Linda Riefberg and Joseph Dever ()
In most workplaces, a mistake or an oversight can cost someone in a management role a client, can result in a berating from a more senior boss, and may even be cause for termination. In the financial industry, a problem that occurred on a compliance officer’s watch may lead to something more impactful—a disciplinary proceeding that could be career ending.
That is the situation if the person under review is a compliance professional at a broker-dealer, and the regulator is the Financial Industry Regulatory Authority (FINRA). The U.S. Securities and Exchange Commission and FINRA currently have different approaches to treating those individuals who act as Anti-Money Laundering, Legal and Compliance Officers (hereinafter jointly referred to as CCO). The SEC requires as a threshold matter that the CCO had supervisory responsibility over other individuals. FINRA, on the other hand, is satisfied if the individual has supervisory responsibilities over businesses or program areas that had failures even if the person was not an actual supervisor.
SEC and Failure to Supervise
For a failure-to-supervise charge at the SEC under Section 15(b)(6) of the Securities Exchange Act of 1934, the SEC must show (1) an underlying violation of the federal securities laws; (2) association of the person who committed the violation; (3) supervisory jurisdiction over that person; and (4) failure to reasonably supervise the person committing the violation. John A. Carley, Exc. Act Rel. No. 57246 (Jan. 31, 2008).
The SEC failure-to-supervise liability over compliance and legal personnel has its roots in the 21(a) report of Salomon Brothers government bond trading and its chief legal officer, Donald Feuerstein in In re John Gutfreund, Exch. Act. Rel. No. 345-31554 (Dec. 3, 1992). A bond trader engaged in misconduct and the bond trader’s supervisor reported this to several senior managers, including Feuerstein. Feuerstein advised the other senior managers, including the CEO of the firm that the conduct was criminal and should be reported to the government, but it was not done. After the Treasury and the SEC began an investigation, the SEC sanctioned the three senior managers for failure to supervise as the direct supervisors of the bond trader.
However, rather than bringing a disciplinary action against Feuerstein, the SEC issued the 21(a) report that created a long-held standard for supervisory liability that someone who was not a business-line supervisor could have liability for a failure to supervise if that individual could affect the conduct of the employee who engaged in the misconduct. According to the SEC, “determining if a particular person is a ‘supervisor’ depends on whether… the person has a requisite degree of responsibility, ability or authority to affect the conduct of the employee whose behavior is at issue.”
The SEC followed the principles of the 21(a) report until Matter of Theodore W. Urban, Adm. Proc. File No. 3-13655 (Sept. 8, 2010). Urban was the general counsel of a broker-dealer who became aware of possible market manipulation by an employee and relayed to senior management that this employee was not being properly supervised and should be terminated. Nevertheless, the improper trading activity continued and the firm did not terminate the employee upon a promise from others that they would strictly supervise him. Thereafter, the SEC brought an administrative action against Urban.
SEC Chief Administrative Law Judge Brenda Murray found that Urban acted properly by exercising all the options reasonably available to him and had responded to red flags appropriately. The commission dismissed an appeal by Enforcement because three commissioners recused themselves, and there was a split in viewpoints between the two remaining commissioners.
This led to a question among securities industry practitioners and commentators in the aftermath of the Urban case about the state of compliance and legal officer liability for failing to supervise. In September 2013, the SEC Division of Trading and Markets responded to this uncertainty by issuing its frequently asked questions (FAQs) on the issue of supervisory liability. Fundamentally, the FAQs clarify that “compliance and legal personnel are not ‘supervisors’ of business line personnel for purposes of Exchange Act Sections 15(b)(4) and 15(b)(6) solely because they occupy compliance or legal positions.”
It becomes a weighing of a variety of factors, that all point to whether the person was a supervisor, such as whether the person oversaw the activities of other persons at the firm or whether the person could impact the activities of someone else at the firm. Recent SEC cases are in accord that liability is predicated on a showing that the individual is a supervisor. See, e.g. Matter of Merriman Curhan Ford; Matter of Ronald S. Bloomfield, 2011 SEC Lexis 1457 (April 26, 2011).
FINRA—Officers as Caretakers
In contrast to the SEC criteria of whether someone is a supervisor for failure-to-supervise liability, the FINRA analysis goes beyond the test of whether the compliance and legal professional was acting as a supervisor or had the ability to affect another’s conduct. At FINRA, just having responsibility over an area that had a failure in procedures or controls is sufficient for CCO liability.
This FINRA rationale arises out of its supervision rules, NASD Rule 3010(a) and NASD Rule 3012(a)(1), which require systems in place, individuals to be responsible for carrying out supervision requirements, and a system of controls and procedures to implement the supervision. Accordingly, firms must have systems in place to supervise individuals at the firm and create policies and procedures appropriate to carry out the firm’s business. The firm must designate someone to carry out this supervisory role.
At FINRA, there are many circumstances where a failure-to-supervise claim against a firm is broad-based and does not even include any underlying findings of violations that occurred in a business area, or by particular persons associated with the firm. The mere failure to have effective policies and procedures could be the basis for failure-to-supervise charges against a broker-dealer under FINRA’s standard.
For instance, in In re Morgan Stanley Smith Barney FINRA AWC (letter of acceptance, waiver and consent) No. 2012032646901, May 6, 2014, Morgan Stanley was alleged to have failed to establish and maintain adequate systems and procedures to supervise solicitations of IPOs, but there was no finding in the AWC that specifically found improper IPO activity.
Thus, there can be a failure-to-supervise matter against a broker-dealer premised solely on inadequate procedures without underlying problems or misconduct. FINRA will also find a CCO responsible for such failures of procedures. Rather than view the inadequate policies and procedures as a firm problem, FINRA extends liability upon the CCO even when there are no red flags to the CCO, or even when there is no specific underlying misconduct beyond the failure to supervise the business area.
A review of FINRA matters from 2014 illustrates the breadth of the CCO or Anti-Money Laundering (AML) officer liability for firm failures to have adequate systems and procedures in place.
One noteworthy case is the settled matter against Brown Brothers Harriman and its AML compliance officer, Harold Crawford. FINRA AWC No. 2013035821401 (Feb. 4, 2014). Crawford was alleged in the letter of acceptance, waiver and consent (AWC) to have failed to establish and implement an adequate AML program. However, there are facts alleged that suggest Crawford had more active involvement then just overseeing the AML program. But, what is also clear from the AWC is that Crawford did take steps to report upon the AML risks, and advise those senior to him at the firm to restrict certain troubling activities of customers, which the firm declined to do.
Crawford recommended to the firm’s senior management that it should no longer execute or transfer shares in penny stocks with suspect foreign customers it couldn’t identify. Crawford also took steps to detect and prevent improper trading activity and to file some suspicious activity reports. Nevertheless, he was sanctioned for his failure to supervise.
Other cases from FINRA this year are similar in finding failure-to-supervise liability for chief compliance officers where their roles did not make them active participants, or even knowing participants, in the wrongdoing by the firm or individuals at the firm.
• Department of Enforcement v. Brian Simmons (Offer of Settlement No. 201102864701)(April 17, 2014)(former CCO failed to establish and maintain supervisory procedures reasonably designed to achieve compliance with AML rules and regulations, and an adequate supervisory system).
• Department of Enforcement v. Jennifer Kaye Woods (Offer of Settlement No. 2010023935101) (May 27, 2014) (CCO violated FINRA supervision rules when she failed to cause the firm to adopt procedures that addressed its direct market access business or its use of master/subaccount arrangements).
• In re Vertical Trading Group, Glenn Matthew Chaleff and Mark Duncan (AWC No. 2010022017301)(Jan. 10, 2014)(CCO failed to establish and maintain a reasonable supervisory system and written supervisory procedures designed to achieve compliance with Section 5 of the Securities Act, and to establish and implement an adequate AML program).
• Department of Enforcement v. David W. Matthews, (Offer of Settlement No. 2011027666902)(May 8, 2014)( the AML compliance officer failed to establish and maintain supervisory procedures reasonably designed to achieve compliance with AML rules and regulations and failed to monitor and detect suspicious activity).
These cases lack an allegation that would satisfy the SEC’s test that the person actually be deemed a supervisor based on an evaluation of the various criteria for purposes of finding supervisory liability. These matters lack an analysis of whether the particular person, as stated by the SEC in Gutfreund, “has a requisite degree of responsibility, ability or authority to affect the conduct of the employee whose behavior is at issue.” Instead, FINRA’s theory is that if the program area is deficient in some way, the person who was the caretaker of that program is at risk for individual liability. This is regardless of red flags or actual knowledge of problems that occurred, and notwithstanding that the individual compliance officer or AML officer did not supervise any other individuals in the sense of impacting their performance.
Clash of the Regulators
It has not gone unnoticed that the FINRA standard of CCO liability is harsher than the SEC standard. There is no corollary to the SEC’s FAQ at FINRA. In November 2013, SEC Commissioner Daniel Gallagher appeared at FINRA’s internal Enforcement conference and, addressed this comment to the staff attorneys:
I’d like to be very clear that the commission and FINRA should be very cautious about bringing failure-to-supervise cases against chief compliance officers, general counsels, or their subordinates…. We should be encouraging these personnel to run towards problems, not away from them, and we should not threaten them with liability for trying to be part of the solution. Neither the commission nor FINRA should lightly seek to charge CCOs, GCs, or their subordinates with failure-to-supervise violations.
Commissioner Kara Stein likewise recently reflected upon this when she spoke about chief compliance officer liability to an audience of compliance officials on May 19, 2014, at the Compliance Week 2014 conference. “If you read the facts in the cases we bring, you will see that they are not cases against CCOs that were promoting compliance. Instead, they are cases against CCOs that were assisting fraud, ignoring red flags, not asking the tough questions, and not demanding answers.” Interestingly, if you read the FINRA cases on CCO liability, you do not see that the CCOs were complicit or necessarily ignoring red flags.
What to Expect
Will FINRA’s view of CCO liability have a chilling effect on qualified and seasoned professionals staying in the financial industry? FINRA is apparently hoping that it will prompt CCOs to be more diligent in their gatekeeper roles. Nevertheless, compliance and legal professionals need to recognize the potential cases that FINRA might bring against them. They need to be vigilant in preventing problems, creating robust compliance programs, ensuring the firm and all its employees follow the firm’s procedures, and reporting up any troubles or deficiencies, as well as recommendations for modifications. Anything less than an almost perfect compliance program at a broker-dealer could well result in a huge mark on the CCO’s record if the firm becomes subject to an enforcement investigation.