Aguilar on CCO Liability Fears: Untwist Your Knickers!

Is the Securities and Exchange Commission cracking down too hard on compliance officers? Jabbing at his colleague Dan Gallagher’s concern of potential enforcement overreach in the investment advisory industry, the message from Commissioner Louis Aguilar this week: “CCOs not under siege.”

On June 18, Gallagher issued a public statement where he elaborated on his dissent in enforcement actions against Blackrock Advisors and SFX Financial Advisory Management Enterprise and compliance personnel at both firms. Among his concerns are that the SEC is overreaching with its application of Rule 206(4)-7 of the Investment Advisers Act. It requires registered investment advisers “to adopt and implement written policies and procedures reasonably designed to prevent violation of the federal securities laws, review those policies and procedures annually for their adequacy and the effectiveness of their implementation, and designate a chief compliance officer to be responsible for administering the policies and procedures.”

The two settlements, Gallagher wrote, “illustrate a Commission trend toward strict liability for CCOs under Rule 206(4)-7.”

 “Actions like these are undoubtedly sending a troubling message that CCOs should not take ownership of their firm’s compliance policies and procedures, lest they be held accountable for conduct that, under Rule 206(4)-7, is the responsibility of the adviser itself,” he added. “Or worse, that CCOs should opt for less comprehensive policies and procedures with fewer specified compliance duties and responsibilities to avoid liability when the government plays Monday morning quarterback.”

In a public statement of his own issued on June 29, Aguilar fretted that Gallagher’s dissent and public comments “has left the impression that the SEC is taking too harsh of an enforcement stance against CCOs.”

“I am concerned that the recent public dialogue may have unnecessarily created an environment of unwarranted fear in the CCO community,” he added. “Such an environment is unhelpful, sends the wrong message, and can discourage honest and competent CCOs from doing their work.”

Aguilar wrote that, in his experience during seven years on the Commission, it “does not bring enforcement actions against CCOs who take their jobs seriously and do their jobs competently, diligently, and in good faith to protect investors.” Over the years the Commission has brought relatively few cases targeting CCOs solely for their compliance-related activities, he added, citing a year-by-year breakdown of  enforcement cases brought against CCOs, compared to the number of enforcement cases brought against investment advisers and investment companies:  2009, 8 out of 76 cases; 2010, 7 out of 112 cases; 2011,  14 out of 146 cases; 2012 16 out of 147 cases; 2013, 27 out of 140 cases; 2014, 8 out of 130 cases.

The vast majority of these cases, Aguilar wrote, involved CCOs who “wore more than one hat,” and their activities went outside the traditional work of CCOs. Some, for example, were also founders, chief executive officers, chief financial officers, general counsels, and chief investment officers.

“Many of these cases also involved compliance personnel who affirmatively participated in the misconduct, misled regulators, or failed entirely to carry out their compliance responsibilities,” he wrote.

As for Gallagher’s concerns that Rule 206(4)-7 “unduly puts a target on the back of CCOs,” Aguilar argued “that is simply not the case” and since the adoption of Rule 206(4)-7, enforcement actions against individuals with CCO-only titles and job functions have been rare. Throughout the last 11 years, the Commission brought only eight cases against such CCOs. Of these cases, only five cases involved violations of Rule 206(4)-7, two of which were those at the root of Gallagher’s concerns.

 “I also do not believe that the two recently settled cases signify the beginning of some nefarious trend to use Rule 206(4)-7 to target CCOs,” Aguilar wrote. Instead, the enforcement actions demonstrate “egregious misconduct” that included a failure to implement policies and procedures to prevent an employee from misappropriating client accounts; material misstatements on Form ADV; failure to report a conflict of interest; and aiding and abetting an investment adviser’s failure to adopt and implement written compliance policies and procedures.