In the long-running television series, NCIS, Mark Harmon plays Leroy Jethro Gibbs, a former Marine who is the leader of a team of Navy investigators who solve crimes. Though Gibbs’ affection for his team is obvious, his head slaps warn Special Agent Anthony DiNozzo that he’s about to do something stupid or has already committed a blunder.
Chief Compliance Officers (CCOs) should be the Special Agent Gibbs at investment advisory firms. Just as Gibbs has dozens of rules that should always be obeyed, CCOs should establish the firm’s compliance rules in its policies and procedures and make certain they are followed. CCOs should be in a position of sufficient authority and seniority, compelling others to comply with the RIA’s policies and procedures.
As mentioned in the previous chapter, Rule 206(4)-7 under the Investment Advisers Act requires each SEC-registered advisory firm to designate a CCO to administer its compliance policies and procedures. It is also a good idea for state-registered investment advisers to appoint a CCO. In fact, states like New York and Ohio require firms to name a CCO.
CCOs make significant contributions to the success of an RIA. Since they design and implement compliance programs, that prevent, detect, and correct securities law violations. CCOs are also responsible for instilling a culture of compliance at RIAs. If the people running an advisory firm ignore their compliance obligations, the RIA will soon find itself in a very uncomfortable situation with securities regulators.
Sanctions Imposed Against CCOs
When major compliance problems occur at advisory firms, CCOs are likely to be the recipient of regulatory consequences, and those guilty of dereliction of duty are likely to get more than a slap on the wrist. They may be subject to fines, and their careers will be adversely affected.
On May 27, 2011, the SEC issued an order instituting administrative and cease-and-desist proceedings against Wunderlich Securities Inc. (WSI), an RIA/broker-dealer in Memphis, Tennessee. The SEC reached settlements with the dually-registered firm, as well as its CCO and CEO for violating the Investment Advisers Act and several rules.
WSI’s CCO was ordered to pay a civil money penalty of $50,000. The SEC also ordered the dually-registered firm’s CEO to pay $45,000. In addition, the firm was required to pay a civil money penalty of $125,000 on top of repaying investors nearly $370,000. All parties were admonished and additional penalties were imposed.
The SEC found that WSI willfully violated Section 206(2) of the Investment Advisers Act, which prohibits an RIA from engaging in any transaction, practice, or course of business that operates as a fraud or deceit upon any client or prospective client. WSI overcharged numerous advisory clients for transactional fees and commissions in thousands of separate occurances.
According to the SEC’s order, WSI also failed to comply with the disclosure and consent requirements established by Section 206(3) of the Investment Advisers Act. WSI knowingly effected thousands of securities transactions for advisory clients while acting as a principal for its own account. The firm did not disclose to these clients in writing before the completion of each transaction that the firm was acting as a principal.
WSI also violated Section 206(4) and Rule 206(4)-7 by failing to implement thorough and effective policies and procedures. In addition, they did not conduct an annual review of those policies and procedures. WSI was ordered to hire an independent compliance consultant to conduct periodic comprehensive reviews of those policies and procedures. Effective policies and procedures might have prevented WSI’s fee overcharges and principal trade violations.
The SEC also discovered that WSI failed to maintain a code of ethics—a violation of Section 204A and Rule 204A-1. The firm’s CCO and CEO willfully aided and abetted violations relating to its policies and procedures, as well as WSI’s code of ethics. Additionally, the firm’s CCO was found to be a cause of its principal trade violations.
On May 9, 2011, the SEC took action against Aletheia Research and Management, Inc. (Aletheia), as well as the firm’s CCO. Among other sanctions imposed, the Santa Monica RIA was ordered to pay a civil money penalty of $200,000, the CCO was to pay $100,000, and a second principal was ordered to pay $100,000. All of the parties agreed to the sanctions and were ordered to refrain from future violations.
Many of Aletheia’s problems stemmed from the firm’s incorrect responses to requests for proposals (RFPs). In these RFPs, clients and prospective clients asked whether Aletheia had any findings, deficiencies, or corrective actions required in connection with the SEC’s prior examination of the firm. Aletheia responded by stating there were no significant findings or provided incorrect answers. In fact, there were six deficiencies found during a prior exam. In making a decision whether to hire an RIA, it is important for a company or any prospective client to know whether the firm is compliant.
Aletheia’s compliance manual required the firm’s CCO to review the responses to RFPs for misleading statements about prior examinations. The CCO willfully violated those procedures and Section 206(2) of the Investment Advisers Act. As noted earlier, Section 206(2) makes it unlawful for an RIA to engage in any transaction, practice, or course of business that operates as a fraud or deceit upon any client.
The SEC found that the firm and its CCO committed willful violations of Section 206(4) of the Investment Advisers Act and Rule 206(4)-7. The RIA and its principals were cited with failing to make and/or keep copies of employees’ acknowledgments that they received Aletheia’s code of ethics. Aletheia’s obligation under the Books and Records Rule was to retain signed acknowledgments for five years.
The SEC’s order revealed that the RIA did not make and/or retain any of the required acknowledgments from 2005 through 2007. During 2008 and 2009, Aletheia only created and/or retained signed acknowledgments for two employees, even though the RIA employed fourteen to twenty-eight people from 2005 to 2009.
This conduct was a willful violation of the Books and Records Rule. Aletheia had received deficiency letters in 2005 and 2008 notifying the firm of its obligation to create and retain code of ethics acknowledgments.
Expectations of CCOs
CCOs should be extremely competent and knowledgeable regarding the Investment Advisers Act and the rules implemented in the statute. Several deficiency letters sent by the SEC have criticized an RIA’s CCO for lacking knowledge regarding their compliance responsibilities. One letter criticized the CCO for not being sufficiently familiar with the Investment Advisers Act to ensure compliance with the law.
Ignorance of the rules is not a defense to criticism and sanctions by securities regulators. CCOs owe a duty to know the rules governing RIAs, and examiners will not let an RIA and its CCO off the hook because they are unfamiliar with certain rules that were violated. Knowing the rules and enforcing them is part of a CCO’s job description.
In another deficiency letter, the SEC’s examination team observed that this firm’s CCO did not appear to be fully engaged with compliance matters. While some of a CCO’s duties may be delegated to a designated person, too much delegation can cause problems. In this case, the CCO was chastised for allowing a designee to do all of the work on the firm’s policies and procedures. In fact, the CCO was unable to respond to any of the examiners’ questions about the firm’s compliance program. The deficiency letter recommended that the CCO be replaced.
A complaint brought by the SEC on November 28, 2011, alleged that the CCO for OMNI Investment Advisors Inc. was not fulfilling his compliance obligations. For an extended period, he served as the firm’s CCO, even though he was on a religious mission in Brazil and performed virtually no compliance duties. Aside from paying a $50,000 fine, the CCO was permanently barred from acting within the securities industry in any compliance or supervisory capacity.
In a different deficiency letter, an RIA was criticized for not dedicating enough resources to the compliance function. The CCO split his time between his compliance duties and supervising the marketing staff. It did not help that the SEC found numerous deficiencies during the examination.
According to an article in Compliance Insights/2011, published by the institutional arm of TD Ameritrade, a CCO has a number of responsibilities including:
- designing a compliance program that will prevent, detect, and correct securities law violations;
- training employees in regard to their compliance responsibilities;
- evaluating the business risks facing the firm;
- performing due diligence of the firm’s vendors and partners;
- monitoring activities for errors, violations or risks, and taking corrective action if necessary; and
- reviewing the existing compliance program annually and making modifications.
As advisory firms grow, they may need a full-time CCO to deal with complicated compliance issues.
Although the SEC does not expect RIAs to hire an executive to serve as CCO, the Commission does have high expectations for the person appointed to that position. The person serving as CCO should be competent and knowledgeable regarding the Investment Advisers Act. The CCO should be recognized as having the power, seniority, and authority to demand adherence to the firm’s compliance policies and procedures.
RIAs owe a duty to supervise individuals associated with the firm with respect to activities performed on behalf of the advisor. In most cases, that supervision rests on the shoulders of the firm’s CCO. If the CCO does have supervisory responsibilities, he or she may rely on Section 203(e)(6) of the Investment Advisers Act as a defense. There is no failure to reasonably supervise another person under 203(e)(6) if the:
- RIA adopted reasonably-designed procedures to prevent and detect violations of federal securities laws;
- RIA implemented a system for applying the procedures; and the
- supervising person complied with those procedures and had no reason to believe that the person supervised was not complying with them.
As the person responsible for administering the firm’s compliance policies and procedures, a CCO will oversee that RIA’s annual review. In the course of that review, the CCO should determine if changes in compliance policies and procedures are warranted. Although Rule 206(4)-7 only requires an annual review, the CCO should conduct interim reviews in response to regulatory changes, new business arrangements, and other significant events that affect the interests of investors.
During reviews, the CCO should be looking at whether compliance policies and procedures have been effective in protecting investors. The CCO should also analyze any previous compliance problems to determine whether the firm’s policies and procedures should be revised. The results of annual reviews must be reported to the RIA’s senior management.
The Big Picture
Compliance training should be provided to every member of an advisory firm. Some RIAs also send compliance alerts on a regular basis to members of their staff.
CCOs should document their efforts to increase their knowledge of their compliance obligations. In late July 2007, the SEC began sending newly-registered advisors a letter of welcome, as well as a summary of the key provisions of the Investment Advisers Act. Having provided this information directly to newly-registered RIAs, the SEC may be less sympathetic when inexperienced CCOs violate the rules.
Creating an educational document for the firm will also benefit seasoned CCOs. Materials for creation of such a document can be found on the SEC website at http://www.sec.gov/about/offices/ocie/iainfo.htm, and a copy is also included in the appendix.
Securities regulators in states like Ohio and Pennsylvania frequently conduct compliance educational seminars. At these educational sessions, advisors can interact with securities regulators and ask questions. Certainly, it would behoove CCOs in those states to attend these seminars regularly demonstrating their concern with compliance.
Aside from educating themselves and their staff about their compliance obligations, CCOs should recognize that thorough and effective policies and procedures can help reduce their liability exposure. Implementing and enforcing meaningful policies and procedures makes it far less likely that clients will get hurt. The end result is that the advisor and its CCO may avoid complaints and litigation. The firm might also avoid incidents that must be disclosed on the RIA’s Form ADV disclosure brochure, which will be discussed in The New and Improved Form ADV.
Willful violations will be treated much more harshly than innocent or careless mistakes made by CCOs and their firms. Stiff fines and other sanctions are likely when a CCO has committed recidivist violations. Once an RIA is made aware that it has committed a violation and does not rectify the situation, the odds are good that securities regulators will bring an enforcement action against the firm.
When examiners uncover compliance problems during an examination, they expect them to be corrected promptly. Furthermore, once an RIA has committed serious compliance violations, securities regulators are likely to schedule more frequent examinations of the firm, and its compliance program may be under the microscope for a long time.
CCOs should use the results of prior examinations to identify areas where the firm may be at risk of violating securities regulations. Policies and procedures should be tailored to address those risk factors in order to detect and prevent compliance problems from occurring in the future.