Years ago, when I became a compliance officer (prior to the mandates prescribed under Rule 206(4)-7 of the Investment Advisers Act of 1940, as amended (“Advisers Act”), compliance officer liability was rare. Today, chief compliance officer (“CCO”) liability is at the forefront of every practitioner’s mind. What must I do, how must I do it, and if I cannot, how do I mitigate liability?
In this months’ Jacko Law Group, PC (“JLG”) Risk Management Tip, we will explore the most recent cases involving CCO liability. Specifically, we will consider those issues which caught the SEC’s and FINRA’s attention and discuss recent SEC guidance on how to mitigate the CCO’s liability if management’s decisions do not align with the CCO’s guidance. We will also consider the National Society of Compliance Professional’s (“NSCP”) Framework for CCO liability.
Recent SEC CCO Liability Enforcement Actions
In the Matter of Hamilton Investment Counsel, LLC and Jeffrey Kirkpatrick (IA Rel. No. 6061, June 30, 2022)
From October 2016 through September 2021, Respondent Kirkpatrick served as principal and CCO of Hamilton Investment Counsel, LLC (“HIC”). Among other things, as CCO, Kirkpatrick was responsible for administering and implementing HIC’s compliance program. From at least December 2019, Kirkpatrick knew or should have known that HIC’s compliance program was inadequately implemented, yet he did nothing to address this.
Specifically, in February 2020, Kirkpatrick received communications from an HIC investment adviser representative (“IAR”) (who was also the co-owner of HIC) that notified him that an outside business activity (“OBA”) was being conducted by the IAR. However, Kirkpatrick did nothing to have the IAR complete and submit a formal reporting of the OBA as required by HIC’s compliance manual. Furthermore, Kirkpatrick took no steps to ascertain whether the IAR had disclosed the OBA to clients or whether the OBA was associated with conflicts of interest, both of which were required by the compliance manual.
If that were not enough, there were numerous red flags between June 2020 and June 2021 about the OBA, including a flag from the broker-dealer that Kirkpatrick and the IAR were affiliated with. However, Kirkpatrick failed to take steps to investigate the OBA and ensure the OBA was reported in accordance with the firm’s and broker-dealer’s policies and procedures. In effect, Kirkpatrick permitted the compliance program to be circumvented by the IAR. In June 2021, Kirkpatrick reported the OBA to the broker-dealer, whereupon the broker-dealer terminated its relationship with HIC.
Kirkpatrick was a principal who had authority to exercise control on this situation. As CCO, the SEC found that Kirkpatrick willfully aided and abetted and caused HIC to violate Section 206(4) of the Advisers Act and Rule 206(4)-7 promulgated thereunder. The SEC barred Kirkpatrick from acting in a supervisory or compliance capacity with any broker, dealer, investment adviser, municipal securities dealer, municipal advisor, transfer agent, or national recognized statistical rating organization for at least five years and fined him $15,000. HIC also had to pay a civil penalty in the amount of $150,000.
This case clearly represents a CCO who failed to carry out his responsibilities and had a position of power and authority to do so.
FINRA Acceptance, Waiver and Consent of Arnold J. Feist (AWC No. 2015047770302)
From July 2006 through August 2018, Respondent Feist served as AML Compliance Officer (“AMLCO”) at Interactive Brokers LLC (“Interactive”). Feist remained registered through Interactive until April 30, 2020. Interactive’s written supervisory procedures vested Feist, as AMLCO, with “full responsibility” for Interactive’s AML program, including its day-to-day operations, and required him to review one of each of the firm’s surveillance reports every month to ensure that analysts “handled [them] in accordance with [Interactive’s] procedures.”[1] From January 2013 through August 2018, while he was Interactive’s AMLCO, Feist failed to implement and monitor the Firm’s AML program.
Notably, Feist did not meaningfully familiarize himself with the firm’s AML program. Specifically, he did not supervise the firm’s AML analysts or their supervisors, nor did Feist take steps to understand how the firm was implementing its AML program or conducting its AML investigations. Feist did not regularly perform the monthly review of at least one of the firm’s surveillance reports, as set forth in the firm’s written supervisory procedures. He also failed to develop an understanding of the firm’s AML risk profile. Interactive had been receiving wire deposits from unknown remitters, yet they were not monitored and reviewed by the AML analysts.
From February 2014 to March 2016, the firm filed only three (3) Suspicious Activity Reports (“SARs”) in response to 37 regulatory inquiries by FINRA and the SEC. It was Feist’s responsibility to decide whether Interactive would file a SAR, and he incorrectly believed that if the firm first learned about the SAR from regulators or law enforcement agencies investigating that same conduct, a SAR need not be filed, which was in violation of FINRA Rules.
Pursuant to the AWC, Feist agreed to a two-month suspension from association with any FINRA member in all principal capacities; was fined $25,000, and had an undertaking to satisfactorily complete 10 hours of continuing education concerning AML responsibilities, by a provider not unacceptable to FINRA, within 90 days after reassociation with a member firm.
This case shows that Feist had wholesale failures to carry out his responsibilities as an AMLCO.
In the Matter of Meredith A. Simmons, Esq., Administrative Proceeding File No. 3-20114 (Sep. 30, 2020)
Meredith A. Simmons, Esq. (“Simmons”) served as the CCO at an SEC registered investment adviser from 2012 to June 2018. In October 2016, it came to light that one of the adviser’s junior investment professionals may have come into possession of nonpublic information related to one of the firm’s potential investments and acquisition of Company A (“Company A”). Simmons’ supervisor had asked her to investigate and to later memorialize her findings related to her compliance review. Simmons failed to substantially document either her evaluation or events relevant to the October 2016 investment.
Nearly a year later, Simmons’ supervisor asked her to update him on several outstanding compliance items. In September 2017, Simmons drafted a compliance memo related to the October 2016 investment but backdated the memo to October 28, 2016, and emailed that to her supervisor. Later that same day, Simmons further backdated the compliance manual to October 21, 2016, the day immediately before the announcement of Company A’s acquisition by another company.
In October 2017, the firm was examined by the SEC. The staff requested all supporting documentation related to the investment adviser’s examination of the internal review of the October 2016 investment. Simmons produced the backdated October 21, 2016 memo, and to the staff, described the compliance memo as a “contemporaneous memo to file.” [2]
The SEC found that the memo contained multiple factual inaccuracies. Furthermore, Simmons inferred on more than one occasion that she wrote the compliance memo in October 2016. Because of her actions, Simmons delayed and impeded the SEC’s investigation of this matter.
In an effort to settle this matter, Simmons agreed to cease and desist from committing or causing any violations of Section 204(A) of the Advisers Act, to not act in a compliance capacity with ability to apply to act in such a capacity after three years, to not appear or practice before the SEC as an attorney for 12 months from the date of the Order with ability to apply to do so thereafter, and to pass a civil monetary penalty of $25,000.
This case clearly illustrates a CCO who engaged in efforts to obstruct or mislead the SEC staff.
Recent SEC Guidance
Over the past several years, the SEC has taken steps to define the framework of CCO liability. In November 2015, then Division of Enforcement Director Andrew Ceresney stated that the SEC will generally bring an action against a CCO when it fits into one of three categories:
- Where the CCO exhibited a wholesale failure to carry out his or her responsibilities;
- Where the CCO engages in efforts to obstruct or mislead the SEC staff; or
- Where the CCO is affirmatively involved in misconduct unrelated to their compliance function.
We see two of these three areas in the above-referenced cases.
This framework was further clarified and expanded upon by Commissioner Hester M. Peirce in July 2022 after the settled administrative hearing, In the Matter of Hamilton Investment Counsel LLC and Jeffrey Kirkpatrick.
On July 1, 2022, Commissioner Hester M. Peirce wrote in support of the administrative proceeding against HIC because of what the matter represented – it helps fulfill the SEC’s regulatory goals.[3] Commissioner Peirce referenced the New York City (“NYC”) Bar Association’s recent proposal on a CCO liability framework, which considers whether the CCO is able to determine and control the compliance system. Here, Kirkpatrick was a principal and, in a position, to address compliance program deficiencies, yet he chose not to.
The NYC Bar Framework asks the following questions to determine if a wholesale compliance failure exists.
- Did the CCO not make a good faith effort to fulfill his or her responsibilities?
- Did the Wholesale Failure relate to a fundamental or central aspect of a well-run compliance program at the registrant?
- Did the Wholesale Failure persist over time and/or did the CCO have multiple opportunities to cure the lapse?
- Did the Wholesale Failure relate to a discrete specified obligation under the securities laws or compliance program at the registrant?
- Did the SEC issue rules or guidance on point to the substantive area of compliance to which the Wholesale Failure relates?
- Did an aggravating factor add to the seriousness of the CCO’s conduct?
Kirkpatrick failed to implement the compliance program, which is what caused Wholesale Failures. As a principal of the firm, he had the power and authority to act and address compliance deficiencies. Yet, he chose to do nothing. Addressing these questions can help frame why, under these facts and circumstances, the CCO should be held liable.
The NSCP CCO Liability Framework
CCOs are tasked to oversee how industry rules and regulations apply to their specific firm and its business model and develop an effective compliance program accordingly to ensure those rules are followed. This requires the CCO to understand firm operations, to develop policies and procedures designed to prevent violations of applicable security laws, and to create a culture of compliance within the organization.
Some of the most common issues with CCO liability comes when the blame shifts from management to the CCO, despite the CCO elevating issues and providing recommendations to management. Rather, it should be the role of the firm’s management team to support the CCO and react properly to any violative conduct that the CCO brings to their attention. To that end, the NSCP supports the NYC Bar’s Framework for CCO Liability (which focuses on the responsibilities and expectations of the position), but believes that additional consideration should be given to “the full context in which the CCO function(s).”[4] Thus, the NSCP proposes the following Firm and CCO Liability Framework:
- Firm: Did the firm empower their CCO, assess whether the compliance program has adequate resources and respond appropriately to violative conduct?
- CCOs: Did the CCO escalate issues and violative conduct to senior management, talk to legal counsel and/or compliance consultants and act consistent with guidance provided, and act reasonably (relying on information from others and act in good faith)?
By responding to these questions, it will provide a framework for which the SEC can determine whether the CCO acted appropriately or should be found liable for inappropriate conduct.
Conclusion
If you ask any CCO, the thing that likely keeps them most awake at night is how they might be found liable for actions and decisions taken by the firm. The regulatory actions taken in recent years show CCOs having a disregard to compliance programs, with wholesale failures to carry out compliance responsibilities or being misleading to the SEC. There are various frameworks that could be used for assessing CCO liability, and it is prudent for compliance officers to review this and share these considerations with their senior management team. Doing so will help to advance a better understanding of the importance for senior management to support the CCO and the firm’s compliance program as well as to provide the CCO with a structure for advancing compliance and protecting him or herself.
To that end, on March 21, 2022, the NSCP is sponsoring a virtual half-day educational seminar on CCO liability. This session will discuss tactical steps to protect the CCO from liability and will explore ways in which a CCO can best evidence oversight of the compliance program. To find out more about this virtual event, please visit https://www.nscpconferences.org/march-21.
For more information on how JLG can help evaluate CCO liability matters, please contact us at (619) 298-2880.
Author: Michelle L. Jacko, Managing Partner, Jacko Law Group, PC (“JLG”); research by Amanda Sobel, Paralegal. JLG works extensively with investment advisers, broker-dealers, investment companies, private equity and hedge funds, banks and corporate clients on securities and corporate counsel matters. For more information, please visit https://www.jackolg.com/.
The information contained in this article may contain information that is confidential and/or protected by the attorney-client privilege and attorney work product doctrine. This email is not intended for transmission to, or receipt by, any unauthorized persons. Inadvertent disclosure of the contents of this article to unintended recipients is not intended to and does not constitute a waiver of attorney-client privilege or attorney work product protections.
The Risk Management Tip is published solely based off the interests and relationship between the clients and friends of the Jacko Law Group P.C. (“JLG”) and in no way be construed as legal advice. The opinions shared in the publication reflect those of the authors, and not necessarily the views of JLG. For more specific information or recent industry developments or particular situations, you should seek legal opinion or counsel.
You hereby are notified that any review, dissemination or copying of this message and its attachments, if any, is strictly prohibited. These materials may be considered ATTORNEY ADVERTISING in some jurisdictions.
[1] See Interactive Brokers, LLC, AWC No. 2015047770301 (Aug. 10, 2020).
[2] See In the Matter of Meredith A. Simmons, Esq., IA Rel. No. 5603 (Sep. 30, 2020) at page 5.
[3] See CCO Liability: Statement on In the Matter of Hamilton Investment Counsel LLC and Jeffrey Kirkpatrick Commissioner Hester M. Peirce, available at https://www.sec.gov/news/statement/peirce-statement-hamilton-investment-counsel-070122.
[4] See National Society of Compliance Professionals (“NSCP”) Firm and CCO Liability Framework, available at https://www.nscp.org/news-main/nscp-releases-revised-nscp-firm-and-cco-liability-framework.