An RIA’s Costly Compliance FailureAdvisor Perspectives
Advisor Perspectives welcomes guest contributions. The views presented here do not necessarily represent those of Advisor Perspectives.
Does your compliance team have the resources it needs to fully meet the SEC’s requirements? Before you quickly answer “yes” to that question, here’s the story of the problems an RIA faced by assuming that compliance costs could be easily reduced.
On November 6, 2018, the SEC brought an enforcement action against a Wisconsin-based Registered Investment Adviser (RIA) that negligently failed to perform adequate due diligence and monitoring of certain investments. Specifically, the RIA represented to clients in its Form ADV Part 2A, as well as in certain communications, that it would conduct ongoing due diligence and monitoring of investments containing repurchase agreements (“repos”). Despite those assurances, the RIA continued to offer repos to clients even, even when it had concerns regarding the legitimacy of the investments. The RIA ultimately learned that the repo counterparty had forged paperwork, and all of its repos were fraudulent. The RIA’s most significant line of business was its repo program.
Along with the firm’s due diligence and monitoring failures, its compliance program lacked adequate resources. Furthermore, the RIA failed to reasonably design and implement certain policies and procedures.
The SEC also brought an enforcement action against the former CEO of the RIA. The CEO was aware of the due diligence and monitoring problems, but did not cause the RIA to amend its policies and procedures. The CEO also failed to allocate sufficient resources to the RIA’s compliance program.
Limited resources contributed to the RIA’s compliance failures
The CEO for the RIA asked one of the firm’s portfolio managers to assume the role of interim chief compliance officer (CCO). The CCO had no compliance experience, but agreed to accept the position if he received access to outside counsel and compliance consultants as needed. At that time, the CCO was already working long hours to keep up with his portfolio management duties, which he retained.
After accepting the position and reviewing the firm’s policies and procedures, the interim CCO began to educate himself about the compliance obligations owed by RIAs. After attending a compliance conference, the CCO told the firm’s CEO that the RIA had never completed a formal risk assessment, which he believed was necessary to implement an effective compliance program. The CCO also warned the CEO that inadequate policies and procedures could lead to an enforcement action by the SEC.
Soon thereafter, the CEO offered to make the CCO’s interim position permanent. The CCO accepted, on the condition that he would have access to outside counsel and compliance consultants. The CCO clearly needed outside resources due to his limited compliance experience. Although the CEO agreed to those conditions, the RIA did not add compliance resources at that time. Instead, the CEO told the CCO to re-task some of his duties to other employees.
In February 2013, the CCO presented his 2012 annual compliance review to the RIA’s board of directors, which included the firm’s CEO. The CCO identified several weaknesses in the RIA’s compliance program, including testing and training. On multiple occasions, the CEO for the RIA denied the CCO’s requests for additional resources.
The denial of resources undermined the effectiveness of the RIA’s compliance program, which resulted in compliance failures. Among other deficiencies, the RIA did not regularly monitor staff e-mails, which was required by the firm’s policies and procedures. Consequently, the RIA failed to discover that one of its employees was repeatedly involved in unauthorized activities, including violating the firm’s gift-reporting policy.
In addition, the firm failed to test whether its staff adhered to its policies and procedures. Because of the broad scope of his duties and the lack of adequate resources, the CCO was unable to test compliance with its repo allocation procedure.
The SEC found that the RIA violated Section 206(2) of the Investment Advisers Act, which prohibits an adviser from engaging in any transaction, practice or course of business that operates as a fraud or deceit upon any client or prospect. The RIA also willfully violated Section 206(4) and Rule 206(4)-7 thereunder, which require an adviser to adopt and implement written compliance policies and procedures that are reasonably designed to prevent violations of the Act. In addition, the RIA violated Section 207 of the Act, which makes it unlawful for any person to misstate a material fact in any registration application or report filed with the SEC.
As a result of these violations, the RIA was censured and was ordered to pay a civil money penalty of $400,000. The enforcement action can be found here.
A separate SEC order found that the CEO was aware of but failed to address resource deficiencies in RIA’s compliance program. This failure contributed substantially to the RIA’s compliance violations. The CEO, who is no longer affiliated with any investment adviser, was censured and ordered to pay a civil money penalty of $45,000. That enforcement action can be found here.
Read the full article here by Les Abromovitz, Advisor Perspectives