Enforcement actions related to a compliance breakdown have become commonplace. There’s precedent now that a firm’s senior executives, including the chief compliance officer, will be held personally accountable for inadequate compliance oversight.
In late April, the SEC fined the two principals of an RIA $200,000 for failure to supervise the firm’s CCO, who breached the custody rule and sent false statements to clients. Authorities said the respondents also failed to provide funding, training or resources to support the executive in carrying out his duties.
Should personal penalties apply to compliance executives when unintentional lapses arise, such as not knowing the latest rule or the actions of another employee?
A CCO liability case that came to light in March suggests compliance officers can face personal penalties for acting negligently in carrying out their duties. In the case, a CCO was found personally liable for violating securities laws in a multi-billion dollar Ponzi scheme because he helped create and approve marketing materials that contained unverified statements, despite some obvious red flags.
The SEC ordered the officer to disgorge $591,992.46 along with a civil penalty of $260,000 “to prevent unjust enrichment and to reduce the incentive for others to engage in similar violations.”
The case for culpability is clear-cut when it comes to intentional misconduct or malfeasance. But the debate regarding personal liability continues to strike a nerve when it comes to more nebulous instances of negligence. Some market participants caution against regulatory overreach despite regulators’ assurances that CCOs needn’t fear taking the job amid intensified scrutiny.
Should a compliance case come to light, a CCO could be at odds with his firm, with potential finger-pointing aimed at distancing a firm from someone who can serve as a fall guy without taking down the ship. These officers need defensive tools and resources to do their jobs confidently, and some are turning to insurance, such as personal liability covered through their Directors & Officers (D&O) insurance.
However, some employers withhold or delay indemnifying their compliance chiefs under their insurance programs, while the fine print of some policies precludes coverage in many cases. For example, policy language may specify that a claim can only be covered if it is initiated by a client complaint. A routine regulatory exam could reveal CCO liability instead of being triggered by a complaint. In this case, the officer would not be covered. In addition, if the officer is not designated in the firm’s bylaws and/or corporate filings with the state of incorporation as a designated officer, the employer may not be required to indemnify the officer.
Some insurance carriers offer CCO policies that pay above and beyond corporate policy limits. For instance, a new policy called CCO Protect introduced by Risco Insurance Brokerage in November provides compliance chiefs with coverage for non-indemnifiable losses; coverage for alleged fraudulent, dishonest or negligent acts; as well as payment of covered losses when the employer’s insurance does not. The policy even covers escalating legal fees that arise as an officer defends his or her reputation and personal assets.
Certain characteristics boost a CCO’s likelihood of being approved for the insurance. This includes the applicant’s experience and professional designations. Naturally, an officer will be more insurable if he or she has the skills needed to responsibly carry out the duties of the job. The application also stands a better chance of being approved if the applicant indicates written policies and procedures that comply with the Investment Advisers Act of 1940, Rule 206(4)-7 are already in place.
In addition, technology can play a key role for compliance chiefs seeking insurance to reduce their personal exposure as fault-finding persists at the top levels of an organization when improprieties arise. The CCO Protect insurance application asks the applicant to indicate whether or not a computer compliance program is being used to manage and monitor compliance; what the program is and how long it has been in place.
All signs indicate that C-Level executives, including the CCO, will continue to come under fire as compliance takes center stage in both the court room and the boardroom. When it comes to compliance, evidence is everything. Fortunately, software can help compliance officers manage an audit-ready program much more easily with centralized evidence that can instantly be accessed.
Whether or not insurance is in place, software can make it easier for C-level executives to furnish evidence of compliance controls following an intentional or unintentional breach.
Andrew Fotopulos, president of Starkweather & Shepley Insurance Corporation of Massachusetts, which designed the CCO Protect policy, says high-quality compliance management software is a strong check in the plus column for insurance applicants.
“The decision to implement compliance management software to improve accountability at all levels of a firm will be especially valuable for CCOs who back up their business with insurance,” Fotopulos concludes.