The Federal Reserve Board has imposed a $36.3 Million civil penalty on a large bank holding company for failing to implement policies and procedures to prevent the unauthorized use of confidential information by a Managing Director in its investment banking subsidiary. The Fed asserts that a MD obtained confidential regulatory information about bank exams and ratings and used such information in client and prospect presentations in violation of Fed rules. The Fed faults the respondent for failing to monitor emails that would have detected the unlawful activity and ensure identification and upward reporting. The order requires the firm to implement adequate policies and procedures as well as employee training. The Federal Reserve expects firms “to have an effective and comprehensive compliance risk management framework that includes strong governance over compliance risk at all levels of management, appropriate policies and procedures, rigorous surveillance and escalation mechanisms, and staff training programs that thoroughly address compliance risks.” The Fed has also instituted proceedings against the Managing Director, seeking an industry bar and civil penalties.
OUR TAKE: One of the major business reasons to implement a robust compliance program is to prepare a defense against potential charges that a rogue employee was allowed to engage in continuing, unlawful conduct. Firms may not be able to prevent all wrongdoing by every employee, but they can ensure an adequate defense when problems arise if they have implemented state-of-the-art risk management systems.