Top SEC official speaks on how to mitigate conflicts of interest

In a recent post,  we began to discuss a speech given last month by Carlo V. di Florio, Director, Office of Compliance Inspections and Examinations of the Securities and Exchange Commission  – which indeed is a font of COI-related ideas and information with respect to the financial services industry.  In today’s post, I want to consider what aspects of di Florio’s analysis should mean for COI mitigation in other industries.

At the outset, it is noteworthy that di Florio uses a broader (meaning not industry-specific) framework – the Federal Sentencing Guidelines for Organizations – to address COI financial services industry mitigation.  There’s no reason for me to repeat all that he says about each element of the Guidelines, but here are several parts of that discussion – along with my thoughts on how they might be applicable in other industry settings.

– Under standards and procedures he notes: “Since new conflicts of interest can arise rapidly as a business grows and evolves, and may become apparent to front-line employees before they come to the attention of more senior managers or control functions, communications about these standards and procedures are also an opportunity to emphasize to all employees the importance of their role in recognizing new conflicts of interest, and their responsibility to elevate such conflicts to appropriate control functions.”   While particularly important in the financial services setting, di Florio’s basic point here is clearly of wider applicability: given the many ways in which COIs (compared to various other sorts of C&E issues) tend to arise in organizations, having a broad safety net of employee awareness can be key to effective risk mitigation.   (For more information about COI risk assessment see these prior posts.)

– Under oversight DiFlorio states: “in the financial services world, unremediated conflicts of interest are a leading indicator of the types of problems that a compliance and ethics program is intended to root out,” and so he says C&E oversight by  boards of directors and senior managers should include attention to COIs.  Again, financial services firms do have a compelling need in this regard that generally goes somewhat beyond that of other industries (and indeed in a recent interview  di Florio warned:  “Directors need to be engaged in effectively overseeing compliance, and where fraud or other compliance failures occur, that suggest ineffective governance, Enforcement will be focused on that,…”)  But in other contexts, too, directors need to be focused on COIs – as is evidenced most strikingly this past year by the Chesapeake case discussed in prior postings.   Because of the misalignment of interests inherent in COIs, it is not an area where directors can broadly delegate mitigation duties to management.

– Under education and training he notes: “training and other communication should include communication about the responsibilities of everyone in the organization regarding identifying, escalating and remediating conflicts of interest. It should be tailored to specific conflicts in the business model and clearly set forth the governance, risk management and compliance procedures to mitigate and manage these conflicts.” Here, too, di Florio’s basic point transcends the financial industry context, as in all settings a) COI training should be risk relevant, and b) communicating about COI mitigation measures – not only what they are, but showing that they are taken seriously – should be part of any effective compliance regime for this risk area. (For more information on COI training and communications see these posts. )

– Under auditing and monitoring di Florio states, that, among other things, such efforts should include not only checking for violations but also “testing of the effectiveness of the organization’s policies and procedures regarding management of conflicts of interest.” I can think of no reason that this sort of checking should be limited to financial services organizations. (For more information on COI auditing and monitoring see these posts.)

As noted above, the instant post provides only a sampling of what is in the speech, and I  encourage you to read the original.