Understandably, CCOs worry about being held personally responsible for compliance failures.
That is, in fact, exactly what legislators and regulators intended by creating rules subjecting CCOs to personal liability for their firm’s missteps. The fear of personal prosecution, the thinking goes, compels CCOs and their staffs to adhere to strict regulatory standards.
It’s hard to argue with that logic. Incentives work, even negative ones. But these days, CCOs may find the somewhat unpredictable outcomes of regulatory action even more compelling than the threat of personal exposure in the abstract.
Two SEC Cases, Different Outcomes
Two recent cases demonstrate how difficult it can be to anticipate whether an enforcement action will break against or in favor of a CCO’s personal interests.
According to compliance professional and blogger Doug Cornelius, the SEC has historically refrained from using its enforcement authority against CCOs personally in all but three specific circumstances:
- Participating in the wrongdoing
- Hindering the SEC examination or investigation
- Wholesale failure
Two recent enforcement actions illustrate the relative unpredictability of the outcome of enforcement actions that rely in-sum-and-substance on the third of those factors, “wholesale failure.”
SEC Comes Down Hard on CCO in Southwind Ruling
In December 2017, the SEC issued a ruling that took investment advisor Southwind Associates, its CCO Anthony LaPeruta, and its President Scott Villafranco to task for what can only be viewed as a wholesale failure of Southwind’s compliance program. LaPeruta, who had served for 14 years as Southwind’s CCO, bore the brunt of the SEC’s ire.
The agency faulted LaPeruta in particular for having failed to implement measures to correct compliance deficiencies, despite having retained a compliance consultant that had alerted him to the compliance shortcomings repeatedly over a period of several years. Specifically, ignoring his consultant’s recommendations and acting in violation of his firm’s own compliance manual, LaPeruta:
- Failed to receive annual surprise examinations of client funds by an independent public accountant qualified to conduct those examinations;
- Failed to ensure the timely distribution of audited financial statements; and
- Failed to keep proper books and records by omitting certain electronic communications.
The SEC deemed LaPeruta’s actions to have “willfully aided and abetted and caused” his firm’s compliance violations. For his malpractice, the SEC imposed a limitation on LaPeruta barring him from acting in “a supervisory or compliance capacity with any broker, dealer, investment adviser, municipal securities dealer, municipal advisor, transfer agent, or nationally recognized statistical rating organization.”
SEC Punishes CEO in Pennant Ruling
Pennant had fallen victim to a massive fraud involving a fictitious portfolio of loans and loan repurchase agreements (“repos,” for short). The SEC faulted Elste for the firm’s failure to perform due diligence on the portfolio despite numerous red flags. But, significantly, the agency did not name or pursue action against Pennant’s CCO.
The regulator instead found that the CCO, who had been appointed to the position with no prior compliance experience, had done his best by repeatedly requesting resources for his compliance program and by repeatedly warning of his inability to assess counterparty risk without receiving that support, all to no avail.
The lack of funding for compliance oversight, the agency concluded, had contributed to the firm’s failure to notice the warning signs of the fraudulent scheme. The agency fined Pennant $400,000 and fined Elste $45,000.
At first blush, Southwind and Pennant may seem like materially different situations. In the former case, Southwind’s CCO had ample resources for his compliance mission but inexplicably failed to execute it over an extended period, to his own material detriment. In the latter, Pennant’s CCO lacked resources and support despite asking for them repeatedly, and thereby avoided liability.
Both [cases] signal the SEC’s continuing willingness to hold business leaders accountable when their investment advisory firms fall down on their compliance function.
Still, beneath the surface these cases are not dissimilar. Both involve significant compliance failures. Both take a hard look at the individual actions of CCOs and other C-suite executives for those failures. Both signal the SEC’s continuing willingness to hold business leaders accountable when their investment advisory firms fall down on their compliance function.
Compliance officers and executives should not assume either case was predestined to turn out as it did. No doubt Southwind’s CCO mounted a vigorous defense of his actions, and the Pennant CCO likely came in for a fair share of finger pointing by others. Moreover, compliance executives often struggle with lack of funds and resources to adequately manage a firm’s compliance program.
For any CCO and business leader, Southwind and Pennant should serve as a signal example of the degree of personal financial and reputational risk they take by not adopting, funding, following, and documenting compliance policies and procedures.
RegTech as the Shield
Advances in regulatory technology may help allay the looming threat of an enforcement action that targets a CCO individually.
It is one thing to tell business leaders in the investment advisory world to pay attention to compliance. It is another thing to help them implement effective, efficient compliance programs.
CCOs know the difficulty of managing a department that often gets treated as an unwanted hindrance rather than an essential function. The rulings above, however, highlight just how critical, and personally significant, regulatory compliance can be for financial firms.
Fortunately, advances in regulatory technology may help allay the looming threat of an enforcement action that targets a CCO or other executive individually. Tools continue to emerge that streamline compliance functions and automate record-keeping, leading to more efficient and effective management of the compliance process.
As rulings by the SEC and other regulators will not likely ever be predictable, these tools may be a CCO’s best hope of not just staying diligent about compliance, but also being able to prove the firm’s (and their own) diligence should any enforcement action come to pass.