Now that you’ve seen what ACA Insight has to offer, don’t be without it. Subscribe now!

The weekly news source for investment management legal and compliance professionals

Current subscribers - please log in to the website in the upper right-hand corner

News November 5, 2012 Issue

OCIE Chief Drills Down on Conflicts of Interest

Got conflicts of interest? Of course you do.

How to handle them and which conflicts are of particular interest to regulators took center stage on October 22, when OCIE director Carlo di Florio devoted his entire remarks to the subject in a speech before an audience of compliance professionals at the National Society of Compliance Professionals national meeting.

Regulatorsí interest in conflicts of interest.

Why do regulators care so much about conflicts? Because as part of the SEC National Examination Programís (NEP) risk-based approach, the SEC staff has identified conflicts of interest as a key area for risk analysis, said di Florio.

This is based on the long experience of the exam program, he said. In that experience, conflicts of interest that are not eliminated or properly mitigated are a leading indicator of significant regulatory issues for individual firms.

Accordingly, a focus on conflicts of interest is an integral part of the assessment of which firms to examine, what issues to focus on, and how closely to scrutinize, said di Florio.

What is a "conflict of interest"?

It is hardly a term of art, he said. Simply put, a conflict of interest is a scenario where a person or firm has an incentive to serve one interest at the expense of another interest or obligation. This might mean serving the interest of the firm over that of a client, or serving the interest of one client over other clients, or an employee or group of employees serving their own interests over those of the firm or its clients.

"Just about any bad behavior can be explained in terms of conflicts of interest," said di Florio.

The role of ethical decision-making.

How a firm handles those conflicts raises the issues of what is the right thing to do as a matter of law and ethical decision-making.

Strong ethics go hand-in-hand with strong compliance controls for conflicts of interest, said di Florio. Think of ethics as the white blood cell immune system that controls the "viruses" of conflicts of interest, he said.

Just like viruses, conflicts can mutate, and if not neutralized or eliminated, can do mortal damage. Especially when combined with the wrong culture and incentives, conflicts of interest can do great harm, said di Florio.

When people or firms make decisions that may be technically within the letter of the law, but are not in keeping with the spirit of the law and are hard to explain to the constituencies with which they must keep faith Ė such as customers, creditors, investors, or employees Ė this can be fatally damaging to a firmís reputation, said di Florio.

"The types of conflicts that I find most challenging are situations where people who profess to be ethical and clear-thinking are led astray by cultural pressure (poor tone at the top), misaligned financial incentives, herd behavior (everybody else is doing it), or just personal weaknesses Ėvanity, self-delusion or poor judgment," he said.

The best antidote for this type of conflict is a strong ethics program for the organization, as well as a strong internalized sense of ethics by everyone in an organization, manifested in their ability Ė especially executives, business managers, compliance officers and lawyers Ė to think independently, rigorously, and objectively.

Just as business is changing and dynamic, compliance programs must be as well to meet the new conflicts that are constantly arising.

Firms need to be very disciplined in continually searching for new conflicts and working through how to address them. In addition, approaches to remediating existing conflicts may also require regular reconsideration as circumstances change.

Failure to manage conflicts of interest has been a continuing theme of financial crises and scandals since before the inception of the federal securities laws, he said. From the early 1930s through the financial crisis in 2008, uncontrolled conflicts of interest have lead to crisis.

The financial crisis of 2008 could itself be the basis of a seminar on conflicts of interest. The crisis exposed apparent conflicts of interest in many areas, particularly in the production and sale of mortgage-backed securities, and among credit rating agencies that rated these instruments.

Even since the financial crisis, another illustration of the problems that arise from poorly controlled conflicts of interest arose just this past summer, when Barclays Bank entered into civil and criminal settlements with U.S. and U.K. officials in which it admitted to misconduct related to possible collusion to fix the benchmark London Interbank Offered Rate ("LIBOR").

Regulators are vigilant for new conflicts, too.

It is important to recognize that regulators also have an obligation to be diligent about identifying and addressing conflicts of interest as they emerge, said di Florio. When the examination program identifies conduct that may create new risks for the industry, OCIE shares those concerns so that senior management, compliance and risk managers are not taken by surprise.

OCIE communicates key risks such as conflicts through Risk Alerts, which also share effective risk management practices that the staff has observed. The effective practices the staff describes in a risk alert are for informational purposes, he said, and do not represent new legal or regulatory requirements.

OCIEís current conflicts of interest focus.

Current, high-priority conflicts the staff focuses on in examinations include:

  • Compensation-related conflicts and incentives, including incentives to place investors in accounts with fee structures that are high relative to the services provided, such as certain investment adviser or wrap fee accounts;
  • Portfolio management-related conflicts:
    - Investment advisers that prefer one client over another when managing multiple accounts side-by-side, due to financial incentives or personal relationships;
    - Portfolio management activities by fund advisers that involve risks beyond the risk tolerance levels or stated objectives in the prospectus, such as overconcentration in a single issuer or sector, purchasing illiquid securities that appear to deliver higher returns, or a mismatch of fund liquidity to an expectation of fund redemptions;
  • Affiliations between investment advisers and broker-dealers:
    - Whether the client is put into an IA or BD account and the incentives associated with that decision;
    - Incentives of an investment adviser to use an affiliated broker-dealer for executing a clientís trade even though the price or other terms of the execution are substandard;
  • Valuation:
    - Incentives of investment advisers and broker-dealers to provide high marks in pricing relatively illiquid positions; and
    - Inflating valuations to attract investors and charge more fees.

Conflicts of interest are at the heart of many cases that the Commission brings on a routine basis. For example, the SEC recently brought two conflicts-related actions against advisers. In a settled administrative proceeding against Focus Point Solutions and the H Group, two Oregon-based investment advisory firms and their owner failed to disclose compensation through a revenue-sharing agreement and other potential conflicts of interest to clients.

In an action against a former $1 billion hedge fund advisory firm, Yorkville Advisors, and two of its executives, the SEC charged the three with "scheming to overvalue assets under management and exaggerate the reported returns of hedge funds they managed in order to hide losses and increase the fees collected from investors."

di Florio noted that Yorkville is the latest of seven cases that the Commission has brought from its Aberrational Performance Inquiry, an initiative in which the staff uses proprietary risk analytics to identify hedge funds with suspicious returns. He said the analysis of abberational performance has been a very effective tool for the SEC in uncovering wrongdoing.

Effective Practices for Managing Conflicts of Interest.

Effective conflicts risk governance includes three broad considerations, said di Florio. Firms must have an effective process to identify and manage conflicts of interest. Firms must maintain a good compliance and ethics program. And firms must fully integrate the process for addressing conflicts of interest in the firmís overall risk governance structure, said di Florio.

1. Effective process.

First, a firm must have an effective process, led by a cross-functional leadership team, to identify and understand all conflicts in the business model. This includes a recognition that conflicts are dynamic, and while continually scanning for new conflicts, existing conflicts must be revisited periodically to determine if they are still being appropriately controlled in light of new business circumstances, changing customer profiles, new regulatory obligations, etc.

For instance, OCIE has observed instances where firm programs lagged behind new business strategies that created new sources of MNPI. While the business model evolved, the control framework did not and that exposed these firms to significant risks.

It is also important to risk-assess and prioritize which conflicts of interest present the greatest risk to the organization so that resources can be allocated accordingly to mitigate and manage those conflicts effectively both from a compliance risk and reputation risk perspective.

2. A good compliance and ethics program.

Adequate and effective compliance and supervisory policies and procedures must include processes to identify, assess, mitigate and manage conflicts of interest.

The U.S. Federal Sentencing Guidelines ("Guidelines") since 2004 have provided helpful guidance on many of the key elements of an effective compliance program. The 2004 and 2010 amendments to the Guidelines explicitly require an effective compliance and ethics program as a mitigating factor in determining criminal sentences for corporations, said di Florio.

The Guidelines list seven factors that are minimally required:

  • Standards and procedures. Developing a strong process for identifying and managing conflicts of interest is a key means of preventing and detecting not just criminal conduct, but other behavior that may create regulatory or reputational risks for the business. Since new conflicts of interest can arise rapidly as a business grows and evolves, they may become apparent to front-line employees before they come to the attention of more senior managers or control functions. As a result, communications about standards and procedures are also an opportunity to emphasize to all employees the importance of their role in recognizing new conflicts of interest, and their responsibility to elevate such conflicts to appropriate control functions. Some firms enhance this process by including conflicts assessment within other processes, such as new product or business approval, conduct customer surveys for potential conflicts, or conduct periodic or ad hoc self-assessments of their business practices.
  • Oversight. It is important for the firmís board of directors and senior management to be knowledgeable about the content and operation of the firmís compliance and ethics program and exercise reasonable oversight with respect to its implementation and effectiveness. Some firms establish standing committees, composed of senior executives and senior control personnel, to focus on conflicts assessment.
  • Leadership consistent with effective ethics and compliance program. Business unit heads or senior managers must demonstrate a commitment to proactively identifying and remediating conflicts of interest in the business model of the organization.
  • Education and Training. Periodic education and training for everyone at a firm about the firmís compliance and ethics program, including its standards and procedures for implementing the program, is critical. This training and education should include communications about the responsibilities of everyone in the organization regarding identifying, escalating and remediating conflicts of interest. It should be tailored to specific conflicts in the business model and clearly set forth the governance, risk management and compliance procedures to mitigate and manage these conflicts.
  • Auditing and Monitoring. Firms must take reasonable steps to ensure that the compliance and ethics program is followed, including monitoring and auditing, as well as periodic testing of the effectiveness of the program, and to have and publicize a system by which employees and agents of the organization can report or seek guidance regarding potential criminal conduct without fear of retaliation.
  • Incentives and discipline. A firm should have appropriate incentives supporting the compliance and ethics program, and appropriate disciplinary measures for failing to take reasonable steps to prevent or detect criminal conduct.
  • Response and prevention. Firms must take reasonable steps to respond to any criminal conduct and to prevent its recurrence, including making any necessary modifications to the firmís compliance and ethics program. Some firms go further, not only analyzing their weaknesses, but also considering issues identified at other firms so that the same problems do not happen at their establishment.

3. Full integration of conflicts assessment, mitigation and resolution.

Finally, the process for addressing conflicts of interest should be fully integrated in the firmís overall risk governance structure, said di Florio. The business itself is the first line of defense in managing conflicts and other risks in accordance with the firmís risk appetite.

Key risk and control functions, such as compliance, ethics and risk management, are the second line of defense. These functions require adequate resources, independence, standing and authority to implement effective programs and objectively monitor and escalate conflicts of interest and other risk issues.

Internal Audit is the third line of defense and is responsible for providing independent verification and assurance that controls are in place and operating effectively to address conflicts of interest.

Finally, senior management and the board of directors need to be engaged.

Takeaways for senior management and independent directors.

"I believe that your role in conflicts management and ensuring a culture of compliance and ethics is critically important," said di Florio, addressing senior management.

At the end of the day, managing conflicts is much more than just having a strong compliance program, although that is obviously critical. It also requires establishing a culture that, regardless of regulatory requirements, does not tolerate conduct that casts doubt on the organizationís commitment to high ethical standards, and that values the firmís long-term reputation over any possible short-term benefit from exploiting its clients or customers.

Former SEC Chairman Richard Breeden said it best when he stated that "[i]t is not an adequate ethical standard to aspire to get through the day without being indicted."

In addition, while it is undoubtedly helpful to have certain individuals or groups who are tasked with specific roles regarding mitigating conflicts, the responsibility of everyone in the organization to identify conflicts and see that they are managed appropriately should always be emphasized. "As leaders in your organizations," di Florio said to the crowd, "that responsibility starts with you."

Finally, it is important to think proactively when it comes to conflicts of interest. As I mentioned earlier, in the financial services industry, and likely in other types of organizations as well, conflicts of interest are continually arising in new forms that need to be addressed aggressively and with vision and foresight. Where conflicts of interest are concerned, eternal vigilance and independent oversight are warranted in order to protect an institutionís reputation and brand.