The sole registered clearing agency for exchange listed option contracts agreed to pay $20 Million in fines to the SEC and the CFTC for failing to adopt and implement reasonable policies and procedures. The regulators allege that the clearing agency, an SRO designated as a systemically important financial market utility under the Dodd-Frank Act, did not adopt or enforce reasonable policies and procedures related to margin, credit exposure, risk management, and information security. Also, the firm failed to obtain required approval for changes in core risk management policies. In addition to the fines, the respondent agreed to retain an independent compliance auditor and implement a series of board and executive level risk management oversight mechanisms.
The regulators can impose significant fines and penalties for failures to implement required policies and procedures without alleging any underlying loss or harm to investors. The failure to implement required risk management and compliance policies can itself serve as the predicate for an enforcement action.
The SEC censured and fined an investment adviser for failing to supervise one of its employees who engaged in an unauthorized cherry-picking scheme. Although the adviser had procedures requiring preclearance of personal trades, the SEC asserts that the firm failed to implement the preclearance procedures even after a third party consulting firm notified the firm of its failures to implement. As part of the settlement, the adviser will deliver the order to each of the affected clients.
When you hire a compliance consultant, you should not ignore their recommendations. The SEC will likely assert that you have displayed an unwillingness to implement a legitimate compliance program.
A large international bank agreed to pay over $16 Million in disgorgement, fines and penalties for hiring unqualified interns associated with foreign government officials in order to secure business. The SEC asserts that the respondent violated its own policies and procedures and created false books and records to conceal corrupt transactions in violation of the Exchange Act’s books and records requirements. The interns bypassed the bank’s “highly competitive and merit-based hiring process” and were often assigned to the very deals where a relative could steer business. The SEC charges the bank with violating the Foreign Corrupt Practices Act over an 8-year period.
It’s never good to violate your own policies and procedures as it shows knowledge of the regulations and (at least) negligence in failing to enforce the policies. Firms that do business overseas must create and implement procedures to ensure compliance with the FCPA.
The SEC fined and censured an investment adviser for insufficient supervision and compliance procedures, which allowed one of its investment advisers to cherry-pick trades for the benefit of favored accounts. The adviser used an omnibus brokerage account to allocate profitable trades to favored accounts to the detriment of other accounts, notwithstanding the firm’s policies and procedures and Form ADV that indicated that it would allocate trades fairly and equitably. The SEC acknowledges that the firm did conduct daily reviews of the trading but focused on suitability and concentrations, rather than trade allocation.
OUR TAKE: Failure to prevent wrongdoing creates a burden and inference that your compliance policies and procedures do not measure up. In this case, the SEC did not offer insight into how the firm should conduct allocation testing or whether such testing would have stopped the misconduct. Instead, the SEC argues that the cherry-picking itself proves that the firm failed to implement reasonable policies and procedures. This is why firms need to implement testing and monitoring and not just write a nice policy.
A large broker-dealer agreed to pay over $5.3 Million in remediation, disgorgement, fines, and interest to settle charges that it failed to properly supervise the traders and salespeople working on its non-agency CMBS desk. Additionally, the head of the CMBS desk was fired, fined, and suspended from the industry for failing to supervise. The SEC alleges that the CMBS desk regularly misrepresented terms and parties on the other side of secondary market CMBS transactions. Although the firm had policies and procedures and conducted training, the SEC faults the firm for not conducting “specialized training regarding the opaque CMBS secondary market” and for weak surveillance that “used generic price deviation thresholds in its trade surveillance to flag potentially suspicious trades instead of ones tailored to specific types of securities.”
OUR TAKE: This case is an example of what we call “compliance voodoo” i.e. the appearance of a compliance program that does not actually discover or stop wrongdoing. Sure, the firm had policies and procedure prohibiting making misrepresentations. Sure, the firm provided compliance training. Yet, the compliance and surveillance team completely missed the ongoing scheme of misrepresentations on the CMBS desk.
An investment bank was fined and censured for failing to enforce information barriers between its research department and an affiliated hedge fund managed by the bank’s CEO. The investment bank maintained policies and procedures related to the misuse of material nonpublic information, including a restricted list applicable to the bank’s employees. However, the restricted list did not stop the hedge fund from making 126 trades in restricted list securities over a 6-month period. In response to deficiencies raised during an SEC examination that occurred before the unlawful trading, the hedge fund adopted policies and procedures that applied the restricted list, required physical barriers, instituted email monitoring, and restricted information flow. The SEC alleges that the hedge fund failed to enforce those policies.
OUR TAKE: Compliance means more than a drafting unused policies and procedures. It means actually enforcing those policies to prevent unlawful conduct. This firm likely incurred the enforcement action because it told the SEC that it had fixed the problem by adopting policies and procedures but then ignored implementation.
The SEC’s Office of Compliance Inspections and Examinations has issued a Risk Alert notifying advisers and broker-dealers that examination staff will examine whether agreements and other documents limit whistleblowers in violation of the Dodd-Frank Act. The staff will examine compliance manuals, codes of ethics, and employment and severance agreements to determine whether any provisions directly or indirectly impede an employee or former employee from communicating potential securities laws violations to the SEC. For example, the staff will assess whether confidentiality agreements include exceptions for SEC reporting or provisions requiring an employee to represent that s/he has not assisted with an investigation. The Risk Alert recommends immediate remedial measures including revising documents and notifying both current and former employees about their unrestricted right to report to the SEC. The SEC has brought several cases during the last year alleging that a registrant’s practices violated Dodd-Frank’s whistleblower provisions.
OUR TAKE: Our most recent C-suite survey reported that 91% of respondents have not changed their compliance programs due to whistleblower concerns. Compli-pros should add policies and procedures that ensure that whistleblowers are in no way impeded by company documents. Then, firms should test the policies by reviewing agreements and interviewing current and former employees.