The sole registered clearing agency for exchange listed option contracts agreed to pay $20 Million in fines to the SEC and the CFTC for failing to adopt and implement reasonable policies and procedures. The regulators allege that the clearing agency, an SRO designated as a systemically important financial market utility under the Dodd-Frank Act, did not adopt or enforce reasonable policies and procedures related to margin, credit exposure, risk management, and information security. Also, the firm failed to obtain required approval for changes in core risk management policies. In addition to the fines, the respondent agreed to retain an independent compliance auditor and implement a series of board and executive level risk management oversight mechanisms.
The regulators can impose significant fines and penalties for failures to implement required policies and procedures without alleging any underlying loss or harm to investors. The failure to implement required risk management and compliance policies can itself serve as the predicate for an enforcement action.
The staff of the SEC’s Office of Compliance Inspections and Examinations (OCIE) has issued a Risk Alert reporting significant compliance and supervision deficiencies. Based on data collected from a 2017 sweep of over 50 advisers, OCIE found significant weaknesses in how firms hired, supervised, and disclosed information about employees with disciplinary histories. The OCIE staff also cited frequent compliance deficiencies including failures to supervise how fees are charged, what marketing materials are distributed, and whether remote workers complied with firm policies. OCIE also discovered that many advisers allocated compliance responsibilities but failed to assign those responsibilities or neglected to require documentation. The OCIE staff recommends that advisers “reflect on their practices” and implement such best practices as enhanced hiring due diligence, background checks, heightened supervision, and remote-office monitoring.
How many times must OCIE warn the industry about compliance, and how many enforcement actions will it take, before firms implement a legitimate compliance program? An investment adviser should spend at least 5% of revenue on compliance, hire a dedicated Chief Compliance Officer, adopt tailored policies and procedures, test the program every year, and prepare a written compliance report of deficiencies and remediation.
The SEC fined and censured an investment adviser for insufficient supervision and compliance procedures, which allowed one of its investment advisers to cherry-pick trades for the benefit of favored accounts. The adviser used an omnibus brokerage account to allocate profitable trades to favored accounts to the detriment of other accounts, notwithstanding the firm’s policies and procedures and Form ADV that indicated that it would allocate trades fairly and equitably. The SEC acknowledges that the firm did conduct daily reviews of the trading but focused on suitability and concentrations, rather than trade allocation.
OUR TAKE: Failure to prevent wrongdoing creates a burden and inference that your compliance policies and procedures do not measure up. In this case, the SEC did not offer insight into how the firm should conduct allocation testing or whether such testing would have stopped the misconduct. Instead, the SEC argues that the cherry-picking itself proves that the firm failed to implement reasonable policies and procedures. This is why firms need to implement testing and monitoring and not just write a nice policy.