On Tuesday the SEC held a National Compliance Outreach Program for Broker-Dealers at an open meeting at its D.C. headquarters. The first panel – titled The Role of Compliance and Ethics – was nominally targeted to broker-dealers, but its lessons could be applied to any businesses under significant regulatory scrutiny.
The participants were:
Merri Jo Gillette, Director, SEC’s Chicago Regional Office, SEC (Moderator)
Alan Cohen, Head of Global Compliance, Goldman Sachs & Co.
John Hanson, Founder and Executive Director, Artifice Forensic Financial Services, LLC
Chris Mahon, SVP and Head of Broker-Dealer Legal and Regulatory, AllianceBernstein/Sanford C. Bernstein, and
Allen Meyer, Head of Compliance, Barclays Corporate and Investment Banking
What is Compliance? What is Important to It?
Alan Cohen started the conversation by defining compliance as reputational and legal risk management. He said the most important thing for compliance officers is to be embedded in the right places. That is to say, you can’t be a risk manager if you don’t know what’s going on in your business and are not included where decisions are made. Barclays’ Allen Meyer added it is also important for compliance personnel to document what their roles are and have early input into new product creation.
John Hanson’s perspective was a bit different from others on the panel. His company, Artifice Forensic Financial, often functions as an independent corporate monitor after the government has penalized a company for some sort of misconduct. Hanson said that ethics are critical to any compliance program. Paraphrasing Hanson’s metaphor, a compliance program without substantial ethical underpinnings is like a Ferrari without an engine. It looks great but will not get you anywhere.
Along the same lines, Hanson said what he often sees is a lack of “spiritual” compliance. That is to say, he sees companies who focus only on checking boxes to fulfill legal obligations. Do we have an FCPA policy? Check. Have our employees gone through training? Check. But they don’t adopt it spiritually. This pattern even crops up after the company has settled with the government and supposedly learned its lesson from the sanctions imposed. In those cases, Hanson often becomes a sort of teacher or guide to companies who have not internalized lessons that might have seemed more obvious. He plays a similar role to government attorneys who may have imposed significant undertakings on a company but might not understand what compliance programs really mean for those in the private sector.
“Tone at the Top”
Many discussed the appropriate compliance “tone at the top.” Cohen said one of the worst things a company can do is have the compliance message delivered solely by compliance officers. Senior management has to care about the company’s ethical culture and impress that point on lower-level staff. AllianceBernstein’s Chris Mahon said he would like to see the phrase “tone at the top” transformed to “tone at the top and throughout.” If the message stops at the top, it’s not helpful. Companies have to be sure they engage business personnel on these issues throughout the organization. Cohen added that a company’s CEO can occasionally lead compliance training for small groups, and that a chief compliance officer can have a seat on the firm’s management committee. These sorts of actions are bright signals to other staff that obeying the law matters to the company.
Hanson noted that at times a “compliance advisory council” made up of senior executives meeting two-to-four times a year under the leadership of the CCO can be effective. Such meetings can draw out emerging issues and a general conversation about ethical issues that can be enlightening for the participants.
Failure to Supervise for Compliance Officers
Merri Jo Gillette added a tacit reference to the Theodore Urban matter, in which the SEC sought sanctions against an investment bank’s general counsel for allegedly failing to supervise a rogue broker. The case was dismissed early last year, but it has worried compliance professionals, who have argued the enforcement effort inappropriately expands the scope of who can be considered a supervisor in the securities industry. Gillette said if the industry thinks regulators are targeting compliance professionals for doing their work, that is not the case. If a case alleges failure to supervise by a chief compliance officer, she said, that person almost certainly would have been charged with the same failure had they not been a compliance officer. The fact that the defendant is in compliance is not what leads to enforcement action. Above all, Gillette said, the SEC does not want compliance personnel to be afraid to do their work because of liability fears.
Both Cohen and Mahon expressed dissatisfaction with the legal standard as it has evolved over the last 20 years. Since 1992, the SEC’s position has been that in certain circumstances, legal and compliance personnel can become “supervisors” even if they do not have the ability to hire or fire employees and the employees do not report to legal or compliance. Rather, in the Commission’s view, the test is whether that person has “a requisite degree of responsibility, ability or authority to affect the conduct” of the employee at issue. In this view, once a legal or compliance officer becomes involved in formulating management’s response to a problem, that person becomes responsible for taking reasonable and appropriate action, and must either discharge those responsibilities or know that others have taken appropriate action. Failure to take such steps may constitute failure to supervise on the part of the legal or compliance officer. Cohen and Mahon expressed the view that ability to hire and fire should be the test, and that a lesser standard imposes too much risk on compliance personnel.
Mahon impressed the importance of understanding one’s business. He doesn’t pass himself off as a credit-risk professional, for example, but said he needs to understand those issues at AllianceBernstein so he can be a better participant in credit-risk discussions that implicate compliance questions. Along the same lines, Meyer noted that it was important for compliance personnel to maintain an ongoing dialog with internal auditors so compliance staff could understand emerging issues. Cohen also said the compliance perspective needs to be represented on important firm committees.
The agenda for the full program can be viewed here.