Internal Controls: CCO and Adviser Pay After SEC Charges President with Theft
It’s not easy to set limits on an advisory firm’s owner, president or chief executive officer. But as one chief compliance officer found out, failure to do so may lead to harsh consequences, not only for the top executive, but for the firm and its CCO.
SFX Financial Advisory Management Enterprises and its CCO, Eugene Mason, both settled with the SEC on June 15. The settlement came on the same day that the Commission brought charges against the firm’s former president, Brian Ourand, for allegedly stealing approximately $670,000 in client funds over a five-year period.
"SFX failed to supervise Ourand and also committed compliance failures," the SEC said. More specifically, the agency charged that the firm "failed to adopt policies and procedures reasonably designed to prevent the misappropriation of client assets, failed to implement the policies it did have, violated the Custody Rule, and falsely stated in its Form ADV that it reviewed client accounts used for bill-paying services. SFX also failed to conduct its annual compliance review in 2011."
As for Mason, the agency alleged that he caused the firm’s failure to implement its compliance policies, failed to conduct the annual review and was responsible for a material Form ADV misstatement.
Both the firm and Mason were censured, with SFX agreeing to pay a civil money penalty of $150,000, and Mason agreeing to pay $25,000. The charges against Ourand were not settled, and now move to an administrative proceeding. An attorney representing SFX and Mason declined a chance to comment on the case, while an attorney representing Ourand could not be located for comment.
"SFX failed to detect an alleged misappropriation for years because it had insufficient internal controls to limit Ourand’s ability to withdraw client funds for personal use," said SEC Division of Enforcement Asset Management Unit co-chief Marshall Sprung. "Investment advisers have a fiduciary obligation to safeguard client assets."
"This case reflects the SEC’s heightened focus on compliance officers, and finding them personally liable for the acts of others," said Rogers & Hardin partner Stephen Councill. Noting the SEC’s allegations that the CCO failed to conduct an annual compliance review and follow the firm’s procedure for reviewing cash flows in client accounts, he said that "while it’s hard to tell whether these alleged failures actually caused the theft, it’s a good reminder that the SEC is willing to bring charges when compliance officers fail to follow their own procedures."
"It is particularly important for compliance officers to monitor the design and implementation of a firm’s compliance policies, especially when they are specifically assigned those responsibilities under the compliance program," said Mayer Brown partner Matthew Rossi. "The SEC has and will likely continue to charge chief compliance officers who clearly fail to carry out their assigned responsibilities under an investment
adviser’s compliance program."
The relationship and what went wrong
SFX, which as of March 2014 managed approximately $14 million for clients on a discretionary basis, provides advisory and financial management services to both current and former professional athletes. Those services, according to the administrative order instituting the settlement with the firm and Mason, include management of investment portfolios, payment of bills, financial planning and tax consultations and support.
Under the SFX system, the firm had the authority to withdraw and deposit assets from several of its client bank and brokerage accounts, the SEC said. Ourand, who in addition to being president was a "relationship manager" for several of the clients, was authorized to pay bills, transfer money and deposit checks, according to the agency. He also had "unauthorized access" to some client credit card accounts, as well as discretionary authority to trade in client brokerage accounts and provide clients with securities investment advice, the agency said.
"In July 2011, an SFX employee learned that Ourand had misappropriated assets when a client complained that he could not use one of his credit cards," the agency said. "SFX and the employee promptly conducted an investigation," which it said resulted in the firm firing Ourand and reporting his alleged conduct to the criminal authorities.
What was the scope of the alleged crime? "From 2006 to 2011, Ourand misappropriated at least $670,000 from clients" by writing unauthorized checks from client bank accounts to either cash or himself, and wired unauthorized amounts to himself for his personal use, the agency charged. "He also wired money using client credit cards for unauthorized amounts to others for their personal use" and "forged a client’s name and engaged in other deceptive conduct."
The role of the firm and the CCO
Given that Ourand and other individuals at SFX had "full signatory power" over client bank accounts relating to the firm’s bill-paying services, "there was significant risk that those individuals could misappropriate client funds," the SEC said. But the firm’s compliance policies and procedures "were not reasonably designed, and were not effectively implemented, to prevent the misappropriation of client funds." Further, the settlement document states, "as CCO, Mason was responsible under the policies and procedures for implementation of the policies and procedures."
"SFX’s policies were not reasonably designed to prevent the person authorizing payments that SFX made from client accounts from circumventing secondary review of those payments," the SEC said. "Thus, Ourand was able to circumvent secondary review of the payments he authorized from client accounts."
"This is, without a doubt, one of the toughest positions for a CCO to be in," said Mayer Brown attorney Adam Kanter. While in this case "the compliance program probably was deficient," he said that for many CCOs confronted with non-compliant plans from firm owners, presidents and CEOs – their bosses – there may be difficulty in resolving such situations. "The president says, ‘We want to do this,’ and the CCOs says, ‘No, you can’t.’ Sometimes the president agrees, and sometimes the president doesn’t. So what happens next?"
A responsible CCO could choose to document his or her objections to a proposed non-compliant course of action, said Aaron De Angelis, chief compliance officer at Spring Mountain Capital, a New York City-based advisory firm specializing in private equity and hedge funds. But if the proposed action is particularly egregious, the CCO has little choice but to resign, as staying with the firm may leave the CCO liable should the non-compliant activity ever be found out and, if that happens, "your career is over," he said. A third option, reporting the firm to the SEC, while potentially protecting a CCO from being charged as a participant in the non-compliant activity, may also make it difficult for him or her to find another job, he said.
"I think you’re going to see more and more of this," De Angelis said of CCOs being charged when they either have inadequate compliance programs and/or fail to stop non-compliant activities at their firms. "But," he said, "we have always been the ones responsible."
Custody, Form ADV and the compliance program
Beyond the alleged lack of controls over clients’ funds, the SEC charged violations in three other areas:
Custody. SFX did not have a reasonable basis to believe that, after due inquiry, custodians were providing clients with bank statements, the agency said, charging the firm with violating Rule 206(4)-2, the Custody Rule. The rule requires, among other things, that an adviser have a reasonable basis to believe that such account statements are sent to clients at least quarterly. In addition, the agency said, SFX and Mason did not follow the firm’s own compliance policy in requiring that there be a review of cash flows in client accounts.
Form ADV. According to the SEC, the firm’s Form ADV, Part 2 brochure, filed in March 2011, said that a client’s cash accounts used specifically for bill paying were reviewed several times a week by senior management for accuracy and appropriateness. "This statement was untrue because a review for ‘appropriateness’ indicates a review by senior management other than the person responsible for the relevant transactions, yet no one other than Ourand reviewed the bill-paying accounts over which he had signing authority and from several of which he misappropriated funds," the agency said. SFX and Mason were charged with violating Section 207 of the Advisers Act for making an untrue statement of material fact in a registration application or report filed with the Commission.
Compliance program. SFX did not conduct an annual review of its compliance program in 2011, even though it was in the midst of an internal investigation following the discovery of Ourand’s alleged misappropriation, the SEC said. As the CCO, Mason "was responsible for ensuring the annual review was completed and was negligent in failing to conduct the annual review," the agency charged. Mason was charged by the SEC with violating Section 206(4) of the Adviser Act and its Rule 206(4)-7, the Compliance Program Rule.