The S&P Assessments

compliance-week-blue

My notes, live, from the Compliance Week Conference session by Steven Dreyer who is overseeing Standard & Poor’s program to assess corporate ERM efforts as part of credit ratings. Standard & Poor’s To Apply Enterprise Risk Analysis To Corporate Ratings (.pdf)

S&P’s ERM review for non-financial companies will be based primarily on information provided by issuers in public disclosures and through discussions with S&P analysts. S&P does not require written responses to these questions, but will certainly consider them if provided to supplement or make more efficient our in-person discussions.

  • What are the company’s top risks, how big are they, and how often are they likely to occur? How often is the list of top risks updated?
  • What is management doing about top risks?
  • What size quarterly operating or cash loss has management and the board agreed is tolerable?
  • Describe the staff responsible for risk management programs and their place in the organization chart. How do you measure success of risk management activities?
  • How would a loss from a key risk impact incentive compensation of top management and on planning/budgeting?
  • Tell us about discussions about risk management that have taken place at the board level or among top management when making strategic decisions.
  • Give an example of how your company responded to a recent “surprise” in your industry and describe whether the surprise affected your company and others differently.

All S&P cares about is the ability of the company to repay its debt. Corporate social responsibility is nice, but does not affect credit. S&P does not lower a credit rating on an airline because of a plane crash. They care about cash flow. They do care if a risk is a risk to cash flow. S&P is not a missionary for ERM.

So why are they adding ERM to credit ratings to non-financial institutions?

  • Enhance Analytical Process & Focus
  • Create More Forward-Looking Ratings
  • Better Insights and Communication on Management
  • Differentiate Better

Non-financial institutions tend to die very slow deaths. Financial institutions have the potential to fall off a cliff and disappear quickly. For non-financial institutions, ERM is a means to see inside the enterprise to see how they may be able to bounce back from issues and crises.

Every company has an appetite risk and a tolerance for risk. By focusing on risk management, there is some insight about how they treat risk, the appetite and the tolerance.

What Is S&P Not Looking For… (These mindsets can actually hinder effectiveness):

  • Eliminating all risks
  • Cramming together disparate policies
  • Solely compliance/disclosure requirements
  • Replacement for internal controls
  • A shiny new software program
  • Naming a CRO and calling it a day

“The reviews will focus predominantly on risk-management culture and strategic risk management, two universally applicable aspects of ERM.” – Standard & Poor’s To Apply Enterprise Risk Analysis To Corporate Ratings, May 7, 2008

Culture = Communications, Frameworks, Roles, Policies, Metrics, Influence

Strategic = Identification and Updating Process, Impact on Key Decisions

Here are some ERM discussion topics he offered:

  • How are key risks identified, updated, and dealt with?
  • How is risk tolerance defined and communicated?
  • Who “owns” risk in the organization and how is success measured?
  • What is the board’s involvement in risk management?
  • How did your company respond to _______________ ?

Ultimately, they are looking for evidence of effectiveness. They are planning to release the criteria during the fourth quarter of 2009. They are currently in the process of benchmarking and comparing information. They are thinking about using a rating scale, but there is a concern that people will focus on the number and not the nuances that went into the number.

A counter-intuitive result was that the companies that responded quicker to questions were more accurate than those that took longer. The quick result was because they had better access to their information. The longer response was because the information was hard to find and less reliable.

(These notes are taken live, so I apologize if I left out anything or misquoted someone. Please forgive any typos or grammatical errors.)

Assessing the Effectiveness of Compliance and Ethics Programs

compliance-wek-purple

My notes, live, from Jack Holleran of Ernst & Young  and Patricia Prince-Taggart of CA on ways to measure program effectiveness, with an analysis of qualitative and quantitative measures.

Jack put forth three primary objectives to compliance programs:

  • To prevent non-compliance
  • To detect non-compliance
  • To enhance business processes and decision-making

He offered the following as the benefits of measurement:

  • Enables you to “know where you are”
  • Enables you to demonstrate effectiveness to Executive management
  • Enables you to demonstrate effectiveness to Audit committee
  • Enables you to demonstrate effectiveness to Regulators
  • Enables you to identify and prioritize opportunities for improvement in ethics and compliance program (design and execution)
  • Enables you to demonstrate business case, or value, that ethics and compliance program provides to the business

He offered this as his illegible diagram of a compliance program:

ernst-framework

Qualitative measures

  • Provide some indication of awareness of ethics and compliance program
  • Tend to be subjective in nature
  • Useful in identifying trends

Quantitative measures

  • Provide objective insights into program effectiveness
  • Tend to be hard data
  • Useful for benchmarking your company to other organizations or within industry

Measuring effectiveness – the role of auditing and monitoring:

Evaluate each control for adequacy:

  • As designed, will it prevent / detect? Alone, or with other controls?
  • If design is adequate, test to verify control is operating as designed

Testing examples:

  • Field work: policy application within business units
  • Continuous testing: review of helpline calls, customer complaints
  • Transaction reviews for red flags
  • Risk-based reviews (e.g., FCPA, environmental)
  • Surveys/focus groups to measure awareness, attitudes, knowledge

Establish procedures for conducting investigations:

  • Confidentiality
  • Case resolution procedures
  • Post-resolution surveys of callers
  • Checking for possible retaliation

You want to determine the “Effectiveness Gap”: the difference between the inherent risk and management’s effectiveness.

Ethics and compliance, like any business function, faces the internal challenge of demonstrating return on investment (ROI). Measuring effectiveness can enhance your ability to demonstrate ROI. Trending over time can produce insights.

Starting is the most important part of effectiveness. Doing nothing is not effective. You can’t be afraid to find out information.

Here are some other resources they recommended:

Metrics Qualification Tool
www.oceg.org/view/mqt

The Elephant in the Room: Program Evaluation & Performance Measurement
www.oceg.org/view/elephant

Measurement & Metrics Guide: Performance Measurement Approach and Metrics for a Compliance & Ethics Program www.oceg.org/view/MMG

Metrics Full Listing
www.oceg.org/view/mmglisting

Metrics & Measurement Guide Presentation: Beyond Effectiveness
www.oceg.org/view/MMGPreso

(These notes are taken live, so I apologize if I left out anything or misquoted someone. Please forgive any typos or grammatical errors.)

Harvey Pitt on Ethical Cultures in a Down Economy – Compliance Week Keynote

compliance-week-conference

My notes, live, from the Compliance Week keynote speech by Harvey Pitt on Ethical Cultures in a Down Economy:

After a very brief introduction (especially compared to yesterday’s keynote) by Scott Cohen, Mr. Pitt dove into an entertaining and informative speech.

Learning from history is in fact virtually impossible. The only thing we only learn from history is that we never learn from history. It is the science of what never happens twice.

Cutting corners may have some short term benefits, but endanger your long term success. This century has barely begun and we already have plethora of financial scandals. So many high-flying companies have come crashing down, destroying the companies and the investors. We have to avoid failures at all corporate levels that every person within the company is responsible for being a watchdog for transgressions.

It seems that we never learned from the Enron era scandals. Business scandals are inevitable, as is the follow-up government action. But those too often only focus on the last crisis and do not look ahead to potential new issues. SOX did not prevent the current economic crisis and its failures of corporate governance. It is inevitable that new laws will come out to address the crisis that just happened. Mr. Pitt seems skeptical that they will prevent the next set of crisis and failures.

Mr. Pitt thinks directors will be held accountable for the failures of their organization and the failure of their risk management. he thinks the answer is simple. The long term success of a company is the ability to survive under “Corporate Darwinism.” Only those with the best governance and the most ethical culture will survive. The regulatory and prosecutorial environment is going to be hostile for the foreseeable future. Being law-abiding only gets you so far. It is not same as acting honestly and ethically.

Something always go wrong.

Good corporate ethics is not just talking the talk, but also walking the walk. You need to recognize that an ounce of prevention is worth a pound of cure. You need to minimize risk and continually assess the risk. You need to deal with the risk before the next crisis.

Be a Boy Scout and “Be Prepared.” It is better to be ahead of the curve and ready for what may be coming.

Knowledge is power. You need full and complete information in order to assess risk and govern the organization. The most dangerous risk is the risk you are nor aware of. You need to make sure that information flows up the chain and throughout the organization.

Don’t shoot the messenger. Risk management should not be thought as a cost center.

Make sure that everyone is “invested” in the organization. It is part of everyone’s job description to be alert for potential problems, addressing problems and resolving problems. You need to engage all employees in developing and running the program.

There is no such thing as a “small” ethical problem. They always grow into a big problem if left unaddressed. Not every breach is a hanging offense, but they all need to be treated seriously.

It’s the quality not the quantity that counts. You can have binders full of policies. But they are useless if employees are not aware of them and ignore them.

Pay for integrity. If boards want to show the importance of ethics, they need to tie compensation to it. They need to place a cost for failures as well.

Trust, but verify. Ask the tough questions and examine the underlying premise of their information. You need to make sure your conclusions are sound.

The third little pig had it right. You can’t build your house out of flimsy materials.

Treat everyone who cries wolf as if they are credible. It is the warning you ignore that is more likely to hurt your organization. It’s not how complaints are raised. The only issue is whether there is any truth to the claims. You need to find the truth. The only way to find out is to respond to the call and investigate.

If you manage for the short term, you will not be around in the long term.

At the end of his speech, Mr. Pitt sat down with Mr. Cohen.

Mr. Pitt pointed out that government failed to have effective risk management during the current financial crisis.

He thinks SOX was hastily drafted. It was necessary because of the upheaval and government needed to show that it would put up with that kind of behavior. He thinks SOX has been ineffective. It is approached as a liability issue and treated with a check the box mentality. We would not have had the most recent crisis if SOX was effective.

What me need now is not more regulation or less regulation, it is smarter regulation. Businesses sit back and wait for government to tell them what they are doing wrong and then don’t like what the government tells them to do. Businesses need to discover problems before they become a problem.

(These notes are taken live, so I apologize if I left out anything or misquoted someone. Please forgive any typos or grammatical errors.)

The SEC’s Radical Disclosure Overhaul

compliance-week-sepia

My notes, live, from Dr. William Lutz on The SEC’s Radical Disclosure Overhaul. (Disclaimer: The presentation represents the views of Dr. Lutz and not necessarily the views of the SEC.)

He started off with a definition of “Information”: That which reduces uncertainty. (From Shannon and Weaver’s  Mathematical Theory of Communication) If it’s not information, it’s noise. You only want the information that you want.

He says the 10-Q is noise. Lots and lots of noise. Plus there is all the trouble of searching in EDGAR to find the filing. He likes the Hittites tablets that last hundreds of years. There is no difference between the Library of Alexandria and EDGAR. Both have data that are locked down and inaccessible, full of noise. In looking at a 10K for a company in 1996 it was 263 pages. In 2009, it was 1,376 pages.

How do you give investors access to high quality information?

Each year, the SEC collects the address of the filing company 14 times. And not always in the same format.

He advocates having a “company file” with a central repository of information: static company information, periodic information and transaction information. The information needs to be structured and accessible. He then said the magic word: XBLR.

He pointed out that Israel has already deployed this system with true electronic filing. Not just a paper filing turned into text, but the tagging of data to the system. It allows a mash-up of different information from different companies to allow for easier manipulations of the data. he cited an example of finding an insider trading scandal using this data tagging.

This creates more transparency. With this information, everyone can be an accountant and understand the finances of a company. And easily compare that information with other companies.

How do we give investors access to the data they need? In a way that they can use the data?

There is a need to move from a print society to an information society.

More information:

(These notes are taken live, so I apologize if I left out anything or misquoted someone. Please forgive any typos or grammatical errors.)

It’s Not Fraud, But it Can’t be Ignored

compliance-week-red

This session was a “dark session” so I am not sharing my notes, but will share a few themes that emerged.

Most hotline complaints are for incidents that are not true compliance or ethics issues. Most studies show that HR issues tend to be almost half of the complaints.

There were two camps of thoughts. Those that thought everything should go into one central location and those that thought there should be segregated systems. Largely, this hinged on the issue of attorney-client privilege. Some felt it better to keep this information hidden away to keep from plantiff’s lawyers.

One recommendation that I liked was to use the term “incident reporting system” instead of whistleblower hotline. To me this sounds likeit would remove some of the psychological impediments to using the system. It sounds more user friendly to me.

Richard Ketchum Keynote from the Compliance Week Conference

compliance-week-green

My notes, live, from the Richard Ketchum keynote at the Compliance Week Conference. Mr. Ketchum is the newly named chairman and CEO of FINRA.

It is a terribly important time as financial markets are in the process of transformation. It was two years ago when the first signs of the credit crisis appeared. The silver lining is that the crisis offers an opportunity to reform the financial markets.

Mr. Ketchum moved onto the idea of a systemic risk regulator. He thinks some regulator will be in place. As to whether it is a single entity or a council of regulators, Mr. Ketchum stated that some of the risk and problems came from loosely regulated entities and in transactions that were not transparent. He thinks value of a systemic regulator is good but thinks we need to focus on the function of this new regulator. He wants to avoid duplication and also to avoid things falling through the cracks.

He looked to the Federal Reserve as regulator that had a broad mandate to see big problems. They were less able to focus on the detail of regular reporting and maintenance. He thinks the new systemic regulator should not replace existing regulators. He also did not seem to like the idea of breaking up the SEC. They are very involved in many aspects of the markets and have a breadth of experience and controls in place.

He moved on to the issue of short selling in the marketplace.  There are several proposals being reviewed as a result of the fierce short-selling that happened in September and October. He thinks the selling that happened during that time was most long sellers, not short sellers. Short selling may have caused the disappearance of any buyers. He seems to be leaning toward a circuit-breaker when a company’s stock is under pressure. He did not seem to give a straight answer.

He moved onto the subject of derivatives. The market provides a great deal of leverage, has a great deal of inefficiency and is very transparent. The derivatives markets also react quicker than the equity markets. He thinks the key is transparency so we can see the movement and the risk. The opacity of the derivatives markets contributed to the plunge in the investment markets.

He moved onto the lessons we could learn from volatile markets. He thinks we need to revisit diligence and reduce our reliance on ratings to get a better understanding of the security (in particular asset-backed securities). You need to keep the creators of the securities away from the ratings of the securities.

He thinks compliance needs to be infused into more functions. He thinks compliance officers can look at the risks and not rely on assumptions. You need to make sure that decisions that benefit the company do not come at the expense of the company’s clients or customers.

Nobody feels good about the implosion of the financial markets. FINRA is re-evaluating their internal processes to see what they could do better. He pointed out the new FINRA Whistleblower hotline. FINRA is looking at ways to make sure things do not fall through the cracks.

He thinks the biggest gap is the different regimes between broker-dealers and investment advisers. He thinks investment advisers need to be more regulated and more closely examined. he does recognize that there are different risks and different concerns. You can’t throw the same rulebook at them, but he thinks you need to keep a closer eye on them.

The keystone moving forward is winning back the trust of investors. Without trust, the markets are paralyzed. Fraud impoverishes the few; distrust impoverishes many.

In the chat session, Matt put the Madoff scenario in front of Mr. Ketchum. He thinks that is the great example of having different regimes for broker-dealers and investment advisers. FINRA could not look over the wall at the advisory side of the business.

There is no definition of a systemic risk. Mr. Ketchum thinks it is one that can impact the financial marketplace as a whole and not just an individual institution.

(These notes are taken live, so I apologize if I left out anything or misquoted someone. Please forgive any typos or grammatical errors.)

Self-Assessments: Criteria and Procedures for Evaluating GRC Programs

compliance-week-dark-blue

My notes, live, from Self-Assessments: Criteria and Procedures for Evaluating GRC Programs, with Gracie Fisher Renbarger, Chief Ethics and Compliance Officer of Dell; Nan Stout, Vice President Business Ethics of Staples; and Carole Stern Switzer, President of OCEG.

Carole started off with two observations:

  • Designing, implementing, and improving a governance, risk management and compliance (GRC) system is a time and resource-intensive proposition.
  • Periodically evaluating the design and operation of the system is essential to demonstrate that the organization’s GRC initiatives are delivering outcomes that really matter.

Carole pointed out that GRC is more than Governance, Risk and Compliance, but it is really awkward to have a 13 letter acronym.

She turned to design effectiveness. “Given our objectives and all of the risks and requirements related to these objectives, do we have controls, incentives and other structures in place that will provide reasonable assurance that we will meet these objectives?” You can also have less ambitious goals for our evaluation:

  • I’d like a “gut check” on how my hotline is designed
  • I’d like a high-level assessment of whether our risk identification has captured all of the right risks and requirements compared with my peers

Or more ambitious goals:

  • Is this compliance program deemed “effective” by an enforcement agency or external monitor?

How do you evaluate to address effectiveness? Start by determining what to evaluate and the scope of the risk assessment. One of the issues is that your effectiveness is based on the negative. It is hard to prove that something did not happen because of the program.

You want to ask:

  • Do we have SOMETHING in place?
  • Do we have the ENOUGH in place?
  • Do we have TOO MUCH in place?

The next step is to design for performance. You want to be effective, but you also want to be efficient and responsive. “There’s no point in measuring something you can’t fix.”

Carole used a standard for performance called SMART:

  • Specific/simple
  • Measurable
  • Actionable
  • Relevant
  • Timely

Not having data available is a challenge in some organizations. You need to measure perception and compare it to facts. You can say that you have a non-retaliation policy. But that does not do any good if people perceive that they will be fired for reporting a problem.

Next up was Nan to talk about their beta test of OCEG’s Burgundy Book. She thought is was important to give employees multiple ways to report problems, but wanted to store all of that information in one place.

Gracie shared her experiences with the OCEG certification at Dell. The objective of Dell’s FCPA Compliance Program is to be “Effective” and “Aligned.” “Effective” means program meets the US Federal Sentencing Guidelines’ definition of an effective compliance program. “Aligned” means program activities address actual risks and are aligned to Dell’s business objectives.

The following Elements are assessed:

Culture:

  • Processes established to monitor and address cultural indicators to ensure program is operating in a culture of integrity (i.e., employee surveys, compliance training tracking, etc.)
  • Defined program goals and objectives that align to organization objectives and strategic business initiatives (i.e., supports Dell’s profit and business goals related to “emerging market” expansion, etc.)

Organize & Oversee:

  • Defined roles and responsibilities for program oversight, assurance and day-to-day management (i.e., AC, GECC, Ethics & Compliance Office, etc.)

Assess & Align:

  • Process for identifying and assessing FCPA risk (i.e., identify whether operating in countries with high level of perceived corruption, etc.)
  • Plan to deploy program initiatives in response to risk assessment results (i.e., education rollout in China, etc.)

Prevent & Promote:

  • Existence of Code of Conduct and FCPA Compliance Policy
  • Process for policy development (i.e., executive management approval, etc.)
  • Process for deployment of policy (i.e., website repository and blog communication, etc.)
  • Education plan (i.e., maximum, heightened, general awareness, etc.)

Detect & Discern:

  • Intake and investigations (i.e., employee reporting, investigation process, etc.)

Respond & Resolve:

  • Infrastructure for intake, investigation and resolution of incidents (i.e., staffing, case management system, etc.)
  • Remediation (i.e., discipline, recommended preventative controls, etc.)

Monitor & Measure:

  • Monitor feedback and strive for continuous improvement of the program (i.e., feedback to Ethics Managers and formal employee inquiry/response process, etc.)

Inform & Integrate:

  • Process for communicating program (i.e., blog, cascaded communications, etc.)

A question from the audience: Can you measure the change in culture? It is hard. You need to always look for indicators. Some are lead indicators and some are trailing indicators. One goal of GRC is to pull as much information as possible into one place so those indicators are in one place.

The emphasis of the session was not to advocate a specific framework, but the importance of having a process.

A key to modifying behavior is to make non-compliance more painful than compliance. But you want more than a fear of being caught. You want your employees to strive for better behavior.

(These notes are taken live, so I apologize if I left out anything or misquoted someone. Please forgive any typos or grammatical errors.)

Vetting Business Partners

compliance-week-blue

My notes, live, from Vetting Business Partners, with Alexandra Wrage of Trace International to talk about how leading companies have approached this challenge in a global company.

Due diligence on business partners is one of the most important things a company can do, but also one of the least interesting things. She points out that the FCPA has a “should have known” standard. So ignorance is not a defense.

Sales consultants are some of the higher risk because they are usually paid on a commission basis. Consultants, paid by the hour, are a lesser risk merely because of the different compensation model. Distributors and resellers can be a risk. Merely having a third party in between your company and the corrupt official is still bad and is not a defense to charges.

Resellers are a new problem. The take title to your product and are your customer. But if there is evidence that the resellers are paying bribes to their customers, your company can be potentially be pulled in.

She turned to focus on some problem areas in due diligence when working with third parties.

Ownership – This is the most important and should be a deal-breaker if true beneficial ownership is not disclosed. (You can also work in the negative- not a government official or blocker person. This is not a good practice. The hidden identity should be a red flag. It would certainly be a red flag in a government investigation.)

Government relations. You need to find out if a clse relative is in the government. It is not a deal-breaker, but you need to be aware of the relationship.

Expertise. What is this person being paid to do if they do not have any particular expertise.

Financial stability. If they are acting as your agent, their financial failing will rub off on you.

Media searches. You need to know if your business partner is in the headlines.

Training. You need to letting them know what they need to do.

Periodic review and certifications. You want to make sure that you update things when the contract is renewed. You also want to check periodically to make sure there has not been a big change in the business partner. Certifications can be included on each invoice so they certify each time they paid that they have not bribed a foreign official.

It is important to keep red flags in mind, but you should standardize your contracts and review and not target specific areas. Many of the biggest FCPA cases have come from individuals acting in countries that are not known for being corrupt.

You can have a tiered due diligence program, depending on the nature of the relationship, the basis of compensation,and  the reputation of the company. The most common is three tiers: not risky, standard, and more risky. That allows you to target your resources.

She sees the divide in the DOJ cases where companies are either do due diligence or not doing any diligence. Not doing diligence almost moves you into a strict liability position. You have no defense.

There has been a surge in FCPA cases over the last few years. Most involved problems with intermediaries.

She points out that corruption due diligence is a two-way street. Increasingly, foreign companies are conducting due diligence on American companies.

She also takes a controversial position that you may be better off not having audit rights if you do not intend to actually do audits. She advocates triggered audit rights instead of a matter of course if you are not going audit on a regular basis. You want to have a meaningful conversation with your intermediary that these audit rights are real.

There is an increasing turf battle on international enforcement. The SFO (Britain’s version of the DOJ) has stated that reporting to the DOJ first is not a voluntary disclosure for their purposes and reserve the right to still enforce.

(These notes are taken live, so I apologize if I left out anything or misquoted someone. Please forgive any typos or grammatical errors.)

Luis Aguilar Keynote at Compliance Week Conference

compliance-week-purple

My notes, live, from the keynote by SEC Commissioner Luis A. Aguilar:

James Doty of Baker Botts introduced the Commissioner. (A disclaimer from the Commissioner: the speech is his opinion alone and not necessarily the view of the SEC.)

The Commissioner titled his presentation “Reversing Course: Putting Investors First.” The focus should be on protecting investors and restoration of stability to the capital markets. We need to restore trust in the markets. That means regulatory reform.

First, we need a search and inquiry into the cause of the crisis. Blaming the regulatory market is not responsive. Perhaps it was an unwillingness to exercise their management and look deeper into the markets. He is enthusiastic about a bi-partisan panel to look into the crisis. Too much regulatory reform focused on how it would help the financial firms and not how they would help investors. We need to look at the intrinsic risks and conflicts in the system. He saw pattern of de-regulation that help financial firms with little examination of how they would affect investors. Modernization of the markets has been used as a disguise for de-regulation.

He moved onto the need for a systemic risk regulatory body. He thinks we need some clarity on what we mean by systemic risk. He does not like the focus on “Too big to fail” and its focus on particular entities. He thinks the focus needs to be key functions in the market not the entity. He would want to isolate these functions in the entity.

Instead of a new regulatory body, he prefers a council of different regulators with different expertise would work better. It is better to have several sentries instead of just one monolithic guard. It would also avoid the conflicts inherent in the mandates of a particular regulator. There is a question of the particular powers of the council and the procedures for the council.

He moved onto the idea of a financial product safety commission. There is an idea that financial products get rated as safe or unsafe. The Commissioner does not like this idea. He draws a line between investment financial products and non-investment financial products. For non-investment products like credit cards and mortgages, the terms are set at the outset. However, with an investment financial product has values that will fluctuate and the risks will change over the course of time.

Investor protection is different than consumer protection. Removing products from a regulatory scheme could result in regulatory arbitrage.

What about a U.S. FSA, a single regulator for all of the financial markets? Commissioner Aguilar has concerns about this model. Could a regulator responsible for keeping financial institutions viable also be aggressive in pursing consumer claims of misdeed against the institution? The Commissioner does not think so. It can also increase systemic risk. If the single regulator gets it wrong, there is no fall back protection or other bodies to step into the gap.

He does like the idea of a single regulator for all of the capital markets. He does not like the split between the CFTC and SEC with the regulation of derivatives separate from the regulation of the underlying securities.

He advocates self-funding the SEC. He alludes to reductions in the budget of the SEC has affected the effectiveness of the SEC.

The Commissioner think the staff of the SEC has been unduly tarnished.

After his speech, the Commissioner sat down for a fireside chat with Matt Kelley, the Editor-in-Chief of Compliance Week, taking questions from the audience.

He expects enforcement to be quicker than in the past.

He went back to the self-funding part of this speech. He compares the big staff of the FDIC to the SEC. The FDIC has more people and keeps tabs on fewer institutions. The SEC needs more resources.

It sounds like the IFRS may be a lesser priority under the new administration.

It was a nice speech and chat by the Commissioner.

(These notes are taken live, so I apologize if I left out anything or misquoted someone. Please forgive any typos or grammatical errors.)