On October 22, 2012, Carlo V. di Florio, the Director of the Office of Compliance Inspections and Examinations (“OCIE”) of the SEC, delivered a speech to the National Society of Compliance Professionals about the significant role that identifying and monitoring conflicts of interest must play in the design and implementation of an effective compliance and ethics program. He began by explaining that based on historical events and the experience of the SEC’s National Exam Program, conflicts of interest “are a leading indicator of significant regulatory issues for individual firms, and sometimes even systemic risk for the entire financial system” and, therefore, the SEC and other regulators are particularly focused on risk management and risk controls within a firm to identify and manage such conflicts of interest. For further details on the SEC’s National Exam Program, please see the November 27, 2012 Investment Management Regulatory Update.
Di Florio identified the following types of conflicts of interest as currently being high priorities for SEC examinations: (i) compensation-related conflicts and incentives, (ii) portfolio management-related conflicts, (iii) affiliations between investment advisers and broker-dealers, (iv) valuation, (v) transfer agent conflicts and (vi) exchange conflicts. (It should be noted that the OCIE recently announced that it will be conducting “checkup” examinations, officially called Corrective Action Reviews, which will involve revisiting firms, likely without warning, roughly six to 10 months after an initial examination to determine whether deficiencies noted have been, or are in the process of being, corrected.)
In order for firms to assess and mitigate conflicts of interest, di Florio suggested that firms focus on three broad considerations. The first consideration is that a firm needs to have an effective process, led by a cross-functional leadership team, to identify and understand all conflicts in its business model. This process must include understanding the conflicts both in terms of their business implications and in relation to the relevant legal standards, as well as recognizing that conflicts are dynamic and the controls that are in place must be periodically reviewed to ensure they continue to be effective in mitigating such identified conflicts.
The second consideration is that a firm must have a good compliance and ethics program tailored to the particular firm. Di Florio referenced the U.S. Federal Sentencing Guidelines as providing helpful guidance on many of the key elements of an effective compliance program, including: standards and procedures, oversight, leadership, education and training, auditing and monitoring, incentives and discipline, and response and prevention.
The third consideration is that the process for addressing conflicts of interest must be fully integrated in a firm’s overall risk governance structure. Di Florio said that a firm’s business unit should act as the first line of defense in being aware of and managing conflicts of interest and that the firm’s risk and control functions (such as those set out in the firm’s compliance program) should act as the second line of defense. Internal auditors should act as an independent third line of defense and, importantly, senior management and the board of directors must be engaged throughout the process.