In a prior blog post we discussed the important question of whether certain regulators – especially the SEC – have undercut effective compliance programs by sending mixed signals about when a Chief Compliance Officer should be held personally liable for the actionable compliance deficiencies of his or her firm.[1] Two important developments have occurred since then: (a) the issuance of an industry-side framework identifying factors that should be evaluated by the SEC in deciding whether to bring charges against a CCO; and (b) a recent SEC enforcement action against the CCO of an investment advisory firm based only on a finding of negligence. The SEC’s action in particular leaves open a number of consequential questions for industry participants.
Our prior post noted the report issued by the New York City Bar Association (“NYCBA”) Compliance Committee in February 2020 (“Report on Chief Compliance Officer Liability in the Financial Sector”), which recommended that regulators provide formal guidance about when it is appropriate to bring an enforcement action against a compliance officer.[2] Subsequently, in October 2020 SEC Commissioner Hester Peirce embraced this recommendation, going further to suggest that she might develop such a “draft framework” on her own to share with SEC colleagues. No meaningful word has yet emerged from Commissioner Pierce or the SEC on this topic since then.
The Framework for Chief Compliance Officer Liability
The NYCBA Compliance Committee, however, has forged ahead with a follow-on to its 2020 report, issuing a guidance document in June 2021 titled “Framework for Chief Compliance Officer Liability in the Financial Sector (the “Framework”).[3] The Framework emphasizes both affirmative and mitigating factors that should be evaluated by the SEC in deciding whether to bring charges against a CCO – especially for the sensitive area where the targeted conduct arises out of the officer’s compliance-related duties.[4]
Factors identified in the Framework include determining (a) whether the CCO made a good faith effort to fulfill his/her/their responsibilities, (b) whether a CCO’s wholesale failure to carry out responsibilities related to a fundamental or central aspect of the firm’s compliance program, and (c) whether the SEC issued guidance around the substantive area of compliance to which a wholesale failure relates.
Recommendations for Greater Transparency
As with its 2020 report, the NYCBA Framework appears to be well received in the compliance community.[5] In addition to listing factors for assessing the appropriateness of an enforcement action, the Framework also calls on the SEC to be more forthcoming about these factors when taking public action. The Framework notes that “most SEC enforcement actions that are settled prior to release including CCO Conduct Charges, are relatively short and appear focused on the minimum facts and analysis necessary to indicate why an action was pursued.” The Framework notes, importantly:
[f]urther details would help the CCO community understand the SEC’s expectations, as well as appreciate the care we know the SEC already takes before initiating a CCO Conduct Charge, improve CCO morale, and improve the CCO function for the betterment of firms, their investors/clients and regulators alike.[6]
Recommendations for greater transparency in decision-making around CCO personal liability have been floated before the Framework re-emphasized it.[7] For example, SEC Commissioner Pierce stated in October 2020:
Details about why we are charging a CCO can calm the fears of diligent, well-intentioned compliance personnel. Maybe the CCO being charged participated in the underlying securities violation, and perhaps she did so wearing her non-CCO hat. These kinds of details matter when you are reading an enforcement action and asking, “What does this mean for me? Will I be the next CCO featured in an SEC enforcement press release?” Likewise, by providing sufficient detail when we do not charge a compliance officer, we illustrate what doing the job right looks like.[8]
In the Matter of Michelle E. MacDonald
If the SEC’s most recent enforcement action against a CCO is any indication, Commissioner Peirce’s suggestion appears to have fallen on deaf ears several doors down at the Division of Enforcement. See In the Matter of Michelle E. MacDonald, Rel. No. 5747 (June 4, 2021).[9]
In a settled Cease and Desist Order issued June 4, 2021, the SEC found that a compliance officer serving as Vice President of Compliance at an investment advisory firm “failed to exercise reasonable care” by improperly causing a business development company (“BDC”) that was a client of the firm to pay due diligence fees to the investment advisor, when those fees actually belonged to its client, the BDC.
At the time of the alleged misconduct, MacDonald was both Vice President for Compliance at VII Peaks Capital, the investment advisor, as well as Chief Financial Officer of its client, the BDC. This dual role on its face presents a number of challenges for any compliance officer. The potential for conflict was made more acute by the fact that MacDonald was also an officer of the BDC, VII Peaks’ client. MacDonald’s colleague, Gurprit Chandhoke, likewise possessed dual roles, acting as both the principal and Chief Investment Officer of VII Peaks at the same time he served as CEO and Chairman of the BDC.
VII Peaks advised the BDC to enter into a number of loan agreements with third parties, which included due diligence fees to be paid to the BDC by these third parties. MacDonald allegedly signed off on the transfer of those fees to VII Peaks instead, doing so without disclosing any of the transfers to the Board of the BDC. In fact, the Board believed these transfers to VII Peaks were for payment to outside third party consultants that assisted with due diligence — and not for VII Peaks itself. VII Peaks retained fees totaling more than $722,000 that represented undisclosed transfers over just a two-year period.
These alleged conflicts of interest and omissions came to light after VII Peaks disclosed the fee transfers in its 2017 Form ADV, and in the BDC’s 2016 10-K filing. Subsequently, VII Peaks promoted MacDonald to be its Chief Compliance Officer; as of June 4, 2021 she remained in this position, as well as continuing on as the CFO of the BDC.
The SEC Order found MacDonald violated § 206(2) of the Advisers Act, which prohibits advisers from engaging in any transaction “which operates as a fraud or deceit upon any client.”[10] The Order found that MacDonald’s conduct was a cause of VII Peaks violation of § 206(2), and suggested MacDonald acted with negligence. This finding contrasted with a parallel SEC Cease and Desist Order issued against VII Peaks and Chandhoke, which found both of those respondents willfully violated § 206(2) for the identical conduct. See In the Matter of Gurprit Chandhoke and VII Peaks Capital, LLC, Release No. 5746 (June 4, 2021).[11] As is typical, MacDonald, Chandhoke and VII Peaks entered into their respective settlements without admitting or denying the SEC’s factual or legal findings.
Further, the Order against VII Peaks and Chandhoke also found two other securities laws violations. Relevant here, one of the violations charged against VII Peaks arose from its alleged failure to implement its existing asset valuation policies and procedures during certain fiscal quarters. The SEC alleged that this resulted in a failure to properly update the quarterly valuation of certain of the BDC’s assets – holdings that the BDC subsequently was required to write off entirely. The SEC charged that VII Peaks willfully violated Advisors Act § 206(4) and related Rule 206(4)-7 by failing to adopt and implement written policies and procedures reasonably designed to prevent violations of the Advisors Act and the rules thereunder.[12] Curiously, there is no mention of MacDonald in this violation concerning the firm’s policies and procedures.
The SEC’s Order against MacDonald thus leaves a number of questions for compliance officers and counsel looking for guidance, including the following:
- First, although the SEC’s findings indicate MacDonald acted with negligence by failing to exercise reasonable care, given her dual roles and the knowledge she possessed concerning the agreements governing all of the transactions at issue, an inference of more culpable intent would not be unreasonable under the SEC’s findings. But there is no clarity on this point. Was there information that was withheld from MacDonald, thereby justifying this type of finding? Were there other factors that mitigated a finding of more nefarious intent?
- Second and relatedly, it is less than clear whether this is an instance where the compliance officer participated in misconduct unrelated to the officer’s compliance duties. MacDonald’s responsibilities were complicated by her dual roles as a compliance officer for the investment advisor and the CFO of its client. The potential for a conflict of interest was inherent in the dual roles, so carrying out these parallel responsibilities necessarily required a heightened level of care. According to the SEC’s charges MacDonald’s “failure to exercise reasonable care” occurred in her role as VII Peaks’ compliance officer, but the findings do not elucidate on this point.
- It would have been helpful for the SEC to specify, clearly and in some detail, whether they were taking the unusual step of charging a compliance officer with violations because of a “wholesale failure” to carry out her responsibilities, or because the misconduct was unrelated to her duties as a compliance officer, or some combination. This is not a heavy burden for the agency and is especially warranted since VII Peaks promoted MacDonald to its CCO in 2019 and she apparently remains in that position. By contrast, her colleague, Chandhoke, agreed to an associational suspension, investment company prohibition and penny stock suspension for a year.
- Third, as noted, the SEC’s Order against VII Peaks finds that the firm failed to properly implement its own valuation policies and procedures. That Order does not discuss whether MacDonald had any role in or responsibility for this deficiency, nor does the separate Order issued against her individually address this matter at all. Were these valuation policies outside of her ambit as Vice President of Compliance? Did she fail to exercise reasonable care in overseeing their implementation? Additional information on this count, too, would have been useful in comprehending the basis for the SEC’s actions here.
There is a recognized tension that surrounds the ultimate resolution of a settled Cease and Desist Order: the language can be carefully negotiated, with respondents typically seeking to limit the scope of factual or legal findings. That said, given the compelling interest of both industry and the investing public in understanding the basis for an enforcement action against a compliance officer, the SEC (and other regulators) should usually weigh in on the side of transparency. Understanding whether the SEC is penalizing a compliance officer (1) for participating in misconduct unrelated to the compliance duties; or (2) for obstructing or misleading Commission staff; or (3) for exhibiting a wholesale failure to carry out his/her/their compliance responsibilities; or (4) for some hybrid of these scenarios, is essential to encouraging competent professionals to stay within the compliance industry. These professionals have a “unique place” within the U.S. securities regulation regime, as the NYCBA Framework notes, and thus deserve this consideration at a minimum.
Footnotes
[1] Matthew L. Levine, “The SEC (Sort of) Weighs In on How Personal Liability for Chief Compliance Officers May Undercut Effective Compliance Programs,” NYU Program on Corporate Compliance and Enforcement Blog, https://wp.nyu.edu/compliance_enforcement/2020/12/17/the-sec-sort-of-weighs-in-on-how-personal-liability-for-chief-compliance-officers-may-undercut-effective-compliance-programs/.
[2] https://s3.amazonaws.com/documents.nycbar.org/files/Report_CCO_Liability_vF.pdf (PDF: 804 KB).
[3] https://www.nycbar.org/member-and-career-services/committees/reports-listing/reports/detail/framework-for-chief-compliance-officer-liability-in-the-financial-sector-1.
[4] A widely noted “standard” for consideration of CCO personal liability has grown out of 2015 remarks by a former SEC Director of Enforcement, summarized as follows: compliance officers could face liability where (1) the compliance officer participated in the underlying misconduct unrelated to the compliance duties; (2) the compliance offer obstructed or misled Commission staff; and (3) the compliance officer “has exhibited a wholesale failure to carry out his or her responsibility.” See Andrew Ceresney, Dir., Div. of Enfcmt., U.S. Sec. & Exch. Comm’n, Keynote Address at the 2015 National Society of Compliance Professionals, National Conference (Nov. 4, 2015), https://www.sec.gov/news/speech/keynote-address-2015-national-society-compliance-prof-cereseney.html.
[5] See, e.g., “NYC Bar Proposal Could Quell Persistent ‘Fear’ CCOs Face,” Law360 (June 9, 2021), https://www.law360.com/articles/1391630/nyc-bar-proposal-could-quell-persistent-fear-ccos-face; “Distinction Between CCO and Company Key to Any Liability Framework,” Compliance Week (June 22, 2021), https://www.complianceweek.com/opinion/distinction-between-cco-and-company-key-to-any-liability-framework/30496.article.
[6] Id. at 10.
[7] See, e.g., Court E. Golumbic, “‘The Big Chill’: Personal Liability and the Targeting of Financial Sector Compliance Officers,” Hastings Law Journal (2018) at 90-91 (a joint industry-regulatory advisory group “could facilitate an open and continuous discussion about the types of behavior undertaken by compliance officers that would meet the definition of crossing the line”), https://www.hastingslawjournal.org/wp-content/uploads/Golumbic-69.1.pdf (PDF: 610 KB).
[8] Hester M. Peirce “When the Nail Fails – Remarks Before the National Society of Compliance Professionals,” Commissioner, U.S. Sec. & Exch. Comm’n, Keynote Address at the 2020 National Society of Compliance Professionals (Oct. 19, 2020), https://www.sec.gov/news/speech/peirce-nscp-2020-10-19.
[9] https://www.sec.gov/litigation/admin/2021/ia-5747.pdf (PDF: 240 KB).
[10] 15 U.S.C. § 80-b6.
[11] https://www.sec.gov/litigation/admin/2021/34-92114.pdf (PDF: 276 KB).
[12] 15 U.S.C. § 80-b6; 17 C.F.R. § 275.206(4)-7. The other charge against Chandhoke arose out of undisclosed personal loan transactions that Chandhoke engaged in with portfolio companies doing business with the BDC.
Matthew L. Levine is a partner in the White Collar Defense and Regulatory Investigations Practice at Phillips Nizer LLP and served as the first Executive Deputy Superintendent for Enforcement for the New York State Department of Financial Services.
Disclaimer
The views, opinions and positions expressed within all posts are those of the authors alone and do not represent those of the Program on Corporate Compliance and Enforcement or of New York University School of Law. The accuracy, completeness and validity of any statements made within this article are not guaranteed. We accept no liability for any errors, omissions or representations. The copyright of this content belongs to the authors and any liability with regards to infringement of intellectual property rights remains with them.