In a recent speech, the Director of the Office of Compliance Inspections and Examinations, Peter Driscoll, admonished firms who do not adequately resource the compliance function. Calling compliance officers “partners,” Mr. Driscoll lauded their role on the “front lines” of regulatory compliance. Mr. Driscoll said that he could not “underscore enough a firm’s continued need to assess whether its compliance program has adequate resources to support its compliance function.” OCIE is concerned “when we hear directly from industry participants and read press reports that compliance resources and budgets are being cut or are not keeping up with firms’ risk profiles.” He stressed the importance of compliance as equal to other key business lines, critical to the success of the overall business in its role to protect the trust of clients, investors, and customers.
We have observed OCIE staff specifically ask about compliance resources and spending during examinations. Based on various research studies and our own empirical experience, firms should benchmark to spend at least 5% of revenue on compliance resources including personnel and technology. Of course, the actual spending should vary depending on the complexity and size of the business.
The SEC fined an investment adviser $400,000 and fined and censured its CEO for failing to devote sufficient resources to compliance, thereby contributing to the firm’s failure to uncover an offering fraud. The firm appointed a portfolio manager, who did not have regulatory experience, to assume the Chief Compliance Officer role in addition to his other duties. The PM/CCO highlighted several compliance deficiencies and pleaded for more resources, but the CEO did not address his concerns, and, in fact, cut the compliance budget. The SEC maintains that the under-resourced compliance program contributed to the firm’s failure to conduct promised due diligence, which may have uncovered the offering fraud that harmed clients.
Based on our experience and several industry studies, registered investment advisers should spend at least 5% of revenue on compliance infrastructure. Also, firms should appoint a fully engaged and experienced regulatory professional to serve as Chief Compliance Officer and avoid the cheaper dual-hat model that puts both the firm and the CCO at risk. Compli-pros should take solace that the SEC did not name the CCO, presumably because he highlighted the compliance deficiencies and advised the firm on how to remediate.
The SEC fined a large broker-dealer $5.75 Million for failing to allocate sufficient resources to its valuation control function, thereby allowing rogue traders to inflate securities valuations and positions. The firm eliminated 15 valuation control positions as part of a global efficiency initiative, which, according to the SEC, left the control function understaffed and under-trained to adequately implement the firm’s valuation supervision policies. One manager complained internally that four staff members were tasked with verifying prices for more than 20 trading desks that held over $200 Billion in Level 2 and 3 securities. The SEC alleges violations of the books and records and supervision rules.
OUR TAKE: Having a valuation control function is not the same as having an effective valuation control function. Global firms must consider metrics before gutting compliance and supervisory functions that could ultimately allow bad actors to put the firm at risk. Firm leaders should think of compliance and supervision as the defense to protect assets and the firm’s reputation. And, defense wins championships.
A large clearing broker-dealer agreed to pay over $1.3 Million in disgorgement, interest, and fines to settle charges that it underfunded its reserve account. Due to a coding error, the firm miscalculated its reserve formula pursuant to the customer protection rule (15c3-3) resulting from repos with its parent company. After discovery by a FINRA examination team, the broker-dealer deposited $133 Million into its reserve account, thereby triggering a liquidity crisis for the firm as it worked to raise the necessary capital. The SEC criticized the BD, which has had other compliance issues, for a “lack of personnel for a regulated entity of its size and import.”
OUR TAKE: Under-resourcing compliance is a red flag for regulators and often leads to enforcement actions. Firms should spend no less than 5% of revenue on compliance infrastructure and should spend more where their activities involve several complex processes.