The Role of Chief Compliance Officers Must be Supported

Chief Compliance Officers of Investment Advisers (CCOs) play an important and crucial role in fostering integrity in the securities industry. They are responsible for making sure that their firms comply with the rules that apply to their operations. As part of that effort, CCOs typically work with senior corporate leadership to instill a culture of compliance, nurture an environment where employees understand the value of honesty and integrity, and encourage everyone to take compliance issues seriously. CCOs of investment advisers (as with CCOs of other regulated entities) also work to prevent violations from occurring in the first place and, thus, prevent violations from causing harm to the firm, its investors, and market participants. Given the vital role that CCOs play, they need to be supported. Simply stated, the Commission needs capable and honest CCOs to help protect investors and the integrity of the capital markets.

Recently, a fellow Commissioner issued a public dissent in two recent enforcement actions against CCOs of investment advisers. While I respect the views of my fellow Commissioners, based on what I’m hearing from the CCO community, the dissent, and the resulting publicity, has left the impression that the SEC is taking too harsh of an enforcement stance against CCOs, and that CCOs are needlessly under siege from the SEC.

Thus, I am concerned that the recent public dialogue may have unnecessarily created an environment of unwarranted fear in the CCO community. Such an environment is unhelpful, sends the wrong message, and can discourage honest and competent CCOs from doing their work.

In the seven years that I have served as a Commissioner, it has been my experience that the Commission does not bring enforcement actions against CCOs who take their jobs seriously and do their jobs competently, diligently, and in good faith to protect investors. I do not believe that these CCOs should fear the SEC.

Fortunately, most CCOs take their job seriously and are a credit to the compliance community. I have spent a good portion of my career doing what compliance people do. In particular, I spent almost a decade as the general counsel and head of compliance at a global asset management firm. Moreover, in my current role as an SEC Commissioner, and in more than 30 years as a practicing attorney in the securities industry, I have had the opportunity to interact with many CCOs working for fund managers and investment advisers in the private sector and at the Commission. My interactions lead me to conclude that they work diligently to fulfill their obligations.

As a former head of compliance, I would like to provide my views on enforcement actions against CCOs, and why CCOs who put investors first and do their jobs competently, diligently, and in good faith should not worry about being targeted by an SEC enforcement action.

In fact, over the years the Commission has brought relatively few cases targeting CCOs relating solely to their compliance-related activities. In general, the Commission’s enforcement actions against CCOs ebb and flow with the number of cases brought against investment advisers and investment companies. Estimates show the following number of enforcement cases brought against these CCOs, compared to the number of enforcement cases brought against investment advisers and investment companies, between 2009 and 2014:

• 2009—8 out of 76 cases (11%)
• 2010—7 out of 112 cases (6%)
• 2011—14 out of 146 cases (10%)
• 2012—16 out of 147 cases (11%)
• 2013—27 out of 140 cases (19%)
• 2014—8 out of 130 cases (6%)

The vast majority of these cases involved CCOs who “wore more than one hat,” and many of their activities went outside the traditional work of CCOs, such as CCOs that were also founders, sole owners, chief executive officers, chief financial officers, general counsels, chief investment officers, company presidents, partners, directors, majority owners, minority owners, and portfolio managers. Many of these cases also involved compliance personnel who affirmatively participated in the misconduct, misled regulators, or failed entirely to carry out their compliance responsibilities.

Interestingly, the increase in the number of enforcement cases coincided with the rapid growth experienced by the investment advisory industry in the last few years. For example, the number of registered investment advisers has increased almost 35% over the last ten years, and the assets that they managed have increased more than two-fold. This increase was also fueled by the many private fund advisers—mainly advisers to hedge funds and private equity funds—that are now required to register with the SEC as a result of the Dodd-Frank Act’s elimination of the private adviser exemption. Currently, there are more than 11,000 registered investment advisers with more than $55 trillion in assets under management.

Obviously, CCOs of investment advisers have specific obligations that they must faithfully work to meet. Notably, the Investment Advisers Act of 1940 contains a specific rule targeted at compliance—Rule 206(4)-7. Adopted in December 2003, this rule requires registered investment advisers “to adopt and implement written policies and procedures reasonably designed to prevent violation of the federal securities laws, review those policies and procedures annually for their adequacy and the effectiveness of their implementation, and designate a chief compliance officer to be responsible for administering the policies and procedures.”

There are those who believe that Rule 206(4)-7 unduly puts a target on the back of CCOs. The record, however, shows that that is simply not the case. To the contrary, CCOs that faithfully and reasonably fulfill the requirements of Rule 206(4)-7 are not going to be subjects of SEC enforcement actions. In fact, since the adoption of Rule 206(4)-7, enforcement actions against individuals with CCO-only titles and job functions have been rare. For example, over the last 11 years, the Commission brought only eight cases against such CCOs. Of these cases, only five cases involved violations of Rule 206(4)-7, two of which were recently settled in 2015 and have been the catalyst for the recent concerns that CCOs are being targeted.

I do not believe that these few cases should raise undue concerns. I also do not believe that the two recently settled cases signify the beginning of some nefarious trend to use Rule 206(4)-7 to target CCOs. The facts involved in these cases—these very few cases—for violations of Rule 206(4)-7 demonstrate egregious misconduct that included the following:

• Failure to implement policies and procedures to prevent an employee from misappropriating client accounts;
• Failure to conduct an annual review and making a material misstatement in Form ADV;
• Failure to design written policies and procedures for outside business activities;
• Failure to report a conflict of interest; and
• Aiding and abetting an investment adviser’s failure to adopt and implement written compliance policies and procedures.

In my experience, the Commission has approached CCO cases very carefully, making sure that it strikes the right balance between encouraging CCOs to do their jobs competently, diligently, and in good faith, and bringing actions to punish and deter those that engage in egregious misconduct. In making this determination, the Commission cautiously evaluates the facts and circumstances of each case, and considers many important factors such as fairness and equity.

Obviously, CCOs are not responsible for the vast majority of compliance violations or infractions at investment advisory firms. After all, compliance is a shared corporate responsibility.

The critical role of CCOs and their contributions to the corporate bottom line cannot be underestimated. The potential costs of compliance failures can be costly, for example, as measured by the financial sanctions that could be imposed by regulators. The reputational harm to a business and to careers may be even more severe.

The Commission and the staff recognize the challenges and difficulties that CCOs face in doing their jobs. Indeed, a 2015 compliance survey shows that CCOs have to deal with a wide variety of compliance risk areas that are only growing in complexity, such as data security, privacy and confidentiality, industry-specific regulations, bribery and corruption, conflicts of interest, fraud, money laundering, business continuity, and insider trading. In recognition of these challenges, and the many difficult judgment calls CCOs need to make in exercising their duties and responsibilities, the Commission and its staff think long and hard when considering enforcement actions against CCOs, and oftentimes exercise prosecutorial discretion not to bring such actions. Moreover, the Commission has used its Whistleblower program to protect and reward CCOs who did the right thing.

CCOs, of course, should not be expected to do it alone. To state the obvious, an effective compliance program must necessarily start at the top. A company’s senior leadership should be strong advocates for a robust and enduring culture of compliance; such a culture fosters an environment where everyone understands the firm’s core values of honesty and integrity. CCOs are an essential and integral part of this process—but they cannot be expected to do it alone and need to be supported.

The need for senior leadership to support CCOs is not just good practice, but also a business necessity. Indeed, a very recent SEC enforcement case shows that the Commission takes seriously the importance of firms supporting the work of their CCOs. In the Pekin Singer matter, the Commission alleged that Pekin Singer, a registered investment adviser, and its President dedicated insufficient resources to address the firm’s compliance matters. In particular, the firm’s President did not provide the CCO with sufficient guidance, staff, and financial resources, despite the CCO’s pleas for help. This contributed substantially to Pekin Singer’s compliance failures. As a result, the Commission suspended the firm’s President for 12 months from acting in a supervisory capacity and ordered him to pay a civil penalty of $45,000. Notably, the Commission Order did not include any charge against the CCO.

Similarly, in 2013, the Commission filed its first-ever action against an employee of an investment adviser for obstructing and misleading the firm’s CCO to conceal the employee’s failure to report personal trades. Separately, in a rulemaking earlier this year, the Commission added a specific provision to the security-based swap data repository (SDR) rules that prohibits officers, directors, and employees of SDRs from lying to their CCOs. These enforcement and regulatory actions bring home the point that firms must support the important work of their CCOs.

I will end where I started. CCOs are vital to the protection of investors and the integrity of the capital markets. To that end, the Commission works to support CCOs who strive to do their jobs competently, diligently, and in good faith—and these CCOs should have nothing to fear from the SEC.