Advisor Perspectives welcomes guest contributions. The views presented here do not necessarily represent those of Advisor Perspectives.
Does your compliance team have the resources it needs to fully meet the SEC’s requirements? Before you quickly answer “yes” to that question, here’s the story of the problems an RIA faced by assuming that compliance costs could be easily reduced.
On November 6, 2018, the SEC brought an enforcement action against a Wisconsin-based Registered Investment Adviser (RIA) that negligently failed to perform adequate due diligence and monitoring of certain investments. Specifically, the RIA represented to clients in its Form ADV Part 2A, as well as in certain communications, that it would conduct ongoing due diligence and monitoring of investments containing repurchase agreements (“repos”). Despite those assurances, the RIA continued to offer repos to clients even, even when it had concerns regarding the legitimacy of the investments. The RIA ultimately learned that the repo counterparty had forged paperwork, and all of its repos were fraudulent. The RIA’s most significant line of business was its repo program.
Along with the firm’s due diligence and monitoring failures, its compliance program lacked adequate resources. Furthermore, the RIA failed to reasonably design and implement certain policies and procedures.
The SEC also brought an enforcement action against the former CEO of the RIA. The CEO was aware of the due diligence and monitoring problems, but did not cause the RIA to amend its policies and procedures. The CEO also failed to allocate sufficient resources to the RIA’s compliance program.
Limited resources contributed to the RIA’s compliance failures
The CEO for the RIA asked one of the firm’s portfolio managers to assume the role of interim chief compliance officer (CCO). The CCO had no compliance experience, but agreed to accept the position if he received access to outside counsel and compliance consultants as needed. At that time, the CCO was already working long hours to keep up with his portfolio management duties, which he retained.
After accepting the position and reviewing the firm’s policies and procedures, the interim CCO began to educate himself about the compliance obligations owed by RIAs. After attending a compliance conference, the CCO told the firm’s CEO that the RIA had never completed a formal risk assessment, which he believed was necessary to implement an effective compliance program. The CCO also warned the CEO that inadequate policies and procedures could lead to an enforcement action by the SEC.
Soon thereafter, the CEO offered to make the CCO’s interim position permanent. The CCO accepted, on the condition that he would have access to outside counsel and compliance consultants. The CCO clearly needed outside resources due to his limited compliance experience. Although the CEO agreed to those conditions, the RIA did not add compliance resources at that time. Instead, the CEO told the CCO to re-task some of his duties to other employees.
In February 2013, the CCO presented his 2012 annual compliance review to the RIA’s board of directors, which included the firm’s CEO. The CCO identified several weaknesses in the RIA’s compliance program, including testing and training. On multiple occasions, the CEO for the RIA denied the CCO’s requests for additional resources.
The denial of resources undermined the effectiveness of the RIA’s compliance program, which resulted in compliance failures. Among other deficiencies, the RIA did not regularly monitor staff e-mails, which was required by the firm’s policies and procedures. Consequently, the RIA failed to discover that one of its employees was repeatedly involved in unauthorized activities, including violating the firm’s gift-reporting policy.
In addition, the firm failed to test whether its staff adhered to its policies and procedures. Because of the broad scope of his duties and the lack of adequate resources, the CCO was unable to test compliance with its repo allocation procedure.
The SEC found that the RIA violated Section 206(2) of the Investment Advisers Act, which prohibits an adviser from engaging in any transaction, practice or course of business that operates as a fraud or deceit upon any client or prospect. The RIA also willfully violated Section 206(4) and Rule 206(4)-7 thereunder, which require an adviser to adopt and implement written compliance policies and procedures that are reasonably designed to prevent violations of the Act. In addition, the RIA violated Section 207 of the Act, which makes it unlawful for any person to misstate a material fact in any registration application or report filed with the SEC.
As a result of these violations, the RIA was censured and was ordered to pay a civil money penalty of $400,000. The enforcement action can be found here.
A separate SEC order found that the CEO was aware of but failed to address resource deficiencies in RIA’s compliance program. This failure contributed substantially to the RIA’s compliance violations. The CEO, who is no longer affiliated with any investment adviser, was censured and ordered to pay a civil money penalty of $45,000. That enforcement action can be found here.
Enforcement actions against CCOs should be the exception not the rule
Notably, the SEC sanctioned the RIA and the CEO, not the CCO who continually requested additional compliance resources. That decision seems to be consistent with the views of at least one SEC commissioner.
SEC Commissioner Hester M. Peirce offered her support for CCOs in an address to the National Membership Conference of the National Society of Compliance Professionals on October 30, 2018. According to Peirce, the primary responsibility for compliance lies with a firm’s managers and employees. Peirce agrees with former Commissioner Dan Gallagher who said that the SEC should “tread carefully when bringing enforcement actions against compliance personnel.”
Peirce has, however, reluctantly supported enforcement actions against compliance officers where warranted. In her speech, Peirce cited a recent SEC opinion that upheld a FINRA disciplinary action against a CCO who failed to:
- Establish a reasonable supervisory system for the review of electronic communications;
- Reasonably review electronic correspondence; and
The CCO did not review any emails in 13 of the 26 relevant months and failed to update policies procedures for one and a half years after joining the firm. Furthermore, after becoming aware of a registered representative’s outside relationship with a person he knew to be statutorily disqualified, the CCO did not notify FINRA or conduct an investigation.
Peirce believes these kinds of enforcement actions should be extremely rare. Her speech can be found here.
Conclusion
Firms must allocate sufficient resources to compliance. When firms fail to allocate those resources an RIA’s principals can be held responsible.
Examiners are likely to become concerned when CCOs have too much on their plate. When that occurs, it is an indication that the RIA is not fully committed to compliance. Cutting corners on compliance is a recipe for disaster.
Les Abromovitz, an attorney, is the author of THE INVESTMENT ADVISOR’S COMPLIANCE GUIDE (2nd Edition 2017) and GROWING WITHIN THE LINES: THE INVESTMENT ADVISER’S ADVERTISING AND MARKETING COMPLIANCE GUIDE. Both books were published by the National Underwriter, a division of ALM Media. Les is a senior consultant for NCS Regulatory Compliance. He has conducted compliance reviews of websites, marketing materials, social media communications, presentations, brochures, books, blogs, newsletters, proposals, radio programs, commercials, videos, and performance reports, as well as performance advertising.
Read more articles by Les Abromovitz
Advisor Perspectives welcomes guest contributions. The views presented here do not necessarily represent those of Advisor Perspectives.
