Home » chief compliance officer

Tag: chief compliance officer

Chief Compliance Officer Stole Employee Information to Bid at Auctions

FINRA barred a Chief Compliance Officer for using his access to confidential employee records to create false online bidding accounts at auction houses. The respondent, who also served as the firm’s president, used his access as CCO to obtain employees’ driver’s license and passport information to impersonate those employees so that he could bid and acquire auction items. The auction houses had previously banned him because he successfully bid on items and did not pay for them.

The Chief Compliance Officer has extraordinary (and in some cases, unwarranted) access to employee records in addition to other confidential information such as executive meetings and emails. Firms should pursue enhanced background due diligence on potential CCO candidates, create information barriers so that the CCO does not have access to non-regulatory information, and implement a supervisory structure that ensures CCO accountability. Alternatively, consider outsourcing to a third-party firm that has limited access to firm systems as well as direct legal liability for breaches of confidentiality.

The Friday List: 10 Reasons Outsourcing Compliance Beats Hiring an In-House Chief Compliance Officer

Today, we offer our “Friday List,” an occasional feature summarizing a topic significant to investment management professionals interested in regulatory issues.  Our Friday Lists are an expanded “Our Take” on a particular subject, offering our unique (and sometimes controversial) perspective on an industry topic. 

Over the last several years, an increasing number of investment management firms have chosen to outsource the Chief Compliance Officer role and associated compliance function.  In our experience, these firms make this decision for rational business reasons based on an assessment that outsourcing the compliance function is better than hiring a full-time employee.  Usually, firms consider outsourcing because of an external event such as a less-than-perfect SEC exam or an institutional due diligence process that suggests unknown weaknesses.  Some firms decide to outsource after yet another internal CCO changes jobs.  Other times, firm management simply gets frustrated with the inherent limitations of the one internal compliance person.  Regardless, we list below the top 10 reasons investment firms should outsource the CCO role and compliance function rather than hire an in-house employee.

10 Reasons Outsourcing Compliance Beats Hiring an In-House CCO

  1. Experience: A team of professionals can draw on decades of aggregate compliance experience to address a firm’s regulatory challenges.
  2. Knowledge: No one person can provide the depth of knowledge of several compliance professionals working collaboratively. 
  3. Independence: A third party firm offers investors and other stakeholders an independent assessment of a firm’s compliance strengths and weaknesses.
  4. Industry best practices: A multi-person team working with multiple clients across the country has the industry vision to inform the compliance program.
  5. Accountability: A compliance firm stands behind its work and advice with a service level agreement and professional liability insurance. 
  6. 24/7/365 support: A person may take PTO, but a team of professionals is available at all times for any emergency including unplanned client due diligence and SEC exams.
  7. Personal liability: Serving as CCO involves significant personal liability, which is better left to professionals that understand and accept the regulatory and career implications. 
  8. Frees up internal resources: Internal personnel can focus on core activities such as portfolio management and fund-raising.   
  9. Management: Senior managers can avoid the confusing and time-consuming process of hiring, retaining, and managing an internal CCO, only to start the process anew in the event the CCO leaves. 
  10. Cost savings: Because of program efficiencies, outsourcing generally costs less than hiring a full-time employee. 

Dual-Hat CCO and Weak Supervision Allowed Rogue Trader to Harm Clients

FINRA faulted a firm’s supervisory structure and unqualified Chief Compliance Officer for failing to prevent its CEO/Head Trader from engaging in a scheme that inflated bond prices to the detriment of clients.  FINRA alleges that the Trader engaged in pre-arranged trades with a third-party broker dealer to inflate and deflate bond prices to enrich both parties and circumvent an agreement with a client that capped bond commissions at 15 basis points.  FINRA asserts that the firm failed to supervise the trading and that the CCO did not have the “requisite qualifications, experience and training” to properly supervise the trading activities.  In addition to paying restitution and a fine, the firm hired a dedicated CCO that was not also working for an affiliated bank.

Broker-Dealers and advisers must abandon the dual-hat compliance model, the practice of naming a non-regulatory professional with multiple executive roles.  Firms must retain a competent and dedicated Chief Compliance Officer either by hiring a full-time employee or by retaining the services of an industry-recognized outsourcing firm. 

Deficient Compliance Will Cost RIA/BD $600,000; CCO Must Undergo Training

 A dually registered RIA/BD agreed to pay approximately $600,000 in disgorgement, penalties and interest because a deficient compliance infrastructure failed to ensure full disclosure of revenue sharing.  According to the SEC, the respondent engaged in a scheme since 1999 whereby its clearing broker would kick back a $20 markup fee on trades.  The clearing broker also paid trailer fees on NTF mutual funds.  The SEC alleges that the firm failed to properly disclose the revenue sharing and, in many cases, reps who didn’t know better told clients that the firm did not receive compensation from the clearing broker.  The SEC charges that the firm did not have adequate compliance policies and procedures and ordered the Chief Compliance Officer, the firm’s former receptionist, to complete 30 hours of compliance training.  The firm also agreed to hire an independent compliance consultant.

“We’ve always done it this way” is not a legitimate excuse for failing to comply with regulatory requirements.  The firm engaged in the undisclosed revenue sharing for nearly 20 years before the SEC uncovered the conflict of interest.  Perhaps, the firm never considered that its longstanding practice violated the securities laws.  This is why we recommend retaining a fully-dedicated and experienced chief compliance officer either as a full-time employee or through a compliance services firm. 

CCO Fined and Barred for Failing to Conduct Rule 144 Due Diligence

 

A broker-dealer Chief Compliance Officer was fined $50,000 and barred from the industry for failing to implement procedures to prevent the unlawful liquidation of microcap securities.  FINRA asserts that the firm and its principals liquidated 74 million shares of microcap securities without satisfying Rule 144, thereby distributing securities in violation of the Securities Act.   The firm’s Written Supervisory Procedures designated the CCO as the person responsible for Rule 144 compliance.  FINRA rejected the CCO’s defense that the WSPs did not reflect how the firm actually operated.  FINRA also faulted the CCO for adopting inadequate WSPs, which failed to outline procedures to conduct adequate due diligence.

The CCO should review the compliance manual or WSPs and ensure s/he understands and undertakes all designated responsibilities.  If the CCO can’t or won’t follow the procedures, then s/he must revise the procedures to satisfy regulatory requirements while reflecting the firm’s accurate allocation of authority.

SEC Fines and Bars CCO for Ignoring Compliance Problems

The SEC fined and barred an adviser’s Chief Compliance Officer from acting in a compliance or supervisory capacity because of his failures to remedy compliance deficiencies.  The adviser hired an outside compliance consultant which recommended 59 compliance action items.  The SEC alleges that the CCO failed to address many of the issues raised including failures to (i) ensure a surprise audit pursuant to the custody rule, (ii) retain emails and other electronic records, and (iii) implement policies to protect customer information.  The SEC also charges the CCO with compliance program deficiencies including failures to update the compliance manual or conduct any meaningful annual review of the compliance program.  The firm’s president/principal was also censured and fined.

OUR TAKE: The SEC doesn’t often prosecute standalone (i.e. not dual hat) CCOs without an underlying client loss, but it will if the CCO ignores obvious compliance deficiencies of which he has notice.  This is what we call “compliance voodoo” i.e. an appearance of compliance infrastructure without an effective program.  This CCO had a compliance manual, did some quarterly testing, and hired a third party consultant.  But, neither the CCO nor the firm took any action to actually implement relevant procedures to address cited compliance deficiencies.

 

RIA Failed to Conduct Annual Compliance Reviews and Appointed Admin as CCO

three 3D men as symbol of say, see or hear nothing

The SEC fined and censured a registered investment adviser for failing to conduct annual compliance reviews and appointing a chief compliance officer without relevant experience.  The SEC asserts that the respondent, which registered in 2010, never conducted an annual review of its compliance policies and procedures as required by the compliance rule (206(4)-7).  In fact, according to the SEC, neither the firm nor the CCO were even aware of the requirement.  The SEC also faults the firm for appointing as chief compliance officer an inexperienced administrative assistant who spent most of her time on administrative duties.

OUR TAKE: Compliance programs, at their most fundamental, must include the implementation of effective policies and procedures reasonably designed to achieve compliance with the Advisers Act, the appointment of a qualified and dedicated chief compliance officer, and annual reviews of the compliance program.  The SEC will bring an enforcement action for a weak compliance program even in the absence of any other regulatory violation or client harm.