Andrew Ceresney, head of the SEC’s enforcement division, delivered the keynote last week to the National Society of Compliance Professionals at the group’s annual event in DC.
Ceresney said the outcome of SEC enforcement actions can often be predicted by how the defendant company treated its compliance officers.
“[T]the absence of real compliance involvement in company deliberations can lead to compliance lapses, which, in turn, result in enforcement issues,” he said.
He talked about cases where the SEC has acted to protect compliance officers, and enforcement actions against compliance officers.
Ceresney joined the SEC in April 2013 from Debevoise & Plimpton, where he was a partner. Before that, he was an Assistant United States Attorney in the Southern District of New York. He graduated from Columbia College and Yale Law School.
Some of his talk was specific to investment companies and what happens in them. We’ve omitted most of those parts.
Here’s some of what Ceresney said to the compliance officers:
* * *
You have a challenging and difficult job and play a critical role in fostering compliance with the federal securities laws. You work to ensure that your firms have robust compliance programs and to provide sound advice and guidance to business line personnel. The Commission and its staff hold compliance professionals in high regard and consider you key partners in our efforts to serve and protect investors. We thank you for your diligence and commend and support your work. . . .
Let me start by speaking first about a line of cases that sometimes gets lost in the discussion of compliance-related enforcement actions — those cases demonstrating our support for the compliance function and its resource needs.
In my time at the Commission and in private practice, I have come to appreciate that the state of a firm’s compliance function says a lot about the firm’s likelihood of engaging in misconduct and facing sanctions.
I have found that you can predict a lot about the likelihood of an enforcement action by asking a few simple questions about the role of the company’s compliance department in the firm:
- Are compliance personnel included in critical meetings?
- Are their views typically sought and followed?
- Do compliance officers report to the CEO and have significant visibility with the board?
- Is the compliance department viewed as an important partner in the business and not simply as a support function or a cost center?
- Is compliance given the personnel and resources necessary to fully cover the entity’s needs?
Far too often, the answer to these questions is no, and the absence of real compliance involvement in company deliberations can lead to compliance lapses, which, in turn, result in enforcement issues.
Now, I recognize that it can be difficult for compliance professionals to stand up to management, particularly in organizations where they are not supported. I also recognize that compliance personnel may sometimes lack the resources and information to do their jobs effectively. In the end, while compliance officers have certain responsibilities, which I will discuss, it is the business that is primarily responsible for compliance with the law.
Two recent enforcement actions demonstrate that we recognize these issues and take them into account in our charging and sanction determinations, and that our intent is to encourage firms to give compliance the prominence and resources it needs to be effective.
In Pekin Singer, for example, the Commission charged an investment adviser with numerous compliance failures, and also charged the adviser’s president with causing those violations. The compliance failures were significant and widespread. Among other things, the adviser failed to conduct timely annual compliance program reviews and failed to implement and enforce provisions of its policies and procedures and its code of ethics.
Of particular importance, the Commission’s order found that the firm did not dedicate sufficient resources to its compliance program.
The CCO, who was not charged, was tasked with numerous non-compliance responsibilities that severely limited his ability to focus on his compliance function. The CCO repeatedly told the firm’s president that he needed help to fulfill his compliance responsibilities, including the annual compliance program review. The CCO also expressed concern about not completing compliance testing, and warned that the firm would not be ready for an SEC examination.
The CCO’s pleas for help went unanswered for over a year, and before Pekin Singer could get its compliance program in order, the Commission’s examination staff was knocking on the door.
An important takeaway from that case is not only did we not charge the CCO, but we did charge the president of the firm with causing the firm’s compliance violations, in large part because he ignored the CCO’s pleas for more resources and support. The clear message from that case to the business side of firms is to ensure that your calls for resources and support are heeded.
Our 2013 enforcement action in Carl Johns, in which we filed our first-ever charge against an individual for misleading and obstructing a CCO, also underscores how we have used our enforcement program to support your efforts. In that case, an assistant portfolio manager at an SEC-registered investment adviser failed to pre-clear or report his personal securities transactions. He also submitted false quarterly and annual reports related to his securities trading, altered trade confirmations, and manually deleted securities holdings on his brokerage statements.
When the CCO detected irregularities in the altered documents and confronted the portfolio manager, he misled the CCO about the transactions, and even accessed the hard copy file of his previously submitted brokerage statements and physically altered them.
The message of Pekin Singer and Carl Johns, as well as similar cases, is clear: we will aggressively pursue business line personnel and firms who mislead or deceive you, or obstruct the compliance function, or who fail to support you in a manner that causes compliance violations.
Let me then turn now to the infrequent circumstances in which the Commission charges CCOs. . . . .
As I have said before, when we do bring actions against CCOs. . . who are affirmatively involved in misconduct that is unrelated to their compliance function. I trust that everyone in this room agrees with that approach. We bring cases against these CCOs when they are directly involved in fraudulent activity or other conduct that harms investors. Often, the CCOs involved in affirmative misconduct wear other hats in addition to their CCO hat, such as serving as CEO or CFO, and it frequently is their actions in those other roles that lead to charges.
A good example of this is our recent action against AlphaBridge Capital Management’s CCO. There we charged a CCO who was also a co-portfolio manager who affirmatively misled the fund administrator and auditor about asset values.
We also charge CCOs who engage in efforts to obstruct or mislead the Commission staff. For example, in Parallax, we charged a CCO for compliance-related violations where he, in the course of an exam, altered documents to deceive the staff about whether the firm had conducted the required annual compliance review.
We also charged a former Wells Fargo Advisors compliance officer who altered a document before it was provided to the SEC during an insider trading investigation. The compliance officer, who was responsible for identifying and reviewing potentially suspicious trading by Wells Fargo personnel or the firm’s customers and clients, conducted a review of a broker’s trading and closed her review with no findings.
After we charged the broker with insider trading, she altered her review document to make it appear that she performed a more thorough review than she actually had and provided the document to our staff. An administrative law judge found her liable for violating the federal securities laws, although he imposed no remedies.
I think you will agree that in these sorts of cases, charges against the CCOs or other compliance personnel are warranted.
* * *
Andrew Ceresney’s full remarks to the National Society of Compliance Professionals in Washington, DC on November 4, 2015 are here.
Richard L. Cassin is the publisher and editor of the FCPA Blog. He can be contacted here.