Last year, the SEC came out with this outsourcing alert, which basically recognized the outsourcing trend and, partially, it’s because the SEC realizes there is more need for compliance than people that can actually do the work, but more important I want to focus on is a proposal that came out of the SEC this year, which apparently is sitting on the SEC’s desk right now. The idea of third-party compliance reviews and, essentially, what’s going on here is the SEC has been criticized for only examining about 10% of advisors per year.

There has been a lot of ideas floated around what should be done about that, self regulatorization, etcetera. One of the proposals that gained a lot of steam was to say they are requiring every firm to do a third-party compliance review, much like a financial audit every year as sort of a way for the industry to fund its own reviews. Chair White said that the staff had prepared a proposal and put it on the commissioners’ desk, the two commissioners that are left in addition to Chair White but, essentially, the election has gone nowhere.

The idea of third-party exams was actually first promulgated by Dan Gallagher when he was commissioner for those of you that you know Mr. Gallagher he also works with Mr. Atkins who is leading the Trump transition with the SEC so it will be very interesting to see where this goes once the new administration is in. It is certainly an elegant and politically convenient way to up the reviews of advisors. I also do want to talk about funding compliance because over time this idea of what is a good compliance program takes on a lot of aspects, but more and more you are seeing the SEC question firms.

What’s the compliance budget? What are you spending on the program? Recently, there was a big case against AVEVA Investors and essentially the compliance department there was a lot of evidence that they were sort of screaming for more resources that they were having low level administrators having to do a lot of work and they weren’t qualified for it and their argument was the senior management was kind of ignoring them. They got into all kinds of problems around cross trading and principle trading through brokers.

There is an older case Peak and Singer Strauss, a similar set of facts. It seemed like the CCO wanted more resources, could only devote 20% of his time to compliance. As a result, the compliance program really suffered. The SEC is asking these questions. I always say. People have always asked me. How much do we spend on compliance? Well, we say a good benchmark to start with is around 5% of revenue. We have some backup for that I could certainly share with you.

Not to say 5% or 7% of operating costs for that as well, and I’m not just saying that’s what you should spend. I am saying if you’re spending dramatically less than that, you should be to understand why and explain it. If you’re spending significantly more than that, you should be able to tell the CEO of your firm why you’re spending that kind of money. At least it gives you a numbers that seems to be where people are falling out when it comes to the compliance cost in the asset management industry.

Because I could tell you, for those of you who are just compliance officers you could tell your bosses and for those senior executives on the line, very often it’s not the CCO who is liable for the weak compliance program. It ends up being the senior executives. There has been several cases where senior executives of firms have been held accountable for compliance failings; the Maloney Case, Dupree Financial Group, where he appointed an administrative assistant, essentially a junior secretary as a chief compliance officer. That did not fly.

In Morgan Stanley, were fined $8.8 million for failing to stop illegal cross trading that was identified by the compliance department. Principles have been barred from the industry because of weak compliance programs. I also like to talk about Zenefits issues. Zenefits was a benefits consulting firm and, essentially, they threw the founder out because he was a little fast and loose with compliance issues and ran into all kinds of state regulatory problems in the insurance industry. Compliance has a direct effect on senior executives. Let’s go to the next slide.

Shane: This slide talks about CCO Liability, Todd.

Todd: I got it. Of course, it’s not just senior executives that are liable. As many CCOs know, they’ve been held liable. The big case in the past year was the Byrd Young Case. Byrd Young was the CCO at Stanford. He was among, other executives, charged with personal liability in connection with the Stanford fraud. He claims that he was doing his job. At best he was negligent. He was certainly not wrongful and the SEC after several appeals basically said, “No. You’re liable.” What was interesting he had other positions and they basically said it wasn’t so much that he was the CCO that makes him liable. It was that he negligently carried out his duties. What was interesting is the penalty for Mr. Young was they made him … He is not. He’s the CCO and he didn’t have some big com. They made him disgorge I think it was 75% of his compensation over I think it was a three to five-year period that he served as CCO because they deemed that Stanford was 75% a fraud, which is that’s painful for a wage-earning guy. A lot of the industry were very unhappy. None to sanction what Byrd Young did, but the question came up. What exactly is the standard of care for CCOs? Is it recklessness? Is it willfulness?

Is it aiding and abetting? The NSCP has said and I agree with them. A CCO should be liable only if they personally benefited from a fraud and participated in it and were extremely reckless. I would actually take out extremely recklessness, and I would make the standard of care much more what I call the mafia lawyer standard, which is you are only liable. Just like lawyers are not liable for their client’s misconduct, a CCO should only be liable to the extent that he or she really furthered the fraud and personally benefitted, but that’s not the standard as of yet.

The SEC’s view is very subjectively says that the CCO will be liable if he or she cross “a clear line,” which has thus far been undefined, which is we think based on the case law somewhere between negligence and gross negligence. I do want to mention the Hater Case, which is a very scary case. This was a treasury case against Hater for anti-money laundering violations. Hater was the CCO of a financial services company and under the AML rules applicable, he could be personally responsible for a $25,000 fine for each SAR that he should have filed, but didn’t.

The Treasury Department said that in this case they could have held him liable for 4.75 million in penalties, personally liable. This is not corporate. They actually sued him for a million dollars. It gets up to this midlevel executive liability. Did Mr. Hater take a job as the AML CCO to take on that kind of liability? I think the answer is probably no. I think it’s going to really put a lot of stress in the CCO world. That’s why you’re seeing things like a huge talent drain out of the compliance. It’s not like people are rushing into this. They’re afraid.

People are afraid. Let’s move to the next slide. Have you changed your policies and procedures to address concerns about CCO personal liability?

Shane: And we close the poll. Well, interestingly, and maybe a little bit surprisingly we have 60% of respondents saying that they have not changed their policies. So that finding was also [inaudible 00:40:22].

This webinar was co-hosted with Todd Cipperman of Cipperman Services LLC. To learn more visit www.cipperman.com