CCO Liability: What Risks Remain and What You Can Do to Minimize Them

IA Watch produced an informative webinar on CCO Liability. These are my notes.

  • Carl Ayers (Moderator)  Publisher, Regulatory Compliance Watch
  • Brian Moran, Executive director and CCO Sterling Capital Management
  • Joseph McGill, J.D., Chief Compliance Officer Lord, Abbett & Co.
  • Kelley Howes, Counsel Morrison Foerster
  • Heidi Vonderheide of Ulmer & Berne LLP

First up was Heidi. Her firm is working on two CCO liability cases: the Robare case and the Blue Ocean Case with Jim Winkelmann.

These cases are on hold waiting for the Supreme Court to rule on the constitutionality of ALJ system.

The Robare discuss is a disclosure case. There was no evidence that there was any harm to customers.

Will the new leadership of the SEC change the CCO liability equation? It’s probably unlikely. Any case we see has likely been in the works for awhile. So any trend will take a while to show itself.

Kelley tackled what the SEC expects of CCOs. The number one item is to focus on the fiduciary duty of an investment adviser. A CCO should show a clear understanding of the firm’s business and associated risks. The CCO needs to now the regulations and how it integrates into the firm’s operations and disclosures.

The CCO should be in a position to be effective by having some independence and respect in the organization.

The SEC recognizes that the CCO role is hard and only wants to go after CCOs involved in wrongdoing or are asleep at the switch.

That being said, some of the SEC’s CCO cases don’t seem to follow the statements of the SEC.

Joseph emphasized the need for a conflicts matrix that gets reflected in the polices and procedures. The number one thing to focus on is not fixing a deficiency noted in a prior exam.

Brian highlighted the issues that arise when the CCO has other responsibilities. (A jack of all trades; a master of none.) He pointed out that many of the CCO case involved CCOs who wore more than one hat.  Most of the cases involved compliance personnel who affirmatively participated in the misconduct, misled regulators or failed to carry their responsibilities.

What about D&O insurance? It would be usual for a CCO to not be covered. A CCO is an officer of the firm. There is likely a fraud exclusion. There may be a question of whether it covers all of the enforcement and litigation costs.

Red Hot SEC Exam Topics

IA Watch presented a webinar: Red Hot SEC Exams Topics in 2017, Plus Exam-Prep Steps from Peers Who’ve Survived Recent Exams.

The presenters were

Fred Shaw, Principal/Director of Compliance, Hamilton Lane
Adam Reback, CCO, J. Goldman & Co
Chuck Daly, Principal, Constellation Advisers
Michelle Martin, CCO, Longfellow Investment Management

These are my notes:

Even though there is great deal of change in Was, exams are expected to continue.

Based on the 2017 Exam Priorities, there seems to be an emphasis on retail investors and how advisers deal with this type of client. There will be heightened focus on seniors and the possibility of exploitation.

There is an emphasis on data for exams. Word is that the SEC is grabbing lots more than in the past to test firm practices.

One presenter is seeing an uptick on never-before-examined advisor exams. The presenter noted that different regional offices are doing these exams differently.

Money market funds are expected to be a priority based on the 2014 rules on liquidity and redemption risks.

There seems to be less emphasis on private funds. That does not mean that there will be none.

Exams are generally shorter than in the past. OCIE wants to reach more firms, given the resources, that means less time on exams. The panelist is seeing fewer on-site exams and more correspondence exams. The examiners are asking for fewer documents, in part because the request is better tailored to the advisor. Of course, there is a wide range of exam experiences.

In exam tips and experiences, one presenter noted that it was worth discussing document requests with the examiner if the request is voluminous. The examiners are unlikely to want a big data damp and are generally not expecting it.

Some of the requested items may not be for the examiners, but for others behind the scene for data and policy considerations.

Introductory presentations are very helpful.

Valuations need to be well documented. If you use the data, you need a copy of the report in the file.

 

 

Rapid-Fire, Nuts & Bolts Tips from Former Regulators Now in the Private Sector

coping with regulatory change

I’m attending a conference sponsored by IA Watch: Coping with Regulatory Change. These are my brief notes.


Luis Mejia, Partner, Perkins Coie, Washington, D.C.; Walter Ricciardi, Partner, Paul, Weiss, Rifkind, Wharton & Garrison, New York; and Bruce Karpati, Global CCO/Director, KKR, New York provided their view, now that they are on the other side.

You either (1) eliminate the conflict or (2) disclose and mitigate. The challenge is identifying all of the conflicts. Assuming you find them all, can you mitigate them all.

The panel was critical of the several private equity enforcement actions. In the KKR case, KKR fixed the problem and refunded some of the fees during the exam. So why was it an enforcement action? Do you have to self-report and cut all the checks before the exam ends.

The SEC has been inconsistent with its interpretation of the “wholesale failure” of the CCO. But in the Blackstone case, the CCO was blamed for inadequate policies and procedures.

In the Delaney case, the panel had a hard time finding how the CCO was engaged in “wholesale failure.”

How do you protect yourself? Look at the steps the CCO took in Robare case. The firm had hired an outside consultant to help them understand the requirements.

There is the October 14, 2015 speech by Andrew Donohue for the role of compliance: Remarks at NRS 30th Annual Fall Investment Adviser and Broker-Dealer Compliance Conference.

Commissioner Gallagher gave a speech that its the firm that’s responsible for compliance. The CCOs should not be subject to strict liability for a failure.

The Asset Management Unit: Reflecting and Moving Ahead

coping with regulatory change

I’m attending a conference sponsored by IA Watch: Coping with Regulatory Change. These are my brief notes.


Anthony Kelly, Assistant Director, SEC’s Asset Management Unit, shared some of the activities of this part of the Securities and Exchange Commission.

For fees, the Unit is looking mis-allocation of private equity fees and expenses and whether the fees and expenses are properly disclosed. In the Cherokee case, the Unit found the fees and expenses for the fund manager for compliance should not be charged to the funds. In the Fenway case, the Unit felt the adviser was misleading its fund investors for charging related party consulting fees. Before that was the Blackstone case for mis-allocation.

Mr. Kelly encouraged self-reporting. There is a cooperation program and cooperation credit available. Not bringing an enforcement action is “extra-ordinary.”

He emphasized that the Unit is not targeting CCOs. It will defer to the good-faith determinations of the CCOs. It will bring action if the CCO is actively involved. It will bring actions against CCOs for hindering the exam or investigation. See the Wells Fargo case. The third area is the wholesale failure of the CCO in doing the job. (However, as he points out, there are two CCO liability cases in last year.)

Conflicts is a perennial area of focus for the Unit. It’s core to the fiduciary obligations of an investment adviser.

Discover the Priorities and Perspectives of the Office of Compliance Inspections and Examinations

coping with regulatory change

I’m attending a conference sponsored by IA Watch: Coping with Regulatory Change. These are my brief notes.


Marc Wyatt, Director, SEC’s Office of Compliance Inspections and Examinations, gave his perspective on the priorities that lie ahead for OCIE. Marc Wyatt Named Director of the Office of Compliance Inspections and Examinations last week.

He emphasized that OCIE does not want to be a “gotcha” regulator. OCIE’s job is deterrence. That is why OCIE publishes its exam priorities each year. OCIE wants to empower CCOs to be able to focus limited resources on issues. It’s not that OCIE only gets to 10% of registered advisers. OCIE wants to use the exams to deter other firms from doing bad things. Exams are very much risk-based and data driven.

Cybersecurity will be on the list for a long time. Retirement accounts and senior investors will also be on the list.

OCIE tries to be incremental. For cybersecurity, the first round was mostly information gathering. The next level is more testing. He was not willing to say how many firms OCIE is visiting. He wants it be statistically significant.

The pool of registrants is growing. There were 500 new registrants last year. The SEC is trying to specialize and get the skills for the new pool of registrants (private equity, hedge funds, etc.)

OCIE feels it is getting better aligned with institutional investors. Investors are doing much more due diligence and taking a deeper dive.

The vetting process for which firms to exam is also a set of data for the exam process. Of the two out of ten firms that examined, reviewing the other eight helps OCIE understand the risks.

How to avoid getting examined? These are red flags for the risk-based analysis:

  • A big swing in AUM?
  • Changes in key personnel
  • Aberrational performance
  • Areas for better understanding (OCIE wants to better understand a time of investing style, or there is a rule in process)

How to get exam staff out once they come:

  • Be efficient on document production
  • Question the exam staff about unclear document requests
  • Get clarification if a question is unclear.
  • Don’t dump documents trying to overload examiners
  • Make sure exam staff has access to key people
  • Day One presentation with CCO, being candid about risks, highlighting key people for follow-up meetings

In response to lowering risk rating, Mr. Wyatt was not willing to share criteria that would reduce. He pointed out there is a never-before examined exam initiative.

He pointed out the out-sourced CCO risk alert. Use that to look at your in-house CCO program.

Investment Management: What’s Next on the Rulemaking Front

coping with regulatory change

I’m attending a conference sponsored by IA Watch: Coping with Regulatory Change. These are  my brief notes.


Norm Champ, Investment Management Law Lecturer at Harvard Law School and former SEC IM Division Director, New York; and Robert Plaze, Partner, Stroock & Stroock & Lavan, Washington, D.C. came ready to talk about a broad range of issues.

Form ADV proposed changes and Form PF changes. These changes are all about getting better data and better understanding risks. The comment period just closed, but re-opened for the liquidity proposal. IA-4091 and 33-9776 will continue as other rules are proposed. The SEC has identified separate accounts as an area in which the SEC has little insight.

The next question is what is the SEC going to do with this data. Can the SEC keep information confidential? What happens if the SEC has the data showing the problem but does not see it? The SEC is concerned about disclosing the positions of investors being advised by registered investment advisers.

Other rule-making under consideration:

  • Liquidity in funds has moved ahead: (33-9922).
  • Derivative use in funds is another item.
  • Transition plans for advisers.
  • Stress tests for advisers and funds.

The Fiduciary Duty is the “keystone pipeline” of the SEC. It will not be able to go far enough to make investor advocates happy and will go too far for the brokerage industry. There are too different models, investment advisor and brokerage, clashing in the area of wealth management. There is also a clash with the Department of Labor who has proposed its own rule that applies to all retirement plans. There is a calsh between the disclosure model and the strict standard model.

The panel pointed out the problem with third party compliance audits is that there is no equivalence to GAAP. Public companies are subject to audits subject to GAAP. The problem with using this model for compliance is that there are no generally accepted compliance standards or practices that would, at least in part, standardize the compliance audit practice. For settlements that require a third party compliance audit, the settlement often rejects proposed compliance consultants because they lack credentials.

The panel equated third-party compliance exams to credit rating agencies. There was little regulatory oversight, with an industry mandate, and they did bad job rating. They played a big role in the 2008 financial crisis.

FinCEN has proposed a rulemaking for AML for investment advisers. FinCEN is not receptive to comments saying there should not be checking for terrorist money use.

Transition planning will likely be tackled after derivative use. To some extent its the next step after disaster recovery plans and business continuity planning. It’s a bigger issue given the scope of different firms and business models for investment advisers.

Dodd-Frank does have a statutory mandate for stress tests of advisers and funds. Of course the question is how you stress test an adviser given that an advisers capital should affect the client’s portfolio. Assets are supposed to be held by custodians, not the adviser.

Red-Hot SEC Enforcement Priorities

coping with regulatory change

I’m attending a conference sponsored by IA Watch: Coping with Regulatory Change. These are my brief notes.


William McLucas, Mark Schonfeld and Frank ______ spoke on what is happening on the enforcement side of the Securities and Exchange Commission.

The Madoff fraud and the 2008 financial crisis are still driving forces for SEC enforcement. The SEC still feels the sting of the inquiries coming out of those two events.

The panel thought that the SEC is not willing to let cases go because of the fear that there is a missed, bigger problem. The panel also thought the SEC has taken a disproportionate blame for the 2008 financial crisis. “Why hasn’t the SEC put any bank executives in jail for crashing the economy?” Of course, because the SEC can’t bring criminal actions. The Enforcement Division is much more focused on investment management. The division works closer with OCIE in exams and uses exams for enforcement investigations.

The panel thinks what were considered minor deficiencies in the past are now blowing up into bigger enforcement actions. There is little incentive to close cases. More of the enforcement division attorneys have come from the Department of Justice. They are less afraid to go to court. The government use the threat of action to extract settlements. The SEC has much more access to data for bringing actions. The courts have given the SEC much more deference to its own interpretation of its own rules. The SEC has a broader ability to create law.

Investigation has a cost to the business beyond the direct costs of legal fees and fines. Investors are skittish. They have lots of options. Institutional investors have their own fiduciary responsibilities to their constituents. Enforcement does not always take this into account. They key is to avoid attracting enforcement during an SEC exam.

The SEC did have one of its swords taken away. The Newman decision will make it harder to bring insider trading cases. The government will need to prove the benefits in the tipping relationship. The personal benefit standard from the Dirks case has been heightened. To go after the remote tippee, the government needs to prove a benefit to the tipper, and that the remote tippee knew of the benefit. The SEC thinks is can still prove cases because its civil standard is merely “preponderance of the evidence” as opposed to the “beyond a reasonable doubt” standard in a criminal action. In end, Newman will not reduce the number of insider trading cases, but there may be more civil cases and fewer criminal cases.

CCO liability is generally only when there is a wholesale failure by the COO, at least according to the SEC staff. However, “wholesale failure” is in the eye of the beholder. The panel disagrees that the SEC is only bringing the most egregious examples. The panel thinks the SEC is dis-incentivizing CCOs from getting involved is bad situations. Obviously, a CCO stealing and trading on inside information is fair game. The panel does not think the SEC should be naming CCOs except for those situations. The SEC has gone too far. CCOs do need to worry.

Coping With Regulatory Change – Office of Investor Advocate

coping with regulatory change

I’m attending a conference sponsored by IA Watch: Coping with Regulatory Change. These are my brief notes.


Rick Fleming, Director of the Office of Investor Advocate at the Securities and Exchange Commission, started with a keynote. His office and position was created by Dodd-Frank. He currently has a staff of ten people. (One of the inherent conflicts at the Securities and Exchange Commission is between investor protection and capital formation.) He created the position of Ombudsman for complaints against the SEC itself. Most of the staff is focused on policy issues, including those of the SROs. He hired an economist to focus on the benefits to investors, not just the cost to the industry, for the cost-benefit analysis of proposed regulatory actions.

He reports to Congress twice a year. The statutory mandate prevents the Commissioners from imposing their views on that report.

If the Office is not happy with an action, it can make a formal recommendation and the SEC must respond according to the statute.

Top Priorities for this year:

  • High frequency trading
  • More effective disclosures to investors
  • Variable annuity disclosures
  • Accounting and auditing issues
  • Millennial investors – how are they different?
  • Fiduciary Duty

He thinks there needs to be more exams of investment advisory firms. He recommended an additional fee to pay for more frequent exams. (He came from a state regulator.) However, he is not a fan of SROs and the FINRA model of self-exam. Review of investment advisers is a legitimate government action. He prefers more funding for SEC exams. He does advocate for third party verification of assets. His current idea is the use of consultants for review.

He thinks the SEC will come out with a Fiduciary Duty rule at some point this year, applying a higher duty to brokers who advertise themselves as something other than a broker. His biggest concern is that Dodd-Frank limits the duty when a proprietary product is being sold. That is where he has seen the most problems.

Compliance Compensation Survey

ia-watch-nscp

The results of the 2014 IA Compliance Compensation Survey, sponsored by IA Watch and the National Society of Compliance Professionals, have been released. You can visit the IA Compliance Compensation Results website http://www.salary.iawatch.com/.

Use the results to benchmark and compare your compensation against peers in your area, plus the top 30 most populous metropolitan regions in the U.S., such as New York, Washington, D.C., Chicago, San Francisco and nationally.

According to the publisher, the survey reveals some interesting trends that run counter to expectations:

  • The number of years servicing the compliance industry does not necessarily correlate to higher wages.
  • The average compensation by assets under management (AUM) was higher for firms with $10-20 billion than firms with AUM greater than $100 billion.

Other Findings:

  • The compensation breakdown for individuals was 69% salary, 28% bonus, and 3% retirement/other. Bonuses are predominantly given based on either job or company performance and less than 10% are awarded a bonus for successfully completing a regulatory exam.
  • Only 50% of the firms surveyed increased their non-salary compliance budget, the remaining half had no change or a slight decrease.
  • Firms did not reallocate costs between outside counsel, consultants, subscriptions or training regardless if the budget was increasing, staying flat, or decreasing.
  • Overall, about two-thirds of the budget was spent on outside counsel and consultants, one-sixth on subscriptions, and one-fifth on training.

Sources:

OCIE Director Drew Bowden On Exams, CCO liability and more

ia watch ia week

IA Watch was able to get Drew Bowden, the Securities and Exchange Commission’s Director of the Office of Compliance Inspections and Examinations, to sit down for an interview. “The best thing [CCOs] can do is to be organized, be responsive and be helpful to the examination staff”. This can be measured by how timely you produce requested documents. “It’s most helpful” when firms begin an exam by educating examiners “about the nature of their business [and] what they’re trying to accomplish from a business perspective,”

Portions of the interview are available for your viewing:

IA Watch Interviews Drew Bowden, Part 1



IA Watch Interviews OCIE Director Drew Bowden, Part 2

References:

IA Watch Exclusive: OCIE Director Drew Bowden talks exam do’s and don’ts, CCO liability and more
(subscription required)