Ceresney Tells Chief Compliance Officers that the SEC is Not Out to Get Them
It’s all overblown. You have nothing to worry about. Charges against chief compliance officers for not doing their job properly are rare. Feel free to provide advice and help resolve problems without fear. Relax already!
One might be excused for taking that as the message behind SEC Division of Enforcement director Andrew Ceresney’s November 4 keynote address at the 2015 National Society of Compliance Professionals conference near Washington, DC. It was, after all, the third such message from a high SEC official, following up on similar remarks made separately by SEC chair Mary Jo White and agency chief of staff Andrew Donohue (ACA Insight, 10/26/15).
All three have made the same point: the SEC regards CCOs as their partners and is supportive of them, and brings charges against them only in rare circumstances. Ceresney used his opportunity before an audience of several hundred compliance professionals to allay concerns, raised by some in the wake of two recent cases, that the agency might be more willing to charge CCOs.
"I have heard, both from the leaders of your organization and others, that certain recent enforcement actions by the Commission against compliance personnel in the investment adviser space have caused concern in the compliance community," said Ceresney. The goal of his speech, he said, was for compliance professionals to understand that "these actions punish misconduct that falls outside the bounds of the work that nearly all of you do on a daily basis; do not involve the exercise of good faith judgments; and are consistent with the partnership we have developed to foster compliance with the laws."
The three takeaways
Ceresney told the attendees that they should take away three important points from his remarks:
CCOs have the SEC’s "full support. We rely on you as essential partners in ensuring compliance."
The SEC will bring enforcement actions against business line personnel in appropriate circumstances "where they have deceived or misled you, or where their failure to provide you with adequate resources and information causes compliance rule violations."
"There has been no change in our longstanding careful and measured approach to determining whether we should charge a CCO. … You should not hesitate to provide advice and help remediate when problems arise. … I do not want you to be concerned that by engaging in good faith judgments, you will somehow be exposed to liability."
"Ceresney’s remarks aim to reassure CCOs that the agency wants to support them in carrying out jobs that can be challenging in the best of circumstances," said Willkie Farr partner James Burns. "But he offers these reassurances against a backdrop of a ‘broken windows’ approach to enforcement (under which small violations, as well as large violations, are prosecuted). It remains to be seen just how CCOs will fare."
"While intended to provide comfort, Ceresney’s speech only highlighted why CCOs are right to be concerned about their exposure," said Zaccaro Morgan partner Nicolas Morgan. "The very authority the SEC has vested in CCOs to ‘empower’ them is the source of exposure to potential liability. When a firm violates the federal securities laws, it is far too easy for the SEC, with the benefit of hindsight, to suggest the following fallacy: a violation occurred; the CCO had a duty to prevent violations; therefore the CCO caused the violation. Such a result would come close to replicating the old fallacy: hospitals are full of sick people, therefore hospitals cause sickness."
The cases that caused the ruckus
The two cases that Ceresney referred to, and which he discussed during his speech, were a June 15 SEC settlement with SFX Financial Advisory Management Enterprises (ACA Insight, 6/22/15) and an April 20 settlement with BlackRock Advisors (ACA Insight, 4/27/15).
In the SFX settlement, the agency alleged that the CCO caused the firm’s failure to implement its compliance policies, which it said would have detected the alleged theft of client assets by the firm president over several years. The CCO was also charged with failing to conduct the annual review of the firm’s compliance program, was censured and agreed to pay a $25,000 civil money penalty.
In the BlackRock Advisors settlement, the agency claimed that the CCO caused certain of the fund’s violations in connection with its failure to adopt and implement policies and procedures to address how the outside activities of firm employees would be assessed for conflicts of interest. The SEC also alleged that the CCO did not disclose these problems to the fund’s board of directors. The CCO paid a $60,000 civil money penalty to settle the case.
No less a personage than Daniel Gallagher, an SEC commissioner at the time, criticized the agency for the settlements (ACA Insight, 6/29/15), both of which he voted against. In a June statement, he warned that the settlements "fly in the face of my admonition" to "tread carefully when bringing enforcement actions against compliance personnel. … The Commission needs to be especially cognizant of the messages it sends to the compliance community, and in particular to CCOs of investment advisers," Gallagher said. "To put it bluntly, for the vast majority of advisers, CCOs are all we have."
Both settlements, he said "illustrate a Commission trend toward strict liability for CCOs under Rule 206(4)-7 (the Compliance Program Rule). … Actions like these are undoubtedly sending a troubling message that CCOs should not take ownership of their firm’s compliance policies and procedures, lest they be held accountable for conduct that, under Rule 206(4)-7, is the responsibility of the adviser itself. Or worse, that CCOs should opt for less comprehensive policies and procedures with fewer specified compliance duties and responsibilities to avoid liability when the government plays Monday morning quarterback."
Remarks like Gallagher’s, as well as similar concerns expressed by defense attorneys, have led SEC officials to try to calm CCO concerns.
The seeming disparity between Ceresney’s speech and Gallagher’s criticism was noted by Mayer Brown partner Matthew Rossi. "The SEC appears to be sending a mixed message to CCOs. It is no wonder that some CCOs fear being second guessed by the Enforcement Division. In the current climate, it is critical that CCOs exercise their best judgment when addressing compliance issues and formulate a clear defensible rationale for the actions they take or decide not to take."
The view from the SEC
Between 2003, when the Compliance Program Rule was adopted, and 2015, "the Commission has only brought five enforcement actions against individuals with CCO-only titles affiliated with investment advisers that involved charges under Rule 206(4)-7 and other compliance-related violations, where there wasn’t otherwise efforts to obstruct or mislead Commission staff," Ceresney said. "These numbers make clear that the Commission only rarely charges CCOs for causing violations of Rule 206(4)-7. There has not been any recent trend toward more enforcement activity involving CCOs in their compliance function."
That said, Ceresney added that "being a CCO does not provide immunity from liability" and that when CCOs "completely fail in their responsibilities, and particularly when significant investor harm results, it is appropriate for us to address that misconduct."
Ceresney, like Donohue, said there are three categories under which CCOs might be charged:
When a CCO is "affirmatively involved in misconduct" unrelated to his or her compliance function,
When a CCO engages in "efforts to obstruct or mislead the Commission staff," or
When a CCO has exhibited a "wholesale failure to carry out his or her responsibilities." It is this category, which includes CCOs charged for causing their firms’ compliance failures under Rule 206(4)-7 and other compliance-related rules, that has raised concerns.
Also important to note, Ceresney said, is that the SEC has brought cases against advisory firms for not properly supporting CCOs and compliance. "I recognize that it can be difficult for compliance professionals to stand up to management, particularly in organizations where they are not supported," he said. "I also recognize that compliance personnel may sometimes lack the resources and information to do their jobs effectively. In the end, while compliance officers have certain responsibilities, which I will discuss, it is the business that is primarily responsible for compliance with the law."
But not everyone is convinced. "In attempting to articulate a clear-line standard for CCO liability under 206(4)-7, Ceresney uses the phrase ‘wholesale failure’ four times in his speech," said Morgan. "That certainly suggests a high bar, but of course the ‘wholesale failure’ standard doesn’t appear anywhere in Rule 206(4)-7, and of course Ceresney was careful to point out that he wasn’t speaking for the Commission. Until the ‘wholesale failure’ standard becomes law, CCOs are right to be concerned that the SEC may bring an action under some lesser standard."