The SEC fined and barred an adviser’s Chief Compliance Officer from acting in a compliance or supervisory capacity because of his failures to remedy compliance deficiencies. The adviser hired an outside compliance consultant which recommended 59 compliance action items. The SEC alleges that the CCO failed to address many of the issues raised including failures to (i) ensure a surprise audit pursuant to the custody rule, (ii) retain emails and other electronic records, and (iii) implement policies to protect customer information. The SEC also charges the CCO with compliance program deficiencies including failures to update the compliance manual or conduct any meaningful annual review of the compliance program. The firm’s president/principal was also censured and fined.
OUR TAKE: The SEC doesn’t often prosecute standalone (i.e. not dual hat) CCOs without an underlying client loss, but it will if the CCO ignores obvious compliance deficiencies of which he has notice. This is what we call “compliance voodoo” i.e. an appearance of compliance infrastructure without an effective program. This CCO had a compliance manual, did some quarterly testing, and hired a third party consultant. But, neither the CCO nor the firm took any action to actually implement relevant procedures to address cited compliance deficiencies.