These are the realities of personal liability and compliance in the financial sector:
>> 75 percent of CCOs are concerned about their own personal liability or that of their CEOs. (DLA Piper)
>> Between 2018 and 2019, global regulators levied a near record $10 billion worth of fines against banks. By summer 2020, these same regulators had already issued $5.6 billion in fines against financial institutions. (Fernergo)
>> And yet, 57 percent of senior-level executives rank “risk and compliance” as one of the top two risk categories they feel least prepared to address.
—
These stats are not without cause. Over the years, personal liability and regulatory fines have taken a foothold within the industry as bad actors have violated a range of institutional rules and guidelines.
Corporate misdeeds have long had a tendency to stoke the fires of popular resentment against business leaders. Yet, in the century following the industrial revolution, policymakers failed to hold corporate executives’ feet to the fire for their wrongdoing despite the public’s blood-lust.
Instead, criminal prosecutors and regulatory enforcement agencies pursued corporations, leaving the job of disciplining (or not disciplining) C-suite executives to their corporate boards.
Today tells a different story. Banking and financial services executives – especially Chief Compliance Officers (CCOs) – face a shifting and unpredictable morass of statutory and regulatory guidelines that threaten personal liability for illegal acts. It can be difficult, and not to mention nerve-wracking, to predict what the norm will be tomorrow.
READ ARTICLE: The State of the Industry
But to understand the ins and outs of personal liability, it is important to understand its history.
Here is a rapid fire review of the evolution of policymaking around personal responsibility, from the laissez-faire attitudes about executive culpability that dominated most of the 80s and 90s to the more severe policies that loom over executive conduct today.
Here’s a brief timeline:
1980s
Savings and Loan Crisis Exposes the Underbelly of Deregulation
The election of President Ronald Reagan in 1980 ushered in an era of deregulation in financial services.
Legislation passed during this wave of anti-regulatory fervor transformed the historically conservative Savings and Loan (S&L) business in particular; it simultaneously expanded institutional lending authority while easing loan-to-value requirements and reducing regulatory oversight.
The ostensible purpose of deregulating S&Ls was to help them attract capital in order to “grow” their way out of problems caused by a high interest rate environment. S&L deposits soared, but the banks also began making risky, speculative loans.
As the loans defaulted, S&Ls began to founder. Depositors panicked. On the verge of collapse, the industry received a series of federal and state bailouts costing taxpayers hundreds of billions.
Perhaps even more significant than the financial devastation, the Savings and Loan crisis inflicted a lasting civic cost. The public lost trust in policymakers and financial institutions.
High profile scandals involving politicians and investors who reaped millions from the run-up and meltdown only added to the public perception that deregulation had unleashed business leaders’ worst impulses and that they needed to be reigned in.
2002
Worldcom Wounds the Accounting Industry
The early 2000s subjected the public to another wave of corporate upheaval.
Enron’s meltdown exposed a litany of business malfeasance, from manipulation of energy markets to accounting tactics akin to a game of three-card monty.
The bursting of the dot-com bubble wiped out billions in retirement accounts. Tyco collapsed amidst tales of its CEO’s lavish and gaudy excess.
And then came Worldcom, the largest accounting scandal ever.
Worldcom had grown into a telecommunications giant through debt-fueled acquisitions. As dot-coms shuttered and demand for its services dried up, Worldcom began hemorrhaging money.
To hide the bleeding, its executives began cooking the books with the help of accounting giant Arthur Anderson and with the tacit acquiescence of Wall Street banks and rating agencies.
When the fraud came to light, Worldcom filed for bankruptcy and its CEO went to jail (joining executives from the aforementioned Enron and Tyco).
The Worldcom scandal inflicted lasting damage on the public’s perception of accounting firms, ratings agencies, and large banks as would-be “honest brokers” who ought to sound an alarm over wrongdoing.
Instead, Americans began to see those firms as being in-cahoots with their corporate clients, no matter the collateral consequences for the public.
Washington responded to the public outcry by passing the Sarbanes-Oxley Act, strengthening disclosure and penalties associated with accounting fraud.
2008-2010
Financial Crisis Prompts an Over-correction
Deregulated financial commerce, however, continued unabated, with Wall Street capitalizing on a massive run-up in residential real estate values spurred on by an explosion in issuances of derivative financial products.
When the real estate bubble burst, it took financial institutions down with it and put millions of families on the street when they became unable to afford mortgages on overvalued property.
The disaster fueled deep public resentment of Wall Street and of the government’s failure to police bank executives who had received millions in bonuses as borrowers lost their homes.
The most immediate consequence of the financial crisis from a policymaking perspective was passage of the Dodd-Frank Financial Reform Act in 2010, which re-imposed regulatory strictures on financial institutions that might have prevented the bubble and collapse.
It also imposed the so-called “Volcker Rule” that required finance industry CEOs to certify their firms’ compliance with the law’s prescriptions (although the rule didn’t take effect until 2015).
Many saw Dodd-Frank as a half-measure that mended the proverbial fence after the horse had already escaped the corral. Financial institutions chafed at what they viewed as overzealous and unnecessary guardrails on their industry.
The public, in contrast, wanted to see a bank executive go to jail and grew ever-more outraged when none did.
2013
SEC Enforcer Ceresney Signals Focus on Individual Prosecution
Regulators took notice of the simmering public anger.
In a speech that put corporate executives on high alert, then Co-Director of the Securities and Exchange Commission’s (SEC) Division of Enforcement Andrew Ceresney told attendees at the 2013 International Conference on the Foreign Corrupt Practices Act that “[a] core principle of any strong enforcement program is to pursue culpable individuals wherever possible” and lauded the “great deterrent value” of individual prosecutions.
A core principle of any strong enforcement program is to pursue culpable individuals wherever possible.
The SEC, he said, explores “whether an action against an individual is appropriate” in every case it brings against a company.
2015
Yates Memo Signals DOJ’s Prioritization of Business Leader Prosecutions
To address criticism of the Department of Justice’s own lack of individual prosecutions stemming from the financial crisis, then-Assistant Attorney General Sally Yates issued a now-famous memo to all Department AAGs and United States Attorneys in September 2015, directing them to prioritize holding individual business leaders accountable for corporate wrongdoing.
Yates made clear that as an explicit condition of receiving credit for cooperating with law enforcement investigations into their misdeeds, corporations would need to disclose the names of all individuals within the corporation involved in criminal or civil misconduct.
2016
The UK Joins the Fight for Individual Accountability
Moves toward holding financial executives personally responsible for corporate wrongdoing were not limited to the United States.In Britain, Parliament passed the Senior Managers & Certification Regime, which imposed personal accountability for financial services firms’ misdeeds onto senior management and even certain non-executive employees.
2017
DOJ’s FCPA Enforcement Policy Echoes Yates Memo in Targeting Compliance Professionals
Four years after Andrew Ceresney spoke at the annual Foreign Corrupt Practices Act conference, Deputy Attorney General Rod Rosenstein announced a new FCPA enforcement policy that ratcheted up the risk for corporate CCOs.
Rosenstein did not mince words about who would bear the brunt of the new policy, predicting it would “enhance our ability to identify and punish culpable individuals.”
In essence, the new policy provided that so long as corporations voluntarily disclosed the nature and extent of an FCPA violation, including the names of individuals involved in it, prosecutors would likely decline prosecution of the corporation.
2018
Trump Administration Reforms Seemingly Ease Pressure on Other Executives
While the Trump administration dialed up the pressure on compliance professionals in the context of the FCPA, it simultaneously eased tensions for other leaders of financial firms.
In 2018, the administration loosened some of the Dodd-Frank regulations that had bedeviled small and mid-sized banks and financial firms, and DAG Rosenstein announced modifications to the “Yates Memo” policy of requiring corporations to name all individuals involved in misconduct.
The DOJ policy instead required disclosure only of those “substantially involved in or responsible for” criminal conduct and to identify all wrongdoing by individuals in civil matters.
2020
Biden Administration Expected to Reinforce Dodd-Frank Regulations
In contrast to the Trump administration, 2021 will usher in a new era of regulatory oversight when the Biden administration takes office. As a former leader within the Obama administration that signed Dodd-Frank into law, President Elect Biden is expected to reinforce the federal law.
While the Trump administration focused on reducing its regulatory burdens to increase competition and consumer choice, the Biden administration will likely focus more on protecting consumers from the trickle-down impact of bad actors by bolstering and adding to regulation. This move could put the personal liability of executives and CCOs under renewed scrutiny.
Regulators Crack Down
So, what are the consequences of the steady march (until recently) toward holding executives and compliance professionals personally accountable?
In some cases, compliance officers and other executives have endured significant personal hardship.
1. The SEC recently charged former top executives at a well-known global bank with misleading investors about the bank’s financial performance. This resulted in the former CEO paying a $2.5 million penalty to the SEC, a $17.5 million penalty to the OCC, and being permanently banned from the banking industry. But this retribution was just the tip of the iceberg. Due to the extraordinary misdeeds of these executives, the global bank paid $3 billion in penalties to the Justice Department (DOJ) and the SEC, and $185 million to the Consumer Financial Protection Bureau (CFPB) to settle the charges.
2. In another case, the SEC charged an investment firm and its Chief Compliance Officer with multiple violations of the Investment Advisers Act. As a result of her actions, she was ordered to pay $45,000 and was barred from practicing in the field indefinitely. Additionally, her firm was ordered to pay $1.7 million in fines.
3. Meanwhile, the Commodities Future Trading Commission (CFTC) ordered one CCO to pay $150,000 for engaging in fraudulent acts and making false statements to a self-regulatory organization. He was permanently prohibited from trading (soliciting or accepting funds intended for) commodity interests for himself or others, and from registering with the CFTC.
And those are only a few examples from a long list of misconduct. CCOs see these as cautionary tales and worry about the uncertainty of not knowing how the next case might turn out.
How will personal liability take shape under a new administration? Only time will tell.
Technology as a Shield
For now, a CCO’s best strategy is to enforce the rules within the organization and focus on demonstrating compliance in every way possible. By today’s standards, this often requires implementing technology to help keep a better system of record and support compliance teams in their explanations to regulators. In fact, the DOJ recently issued guidance that requires corporate compliance programs to use robust technology and data analytics to assess their own actions and those of any third parties.
READ MORE: What is RegTech?
This is where regulatory technology (RegTech) such as Ascent can help. To learn more, we recommend reading this article that shows how RegTech (and regulatory knowledge automation in particular) can help fortify your compliance program. You can also contact us.
For more about the intersection of technology and compliance, sign up to receive our monthly Cliff Notes newsletter below.
Subscribe
