Chief Compliance Officers (“CCOs”) play an important role in registered investment adviser firms, as they are responsible for ensuring the firm is developing adequate compliance programs and following its compliance policies and procedures. In the past, the Securities Exchange Commission (“SEC”) has generally avoided second-guessing the professional judgment of CCOs. However, recent SEC enforcement actions show a clear trend towards growing scrutiny over the conduct of CCOs and towards enforcement actions being taken against them.
Two high-profile cases from 2015 illustrate the shift in the SEC’s tone towards CCOs. First, in an April enforcement action against BlackRock Advisors the SEC charged the firm with failing to disclose the outside business interests of one of the firm’s portfolio managers to its board of directors or advisory clients, as well as failing to adopt any policies and procedures addressing outside business activities. In addition, the SEC also charged the then-CCO for causing BlackRock’s compliance-related violations by failing to ensure the firm adopted the required policies and procedures. BlackRock settled the charges with a $12 million penalty, while the then-CCO paid $60,000.
In a June enforcement action against SFX Financial Advisory Management Enterprises Inc., the firm’s president was charged with stealing $670,000 in client funds over a five-year period. The SEC separately charged SFX and its CCO for failing to supervise the president, failing to conduct annual compliance reviews, and making a false statement in a Form ADV filing. The SEC found that the CCO was responsible for some of SFX’s compliance failures because he had negligently failed to conduct reviews of cash flows in client accounts as required by the firm’s policies and he had not performed an annual compliance review. SFX paid $150,000 and the CCO paid $25,000 to settle the charges.
These high-profile cases did not go unnoticed in the financial services industry, with then-Commissioner Daniel Gallagher expressing concern over the “trend towards strict liability for CCOs under Rule 206(4)-7.” He pointed out that both the above cases had held the CCO responsible for the implementation of the firms’ policies and procedures, while Rule 206(4)-7 only charges them with administering the firms’ policies and procedures. He noted that “at the end of the day, ultimate responsibility for implementation of policies and procedures rests with the adviser itself.”
It is true that Rule 206(4)-7 requires each registered investment adviser to appoint a CCO who is responsible for administering the firm’s adopted compliance policies and procedures. In the SEC’s Adopting Release for Rule 206(4)-7, the SEC noted that the CCO should be “competent and knowledgeable,” should be “empowered with full responsibility and authority to develop and enforce” the firm’s policies and procedures, and should have a “position of sufficient seniority and authority” within the firm to compel others to adhere to those policies and procedures.
However, the SEC has stated that being the CCO does not, in and of itself, carry supervisory responsibilities, and that a CCO would not necessarily be subject to a sanction by the SEC for failing to supervise another person. To the extent a CCO does have supervisory responsibilities, he or she can rely on the defense provided in Section 203(e)(6) of the Investment Advisers Act of 1940. Section 203(e)(6) states that a person shall not be deemed to have failed to reasonably supervise another person if: 1) the RIA had adopted procedures reasonably designed to prevent and detect violations of the federal securities laws; 2) the RIA had a system in place for applying the procedures; and 3) the supervising person had reasonably discharged his supervisory responsibilities in accordance with the procedures and had no reason to believe the supervised person was not complying with the procedures.
Therefore, in order to avoid liability and enforcement sanctions under increasing SEC scrutiny, it is important that CCOs ensure that the firm has adopted robust and meaningful policies and procedures that are closely tailored to the firm’s activities. Merely adopting boilerplate compliance manuals which fail to take into account the particular business practices of a specific firm and its unique risks and conflicts of interest is insufficient. In addition, CCOs should take a proactive approach in implementing and enforcing these policies and procedures, as well as in conducting annual reviews and resolving any potential problems that may arise.
Parker MacIntyre provides legal and compliance services to investment advisers, broker dealers, registered representatives, hedge funds, and issuers of securities, among others. Our regulatory practice group assists financial service providers with complex issues that arise in the course of their business, including complying with federal and state laws and rules. Please visit our website for more information.