dodd-Frank reality
and establishes its own economic baseline for its rulemakings.
This practice defies not only common sense, but rigorous and competent
economic analysis as well.
I will briefly highlight how these rules not only fail to include a rational,
rigorous, and sustainable cost-benefit analysis, but fail to articulate
necessary and clear performance objectives, are complex, and create an
unjustifiable cumulative burden within this rule and when considered
with other CFTC regulations and those of prudential regulators.
Does the Technology Exist?
With regard to recordkeeping requirements, the Internal Business
Conduct Rules impose a substantial burden on Swap Dealers (“SDs”)
and Major Swap Participants (“MSPs”) to maintain extensive audio
recordings including the requirement to tag each taped conversation and
make it searchable by transaction and counterparty.
Understandably, section 4s(g) does require the maintenance of such daily
trading records for each counterparty and that they be identifiable with
each swap transaction.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
31. However, in spite of enormous technological challenges it is unclear as to
whether or not the Commission undertook any independent effort to
determine the technical challenges of implementing such a system,
including, whether such technology currently exists, the costs of
acquiring and installing such technology, and whether such a system
could be developed and/or installed within the timetable set by the
Commission.
The Commission has failed the fundamental test in Circular A-4 to
establish an appropriate baseline and consider a range of alternatives with
associated costs and benefits.
Although the Commission modified its original proposal to not require
each telephone record to be kept as a single file, it fails to quantify the
specific cost of complying with a costly and technically challenging
mandate.
Moreover, in determining that such audio recordings are to be
maintained for a one-year period, the Commission provides no analytical
support for this retention period over a more reasonable six-month period
other than to say that such period will be “most useful for the
Commission’s enforcement purposes.”
Unreasonably Feeble
Ironically, the SDRs were created in the Dodd-Frank Act to facilitate
market transparency and reporting.
The Commission could provide greater transparency into its own
cost-benefit analysis by disclosing its assumptions and data to support its
conclusions.
OMB Circular A-4 outlines standards for transparency with the following
direction, “A good analysis should be transparent and your results must
be reproducible.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
32. You should clearly set out the basic assumptions, methods and data
underlying the analysis and discuss the uncertainties associated with your
estimates.”
It goes on to recommend that, “To provide greater access to your
analysis, you should generally post it, with all the supporting documents,
on the internet so the public can review the findings.”
I presume the Commission feels that this level of compliance is not
appropriate, given that the commenters failed to demand it, and is simply
not reasonably feasible.
Conclusion...But Only For Now
I believe our reasonably “feasible standard” as articulated in our own
Staff Guidance has caused us to miss any marker for identifying and
using the best, most innovative and least burdensome tools to meet the
regulatory ends laid out in section 4s of the Commodity Exchange Act.
We should be held accountable for not only failing to even attempt to
meet the goals set by the President, but for deliberately eschewing them.
I agree with Chairman Albrecht that the CFTC ought to be required to
undertake more rigorous cost-benefit analyses.
I believe all of our analyses should be more rigorous. While it may not
solve all of our problems with putting out complex and inefficient
regulations, as noted by Chairman Albrecht, it should help.
I will be sending a letter to Acting OMB Director Jeffrey Zients
requesting his assistance in determining just how far off the baseline the
Commission has fallen.
If OMB Circular A-4 means anything at all, then OMB should take action
and hold the Commission to the Circular’s standards.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
33. Public Company Accounting Oversight Board
Reflections on the State of the Audit Profession
Jay D. Hanson, to the American Accounting Association, Auditing
Section, Mid-Year Meeting, Savannah, GA
Good Morning,
I am very honored to be here this morning to address this distinguished
group of individuals who have devoted their careers to the development
and improvement of the profession that I joined over thirty years ago,
when I graduated from college in Minnesota and joined McGladrey and
Pullen as a young accountant.
A great deal has happened since then. While accounting has always been
a dynamic and evolving profession, its greatest changes have occurred in
the last decade, since the collapse of Enron, the bankruptcy of WorldCom
and the subsequent passage of the Sarbanes-Oxley Act of 2002.
Before "SOX," as so many affectionately call this landmark legislation,
the auditing profession in the United States was subject to self-regulation,
and, in response to major corporate bankruptcies and concerns about the
quality of public company audits in 1970's, the American Institute of
Certified Public Accountants ("AICPA") established a variety of
measures to enhance oversight over the practice of auditing, including
the Auditing Standards Board, the SEC Practice Section, and the Quality
Control Inquiry Committee.
Nevertheless, the 1980's featured the Savings & Loan crisis and a number
of other high profile corporate bankruptcies, followed by a series of cases
involving earnings management in the 1990's.
Things came to a head in 2001 and 2002 with the discovery of financial
reporting and auditing improprieties at some of the largest public
companies in the United States: Enron, Global Crossing, Adelphia, Tyco,
Qwest Communications, Xerox.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
34. This resulted in a national crisis of confidence in the integrity and
reliability of public company financial reporting and a focus on the need
for enhancements in internal controls over financial reporting and
corporate governance.
Early in the summer of 2002 both houses of Congress were considering
legislation that would, among other things, increase regulation of public
companies and their auditors.
Then, on July 15, 2002, WorldCom announced an overstatement in its
cash flow of over $3.8 billion, resulting in the single largest bankruptcy
ever filed in the United States.
Less than two weeks later, Congress passed the Sarbanes-Oxley Act
almost unanimously, resulting in the most significant legislation relating
to the federal securities laws since 1934.
Before I go further I must tell you that the views I express today are my
personal views and do not necessarily reflect the views of the Board, any
other Board member, or the staff of the PCAOB.
Consistent with the Sarbanes-Oxley Act, the PCAOB commenced
operations in 2003, building programs to meets its four statutory
obligations: registration, inspections, enforcement and standard setting.
Initially conducting only limited inspections of the four largest firms, the
Board quickly ramped up its operations and inspected 99 audit firms in
2004 and 281 in 2005 (including 15 firms located outside the United
States).
Currently, over 2300 firms, including foreign firms from 85 jurisdictions,
are registered with the PCAOB.
To date, the Board has conducted over 1800 inspections, including
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
35. inspections in 37 jurisdictions outside the United States.
Likewise, the Board has actively pursued its standard setting and
enforcement obligations.
The Board has issued publicly 45 disciplinary orders — many with
multiple parties sanctioned — while other cases remain pending in
various stages investigation or litigation and must be kept confidential by
the Board.
Enforcement actions have been brought for auditors' failure to comply
with applicable auditing standards and certain provisions of the securities
laws, independence violations, and failure to cooperate with Board
processes such as inspections, investigations, and the requirements to file
annual reports and pay annual fees.
Sanctions imposed by the Board have ranged from censures and
suspensions to practice bars and revocations of firm registrations, both
temporary and permanent.
Several enforcement matters also resulted in orders for firms or individual
auditors to pay monetary penalties.
Since its inception, the Board also has issued 15 auditing standards —
including, for example, on audit documentation, internal controls, audit
planning, engagement quality review, and risk assessment — and has
substantially amended a number of interim standards — including, for
example, AU 325, AU 411, AU 508, AU 350 and AU 329.
More recently, the Board issued concept releases or proposals to trigger
wide-ranging discussions about potential changes to certain fundamental
aspects of auditing, including the auditor's report, audit transparency,
and auditor independence, objectivity, and skepticism.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
36. Thus, the Board has evolved over time, from a start-up institution focused
on establishing a comprehensive, consistent oversight system to a
maturing regulatory organization with the experience and resources to
adapt to changing times and new challenges.
And many challenges there are indeed! The accounting profession as a
whole is facing difficult questions as a result of the increasing complexity
of business transactions and cutting edge financial instruments which are
appearing more frequently not only in the financial statements of
financial institutions but many other types of companies as well.
Management and their accountants increasingly must tackle fair value
measurements and management estimates, consistent with new
accounting standards and EITF guidance in connection with derivatives,
securitizations, consolidations, debt/equity issues, revenue recognition,
leases and other issues.
At the same time, in the wake of the financial crisis, the work of
accountants is subject to increased scrutiny by regulators and investors,
particularly in the areas of disclosures and internal controls over financial
reporting.
Auditors also must master these accounting challenges, while
simultaneously overcoming the difficulties associated with auditing
numbers increasingly subject to measurement uncertainty.
Fair value estimates of financial instruments established through the use
of third party pricing services are proving particularly difficult to audit.
First, auditors have to consider whether management itself did enough
work to understand how the pricing services arrived at their results,
including the techniques used, the judgments made, and the controls that
are in effect.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
37. Likewise, under PCAOB standards, the auditors cannot simply rely on
the values established by management's third party pricing services.
Rather, they must "get behind" the numbers by doing some testing and
critically evaluating the methodologies and assumptions of management.
Because this is such a challenging area, the PCAOB convened a Pricing
Sources Task Force last year to assist the Board's Office of the Chief
Auditor to gain insight into issues related to auditing the fair value of
financial instruments.
This group of investors, financial statement preparers, auditors and
representatives of pricing services and brokers met three times in 2011 to
discuss the valuation of financial instruments that are not actively traded
and the use of third-party pricing sources to value such instruments.
The Office of the Chief Auditor is evaluating the input received from the
Task Force and may develop some additional guidance for auditors.
In addition to such technical challenges, auditors face pressures related
to tight deadlines, as well as fee pressures, demands for client service, and
business development expectations, all of which may undermine
incentives to conduct comprehensive, high quality audits.
At the same time, auditors face criticism from those who believe that they
did not do enough, in the years or months leading up to the recent
financial crisis, to sound an alarm about the risks and uncertainties
associated with certain companies.
PCAOB inspections also present a challenge to auditors, but one that I
hope and believe can provide an effective counter- balance to fee and
client service pressures by focusing auditors on the requirements of
PCAOB standards and reminding them of their ultimate responsibility to
protect the interests of investors.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
38. I firmly believe that PCAOB inspections, standard setting and
enforcement activities have had a substantial, positive impact on audit
quality since the PCAOB's establishment, but we are not without our
critics.
The audit profession, among others, has expressed concerns, often in the
form of letters in response to our draft inspection reports, but also in
meetings with the Board, in connection with Board advisory groups, and
in other forums.
One frequent comment from audit firms is that PCAOB inspections are
too tough, and that the PCAOB inspections staff does not respect the
professional judgment exercised by auditors.
Some auditors believe that the positions taken in inspections set an
unreasonably high bar and constitute de facto standard setting by the
inspection teams.
Others charge that the PCAOB takes too long to do pretty much
everything, including issuing inspection reports and setting new
standards.
One result of our activities, according to some, is that the best and
brightest auditors become frustrated and leave the profession, having
concluded that the negatives — such as their interactions with the Board,
increased scrutiny and criticism by investors, and intensifying fee and
other pressures — outweigh the positives of continuing to audit public
companies.
The Board is very cognizant of these concerns and has gone to great
lengths to ensure that its inspectors are experienced, well-trained
professionals who understand and respect the practice and the business
of auditing. Consistency and fairness are our mantras.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
39. Our inspection process has evolved over time, and our internal processes
have been improved to facilitate a consistent approach to inspections
across firms.
Much of the time that passes after inspection field work ends and before
the report is issued is spent on quality control.
Our inspectors compare notes about the interpretation of standards; they
involve the Office of the Chief Auditor when in doubt, and we have a
number of individuals in the Inspections Division dedicated exclusively
to reviewing inspection reports for consistency, clarity and fairness.
This process is necessarily time-consuming, but we are taking steps to
streamline certain processes and to eliminate delays where possible.
In that context, let me talk a little more about our inspection process,
both in terms of how we operate and what we are finding.
PCAOB inspections are not intended to establish or provide reports
presenting a balanced view of the strengths and weaknesses of each
inspected firm.
We do not provide grades to firms (as much as doing so might be popular
with this particular audience).
Consistent with the requirement in the Sarbanes-Oxley Act that PCAOB
inspections "assess the degree of compliance of each . . . firm . . . with
th[e] Act, the rules of the Board, the rules of the Commission, or
professional standards,"[1] our inspectors specifically look for audit
deficiencies and inspect those engagements where they are most likely to
find them.
Inspections are therefore risk-based, both in terms of the engagements
and audit areas that are selected for review.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
40. Our inspectors work closely with our Office of Research and Analysis to
determine what industries or specific issuers present higher levels of audit
risk.
Within each audit engagement selected, inspectors choose the most
challenging and high risk audit areas, in order to test the firm's ability
appropriately to address those challenges and risks.
Some have criticized this approach, suggesting that we should review
audits more randomly.
But in order to have the greatest impact on audit quality, in order to help
auditors learn from our inspections, and in order to achieve our goal of
protecting investors, we need to allocate our limited resources to finding
those audits that do not measure up to our standards, rather than
spending our time reviewing those that do.
So what have we found? Common inspection findings reported by the
Board in late 2010, based on inspections conducted in 2007 through 2009
during the height of the financial crisis, included instances where
auditors appear not to have complied with PCAOB auditing standards in
certain audit areas, including, for example, fair value measurements,
impairment of goodwill, indefinite-lived intangible assets, and other
long-lived assets, allowance for loan losses, off-balance-sheet structures,
revenue recognition, inventory and income taxes.
Our results in 2010 showed an alarming increase in inspection findings,
particularly, as I noted earlier, in the area of fair value.
In the context of fair value, PCAOB inspectors have observed that:
- Auditors did not obtain a sufficient understanding of the
valuation methods or assumptions used by external valuation
services utilized by management;
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
41. - Auditors did not test, or test sufficiently, the operating
effectiveness of internal controls over various aspects of
issuers' valuation processes to support the degree of reliance
placed by the firms on those controls;
- Auditors did not evaluate significant differences between
independent estimates used or developed by firms and the
fair values recorded by management in the financial
statements; and
- Auditors did not test, or test sufficiently, significant,
difficult-to-value securities, for example, by limiting
procedures to inquiries of issuer personnel or extending to
year-end conclusions regarding the valuation of investment
securities that were reached at an interim date without taking
into account volatile market conditions.
PCAOB inspection findings related to valuations and fair value issues in
general are not limited to financial instruments, however.
Inspectors have also found deficiencies in connection with the valuation
of non-financial measurements, for example in the areas of business
combinations and goodwill impairment, and with other management
estimates, such as allowance for loan losses and valuation of inventory
and income tax valuation allowances.
In the context of multi-national audits, the Board also has reported that
some U.S.-based firms issuing audit reports based on work performed by
firms outside the United States were not properly applying PCAOB
standards.
As a result of these findings, the Board in July 2010 issued a Staff Audit
Practice Alert to remind registered firms of their obligations when using
the work of other firms or using assistants engaged from outside the firm.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
42. The alert describes the circumstances under which the firm issuing the
audit report may use the work and reports of another auditor.
The alert also explains that auditors who engage assistants from outside
the firm are governed by the same standards regarding planning the audit
and supervising assistants that apply when audit work is performed by
assistants who are partners of, or employed by, the auditor's firm.
So what does all of this mean for you — the educators of future
accountants and auditors and the leaders in research relating to this
important profession?
Unlike their predecessors five or more years ago, recent and future
graduates of accounting programs received their training in the
post-Sarbanes-Oxley world.
They benefit from the renewed focus by accountants and auditors on
investor protection, auditor independence, and internal controls.
I was pleased to see in the AAA's Statement of Responsibilities the
commitment to "developing in students an appreciation for the
importance of ethics and professionalism as well as technical expertise."
Your agenda for this meeting also provides several opportunities for
discussion of research relating to auditor ethics, independence, and
professional skepticism, and I applaud you for your continued focus on
these important topics.
As I mentioned earlier, however, the pressures faced by auditors once
they begin to practice in the real world may chip away at some of the
important investor protection priorities instilled by all of you.
It is up to the firms that the students ultimately join to continue to
emphasize the importance of these important principles, and I challenge
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
43. them to do so through training and leadership by example.
Beyond adhering to these overarching principles of auditor conduct,
however, one question we should ask is whether auditors are otherwise
equipped for the business world of the 21st Century, and whether there
are things we can do collectively to make sure that they are.
It is difficult, if not impossible, for accounting programs to teach in real
time the accounting developments emerging on a daily basis in the
business world.
There are certain trends, however, that may merit increased attention,
due to the changing business models and accounting practices we have
observed in recent years.
I have already discussed some of the complexity in business models and
transactions that pose unprecedented challenges to accountants and
auditors today.
Fair value accounting and the auditing of fair value measurements and
management estimates play an increasingly important role in today's
economy, yet even experienced auditors struggle with these issues every
single day.
Many universities and colleges have begun to include fair value
accounting modules in their curriculum, but I urge you to consider
whether more can be done.
Provide real world examples to your students, and address both the
accounting requirements and appropriate audit approaches.
Cost accounting is an indispensable building block in any accounting
education, but fair value accounting is an indispensable skill in today's
business world.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
44. Other developments that auditors increasingly encounter include
complex intellectual property arrangements, rapid business cycles where
companies move quickly from start-up to IPO to merger and acquisition
or sell-out, and, of course, the expansion in the use of International
Financial Reporting Standards.
I know many of you incorporate these and other emerging themes into
your teaching and research activities, and I applaud you for your efforts.
We at the PCAOB also are trying to do our part to support future auditors.
The Sarbanes-Oxley Act provides that all monetary penalties collected by
the PCAOB must be used to fund merit scholarships for students in
accredited accounting degree programs.
In 2011, the Board implemented this requirement and announced the
inauguration of its scholarship program, awarding 52 scholarships of
$10,000 each to students around the country who demonstrated high
ethical standards and an interest and aptitude in accounting and
auditing.
PCAOB Board members and staff also frequently visit colleges and
universities around the country to talk to accounting students about the
auditing profession and the Board's work, and we periodically welcome
groups of students visiting Washington, D.C. to our headquarters for
discussions with PCAOB staff and Board members.
Finally, your academic research activities complement the work of the
Board to improve audit quality and enhance investor protection.
The Board and Board staff review and consider the conclusions of
relevant academic studies in formulating Board policies.
We have benefited from academic studies looking at the efficacy and
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
45. relevance of our regulatory activities.
Some of you also may be current or former participants in the joint
PCAOB-AAA research synthesis projects, while others may have
participated in the AAA Auditing Standards Committee's work to provide
comments to the Board in connection with our standard setting process.
Several of your members also have served on our advisory groups or have
participated in our public round tables or the PCAOB's annual Academic
Conference.
Finally, some of you have visited us at the PCAOB to discuss your
research or to work with our staff on a variety of projects, and we welcome
such opportunities to hear directly from you.
So I would like to end by thanking you for inviting me to speak to you
here today and for your continued and tireless engagement in our shared
objective of improving audit quality and enhancing investor protection.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
46. Paris, 16 February 2012 - The Financial Action Task Force, the global
standard-setter in the fight against money laundering and terrorist
financing, has revised the Recommendations after more than two years of
efforts by member countries.
The Recommendations are used by more than 180 governments to
combat these crimes.
The revisions, made with inputs from governments, the private sector,
and civil society, provide authorities with a stronger framework to act
against criminals and address new threats to the international financial
system.
The cost of money laundering and underlying serious crime is very large,
estimated between 2 and 5% of global GDP.
The revision will enable national authorities to take more effective action
against money laundering and terrorist financing at all levels - from the
identification of bank customers opening an account through to
investigation, prosecution and forfeiture of assets.
At the global level, the FATF will also monitor and take action to promote
implementation of the standards.
The revised FATF Recommendations now fully integrate counter –
terrorist financing measures with anti-money laundering controls,
introduce new measures to counter the financing of the proliferation of
weapons of mass destruction, and they will better address the laundering
of the proceeds of corruption and tax crimes.
They also strengthen the requirements for higher risk situations and allow
countries to take a more targeted risk-based approach.
Giancarlo Del Bufalo, the President of the FATF, said:
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
47. “Adoption of the revised Recommendations demonstrates countries’
shared commitment to fight money laundering, terrorist financing and
the financing of the proliferation of weapons of mass destruction.”
“The revised Recommendations include requirements for stronger
safeguards in the financial sector, strengthened law enforcement tools
and improved international cooperation.”
The main changes are:
- Combating the financing of the proliferation of weapons of mass
destruction through the consistent implementation of targeted
financial sanctions when these are called for by the UN Security
Council.
- Improved transparency to make it harder for criminals and terrorists
to conceal their identities or hide their assets behind legal persons and
arrangements.
- Stronger requirements when dealing with politically exposed persons
(PEPs).
- Expanding the scope of money laundering predicate offences by
including tax crimes.
- An enhanced risk-based approach which enables countries and the
private sector to apply their resources more efficiently by focusing on
higher risk areas.
- More effective international cooperation including exchange of
information between relevant authorities, conduct of joint
investigations, and tracing, freezing and confiscation of illegal assets.
- Better operational tools and a wider range of techniques and powers,
both for the financial intelligence units, and for law enforcement to
investigate and prosecute money laundering and terrorist financing.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
48. Note
For more information on the FATF Recommendations, please visit the
publication page on www.fatf-gafi.org/recommendations
Interesting part:
INTERPRETIVE NOTE TO RECOMMENDATION 26
(REGULATION AND SUPERVISION OF FINANCIAL
INSTITUTIONS)
Risk-based approach to Supervision
1. Risk-based approach to supervision refers to:
(a) The general process by which a supervisor, according to its
understanding of risks, allocates its resources to AML/CFT
supervision;
(b) The specific process of supervising institutions that apply an
AML/CFT risk-based approach.
2. Adopting a risk-based approach to supervising financial institutions’
AML/CFT systems and controls allows supervisory authorities to shift
resources to those areas that are perceived to present higher risk.
As a result, supervisory authorities can use their resources more
effectively.
This means that supervisors:
(a) Should have a clear understanding of the money laundering and
terrorist financing risks present in a country; and
(c) Should have on-site and off-site access to all relevant information
on the specific domestic and international risks associated with
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
49. customers, products and services of the supervised institutions,
including the quality of the compliance function of the financial
institution or group (or groups, when applicable for Core
Principles institutions).
The frequency and intensity of on site and off-site AML/CFT supervision
of financial institutions/groups should be based on the money laundering
and terrorist financing risks, and the policies, internal controls and
procedures associated with the institution/group, as identified by the
supervisor’s assessment of the institution/group’s risk profile, and on the
money laundering and terrorist financing risks present in the country.
3. The assessment of the money laundering and terrorist financing risk
profile of a financial institution/group, including the risks of
non-compliance, should be reviewed both periodically and when there are
major events or developments in the management and operations of the
financial institution/group, in accordance with the country’s established
practices for ongoing supervision.
This assessment should not be static: it will change depending on how
circumstances develop and how threats evolve.
4. AML/CFT supervision of financial institutions/groups that apply a
risk-based approach should take into account the degree of discretion
allowed under the RBA to the financial institution/group, and
encompass, in an appropriate manner, a review of the risk assessments
underlying this discretion, and of the adequacy and implementation of its
policies, internal controls and procedures.
5. These principles should apply to all financial institutions/groups.
To ensure effective AML/CFT supervision, supervisors should take into
consideration the characteristics of the financial institutions/groups, in
particular the diversity and number of financial institutions, and the
degree of discretion allowed to them under the RBA.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
50. Resources of supervisors
6. Countries should ensure that financial supervisors have adequate
financial, human and technical resources.
These supervisors should have sufficient operational independence and
autonomy to ensure freedom from undue influence or interference.
Countries should have in place processes to ensure that the staff of these
authorities maintain high professional standards, including standards
concerning confidentiality, and should be of high integrity and be
appropriately skilled.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
51. Foreign Account Tax Compliance Act (FATCA) – looks like a
full employment act for some risk and compliance officers…
… in the States and in Europe now!!!
The Foreign Account Tax Compliance Act (FATCA) is an important
development in U.S. efforts to improve tax compliance involving foreign
financial assets and offshore accounts.
Under FATCA, U.S. taxpayers with specified foreign financial assets that
exceed certain thresholds must report those assets to the IRS.
This reporting will be made on Form 8938, which taxpayers attach to their
federal income tax return, starting this tax filing season.
In addition, FATCA will require foreign financial institutions to report
directly to the IRS information about financial accounts held by U.S.
taxpayers, or held by foreign entities in which U.S. taxpayers hold a
substantial ownership interest.
Non US firms are also affected: Foreign firms are required to provide with
details of all U.S. persons who have foreign holdings of more than $50,000,
otherwise foreign firms face a punitive 30% withholding tax on all U.S.
income they receive
February 17, 2012 – Commonwealth Bank announced it could drill down
about 50,000 client accounts to determine if there is any US beneficial
ownership connection
Offshore financial institutions must comply if they want to maintain
correspondent banking relationships and access to the US market.
08 February 2012
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
52. And what the Europeans do?
The UK Government has issued a joint statement with the Governments
of France, Germany, Italy, Spain and the United States, setting out an
agreed approach to the US “FATCA” legislation, which aims to combat
cross-border tax evasion.
This focuses on an intergovernmental approach to information
exchange, which addresses certain legal difficulties and compliance
burdens that would otherwise arise for financial institutions affected by
FATCA.
Welcoming the joint statement, David Gauke, Exchequer Secretary to
the Treasury, said:
“The Government is committed to tackling tax evasion, wherever it takes
place.
This joint statement builds on the close cooperation of all the countries
involved, and of the European Commission, in tackling cross-border tax
evasion and provides a practical way forward that should reduce the
burdens on the financial sector” .
Joint Statement regarding an Intergovernmental Approach to
Improving International Tax Compliance and Implementing
FATCA
A. General Considerations
1. Building on their longstanding and close relationship with respect to
mutual assistance in tax matters, the United States, France, Germany,
Italy, Spain and the United Kingdom wish to intensify their co-operation
in combating international tax evasion.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
53. 2. On 18 March 2010 the United States enacted provisions commonly
referred to as the Foreign Account Tax Compliance Act (FATCA), which
introduce reporting requirements for foreign financial institutions (FFIs)
with respect to certain accounts.
France, Germany, Italy, Spain and the United Kingdom are supportive of
the underlying goals of FATCA.
FATCA, however, has raised a number of issues, including that FFIs
established in these countries may not be able to comply with the
reporting, withholding and account closure requirements because of legal
restrictions.
3. An intergovernmental approach to FATCA implementation would
address these legal impediments to compliance, simplify practical
implementation, and reduce FFI costs.
4. Because the policy objective of FATCA is to achieve reporting, not to
collect withholding tax, the United States is open to adopting an
intergovernmental approach to implement FATCA and improve
international tax compliance.
5. In this regard the United States is willing to reciprocate in collecting
and exchanging on an automatic basis information on accounts held in
US financial institutions by residents of France, Germany, Italy, Spain
and the United Kingdom.
The approach under discussion, therefore, would enhance compliance
and facilitate enforcement to the benefit of all parties.
6. The United States, France, Germany, Italy, Spain and the United
Kingdom are cognizant of the need to keep compliance costs as low as
possible for financial institutions and other stakeholders and are
committed to working together over the longer term towards achieving
common reporting and due diligence standards.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
54. 7. In light of these considerations, the United States, France, Germany,
Italy, Spain and the United Kingdom have agreed to explore a common
approach to FATCA implementation through domestic reporting and
reciprocal automatic exchange and based on existing bilateral tax
treaties.
B. Possible Framework for Intergovernmental Approach
1. The United States and a partner country (FATCA partner) would enter
into an agreement pursuant to which, subject to certain terms and
conditions, the FATCA partner would agree to:
- Pursue the necessary implementing legislation to require FFIs in its
jurisdiction to collect and report to the authorities of the FATCA
partner the required information;
- Enable FFIs established in the FATCA partner (other than FFIs that
are excepted pursuant to the agreement or in U.S. guidance) to apply
the necessary diligence to identify US accounts ; and
- Transfer to the United States, on an automatic basis, the information
reported by the FFIs.
2. In consideration of the foregoing, the United States would agree to:
- Eliminate the obligation of each FFI established in the FATCA
partner to enter into a separate comprehensive FFI agreement directly
with the IRS, provided that each FFI is registered with the IRS or is
excepted from registration pursuant to the agreement or IRS
guidance;
- Allow FFIs established in the FATCA partner to comply with their
reporting obligations under FATCA by reporting information to the
FATCA partner rather than reporting it directly to the IRS;
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
55. - Eliminate U.S. withholding under FATCA on payments to FFIs
established in the FATCA partner (i.e., by identifying all FFIs in the
FATCA partner as participating FFIs or deemed-compliant FFIs, as
appropriate);
- Identify in the agreement specific categories of FFIs established in
the FATCA partner that would be treated, consistent with IRS
guidelines, as deemed compliant or presenting a low risk of tax
evasion;
- Commit to reciprocity with respect to collecting and reporting on an
automatic basis to the authorities of the FATCA partner information
on the U.S. accounts of residents of the FATCA partner
3. In addition, as a result of the agreement with the FATCA partner
described above, FFIs established in the FATCA partner would not be
required to:
- Terminate the account of a recalcitrant account holder;
- Impose passthru payment withholding on payments to recalcitrant
account holders;
- Impose passthru payment withholding on payments to other FFIs
organized in the FATCA treaty partner or in another jurisdiction with
which the United States has a FATCA implementation agreement;
4. The United States, France, Germany, Italy, Spain and the United
Kingdom would:
- Commit to develop a practical and effective alternative approach to
achieve the policy objectives of passthru payment withholding that
minimizes burden.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
56. - Commit to working with other FATCA partners, the OECD, and
where appropriate the EU, on adapting FATCA in the medium term
to a common model for automatic exchange of information, including
the development of reporting and due diligence standards.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
57. “We are all suffering the effects of the ongoing financial crisis. It began in
the banking sector and has spread to public finances.
It has led to necessary austerity programmes and impacted hard on the
real economy.
Financial reform has a key role to play in stabilising the financial sector,
removing the inadequacies and abuses which existed, and preventing or
mitigating future crises.
The EU is in the end phase of its biggest ever programme for financial
services reforms.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
58. Around thirty measures have been proposed or adopted, including almost
all the key ones agreed at the G20.
My goal is for all new legislation to be in force by 2013.
It is an achievable goal.
But financial reform is about more than prevention of the next crisis.
It can also play a role in remedying the present crisis, by favouring
growth.
This booklet explains our reforms, how they will contribute to stability
and growth and how they help to re-establish a prosperous Europe.”
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
59. The European Commission has proposed all the main pieces of
legislation linked to G20 commitment
The bulk of these new rules is already going through the legislative
process.
They ensure safe financial institutions, efficient and resilient markets and
appropriate consumer protection.
The programme is not yet finished, there is still a challenging road
ahead, but the European Union is on the right track to have a new
legislative framework for financial services in place by 2013.
A properly supervised financial system
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
60. Strict supervision of the finance sector is essential. The crisis exposed
serious deficiencies in cooperation between national supervisors.
To address this, the EU has established new European Supervisory
Authorities (ESAs), operational since January 2011: the European
Banking Authority (EBA), the European Insurance and Occupational
Pensions Authority (EIOPA)and the European Securities and Markets
Authority (ESMA).
These new European institutions work together with Member States’
supervisors fostering harmonised rules and ensuring strict and coherent
implementation.
More specifically, they can:
• draw up specific rules for national authorities and financial institutions,
• take action in emergencies, including banning certain products,
• mediate and settle disputes between national supervisors and
• ensure consistent application of EU law
In addition, the European Supervisory Authorities have extensive powers
in emergencies.
If the EU Council decides that turbulent market conditions warrant their
use, they coordinate national supervisors and impose the necessary
actions in a harmonised way across Europe.
Such measures can include bans on short selling of securities for
example.
A European Systemic Risk Board (ESRB) was also established to monitor
threats to the stability of the financial system.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
61. The ESRB provides early warnings of system-wide risks that may be
building up and issues recommendations to deal with them.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com
62. Basel III News, March 2012
Dear Member,
Today we will start from a very interesting speech and 4 really interesting
slides
Building a resilient financial system
Keynote speech by Jaime Caruana, General Manager, Bank for
International Settlements, 2012 ADB Financial Sector Forum on
“Enhancing financial stability – issues and challenges”
Manila, 7 February 2012
The global financial system is facing an especially complex set of
challenges.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com