In May 2010, the Securities and Exchange Commission named Jeff Heslop the agency’s first-ever chief operating officer for information technology, financial reporting and records management, and more recently expanded his oversight to include the offices of Human Resources, Administrative Services and the Executive Director. Heslop came to the SEC from Capital One Financial Corp., where he was responsible for the company’s information and resiliency risk management. Prior to corporate life, he served in the United States Army from 1976 to 1998, rising to the rank of lieutenant colonel. From 1992 to 1994, he was an assistant director of the Army Pentagon staff, and later was battalion commander and professor of military science at the University of Richmond ROTC program. Heslop’s boss at the SEC, Mary Schapiro, had this to say about the new role of COO: “The creation of the chief operating officer position will enhance our ongoing effort to refocus our resources and make this agency more efficient and effective.”
Jeff Heslop
Why was the SEC’s COO role was created?
Over the past decade, there had been a significant lack of investment in what I’ll call the back-office machinery of the SEC. Over time this resulted in a number of operational weaknesses, principally in financial management and information technology, that were highlighted by internal and external audits. The chairman was deeply committed to addressing the issues and moving the organization to a well-controlled, well-managed state that operated smoothly and efficiently. The creation of the COO role to drive those changes was one of the many things she has done in this regard.
Organizationally, where do you sit in the SEC hierarchy?
I report directly to the chairman, and I meet periodically with the other commissioners.…I take input from each one of the commissioners on how they view the operational priorities. We have a collegial and cooperative working relationship. I also work directly with the division and office heads on a daily basis.
What career roles have best prepared you for this challenge?
There are parts of my career that stand out. My military career certainly taught me a lot about people and organizational leadership. It also provided a certain amount of mental toughness in dealing with very challenging situations. During my stint in the military, in addition to troop leadership, I was an operations research analyst, an organizational development consultant and a personnel force structure analyst. Those roles helped hone my skills in organizational assessment and analysis. I was a “mini” chief of staff for the Army’s chief of staff at the Pentagon, and that experience certainly gave me some tools and insights into working at the C-suite level. I was head of the ROTC program for central Virginia and leveraged that experience to develop a corporate university when I entered the private sector, and both roles continued to enhance my background in training and professional development. I then moved on to be chief of staff to the CIO of Capital One, and that role enabled me to develop a deep understanding of IT operations in large organizations. Finally, I became the overseer of both information and operational risk management in a Fortune 100 environment. If you round out the sum total of my experience, I shouldn’t find myself too far from some familiar ground in the coming months and years here at the SEC.
Your CV has prepared you for significant challenges. What do you expect will be the most difficult aspect of your job here?
You are right, based on my background, I do believe this is the most challenging assignment I have encountered. For instance, there were similar challenges that the military faced during my tenure there. At the time I served—between 1976 and 1998—it was abundantly clear that we didn’t want to send soldiers into battle with insufficient resources and tools. Our soldiers faced a genuine threat, and we all wanted them fully prepared and equipped with absolutely the best available equipment to defeat the opposition. Making the case for that was comparatively easy; it’s much more challenging to gain investment approval to equip the SEC with state-of-the-art equipment to combat securities fraud, as the general populace is not as familiar with the threat or the resources needed to combat it. Compared to civilian government, the private sector also has advantages—primarily not encountering the bureaucratic processes and the length of time required to make something important happen. In the private sector you can move with more agility to address the situation you are faced with. At the SEC, I’m convinced we are not equipping our people with the latest and greatest technologies to take on some really sophisticated bad guys, and we face external constraints to organize them in the most efficient and effective manner. It’s a bit like sending a battalion equipped with bows and arrows off to fight more than a few heavily armored enemy divisions—the prospects for victory are not good. I worry a lot about that.
What are some of your short- and long-term goals for the operations area?
My overarching goal is and will be to systemically redesign our infrastructure organization to effectively support the Commission’s mission. That involves improving the customer experience, improving resiliency, developing clear information systems architecture that takes advantage of a commercial off-the-shelf approach versus custom development, and significantly improving the morale of the organization. Of near-term importance, getting the back of the house under effective management control is paramount. Building a very transparent, metrics-based management approach to operate the organization, and at the end of the day reporting those metrics in a public way to demonstrate how much our service has improved, is also a high priority.
How do you measure success?
We’ve got to be able to self-identify and self-correct our risks, as opposed to relying on other stakeholders to point them out to us, i.e., the [Office of the Inspector General] or the GAO. That will require developing a control culture, if you will, where managers understand they’re accountable and responsible for controls, and that it’s up to them make sure those controls are operating effectively and take positive action when they are not. A key component of moving to a well-controlled state involves those famous buzzwords, business process redesign. This will require a high level of change at the Commission. I’ve been astonished at the lack of 21st-century business processes, which explains why I frequently run into something I did not expect to encounter—heavily manual, paper-based processes, which are expensive, inefficient, two decades old and absent any coherent control environment. A quick illustration: last January, we had over 900 invoices that were 30-plus days in arrears, and your tax dollar and mine was footing the bill for interest on late payments. Our vendors submitted a hard-copy invoice, which had to be recopied for further distribution from one person to another—all by mail, by the way—and it would be returned with signatures and finally the invoice would be paid. I stumble onto processes like that every day. So, at the end of the day, I’ll consider us successful when we’re held out as a beacon by both our internal and external stakeholders as an example of a well-managed, wellcontrolled, efficient and effective government agency.
What areas will you be focusing on as you turn these infrastructure and organizational problems into solutions?
In a word, investment. Investment in our core competencies. And the corollary will be to disinvest in those things that are not core. For example, we don’t need to be in the real estate leasing business, or to be in the internal financial reporting processing business. We need to move those functions to organizations that do that professionally for a living. As examples, we’re moving our financial reporting system to a federal shared service provider that manages financial management processes for a number of government agencies, and has a core competence in the field and benefits from economies of scale. We’re moving our leasing operation to GSA—again, they have a core competence here and can do it much more effectively and efficiently. On the other hand, our infrastructure is woefully outdated. We have teed up a number of “spend to save” initiatives, where moving to industry-standard technology platforms and business processes will have a dramatic return on investment once we have the funding that will allow us to obtain them. Secondly—but not secondarily—we must get our data under control. For better or worse, previously each individual SEC office or division had a certain amount of autonomy in this area—if they needed data to do their jobs, they’d go out and purchase or obtain it independently. That means, in even a short time, a lot of redundant data, in varying degrees of quality, starts coming into the organization in an unmanaged approach. People did not have sophisticated training to know how to use it, it certainly wasn’t shared, and data quality was not maintained. Our data must be seen as a ubiquitous enterprise asset versus stovepiped, individual divisional resource, and we need to establish a governance and quality control structure to manage it much more effectively.
There is great emphasis on expense cuts on the Hill, some of it aimed at the SEC. Will cost savings be a part of your mission? Yes, and for a very good reason. Cost efficiencies will be harvested and reinvested into our operations budget where infrastructure improvement is needed. In an environment where our annual appropriation is flat year over year, generating internal cost efficiency is key to making room for desperately needed infrastructure improvements.
What about the people side of the equation?
It is a top priority. For instance, morale in the back of the house organization was not very good when I arrived. My leadership style is one I learned in the military, where we all put our pants on the same way as everybody else in the organization, versus leading from a distant ivory tower. I spend a lot of time with the staff and listen to them, and one of the things I think is extremely important is that I take closed-loop positive action with the concerns that they raise. While I think I’m gaining credibility for addressing many of the issues the staff faces, where I can’t I try hard to help them understand why I can’t, what the biggerpicture situation is. If nothing else, they know I’m acting on their concerns, and they will get a timely answer.
How do you get the team to be more cohesive?
Accountability from a managerial perspective was not a strong competency of ours; frequently, finger pointing took the place of a meaningful managerial exercise. A big lesson I learned in the Army was the fact that when I’m in a leadership position I feel I’m accountable and responsible for everything my organization does or fails to do. I take that accountability very seriously, and expect my managers to do so for their respective areas. That’s bit of a culture shift for some managers, but gradually they are beginning to recognize that working together to make each other successful, versus pointing fingers at each other, is resulting in positive change in the way we approach our interactions.
Do you think of yourself in broader terms than just your direct responsibilities?
First and foremost, I look at myself as a taxpayer. I don’t want to see my tax dollars wasted, and I welcomed the opportunity to serve my government and try to eliminate waste at every opportunity. I’m committed to pushing the envelope in this regard. There’s tremendous opportunity to transform this organization into one that can create more value in a cost-efficient manner.
What impact will your efforts have on bringing about fundamental reforms at the SEC?
The good news is that operationally, there are remedies that don’t require reinventing the wheel. These solutions lie in very basic, fundamental blocking and tackling improvements to operational management, sound information systems architecture, focus on core competency areas, enhanced communication strategies and enhanced operational training across a larger group of people here. Those more than anything else, in the areas under my responsibility, will have a direct impact on the quality and effectiveness of our programs.
Does your role also include whistleblower actions?
I am very focused on that issue, but I am not directly engaged in the operational execution of the program. My role and goal are to put a strong system in place to deliver on the promise that this effort can provide. To give you some idea of the challenge and the opportunity, previously, whistleblower tips would come from any number of sources and be processed manually. Applying technology to improve the processing of the information flow has greatly improved our ability to respond to the tips we are receiving.
How will that work in the day-to-day world?
For tips, complaints and referrals more generally, the system is in place and working well. As we’ve gained experience with it, there are a number of enhancements we intend to make to continue to improve it. As an example, we rely to some degree on manual triage to determine which are the most important and most reliable tips. Moving to an automated expert system to assist with triage will be an important next step.