On October 14, 2015, Buddy Donohue, a former Director of the SEC’s Division of Investment Management (the SEC Office that develops Rules for Investment Advisers and Investment Companies), and currently the SEC’s Chief of Staff (the senior adviser to Chair Mary Jo White on all policy, management, and regulatory issues) gave a speech to the NRS Annual Conference which I found particularly interesting.
On the heels of the 75th Anniversary of the 1940 Acts, I had been thinking about the changes we have seen in the financial services industry and that practitioners of regulatory compliance were truly recognized as professionals, starting with the Compliance Programs Rules back in 2004, and now, comments on the issue of CCO liability.
For those of us who were around in 2004 when the Programs Rules were adopted and required every registered Investment Adviser to designate a Chief Compliance Officer, we were not really sure what that would mean to the firms and to the CCOs. We heard talk that the CCO would be responsible for all compliance at the adviser and would have a target on his/her back, which obviously scared many of us. To encourage individuals to accept the CCO role, the SEC staff indicated in speeches that, in fact, the CCO would be the SEC’s new best friend at the adviser and would keep the SEC informed about problems in the trenches.
Needless to say, firms were not happy to hear that, and suddenly, the CCO was a pariah and excluded from meetings in which the firm discussed its problems.
Over the past few years, we have had a kind of truce where CCOs were generally only liable when they were the cause of the problem, were aware of the problem, and didn’t fix it, or when the CCO did not recognize the problem and had not addressed it at all. Donohue indicated that the SEC staff understood the challenges we faced and were trying to help us by being more transparent, such as disclosing to us the SEC’s annual examination priorities, providing us with Risk Alerts when problems arose or particular issues heated up, and giving Guidance Updates to suggest how some of these issues could be addressed. Donohue discussed situations in which the CCO had liability, where adequate policies and procedures were not in place, not adequately designed, or just not adequately implemented. Chair White was quoted as stating that, “Being a CCO obviously does not provide immunity from liability, but neither should our enforcement actions be seen by conscientious and diligent compliance professionals as a threat. We do not bring cases based on second guessing compliance officers’ good faith judgments, but rather when their actions or inactions cross a clear line that deserve sanction.” So an error in judgement would only result in a deficiency letter, not an enforcement action unless, of course, the deficiency had been noted in a prior examination and not corrected to the SEC’s satisfaction.
According to Donohue, there are generally three scenarios in which staff had recommended enforcement action against CCOs, when they had “(1) affirmatively participated in the misconduct; (2) helped mislead regulators; or (3) had clear responsibility to implement compliance programs and policies and wholly failed to carry out that responsibility.”
Recent thoughts from the SEC’s Chief of Staff for the consideration of CCOs:
A. Laws, Regulations and other Requirements
CCOs need to have knowledge of the Rules and Regulations applying to the firm and its activities, any exemptive orders or no-action letters upon which the firm relies, and the requirements of the various regulatory regimes in the jurisdictions in which the firm operates.
B. Organization and Operations of the Firm
CCOs need to develop a deep understanding of the firm, its structure, and internal operations. They also need to develop a working knowledge of how the different areas of the firm interacted with other areas of the firm, and the individual responsible for each area.
C. Conflicts of Interest
CCOs need to have a clear understanding of how the firm identifies all of the conflicts of interest that might exist; how frequently potential conflicts are reviewed; and, when conflicts do exist, how they are resolved and by whom. If the conflict is mitigated but not eliminated, is the residual risk acceptable to the firm, or is additional action required. If the resolution requires disclosure, who drafts the disclosure, and how and when is it effectively communicated to clients.
D. Clients of the Firm
To effectively discharge responsibilities, CCOs need to develop a detailed understanding of who the clients of the firm are and what products and services are being provided to them by the firm. Reviewing offering and sales materials and related documents on a regular basis is necessary.
E. Compliance and Other Systems
CCOs need to develop a deep understanding of the compliance and other technology platforms utilized by the firm and appreciate the implications they pose for
developing and implementing a robust compliance program. Great procedures need to be able to be implemented within the constraints of the compliance system and other systems of the firm. CCOs need an understanding and appreciation for key dependencies of programs and the firm.
F. Policies and Procedures
CCOs need to have a detailed knowledge of the policies and procedures of the firm and an appreciation of how they address the identified conflicts and are monitored, as well as their interaction with each other and the intended goal for each.
G. Markets and Business Practices
CCOs need to develop an understanding of the various markets in which the firm operates, including any specific practices in those markets, and areas that might raise concerns. A detailed understanding of the types of investment products and strategies involved and their potential issues is essential.
H. Culture of the Firm
CCOs need to grasp the culture of the firm, insist that the client comes first, and that the firm will endeavor to “do the right thing,” rather than fostering a culture of “can I do this?” The firm also needs to devote sufficient resources to compliance and empower the CCO to provide the proper stature to the compliance area and its critical mission.
I. What DON’T I know?
It is important that CCOs have an appreciation for what they don’t know or recognize when relying on the knowledge or expertise of others. This involves constantly challenging yourself and your colleagues to identify potential risks and to create an environment of open communication and freedom to ask the tough questions.
I think we need to pay attention to speeches from the thought leaders at the SEC. Yes, the views expressed are those of the speaker and do not necessarily reflect the views of the Commission or of the speaker’s colleagues on the staff of the Commission, but there is typically a reason why someone reaches that level in government, and having similar views to those in control is an overwhelming factor. It is definitely to our benefit to heed the words of advice coming from those sources.