Following the financial crisis of 2008, the role of Chief Compliance Officer for financial institutions has been redefined, most notably by the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010. A review of recent regulatory enforcement actions reveals a trend of increased scrutiny of Chief Compliance Officers of futures commission merchants, investment advisors, broker-dealers, and other financial services entities. It is difficult to predict how much the regulatory environment will relax under the Trump Administration. Donald Trump has announced an intention to repeal Dodd-Frank, as well as other signature Obama initiatives. Moreover, Mary Jo White, the aggressive, proenforcement chair of the Securities and Exchange Commission, has departed, leaving multiple vacancies on the commission.
Recent Enforcement Trends
A review of recent regulatory cases shows renewed attention to the conduct of financial industry CCOs. On September 21, 2016, the Commodity Futures Trading Commission announced the prosecution of and settlement with Advantage Futures LLC, a Chicago-based Futures Commission Merchant, for its failure to diligently supervise spoofing and other manipulative trading in financial futures contracts and the CBOE volatility index. Although multiple futures exchanges had notified the firm of the suspicious trading, Advantage did not promptly take action to curtail the trading, and submitted a CCO annual report which represented that the firm’s compliance program, policies and procedures were “effective and sufficient.”[1]
According to the CFTC, Advantage failed to establish risk-based limits in customers’ proprietary accounts, as required by CFTC regulation 1.73(a). The CFTC determined that Advantage failed to comply with its own risk manual and submitted an annual CCO report pursuant to CFTC regulation 3.3, signed by the CEO, attesting that its policies and procedures were effective and sufficient, despite being aware of deficiencies, including the reported manipulative trading. This conduct was found to violate CFTC supervision regulations, 17 C.F.R § 166.3. Sanctions were assessed against the firm, its CEO and former Chief Risk Officer. The CCO was not named in the order.
A public rift developed among Securities and Exchange Commission commissioners about the role of the CCO in several recent cases. In 2015, the SEC Division of Enforcement announced a settlement with SFX Financial Advisory Management Enterprises Inc. and its CCO, Eugene Mason, for failing to detect and prevent the defalcation of its CEO, Brian Ourand, who stole $675,000 of customer funds.[2] Although Mason reported the CEO’s theft upon learning of it, the commission found that the firm’s compliance policies and procedures lacked oversight of the CEO’s signatory power over client accounts and that the CCO failed to effectuate reasonable supervision. In the midst of the CEO’s defalcation, the CCO had filed a Form ADV which reported that, “Clients’ cash account used specifically for bill paying is reviewed several times each week by senior management for accuracy and appropriateness.”[3] The commission deemed this inadequate, as no one other than Ourand himself was reviewing the customer funds. The firm agreed to pay penalties of $150,000 while the CCO was fined $25,000. The CCO of BlackRock Advisors, LLC, was subjected to a cease and desist order in a controversial 2015 case.[4] Black Rock Advisors is registered investment advisor with assets under management of $450 billion, whose portfolio manager, Daniel Rice, managed an energy and resources portfolio whose largest holding was a coal company in which the manager himself owned a $50 million personal interest. Since the fund manager had a personal stake in the fund’s largest holding, he had a conflict of interest, which the CCO was aware of, yet did not report to the RIA’s board of directors or advisory clients. In addition to posing a conflict of interest, the manager’s investment violated the firms’ private investment policy.
The SEC charged that BlackRock breached its fiduciary duty by failing to disclose to the fund’s board and clients the conflict of interest created when “BlackRock permitted [fund manager] Rice to form, invest, and participate in an energy company while Rice was also managing several billion dollars in energy sector assets held in BlackRock funds and separate accounts.”[5] The CCO was charged for his failure to design and implement written policies and procedures reasonably designed to prevent violations of the Advisors Act and because he failed to recommend written policies and procedures to monitor outside activities.
BlackRock paid a civil money penalty of $60,000 and the CEO was ordered to cease and desist from any future violations of the securities laws.
SEC commissioner Daniel Gallagher publicly dissented from the enforcement actions in both SFX and BlackRock, writing that these prosecutions sent “a troubling message that CCOs should not take ownership of their firm’s compliance policies and procedures, lest they be held accountable for conduct that, under Rule 206(4)-7, is the responsibility of the advisor itself.”[6] Gallagher, a Republican who has since resigned, wrote that aggressive enforcement of the rule created a moral hazard by creating a disincentive for CCOs to adopt comprehensive compliance policies and by melding compliance and business functions, thereby holding CCOs strictly liable for responsibilities more appropriately attributable to the firm. The commissioner also complained that SEC Rule 206(4)-7 was “not a model of clarity,” and merely instructs RIAs to adopt and implement written policies and procedures reasonably designed to prevent violations of the act.[7]
Gallagher argued that CCOs “are not only the first line of defense, they are the only line of defense” in an otherwise underregulated industry fielding over 11,000 investment advisors, compared to only approximately 4,200 broker dealers supervised by the Financial Industry Regulatory Authority. According to Gallagher, the SEC “should strive to avoid the perverse incentive that will naturally flow from targeting compliance personal who are willing to run into the fires that so often occur at regulated entities.”[8] This was Gallagher’s only dissent in his four years as a commissioner.[9]
Eleven days later, Commissioner Luis Aguilar jumped into the fray with his own public statement, defending the enforcement actions in SFX and Blackrock.[10] Aguilar, a Democrat who has also since left the commission, argued that a relatively small percentage of recent enforcement actions had been directed against CCOs and that many of those cases involved CCOs who wore multiple hats and engaged in independent substantive misconduct in connection with their other roles at their companies. Aguilar denied that “Rule 206(4)-7 unduly puts a target on the back of CCOs,” and argued that the conduct in BlackRock and SFX was sufficiently egregious to warrant prosecution.[11] Among other things, Commissioner Aguilar argued that that the CCOs in those cases failed to detect systematic defalcation, made false statements in annual reports, and failed to report conflicts of interest.
While Gallagher and Aguilar both agreed in principle that CCOs serve an essential function, they disagreed on the merits as to whether or not the SFX and BlackRock enforcement actions were warranted. The debate between Gallagher, a Republican, and Aguilar, a Democrat, harks back to the underlying philosophical debate over Dodd-Frank itself, which, after all, was intended to promote regulation in the wake of the financial crisis of 2008.
In 2015, FINRA[12] sanctioned the CCO of Cold Spring Advisory Group when a representative converted customer funds.[13] By signing an Acceptance Waiver and Consent the firm’s CCO consented to the entry of findings that in his role as CCO “he failed to establish, maintain and enforce a supervisory system and written Supervisory Procedures (WSPs) . . . reasonably designed to adequately review and monitor the transmittal of funds [from customer accounts].”[14] The sanctions included a $5,000 civil penalty and a 6-month suspension.[15] There is no way to know what defenses the CCO might have had to these claims, nor to anticipate the result had this claim reached a hearing. Early resolutions to allegations from FINRA, AWCs, are often business decisions based on economics and expediency.
This FINRA enforcement action is notable because not only did FINRA sanction the CCO, individually, but also because this case led to Claimants’ attorneys advertising for clients specifically using the CCO’s name.[16] A customer subsequently named this CCO, individually, in an arbitration in 2016.[17] The Arbitration panel in the customer-initiated complaint denied the claims in their entirety. Importantly, when regulatory agencies’ enforcement divisions hold CCOs individually accountable, the door to being individually named in civil claims flies wide open.
In another recent case, the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) sued the former CCO of MoneyGram International for failure to file suspicious activity reports and implement an adequate anti-money laundering system. MoneyGram was regulated as a “money services business” under the Bank Secrecy Act. While MoneyGram is in the business of making wire transfers for retail customers, it failed to implement AML policies and procedures to ensure the timely filing of suspicious activity reports. The Treasury Department, after settling with the company, sued its CCO, Thomas Haider, seeking a monetary award of $1 million and injunctive relief. According to the government’s complaint, the CCO failed to implement an AML policy, didn’t discipline agents who were known to have engaged in AML violations, and failed to file SARs on a timely basis. According to FinCEN, the CCO was on notice of various schemes by which fraudsters used MoneyGram to bilk unsuspecting victims. In addition, there were numerous red flags in response to which the CCO failed to file SARs, including multiple unreported large wire transfers. In a separate settlement, MoneyGram paid $100 million to compensate fraud victims, and entered into a deferred prosecution agreement with the DOJ.
In 2016, the district court denied Haider’s motion to dismiss the complaint against him, ruling that he could be held individually liable under the Bank Secrecy Act.[18]
Conclusion
Following Dodd-Frank, there has been a trend towards increasing regulatory scrutiny of CCOs. Given President Trump’s vow to repeal Dodd-Frank and other pronouncements, it seems likely that the pace of regulatory enforcement may tend to cool over the next several years. President Trump has already put into place a hiring freeze for federal employees; this is likely to reduce the efficacy of all federal agencies. In fact, the SEC, at time of writing, only has two Commissioners (a full commission is five). It is near impossible to predict the direction of a future Commission, however, the pendulum seems set to swing, and the coffers will not likely be full.
State regulators, including New York’s Department of Financial Services, have announced stepped-up regulatory enforcement initiatives directed to Chief Compliance Officers. Potentially, the states, as New York has, will step in to continue the trend towards holding CCOs responsible for actions that in the past would have been attributed to the firm as an entity. As Regulators hold CCOs individually accountable, so will the plaintiff’s bar. Aside from the expense of the trickle down litigation that is likely to continue to follow in the wake of regulators’ actions and the time that enforcement and litigation consumes (taking away time from actually monitoring internal compliance), a consequence of this heightened individual accountability will be attrition from what everyone seems to agree is an important position, as many qualified individuals might hesitate, as SEC Commissioner Gallagher warned, to take on the role of CCO in the current regulatory environment.
————————
[1] http://www.cftc.gov/idc/groups/public/@lrenforcementactions/documents/legalpleading/enfsteeleorder092116.pdf.
[2] In Re SFX Financial Advisory Management Enterprises Inc., Release Number 4416, June 15, 2015, Administrative Proceeding Number 3-16591.
[3] In Re SFX Financial, ¶ 11.
[4] In Re BlackRock Advisors, SEC, April 20, 2015, number 3-16501.
[5] In Re BlackRock Advisors, para. 25.
[6] Commissioner Daniel Gallagher, Statement On Recent SEC Settlements Charging CCO’s with Violations of Investment Advisors Act Rule 206(4)-7, June 18, 2015.
[7] Gallagher statement at 1.
[8] Gallagher statement at 1.
[9] Emily Glazer, The Most Thankless Job On Wall Street Gets a New Worry, Wall St. J., Feb. 11, 2016.
[10] Public statement, Luis Aguilar, June 29, 2015, the Role of Chief Compliance Officers Must Be Supported.
[11] Aguilar statement at 2.
[12] The Financial Industry Regulatory Authority is an independent, not-forprofit organization authorized by Congress to oversee the broker-dealer industry.
[13] FINRA Broker Check CDR#2203338 DRP https://brokercheck.finra.org/individual/summary/2203338.
[14] FINRA Broker Check CDR#2203338 DRP.
[15] Id.
[16] http://investordefenselaw.com/blog/cape-securities-cco-michael-lovett-establishes-inadequate-supervisory-system-that-leads-to-wire-transfer-fraud.
[17] FINRA Dispute Resolution No. 16-00519.
[18] US Dept. of Treasury vs. Haider, No. 15-cv-0151a, 2016 WL 107940(d) (Minn. Dec. 18, 2014).