The staff of the SEC’s Office of Compliance Inspections and Examinations (OCIE) has issued a Risk Alert reporting significant compliance and supervision deficiencies. Based on data collected from a 2017 sweep of over 50 advisers, OCIE found significant weaknesses in how firms hired, supervised, and disclosed information about employees with disciplinary histories. The OCIE staff also cited frequent compliance deficiencies including failures to supervise how fees are charged, what marketing materials are distributed, and whether remote workers complied with firm policies. OCIE also discovered that many advisers allocated compliance responsibilities but failed to assign those responsibilities or neglected to require documentation. The OCIE staff recommends that advisers “reflect on their practices” and implement such best practices as enhanced hiring due diligence, background checks, heightened supervision, and remote-office monitoring.
How many times must OCIE warn the industry about compliance, and how many enforcement actions will it take, before firms implement a legitimate compliance program? An investment adviser should spend at least 5% of revenue on compliance, hire a dedicated Chief Compliance Officer, adopt tailored policies and procedures, test the program every year, and prepare a written compliance report of deficiencies and remediation.
Firms should seriously re-consider tying portfolio management compensation directly to fund performance, especially where the PM is responsible for Level 3 (non-exchange traded) fair-valued securities. For both the C-suite and compli-pros, this case shows how a failure to properly supervise one bad employee can blow up your firm. As for the PM (and any other potential wrongdoer), the industry bar will make it difficult to find a job to get out of the six-figure hole resulting from the wrongdoing.
The most interesting legal point is that the SEC argues that the failure to implement compliance policies and procedures that would have uncovered wrongdoing can serve as a predicate for a failure to supervise charge. In the past, the regulators generally separated the compliance program from the supervisory obligations. Does this mean that a compli-pro can be charged with aiding and abetting his/her firm’s failure to supervise if the compliance monitoring program fails to detect wrongdoing?
fined a large broker-dealer $2 Million for under-resourcing its compliance
function, thereby allowing unlawful short-selling. As the firm’s trading activity increased, the
firm continued to rely on a primarily manual system to monitor compliance with
Regulation SHO’s requirements. The
handful of employees tasked with monitoring trading requested more resources as
their 12-hour workdays could not adequately surveil the activity of 700 registered
representatives. FINRA alleges that the
firm routinely violated Regulation SHO by failing to timely close-out
positions, illegally routing orders, and failing to issue required
notices. As part of the settlement, the broker-dealer
also agreed to hire an independent compliance consultant.
TAKE: Firms need to track business activity to ensure that compliance and operations
infrastructure keep up with the business.
A good metric is whether the firm spends at least 5% of revenues on compliance
infrastructure including people and technology.
Broker-Dealers and advisers must abandon the dual-hat compliance model, the practice of naming a non-regulatory professional with multiple executive roles. Firms must retain a competent and dedicated Chief Compliance Officer either by hiring a full-time employee or by retaining the services of an industry-recognized outsourcing firm.
A large mutual fund company agreed to pay a $1 Million fine and reimburse clients another $1.095 Million for failing to stop a portfolio manager from engaging in unlawful cross-trades. The SEC also fined and barred the portfolio manager. The SEC alleges that the portfolio manager interpositioned a friendly broker to execute cross-trades between clients in a scheme that benefited buying clients over selling clients. Such cross-trades – which were not conducted at the bid-ask spread and which paid commissions – violated the Investment Company Act’s affiliated transactions rules and did not comply with the Rule 17a-7 safe harbor. The SEC faults the firm and its compliance function for failing to further investigate responses from the portfolio management team that uniformly contended that the questioned trades were not prearranged. The SEC also criticizes the compliance function for failing to properly monitor trading practices and for neglecting to train employees.
OUR TAKE: Compliance testing and monitoring does not stop when a questioned employee (with an incentive to engage in violative transactions) denies wrongdoing. While this may avoid personal responsibility in the corporate blame game, it will not satisfy the regulators or fulfill a compli-pro’s obligations to implement reasonable policies and procedures.
OUR TAKE: Failure to prevent wrongdoing creates a burden and inference that your compliance policies and procedures do not measure up. In this case, the SEC did not offer insight into how the firm should conduct allocation testing or whether such testing would have stopped the misconduct. Instead, the SEC argues that the cherry-picking itself proves that the firm failed to implement reasonable policies and procedures. This is why firms need to implement testing and monitoring and not just write a nice policy.
OUR TAKE: Having a valuation control function is not the same as having an effective valuation control function. Global firms must consider metrics before gutting compliance and supervisory functions that could ultimately allow bad actors to put the firm at risk. Firm leaders should think of compliance and supervision as the defense to protect assets and the firm’s reputation. And, defense wins championships.