OCIE Chief Declares New Focus on Enterprise Risk Management
SEC’s Director of the Office of Compliance Inspections and Examinations, Carlo
V. di Florio, recently announced that OCIE will begin to review a firm’s
enterprise risk management during exams.
This ERM focus will examine (a) how business units manage risk, (b)
whether risk management, control and compliance functions are “structured and
resourced to ensure they are effectively embedded in the business process”
including sufficient independence; (c) how senior management ensures effective
oversight; (d) the role of internal audit; and (e) the role of the Board. Mr. di Florio said, “We will incorporate a
strategic dialogue of the enterprise risk management framework into our exams
so we can effectively distinguish the forest from the trees and then dive into
targeted exams in focused risk areas (e.g., products, asset classes, business
units) to test effectiveness.”
OUR TAKE: Moving focus from regulatory compliance to enterprise risk management would significantly alter OCIE’s scope of review. ERM generally encompasses regulatory compliance but also includes business management, operations, technology, liquidity, and markets.