There is a sense in the United States that compliance professionals are moving into the crosshairs of government enforcement actions. For years, the government has sought to bring actions not only against those who committed the primary violations, but also against the so-called “gatekeepers;” the lawyers, the accountants, and now, the compliance professionals who the government believes facilitated the illegal misconduct. When misconduct is uncovered in a company, US enforcement officials will always ask, “Was the compliance system adequate?” Senior enforcement officials will ask their investigators whether the company took appropriate steps to detect and prevent misconduct in determining whether an action against the company is appropriate.
The enforcement investigator will therefore take steps to evaluate the effectiveness of the compliance system. If the government finds the compliance system was inadequate, there appears to be a growing likelihood that US enforcement agencies will name an individual as responsible for that failure. As James Loonam, Deputy Chief of the Business & Securities Fraud Section in the US Attorney’s Office for the Eastern District of New York said recently at a conference, when the government gets a resolution against a company only, and not an individual, he considers that a failure.
Why is the US government shifting its focus to compliance professionals?
There are a number of reasons for the new focus. The government certainly has not shifted its focus away from more traditional targets, but it would be fair to say that US enforcement agencies have expanded their focus to include compliance professionals whom they deem responsible for failing to maintain integrity or appropriately reporting misconduct. The expanded focus increases the moral hazard for individuals charged with ensuring a company’s compliance and, in the government’s view, therefore increases the likelihood that the individual will take steps to detect and prevent misconduct within the organization. For the government, the rationale for prosecuting a compliance professional is clear. The primary violator may have a substantial incentive to commit the misconduct. Illicit gains in the form of commissions earned, contracts won, or investors appeased may be large enough to cause an individual or a company to decide that prosecution is an acceptable risk. The compliance professional, on the other hand, is less likely to become enriched by an unlawful scheme beyond maintaining employment. The government can achieve a substantial deterrence effect by increasing the downside risk for compliance professionals while the upside benefits of overlooking or assisting illicit activity remain minimal. Just recently, the US Securities and Exchange Commission (SEC) ordered a former BlackRock chief compliance officer (CCO) to pay $60,000 to settle charges that he allowed conflicts of interest to occur between an investment professional and the fund, and that he failed to alert the fund’s board of directors of the conflict. The SEC administrative order found that the CCO had caused BlackRock’s failure to adopt and implement written compliance policies reasonably designed to prevent violations of the Advisers Act. The order also found that the CCO violated the Investment Company Act of 1940 when he knew – or should have known – that certain conflicts of interest had not been reported to BlackRock’s board of directors. The most notable aspect of the SEC case against the BlackRock CCO is that the SEC’s allegations did not focus on any particular acts by the CCO. Rather, the basis for the SEC’s case seemed largely to be based on the allegation that the CCO was in a position of responsibility for BlackRock’s compliance program, and that program failed.
Has the US Department of Justice similarly focused on compliance professionals?
Yes. In a first of its kind case the US Department of Justice (DoJ) brought a civil action this past December against the CCO of money transfer company MoneyGram for the CCO’s failure to ensure the implementation of effective anti-money laundering policies and procedures. The DoJ is seeking a $1 million penalty from the CCO, along with a permanent bar from participating in the activity of any financial institution. Notably, MoneyGram itself entered into a deferred-prosecution agreement with the government in 2012. While the company itself likely will not be prosecuted, the CCO is facing a civil lawsuit and significant fines and penalties. The case arises under the Bank Secrecy Act, which requires financial institutions to implement and maintain effective anti-money laundering (AML) programs, and to file timely suspicious activity reports (SARs) when they have reason to suspect the use of the institution to facilitate criminal activity. In the MoneyGram case, the US government did not allege that the CCO had any direct involvement in or knowledge of fraudulent or illegal activity. Rather, the government alleges that the CCO failed to put in place effective discipline systems for personnel suspected of misconduct, failed to investigate and take action on areas known to be a high AML risk, failed to ensure personnel had adequate information and direction to be able to file SARs, and failed to conduct adequate audits or due diligence. In announcing the lawsuit, both Preet Bharara, US Attorney for the Southern District of New York, and Jennifer Shasky Calvery, director of the US Financial Crimes Enforcement Network (FinCEN), emphasized the important role compliance professionals serve as gatekeepers on the front lines of enforcement. Each characterized the MoneyGram CCO’s actions as an aberration from the work of compliance officers generally, and praised the profession as comprising essential and dedicated individuals. Nevertheless, the case demonstrates that the government must be asking with each case before it where they identify a systemic compliance failure, can we also bring a case against the gatekeeper? The government is willing to ask for significant sanctions against an individual alleging not malfeasance by that individual, but inaction leading to others’ malfeasance.
What best practices will help a compliance professional avoid personal liability?
Obviously, a dedicated compliance professional will do his or her best to ensure the implementation and operation of an effective system of compliance controls. That goes without saying. It is also important, however, that a compliance professional be able to demonstrate what he or she did to ensure compliance. Best practice involves not only continued enhancements to compliance programs, updated risk assessments, and regular trainings, but documentation of such activity. Compliance professionals can take steps to limit personal exposure if, in the course of a government investigation, they are able to demonstrate specific steps they had taken to address any relevant issues that had been brought to their attention. Most importantly, the government is interested in knowing that the compliance professional kept senior management and the company board fully informed of any potential issues, and was not unduly influenced by other business interests. Regular communication with senior management, the board, and relevant board committees is essential, along with timely reporting of material issues as they arise.
Has there been a shift in the US government’s confidence in compliance as a profession?
No, that does not appear to be the case. To the contrary, more and more, the DoJ and SEC have been urging companies to expand the power provided to compliance departments. The government sees compliance as a first line of defense against illicit activity. In fact, the SEC recently announced a $1.5 million award to be paid to a compliance professional who disclosed “imminent misconduct” by the professional’s company to the Commission. According to Commission staff, the compliance professional reported the misconduct to management, but management failed to act on the information. The Dodd Frank Act opened the door for such awards by creating incentives of no less than 10 to 30 percent of the monetary sanctions collected by the SEC for certain reports of violations. In the recent case – both the individual and the company are unnamed in the SEC’s redacted order – the fact that the compliance professional is the recipient of the award is not without irony. One of the larger concerns as Congress debated Dodd Frank was whether the creation of a large whistleblower incentive would cause individuals to bypass compliance professionals in their zeal to win a large government reward. The award to the compliance professional is now one of the larger awards ever granted by the SEC Office of the Whistleblower. Overall, the government does have confidence in compliance as a profession, and does believe that the majority of compliance professionals are doing their best to prevent and detect improper behavior. Government enforcement officials certainly cannot police all activity at every company. The government needs compliance professionals, and believes that the majority of them are good at what they do. That said, when a case does arise, one must assume that the government investigator is being asked by a superior, “Was the compliance system adequate?” When the answer is no, one must assume the next question is, “Can we name an individual?”
555 13th Street N.W.
Washington, DC 20004
Tel: +1 202 661 7022
Timothy Peterson, Partner
555 13th Street N.W.
Washington, DC 20004
Tel: +1 202 661 7027
The ETHIC Intelligence Experts’ Corner is an opportunity for specialists in the field of anti-corruption compliance to express their views on approaches to and developments in the sector. The views expressed in these articles are those of the authors.