In a recent speech, Carlo di Florio, the SEC’s Director of the SEC’s Office of Compliance Inspections and Examinations, said that the SEC wants to put more compliance responsibility on senior management and boards.  According to Mr. di Florio, the SEC “will focus most intently on firms where we sense that senior management and the board are not setting the appropriate tone and are failing to support key risk and control functions with adequate resources, independence, standing and authority.”  He indicated that “an effective risk governance framework” begins with the business units as the “first line of defense” to manage and supervise risk in accordance with laws.  Compliance serves as a support function.  Then, internal audit should provide independent verification.  He indicated that OCIE will seek “to engage senior management and the board on critical business, risk and regulatory issues.”