Securities regulators are challenged with protecting investors and fostering fair and efficient capital markets. To achieve this, they must propose and implement new rules, monitor compliance and enforce the rules. Failure to manage any of these programs can create significant risk for the regulator. But failure to manage enforcement, in particular, represents unique and heightened risks.

Enforcement activity has the greatest impact on the public’s perception of a regulator’s effectiveness. Public awareness is conveyed primarily through the agency’s enforcement actions. So, an agency’s reputation and enforcement effectiveness are closely related.

The importance of effective capital-markets enforcement has been the subject of recent comment by the federal minister of finance, a former governor of the Bank of Canada, the Task Force to Modernize Securities Legislation in Canada and the Expert Panel on Securities Regulation. Both the task force’s and the expert panel’s reports provide recommendations for improving enforcement and provide compelling arguments for doing so, including that countries with stricter enforcement of securities laws have a lower cost of equities and more liquid capital markets.

Responsibility for enforcing securities laws is divided among many agencies and statutes. The public is predictably confused about the roles of federal and provincial law-enforcement and regulatory agencies, and frustrated by the lack of clear accountability for providing compensation related to investment losses arising from fraud and insolvency.

The public expects regulators to deter wrongdoers, protect investors and administer appropriate and timely penalties. The public has also come to expect that regulators will anticipate and prevent illegal and abusive schemes, effect long-term change in corporate behaviour and provide restitution and compensation.

To meet these expectations, it is critically important that securities regulators ensure that management of enforcement mitigates the risks to success to the greatest degree.

These critical risks to success can be divided into several categories. One is integrated market data, intelligence and analysis. En-forcement information comes from a variety of sources, and much of this information is held in silos both outside and inside the enforcement program. The risk is that something important will be overlooked or lost. The challenge for regulators is to ensure that all data and information become useful intelligence.

Prosecuting the right cases is another critical risk. At its heart is whether the decision to prosecute is being made with appropriate oversight. A decision to prosecute occurs only after a decision is made to open a file and conduct an investigation. The decision to prosecute is critical, and mistakes can have ruinous consequences for the respondent and the regulator. The risk here is that the regulator will not make an appropriate decision; the challenge is permitting appropriate discretion and independence while maintaining clear accountability.

Regulators must also ensure that cases are being prosecuted in a timely manner. Respondents will utilize all legitimate means to test the process and thereby delay case resolution. When cases are brought to a conclusion after lengthy delays, the message that the regulator intended to send is muted by the passage of time. Furthermore, the delay attracts as much criticism as the respondent’s impugned conduct. The risk in increasing delays is diminished public confidence. The challenge is creating innovative procedures, tools and incentives to reduce significantly the time it takes to conclude a prosecution.

Another risk for regulators is determining if their enforcement program is succeeding. Regulators can easily demonstrate the resources, activities and the outputs of the enforcement program, the number of staff, the number of cases heard and the amount of penalties imposed. But if the regulators’ mission is to protect investors and foster fair and efficient markets, how is enforcement’s contribution to that outcome being measured? Regulators must develop credible, quantitative and qualitative performance measures to assess objectively the performance of the enforcement program. Otherwise, the risk is that, again, the public will lose confidence in the regulator.

It must also be determined if enforcement’s priorities are aligned with a regulator’s overall strategic direction. The nature of the enforcement process, the independence of staff conducting investigations and prosecutions, and the need for strict confidentiality concerning individual cases can result in the enforcement program’s isolation from the rest of the agency. This culture of independence can result in misaligned priorities and strategy. The challenge is to ensure enforcement staff are part of the regulatory team and that they support the agency’s priorities and strategic direction.

@page_break@Regulators that maintain a public enforcement program must accept and manage the risk that the program may be, or may appear to be, ineffective. This can lead to a loss of public confidence and support for the agency.

In order to mitigate these risks, regulators should put in place tools, systems and expertise to ensure that: nothing important will be overlooked; the right cases are being prosecuted; cases are being prosecuted in a timely manner; performance is being measured and demonstrated; and enforcement priorities are aligned with overall priorities.

Achieving these results may represent significant cultural and organizational change. However, the cost of failure is also high. Managing the risks will not guarantee that mistakes will not occur, but it will reduce the number of these mistakes — and ensure that they are not repeated. IE



Paul Bourque is an associate partner and leader of securities and regulatory investigations with Deloitte & Touche LLP in Toronto.