Andrew Ceresney said the SEC targets only CCOs ‘directly involved in fraudulent activity.’

Chief compliance officers prepare for closer SEC scrutiny

SEC officials say nothing has changed about the way they view chief compliance officers at money management firms, but CCO groups say members are feeling vulnerable and are bracing for more scrutiny and possible enforcement actions in 2016.

That could mean changes for institutional investors, who compliance experts say should be paying closer attention and stepping up their own due diligence.

“The regulators aren't changing the role of the compliance officer, which is to identify risks and help direct the organization's response. But the regulators are increasingly willing to articulate their expectations about the role and to enforce failures to meet their expectations,” said Deborah Prutzman, founder and CEO of The Regulatory Fundamentals Group LLC, New York, which helps institutions stay up to date on investment-related compliance and regulatory requirements.

“I do think that the SEC's oversight of compliance officers is changing in tone,” said Karen Barr, president and CEO of the Investment Adviser Association in Washington. “Now I think the tone has turned a little more skeptical.''

A few high-profile cases in 2015 underscore the point.

In April, the Securities and Exchange Commission charged a BlackRock (BLK) Advisers LLC compliance officer with failing to disclose a top-performing portfolio manager's outside business interests to its board of directors and to clients, and for not having policies to address outside activities of employees. BlackRock settled the charges and paid a $12 million penalty, while then-Chief Compliance Officer Bartholomew Battista paid $60,000.

In June, the SEC charged SFX Financial Advisory Management Enterprises Inc. and its chief compliance officer with failing to implement policies designed to prevent the misappropriation of client assets, failing to conduct annual reviews, and filing a misstatement in a Form ADV filing. SFX paid $150,000 and CCO Eugene Mason paid $25,000 to settle the case. Charges also were filed against former SFX President Brian Ourand, who was accused by the agency of stealing client funds over a five-year period. A decision is pending.

The two cases troubled then-Commissioner Daniel Gallagher enough to prompt the only written dissents of his tenure. Mr. Gallagher voiced concern over what he saw as an agency trend of holding chief compliance officers liable in situations that he considers Monday morning quarterback judgments of how things could have been handled differently.

“We need these folks in there, trying their best, not just running away because they're concerned about liability. To disincentive this is really wrong,” Mr. Gallagher, now president of Washington-based financial services consultant Patomak Global Partners, said in an interview.

"Crossed a clear line'

SEC Enforcement Director Andrew Ceresney said there is no trend and no second-guessing of a chief compliance officer's professional judgment.

“Rather, we have brought actions when there was a wholesale failure to develop such policies or to implement them,” he said in a November speech to the National Society of Compliance Professionals that was meant to address compliance officers' concerns. Of more than 8,000 enforcement actions since 2003, only five were against individuals with CCO-only titles at money manager firms, absent other issues, he said.

“We look hard at the facts and fairness concerns in each case. The overwhelming majority of the cases we bring involve CCOs who crossed a clear line by engaging in affirmative misconduct or obstructing regulators, or who wore multiple hats,” he said in the speech. “There has been no change in our long-standing careful and measured approach to determining whether we should charge a CCO.” The SEC brings cases against CCOs, he said, “when they are directly involved in fraudulent activity or other conduct that harms investors.”

In fact, Mr. Ceresney said, recent SEC enforcement actions should serve to bolster the CCO's role, by demonstrating the need for adequate compliance resources, cooperation and transparency within a firm.

NSCP officials have sought to raise their concerns about “liability by hindsight” in cases where the compliance officer might or should have known of ways to prevent a violation.

“Increasingly, the liability standard being applied is one of simple negligence,” NSCP Executive Director Lisa Crossley wrote to Mr. Ceresney in August.

“I think the anxiety level is up,” said Ms. Barr of the Investment Advisers Association. “The concern really is how do you attract the best and brightest to be compliance officers? You don't want to chill good people from this very important job.”

At the heart of compliance officers' concern is pursuit of enforcement actions under what is called the “Compliance Rule,” or Rule 206(4)-7 of the Investment Advisers Act, which requires registered investment advisers to adopt and implement written policies and procedures designed to prevent violations.

The rule “is not a model of clarity,” said Mr. Gallagher, who warns that continued uncertainty could discourage investment firms' compliance officers from assuming those roles.

“It's high time for the commission to provide more guidance instead of allowing the enforcement staff to go out and create policy. As a policy matter, it's a tragic misreading of the rule. Unless someone calls for change, chief compliance officers are going to have a bull's-eye on their backs.”

Problems could go unchecked

With reputational risk a key concern, Mr. Gallagher worries that more scrutiny of compliance officers by enforcement officials could backfire for the agency, which examines less than 10% of investment advisers annually. The fear is that if the pool of compliance professionals shrinks, problems could go unchecked.

The growing scrutiny of money managers' compliance programs also is drawingthe attention of more institutional investors, who “are becoming much more attuned to the quality of compliance programs,” Ms. Prutzman said. ”They recognize they can't check up on every rule and regulation. Instead, they are focusing on how to take the pulse of the (money manager's) compliance program.”

Ms. Barr agreed. “A lot of clients are asking for extensive presentations on that,” she said. ”The CCO is frequently part of the due diligence presentation.”

Todd Cipperman of Cipperman Compliance Services in Wayne, Pa., predicts that a major investor could try to sue a chief compliance officer, in light of recent SEC actions and speeches. “It is very unsettling when SEC officials say that the CCO's job is to protect investors. The rule requires a CCO to implement reasonable policies and procedures so that a firm complies with securities laws. Neither the SEC nor Congress has mandated that a CCO's job is to protect investors. I think that takes a CCO's liability too far.”

Third-party compliance

Things could get more interesting in 2016 if the SEC finishes work on a proposed program that would require third-party compliance reviews for money managers.

“A lot will depend on the specifics of how the program is adopted and implemented. It might be a great thing for investors, or it might not,” Ms. Prutzman said.

However exams are handled, investors need to complete due diligence on compliance programs just as much as they complete due diligence on investment returns and other operational areas, she said.

So far, SEC officials “have been keeping their cards close to the vest” on how third-party compliance reviews would work, said Ms. Barr of the Investment Advisers Association, “And that's just from the SEC.”

With additional rules for compliance professionals expected from the industry's self regulatory organization, Financial Industry Regulatory Authority as well as U.S. and European regulators, “it's going to be an incredibly busy year for the compliance industry,” she said. n

This article originally appeared in the January 11, 2016 print issue as, "Chief compliance officers prepare for closer SEC scrutiny".