August 3, 2015

Chief Compliance Officers: SEC Enforcement Debate

SEC Chair White sought to quash increasing concerns – and temper a recent debate between Commissioners – about compliance officer liability in these recent remarks, wherein she indicated that the SEC did not intend to use its enforcement program to target compliance professionals, but rather only took enforcement action against them when “their actions or inactions cross a clear line that deserve sanction.”  Her remarks presumably were responsive to last month’s debate between Commissioners Gallagher and Aguilar about whether the SEC is appropriately supporting (or inappropriately targeting) compliance officers on the heels of two recent enforcement actions against investment advisor compliance chiefs.

By way of background, in April, the SEC charged BlackRock’s then-CCO with violations of the 1940 Investment Company and Investment Advisers Acts for failing to report a conflict of interest-related compliance violation to the funds’ boards of directors and failing to adopt and implement certain compliance policies and procedures. In June, the SEC charged the CCO of SFX Financial Advisory Management Enterprises with violating the Advisers Act for causing the firm’s compliance failures by negligently failing to conduct certain reviews required by the firm’s compliance policies and perform an annual compliance review, and making a misstatement in SFX’s Form ADV. Commissioner Gallagher dissented in both cases.

In his recent remarks, Gallagher expressed concern that the enforcement actions put the onus on the CCOs to implement their firms’ compliance policies and procedures, and held them strictly accountable for failure to adhere to what is more appropriately a firm (rather than CCO) obligation. That being the case, these actions could disincentive CCOs (or prospective CCOs), thus ultimately harming the compliance function, which Gallagher described as “not only the first line of defense” but – for the vast majority of advisers – “the only line of defense.” Commissioner Aguilar disagreed, citing the SEC’s “relatively few” CCO-targeted enforcement actions over the past five years, which he claims have been limited to a handful of cases wherein the CCOs demonstrated specific types of egregious misconduct.

Although I’m not taking sides, I believe the potential for missignaling the compliance officer’s role and potential liability both within and outside of the financial services arena is real. As noted in one of my earlier blogs, based on a recent survey of more than 600 CCOs and other financial services compliance practitioners, most CCOs are worried about the threat of increasing personal liability for corporate misconduct. And a compliance lawyer reportedly advised that compliance officers outside that sector “should be paying close attention” (and I believe they are) “to what is happening in these cases, as other agencies could follow suit in their rulings and enforcement activities.”

While I think Chair White’s remarks were necessary in view of the public nature of this debate, I tend to doubt that they will reverse the trend toward increasing concerns among compliance professionals about potential personal liability for non-rogue behavior. Although when she talks, I believe that people generally listen (very carefully), I think all bets are off when it comes to concerns about personal liability – where actions tend to speak much louder than words.

See also these InvestmentNews and MarketWatch articles, this SEC Actions blog, and our oodles of compliance resources in our “Compliance Programs” Practice Area.

Survey: Compliance Program Effectiveness Favors Dual GC/CCO Role

LRN’s recently released 2015 Ethics & Compliance Effectiveness Report, based on a survey and analysis of over 280 companies, reveals some particularly important findings about compliance program effectiveness. Most notably, among programs reporting directly to the CEO, those led by dual GC/Chief Compliance Officers are more effective than those led by standalone CCOs.

The study explains this surprising finding this way: “What we see suggests that the greater effectiveness of the GC/CECOs’ programs reflects the nature of the GCs’ interactions and other roles within their organizations…[G]enerally speaking, the dedicated CECO today has neither the corporate stature nor the internal relationships associated with the GC. In this light, building stature and cultivating key relationships may be seen as one of the dedicated CECO’s most important tasks, and the key to higher impact programs.”

Additional noteworthy findings include:

– Programs where the CCO reports to the CEO or the board are noticeably more effective than are those reporting to the GC.
– It is increasingly common for the CCO to report directly to the CEO and – to a lesser, but noteworthy, extent (14%) – to the board or a board committee (typically the audit committee).  And while a direct reporting line to the GC remains the most common structure (41%), it is no longer true of a majority of programs.
– Top-performing programs conduct assessments more frequently and use more metrics than those ranked in the bottom fifth.
– Companies whose codes of conduct emphasize corporate values, and whose employees are likely to look to the code when faced with a decision or dilemma, tend to be associated with higher program effectiveness.
– Program effectiveness ranks highly in those companies where members of the C-Suite often address ethics and compliance issues in staff meetings, operational reviews and similar settings.

See also this WSJ article, Jeff Kaplan’s blog, and heaps of additional surveys and other helpful resources in our “Compliance Programs” Practice Area.

In a related and interesting development on compliance program effectiveness, Reuters reports that the DOJ is hiring a compliance expert to assist in evaluating whether companies’ compliance programs are “robust…or mere window dressing” for charging decision-making purposes.

More on “The Mentor Blog”

We continue to post new items daily on our blog – “The Mentor Blog” – for members. Members can sign up to get that blog pushed out to them via email whenever there is a new entry by simply inputting their email address on the left side of that blog. Here are some of the latest entries:

– Many Companies Still Using Old COSO Internal Controls Framework
– An Alarming Liability Award Against Non-Profit Organization’s D&Os
– A Bad Mix: Small Cap Exchanges & Larger Tick Sizes
– Germany Sets Gender Quota in Boardrooms
– ISS Study: Board Practices & Refreshment Studies

Our August Eminders is Posted!

We have posted the August issue of our complimentary monthly email newsletter. Sign up today to receive it by simply inputting your email address!


– by Randi Val Morrison