Monthly Archives: June 2015

Archived Posts

June 30, 2015 by: James Bone Categories: Risk Management Chief Compliance Officers under siege – Misleading messages from the SEC

The Role of Chief Compliance Officers Must be Supported

Commispace-walk-mark-lee-935ssioner Luis A. Aguilar

U.S. Securities and Exchange Commission[*]

June 29, 2015

Chief Compliance Officers of Investment Advisers (CCOs)[1] play an important and crucial role in fostering integrity in the securities industry. They are responsible for making sure that their firms comply with the rules that apply to their operations. As part of that effort, CCOs typically work with senior corporate leadership to instill a culture of compliance, nurture an environment where employees understand the value of honesty and integrity, and encourage everyone to take compliance issues seriously. CCOs of investment advisers (as with CCOs of other regulated entities) also work to prevent violations from occurring in the first place and, thus, prevent violations from causing harm to the firm, its investors, and market participants. Given the vital role that CCOs play, they need to be supported. Simply stated, the Commission needs capable and honest CCOs to help protect investors and the integrity of the capital markets.

Recently, a fellow Commissioner issued a public dissent in two recent enforcement actions against CCOs of investment advisers.[2] While I respect the views of my fellow Commissioners, based on what I’m hearing from the CCO community, the dissent, and the resulting publicity, has left the impression that the SEC is taking too harsh of an enforcement stance against CCOs, and that CCOs are needlessly under siege from the SEC.[3]

Thus, I am concerned that the recent public dialogue may have unnecessarily created an environment of unwarranted fear in the CCO community. Such an environment is unhelpful, sends the wrong message, and can discourage honest and competent CCOs from doing their work.

In the seven years that I have served as a Commissioner, it has been my experience that the Commission does not bring enforcement actions against CCOs who take their jobs seriously and do their jobs competently, diligently, and in good faith to protect investors. I do not believe that these CCOs should fear the SEC.

Fortunately, most CCOs take their job seriously and are a credit to the compliance community. I have spent a good portion of my career doing what compliance people do. In particular, I spent almost a decade as the general counsel and head of compliance at a global asset management firm. Moreover, in my current role as an SEC Commissioner, and in more than 30 years as a practicing attorney in the securities industry, I have had the opportunity to interact with many CCOs working for fund managers and investment advisers in the private sector and at the Commission. My interactions lead me to conclude that they work diligently to fulfill their obligations.

As a former head of compliance, I would like to provide my views on enforcement actions against CCOs, and why CCOs who put investors first and do their jobs competently, diligently, and in good faith should not worry about being targeted by an SEC enforcement action.

In fact, over the years the Commission has brought relatively few cases targeting CCOs relating solely to their compliance-related activities. In general, the Commission’s enforcement actions against CCOs ebb and flow with the number of cases brought against investment advisers and investment companies. Estimates show the following number of enforcement cases brought against these CCOs, compared to the number of enforcement cases brought against investment advisers and investment companies, between 2009 and 2014:[4]

  • 2009 — 8 out of 76 cases (11%)
  • 2010 — 7 out of 112 cases (6%)
  • 2011 — 14 out of 146 cases (10%)
  • 2012 — 16 out of 147 cases (11%)
  • 2013 — 27 out of 140 cases (19%)
  • 2014 — 8 out of 130 cases (6%)

The vast majority of these cases involved CCOs who “wore more than one hat,” and many of their activities went outside the traditional work of CCOs, such as CCOs that were also founders, sole owners, chief executive officers, chief financial officers, general counsels, chief investment officers, company presidents, partners, directors, majority owners, minority owners, and portfolio managers.[5] Many of these cases also involved compliance personnel who affirmatively participated in the misconduct, misled regulators, or failed entirely to carry out their compliance responsibilities.[6]

Interestingly, the increase in the number of enforcement cases coincided with the rapid growth experienced by the investment advisory industry in the last few years. For example, the number of registered investment advisers has increased almost 35% over the last ten years, and the assets that they managed have increased more than two-fold.[7] This increase was also fueled by the many private fund advisers—mainly advisers to hedge funds and private equity funds—that are now required to register with the SEC as a result of the Dodd-Frank Act’s[8] elimination of the private adviser exemption.[9] Currently, there are more than 11,000 registered investment advisers with more than $55 trillion in assets under management.[10]

Obviously, CCOs of investment advisers have specific obligations that they must faithfully work to meet. Notably, the Investment Advisers Act of 1940 contains a specific rule targeted at compliance—Rule 206(4)-7.[11] Adopted in December 2003, this rule requires registered investment advisers “to adopt and implement written policies and procedures reasonably designed to prevent violation of the federal securities laws, review those policies and procedures annually for their adequacy and the effectiveness of their implementation, and designate a chief compliance officer to be responsible for administering the policies and procedures.”[12]

There are those who believe that Rule 206(4)-7 unduly puts a target on the back of CCOs.[13] The record, however, shows that that is simply not the case. To the contrary, CCOs that faithfully and reasonably fulfill the requirements of Rule 206(4)-7 are not going to be subjects of SEC enforcement actions. In fact, since the adoption of Rule 206(4)-7, enforcement actions against individuals with CCO-only titles and job functions have been rare.[14] For example, over the last 11 years, the Commission brought only eight cases against such CCOs.[15] Of these cases, only five cases involved violations of Rule 206(4)-7,[16] two of which were recently settled in 2015 and have been the catalyst for the recent concerns that CCOs are being targeted.[17]

I do not believe that these few cases should raise undue concerns. I also do not believe that the two recently settled cases signify the beginning of some nefarious trend to use Rule 206(4)-7 to target CCOs. The facts involved in these cases—these very few cases—for violations of Rule 206(4)-7 demonstrate egregious misconduct that included the following:[18]

  • Failure to implement policies and procedures to prevent an employee from misappropriating client accounts;
  • Failure to conduct an annual review and making a material misstatement in Form ADV;
  • Failure to design written policies and procedures for outside business activities;
  • Failure to report a conflict of interest; and
  • Aiding and abetting an investment adviser’s failure to adopt and implement written compliance policies and procedures.

In my experience, the Commission has approached CCO cases very carefully, making sure that it strikes the right balance between encouraging CCOs to do their jobs competently, diligently, and in good faith, and bringing actions to punish and deter those that engage in egregious misconduct. In making this determination, the Commission cautiously evaluates the facts and circumstances of each case, and considers many important factors such as fairness and equity.

Obviously, CCOs are not responsible for the vast majority of compliance violations or infractions at investment advisory firms. After all, compliance is a shared corporate responsibility.

The critical role of CCOs and their contributions to the corporate bottom line cannot be underestimated. The potential costs of compliance failures can be costly, for example, as measured by the financial sanctions that could be imposed by regulators. The reputational harm to a business and to careers may be even more severe.

The Commission and the staff recognize the challenges and difficulties that CCOs face in doing their jobs. Indeed, a 2015 compliance survey shows that CCOs have to deal with a wide variety of compliance risk areas that are only growing in complexity, such as data security, privacy and confidentiality, industry-specific regulations, bribery and corruption, conflicts of interest, fraud, money laundering, business continuity, and insider trading.[19] In recognition of these challenges, and the many difficult judgment calls CCOs need to make in exercising their duties and responsibilities, the Commission and its staff think long and hard when considering enforcement actions against CCOs, and oftentimes exercise prosecutorial discretion not to bring such actions.[20] Moreover, the Commission has used its Whistleblower program to protect and reward CCOs who did the right thing.[21]

CCOs, of course, should not be expected to do it alone. To state the obvious, an effective compliance program must necessarily start at the top. A company’s senior leadership should be strong advocates for a robust and enduring culture of compliance; such a culture fosters an environment where everyone understands the firm’s core values of honesty and integrity. CCOs are an essential and integral part of this process—but they cannot be expected to do it alone and need to be supported.

The need for senior leadership to support CCOs is not just good practice, but also a business necessity. Indeed, a very recent SEC enforcement case shows that the Commission takes seriously the importance of firms supporting the work of their CCOs. In the Pekin Singer matter,[22] the Commission alleged that Pekin Singer, a registered investment adviser, and its President dedicated insufficient resources to address the firm’s compliance matters.[23] In particular, the firm’s President did not provide the CCO with sufficient guidance, staff, and financial resources, despite the CCO’s pleas for help.[24] This contributed substantially to Pekin Singer’s compliance failures.[25] As a result, the Commission suspended the firm’s President for 12 months from acting in a supervisory capacity and ordered him to pay a civil penalty of $45,000.[26] Notably, the Commission Order did not include any charge against the CCO.

Similarly, in 2013, the Commission filed its first-ever action against an employee of an investment adviser for obstructing and misleading the firm’s CCO to conceal the employee’s failure to report personal trades.[27] Separately, in a rulemaking earlier this year, the Commission added a specific provision to the security-based swap data repository (SDR) rules that prohibits officers, directors, and employees of SDRs from lying to their CCOs.[28] These enforcement and regulatory actions bring home the point that firms must support the important work of their CCOs.

I will end where I started. CCOs are vital to the protection of investors and the integrity of the capital markets. To that end, the Commission works to support CCOs who strive to do their jobs competently, diligently, and in good faith—and these CCOs should have nothing to fear from the SEC.


[*] The views expressed by Commissioner Luis A. Aguilar are his own and do not necessarily reflect the views of the U.S. Securities and Exchange Commission (“Commission” or “SEC”), his fellow Commissioners, or members of the staff.



[1] My remarks will focus mainly on these CCOs of investment advisers and not CCOs of broker-dealers, credit rating agencies, and other CCOs in the financial services industry. However, some of my observations may apply to them as well.

[2] Commissioner Daniel M. Gallagher, Statement on Recent SEC Settlements Charging Chief Compliance Officers With Violations of Investment Advisers Act Rule 206(4)-7, (June 18, 2015), available at http://www.sec.gov/news/statement/sec-cco-settlements-iaa-rule-206-4-7.html.

[3] See, e.g., id. (“Actions like these are undoubtedly sending a troubling message that CCOs should not take ownership of their firm’s compliance policies and procedures, lest they be held accountable for conduct that, under Rule 206(4)-7, is the responsibility of the adviser itself. Or worse, that CCOs should opt for less comprehensive policies and procedures with fewer specified compliance duties and responsibilities to avoid liability when the government plays Monday morning quarterback… At these firms, there is a significant risk that by taking ownership of the implementation of the policies and procedures, CCOs could unwittingly also be taking ownership of business functions, subjecting them to strict liability whenever there is a violation of the securities laws.”); Mark Schoeff Jr., InvestmentNews, SEC’s Gallagher says agency unfairly cracks down on compliance officers (June 18, 2015), available at http://www.investmentnews.com/article/20150618/FREE/150619901/secs-gallagher-says-agency-unfairly-cracks-down-on-compliance (“Securities and Exchange Commission member Daniel M. Gallagher said the agency unfairly targeted chief compliance officers in recent enforcement actions and is leaving them unsure of the extent of their responsibility for firm behavior.”); Matt Kelly, Compliance Week, Gallagher Uncorks on SEC Action Against CCOs (June 18, 2015), available at https://www.complianceweek.com/blogs/the-filing-cabinet/gallagher-uncorks-on-sec-action-against-ccos#.VY3MUzbD-70 (“The Blackrock and SFX enforcement actions … continue a trend toward strict liability for CCOs that unfairly holds them accountable for compliance failures they cannot control.”); Michael Ide, ValueWalk, SEC Commissioner Gallagher Explains Recent Dissenting Votes (June 18, 2015), available at http://www.valuewalk.com/2015/06/sec-commissioner-gallagher-explains-recent-dissenting-votes/ (“Under the status quo Gallagher worries that CCOs may decide to have less stringent policies that are easier to implement so that they can’t be held liable for any wrongdoing. Even worse, compliance personnel may not want to dig too deeply into potential problems if they are unsure whether or not they could be on the hook for any misconduct that they uncover.”); Stephanie Russell-Kraft, Law360, SEC Too Tough On Compliance Officers, Gallagher Says (June 18, 2015), available at http://www.law360.com/articles/669779/sec-too-tough-on-compliance-officers-gallagher-says (“…the agency is taking too harsh of an enforcement stance against chief compliance officers, treating them too much like management and not like the gatekeepers they are.”); Alex Padalka, Financial Advisor, Commissioner Says The SEC Picks on Compliance Officers (June 22, 2015), available at http://financialadvisoriq.com/c/1142383/123533/charged_with_fraud_penny_stock_case (“…the SEC has a habit of forcing compliance officers to enforce compliance procedures that aren’t always suited to — or even strict enough for — some practices and then to take responsibility for the actions of colleagues when in-house rules fall short.”).

[4] This data was obtained from the SEC’s Division of Enforcement based on an analysis of enforcement cases filed between 2009 and 2014.

[5] This data was obtained from the SEC’s Division of Enforcement and the Division of Investment Management based on an analysis of enforcement cases filed between 2004 and 2015.

[6] See Andrew Ceresney, Director of the Division of Enforcement, Keynote Address at Compliance Week 2014 (May 20, 2014), available at http://www.sec.gov/News/Speech/Detail/Speech/1370541872207#_ftnref32.

[7] U.S. Securities and Exchange Commission, FY 2016 Congressional Budget Justification, FY 2016 Annual Performance Plan, FY 2014 Annual Performance Report, p. 5, available at http://www.sec.gov/about/reports/secfy16congbudgjust.pdf.

[8] Dodd-Frank Wall Street Reform and Consumer Protection Act, Pub L. 111-203 (2010).

[9] Investment Adviser Association and NRS, 2012 Evolution Revolution: A Profile of the Investment Adviser Profession, p. 2, available at http://www.nrs-inc.com/pagefiles/1207/evolution%20revolution%202012.pdf; SEC Press Release, More Than 1,500 Private Fund Advisers Registered With the SEC Since Passage of the Financial Reform Law (Oct. 19, 2012), available at http://www.sec.gov/news/press/2012/2012-214.htm.

[10] See U.S. Securities and Exchange Commission, FY 2015 Budget Request By Program, p. 55-56, available at https://www.sec.gov/about/reports/sec-fy2015-budget-request-by-program.pdf (“Given current trends in the markets, OCIE anticipates that at the beginning of FY 2015 it will oversee more than 25,000 market participants, including nearly 11,500 investment advisers with more than $55 trillion in assets under management, more than 800 investment company complexes managing over 10,000 mutual funds and Exchange Traded Funds (ETFs), approximately 4,400 broker-dealers with more than 160,000 branch offices, 18 national securities exchanges, and approximately 450 transfer agents.”).

[11] See U.S. Securities and Exchange Commission, Final Rule: Compliance Programs of Investment Companies and Investment Advisers, Rel. Nos. IC-26299 and IA-2204 (Dec. 17, 2003), available at http://www.sec.gov/rules/final/ia-2204.htm. Advisers Act Rule 206(4)-7 (Compliance Procedures and Practices) states: “If you are an investment adviser registered or required to be registered under section 203 of the Investment Advisers Act of 1940 (15 U.S.C. 80b-3), it shall be unlawful within the meaning of section 206 of the Act (15 U.S.C. 80b-6) for you to provide investment advice to clients unless you: (a) Policies and procedures. Adopt and implement written policies and procedures reasonably designed to prevent violation, by you and your supervised persons, of the Act and the rules that the Commission has adopted under the Act; (b) Annual review. Review, no less frequently than annually, the adequacy of the policies and procedures established pursuant to this section and the effectiveness of their implementation; and (c) Chief compliance officer. Designate an individual (who is a supervised person) responsible for administering the policies and procedures that you adopt under paragraph (a) of this rule.

[12] See id.; id. at n. 73 (“Having the title of chief compliance officer does not, in and of itself, carry supervisory responsibilities. Thus, a chief compliance officer appointed in accordance with rule 206(4)-7 (or rule 38a-1) would not necessarily be subject to a sanction by us for failure to supervise other advisory personnel. A compliance officer who does have supervisory responsibilities can continue to rely on the defense provided for in section 203(e)(6) of the Advisers Act [15 USC 80b-3(e)(6)]. Section 203(e)(6) provides that a person shall not be deemed to have failed to reasonably supervise another person if: (i) the adviser had adopted procedures reasonably designed to prevent and detect violations of the federal securities laws; (ii) the adviser had a system in place for applying the procedures; and (iii) the supervising person had reasonably discharged his supervisory responsibilities in accordance with the procedures and had no reason to believe the supervised person was not complying with the procedures.”); see, e.g., Rita Dew, National Compliance Services, Liability Exposure of Chief Compliance Officers, p. 2, available at https://www.ncsonline.com/wp/wp-content/uploads/2015/03/Liability-Exposure-NCS-White-Paper.pdf (“To avoid liability, CCOs should implement and enforce robust and meaningful policies and procedures.”).

[13] See, e.g., Commissioner Daniel M. Gallagher, Statement on Recent SEC Settlements Charging Chief Compliance Officers With Violations of Investment Advisers Act Rule 206(4)-7 (June 18, 2015), available at http://www.sec.gov/news/statement/sec-cco-settlements-iaa-rule-206-4-7.html; Winston & Strawn LLP, Chief Compliance Officers Subject to Expanding SEC Enforcement Trend—What “Personal Liability” Means Now (Apr. 28, 2015), available at http://www.winston.com/en/thought-leadership/chief-compliance-officers-subject-to-expanding-sec-enforcement.html (“The Pension [sic] and BlackRock cases represent a disturbing trend by the SEC of bringing negligence-based cases against compliance officers and arguably expand the standards previously announced by the Director of the SEC’s Division of Enforcement governing when the SEC would prosecute cases against legal and compliance officers.”).

[14] To support this point, data was obtained from the SEC’s Division of Investment Management based on an analysis of enforcement cases filed between May 2004 and June 2015.

[15] In the Matter of SFX Financial Advisory Management Enterprises, Inc. and Eugene S. Mason, Advisers Act Rels. No. 4116 (June 15, 2015), available at https://www.sec.gov/litigation/admin/2015/ia-4116.pdf; In the Matter of BlackRock Advisors, LLC and Bartholomew A. Battista, Advisers Act Rels. No. 4065 (Apr. 20, 2015), available at https://www.sec.gov/litigation/admin/2015/ia-4065.pdf; In the Matter of Parallax Investments, LLC, John P. Bott, II, and F. Robert Falkenberg, Advisers Act Rels. No. 3726 (Nov. 26, 2013), available at https://www.sec.gov/litigation/admin/2013/34-70944.pdf; In the Matter of Equitas Capital Advisors, LLC, Equitas Partners, LLC, David S. Thomas, Jr., and Susan Christina, Advisers Act Rels. No. 3704 (Oct. 23, 2013), available at http://www.sec.gov/litigation/admin/2013/34-70743.pdf; In the Matter of Daniel Bogar, Bernerd E. Young, and Jason T. Green, Advisers Act Rels. No. 3453 (Aug. 31, 2012), available at https://www.sec.gov/litigation/admin/2012/33-9356.pdf; In the Matter of Wunderlich Securities, Inc., Tracy L. Wiswall, and Gary K. Wunderlich, Jr., Advisers Act Rels. No. 3211 (May 27, 2011), available at https://www.sec.gov/litigation/admin/2011/34-64558.pdf; SEC Obtains Emergency Relief Against The Nutmeg Group, LLC, A Chicago-Area Investment Adviser, And Two Of Its Principals For Alleged Fraud And Custodial Violations, Lit. Rels. No. 20972 (Mar. 25, 2009), available at https://www.sec.gov/litigation/litreleases/2009/lr20972.htm; In the Matter of Strong Capital Management, Inc., Strong Investor Services, Inc., Strong Investments, Inc., Richard S. Strong, Thomas A. Hooker, Jr. and Anthony J. D’Amato, Adviser Act Rels. No. 2239 (May 20, 2004), available at https://www.sec.gov/litigation/admin/34-49741.htm.

[16] In the Matter of SFX Financial Advisory Management Enterprises, Inc. and Eugene S. Mason, Advisers Act Rels. No. 4116 (June 15, 2015), available at https://www.sec.gov/litigation/admin/2015/ia-4116.pdf; In the Matter of BlackRock Advisors, LLC and Bartholomew A. Battista, Advisers Act Rels. No. 4065 (Apr. 20, 2015), available at https://www.sec.gov/litigation/admin/2015/ia-4065.pdf; In the Matter of Parallax Investments, LLC, John P. Bott, II, and F. Robert Falkenberg, Advisers Act Rels. No. 3726 (Nov. 26, 2013), available at https://www.sec.gov/litigation/admin/2013/34-70944.pdf; In the Matter of Equitas Capital Advisors, LLC, Equitas Partners, LLC, David S. Thomas, Jr., and Susan Christina, Advisers Act Rels. No. 3704 (Oct. 23, 2013), available at http://www.sec.gov/litigation/admin/2013/34-70743.pdf; In the Matter of Wunderlich Securities, Inc., Tracy L. Wiswall, and Gary K. Wunderlich, Jr., Advisers Act Rels. No. 3211 (May 27, 2011), available at https://www.sec.gov/litigation/admin/2011/34-64558.pdf.

[17] In the Matter of SFX Financial Advisory Management Enterprises, Inc. and Eugene S. Mason, Advisers Act Rels. No. 4116 (June 15, 2015), available at https://www.sec.gov/litigation/admin/2015/ia-4116.pdf; In the Matter of BlackRock Advisors, LLC and Bartholomew A. Battista, Advisers Act Rels. No. 4065 (Apr. 20, 2015), available at https://www.sec.gov/litigation/admin/2015/ia-4065.pdf.

[18] In the Matter of SFX Financial Advisory Management Enterprises, Inc. and Eugene S. Mason, Advisers Act Rels. No. 4116 (June 15, 2015), available at https://www.sec.gov/litigation/admin/2015/ia-4116.pdf; In the Matter of BlackRock Advisors, LLC and Bartholomew A. Battista, Advisers Act Rels. No. 4065 (Apr. 20, 2015), available at https://www.sec.gov/litigation/admin/2015/ia-4065.pdf; In the Matter of Equitas Capital Advisors, LLC, Equitas Partners, LLC, David S. Thomas, Jr., and Susan Christina, Advisers Act Rels. No. 3704 (Oct. 23, 2013), available at http://www.sec.gov/litigation/admin/2013/34-70743.pdf; In the Matter of Wunderlich Securities, Inc., Tracy L. Wiswall, and Gary K. Wunderlich, Jr., Advisers Act Rels. No. 3211 (May 27, 2011), available at https://www.sec.gov/litigation/admin/2011/34-64558.pdf.

[19] PWC, State of Compliance 2015 Survey, Moving beyond the baseline: Leveraging the compliance function to gain a competitive edge, p. 16, available at http://www.pwc.com/us/en/risk-management/state-of-compliance-survey/assets/pwc-2015-state-of-compliance-survey-final.pdf.

[20] See, e.g., Melanie Waddell, ThinkAdvisor, SEC Suspends Advisory Firm’s Ex-President for Failing to Heed CCO Pleas for Help (June 25, 2015), available at http://www.thinkadvisor.com/2015/06/25/sec-suspends-advisory-firms-ex-president-for-faili (“The SEC did not take action against the CCO, ‘presumably because he had identified the compliance weaknesses and pleaded for more resources,’ …”); In the Matter of Pekin Singer Strauss Asset Management Inc., Ronald L. Strauss, William A. Pekin, and Joshua D. Strauss, Advisers Act Rels. No. 4126 (June 23, 2015), available at http://www.sec.gov/litigation/admin/2015/ia-4126.pdf.

[21] See, e.g., SEC Press Release, SEC Announces Million-Dollar Whistleblower Award to Compliance Officer (Apr. 22, 2015), available at http://www.sec.gov/news/pressrelease/2015-73.html; SEC Press Release, SEC Announces $300,000 Whistleblower Award to Audit and Compliance Professional Who Reported Company’s Wrongdoing (Aug. 29, 2014), available at http://www.sec.gov/News/PressRelease/Detail/PressRelease/1370542799812.

[22] In the Matter of Pekin Singer Strauss Asset Management Inc., Ronald L. Strauss, William A. Pekin, and Joshua D. Strauss, Advisers Act Rels. No. 4126 (June 23, 2015), available at http://www.sec.gov/litigation/admin/2015/ia-4126.pdf.

[23] See, e.g., Melanie Waddell, ThinkAdvisor, SEC Suspends Advisory Firm’s Ex-President for Failing to Heed CCO Pleas for Help (June 25, 2015), available at http://www.thinkadvisor.com/2015/06/25/sec-suspends-advisory-firms-ex-president-for-faili (“The Securities and Exchange Commission has suspended for 12 months an advisory firm’s former president from acting in a supervisory capacity after he consistently ignored pleas from the firm’s chief compliance officer for help.”); In the Matter of Pekin Singer Strauss Asset Management Inc., Ronald L. Strauss, William A. Pekin, and Joshua D. Strauss, Advisers Act Rels. No. 4126 (June 23, 2015), available at http://www.sec.gov/litigation/admin/2015/ia-4126.pdf.

[24] See In the Matter of Pekin Singer Strauss Asset Management Inc., Ronald L. Strauss, William A. Pekin, and Joshua D. Strauss, Advisers Act Rels. No. 4126, pp. 2, 4, (June 23, 2015), available at http://www.sec.gov/litigation/admin/2015/ia-4126.pdf.

[25] See id. at p. 2.

[26] See id. at p. 13.

[27] SEC Press Release, SEC Sanctions Colorado-Based Portfolio Manager for Forging Documents and Misleading Chief Compliance Officer (Aug. 27, 2013), available at http://www.sec.gov/News/PressRelease/Detail/PressRelease/1370539791420; In the Matter of Carl D. Johns, Advisers Act Rels. No. 3655 (Aug. 27, 2013), available at http://www.sec.gov/litigation/admin/2013/ia-3655.pdf.

[28] See Security-Based Data Repository Registration, Duties, and Core Principles, SEC Release No. 34-74246 (Feb. 11, 2015), available at http://www.sec.gov/rules/final/2015/34-74246.pdf (Rule 13n-11(h) states, “No officer, director, or employee of a security-based swap data repository may directly or indirectly take any action to coerce, manipulate, mislead, or fraudulently influence the security-based swap data repository’s chief compliance officer in the performance of his or her duties under this section.”).

June 29, 2015 by: James Bone Categories: Risk Management 2015 Compliance Trends Survey – Deloitte

You must be logged in to view this document. Click here to login

Welcome to the 2015 Compliance Trends Survey report, a joint effort between Deloitte and Compliance Week, to gauge the scope and complexity of the modern corporate compliance function. Here, we’ve combined the deep knowledge and experience of Deloitte with the broad industry perspective of Compliance Week to answer a common question: how do compliance functions efficiently and effectively manage the risks associated with the increasing demands of numerous stakeholders and position themselves for success in the future? Or put more simply, what is the new normal?

June 21, 2015 by: James Bone Categories: Risk Management Marcus Evans conference: Energy Series

You must be logged in to view this document. Click here to login

marcus evans invites Chief Compliance Officers, General/Chief Counsel, Associate General Counsel, C-Level Executives, VP’s, Directors and Senior Counsel from Electric and Gas Utility Companies in North America with responsibilities.

 

stock-photo-12107875-young-man-presenting-ideas-to-his-business-team

June 17, 2015 by: James Bone Categories: Risk Management CGMA Report: Global State of Enterprise Risk Oversight 2nd Edition

stock-photo-18450774-businesswoman-with-binoculars

You must be logged in to view this document. Click here to login

This report summarises findings from recent surveys of over 1,300 executives in organisations, with a focus on small to mid size enterprises (SMEs), around the
world. It provides insights on the current state of enterprise-wide risk oversight, including identified similarities and differences in various regions.

June 6, 2015 by: James Bone Categories: Risk Management Forrester Comparison Guide: Enterprise Mobile Management Solutions

free_133428 business callYou must be logged in to view this document. Click here to login

Forrester’s research uncovered a market in which 10 vendors lead the pack. Trend Micro,
Absolute Software, LANDesk, Kaspersky Lab, and McAfee offer competitive options. The
Leaders balance OS, app, and data management functionality while providing flexible
container options and productivity apps, and have demonstrated a strong vision and road
map to help customers bring their PC and mobile management strategies together.

<a href=”http://feedshark.brainbliss.com”>Feed Shark</a>

June 4, 2015 by: James Bone Categories: Risk Management Statement on the Aggregate Impact of Financial Services Regulations, Commissioner Daniel M. Gallagher
slide_345069_3602937_free
March 2, 2015 During a fireside chat at today’s Institute of International Bankers’ 26th Annual Washington Conference, I expressed my concern about the number and aggregate impact of regulations that have been imposed on U.S. financial services firms since the enactment of the Dodd-Frank Act in 2010. These regulations come from an alphabet soup of domestic regulators, including the SEC, and many are related to the edicts of non-accountable international bodies such as the Financial Stability Board. Unfortunately, in promulgating many of these myriad regulations, a robust cost-benefit analysis was not required—and therefore none was performed.

Even where a cost-benefit analysis was performed (an exercise for the most part limited to rules adopted by the SEC or CFTC, either independently or jointly with other regulators, given their statutory mandate for cost-benefit analysis), such analysis encompassed only the incremental effects of the rule being considered for adoption. No regulator, as far as I know, has considered the overall regulatory burden on financial services firms when determining whether to impose additional costly regulations. We as regulators are, when it comes to the possibility that our rules are causing death by a thousand cuts, the proverbial ostrich—head firmly entrenched in the sand.

thumbnail for pdf

So in an effort to bring some transparency to this critical area, and help the public fully grasp the breadth of recent rulemaking, I and my staff prepared a diagram,[1] which I shared with the attendees at today’s conference. I hope this stark depiction can spark a much-needed debate about the regulatory burden that has been placed on our financial services industry in just the last 4.5 years alone. In particular, I hope that the information informs consideration of future regulatory endeavors, and I would hope that academics, the financial services industry, and other interested parties will undertake similar, more detailed analyses.[2] The stakes here are considerable: regulatory burdens divert capital away from the real economy—this acts as a barrier to entry for new market participants and further entrenches those institutions that are increasingly “too big to fail.”

[1] I am very grateful for the assistance provided by the SEC’s publications office for the graphic design work.

[2] Unfortunately, given my small staff, I will not be able to keep this chart updated going forward, but if there are certain categories of regulations or regulators that were omitted, please let my office know, and we can determine whether to republish an updated version. One of the sources that we referenced is a database of regulations affecting financial services firms maintained and apparently updated regularly by the St. Louis Federal Reserve; this may be a helpful resource for interested parties undertaking additional analysis of the aggregate burden of regulation on financial services firms.

<a href=”http://feedshark.brainbliss.com”>Feed Shark</a>

June 2, 2015 by: James Bone Categories: Risk Management FIFA: A Lesson in Corporate Governance

d-soccer-ball-rendering-white-background-33567083

At the conclusion of the 2014 FIFA World Cup matches in Brazil I wrote an article about the complexity of the system used to qualify teams for play in the World Cup. Little did I know that the arcane system used to determine how teams accumulate points that establish who plays in the tournament was the tip of the iceberg of corruption in international soccer!
The article is listed below as a reprint; however, there are a few points in this article that point out that FIFA had a systemic problem with corruption. First, the system for selecting teams required an advanced degree in algebraic equations. Complexity is frequently a sign that something is amiss either with poor management controls or a symptom of a façade of credibility. Ironically, the teams advance to the final championship games through this grueling mathematical gymnastics with grace and dignity even though the choice of the final competitors who play for the World Cup may be drawn by lots thrown into a hat!
On June 2, 2015 Sepp Blatt, the 17 year president of FIFA stepped down within days of winning a new term to lead the scandal ridden organization. FIFA has now joined the ranks of Tyco, Enron and many other institutions whose reputation and credibility has been ruined because of fraud and corruption.
The frequency and longevity of fraudulent behavior in large institutions may not be more prevalent but it sure feels like senior executives are looking out for the own self-interest and fiduciary responsibility is old fashion or at least delegated to the corner office of staffers who have little to not control to prevent or manage enterprise risk.
The lesson that I drew in the previous article is that complexity does not make a risk management program more effective. In fact, complexity hides prevents the real problems for bubbling to the surface because organizations are too buried in administrative minutia to have real conversations about the behaviors that lead to fraud and corruption.
Activity does not equal better outcomes! Has the risk management community and regulators who oversee large institutions become blind to real risk because of a focus on an impressive array of FIFA like systems that hide the real problem? We pride ourselves on the three lines of defense and enterprise risk frameworks but miss the real problem. Humans behaving badly!

reprint:

What the FIFA World Cup teaches us about Risk Management
July 7, 2014
By James Bone
Even if you are not a Futbol fan, or soccer fan as we know it in the U.S., you no doubt paid attention to the progress of the US team’s successes in the World Cup in Brazil. The excitement of play and the exacting analysis of TV commentators is interesting to watch but hard to follow in part because of the complex scoring system used in the FIFA World Cup standings.
In an attempt to better understand how the World Cup scoring system worked I went right to the source, FIFA.com.
Here is what I found: First of all, let me say that the scoring system and World Rankings of teams who compete in the FIFA World Cup is stunningly complex. Here is the formula used to calculate points for the FIFA World Ranking:
P = M x I x T x C x 100.
M. Points for a victory (3 pts. – Win; 1 pt. – Draw; 0 pts. – loss)
I. Importance of a match (Friendly – 1.0 pt.; World Cup qualifier – 2.5 pts.; Continental final or FIFA Confederation Cup competition – 3.0 pts.; and, World Cup final – 4.0 pts.)
T. Strength of opposition [200 – ranking position of opposition / 100]
Only the top 149 teams are assigned a value of 2.00; all other teams receive a minimum weighting 0.50
C. The strength of a confederation [There are six separate confederations which are each given a weight from 1.00 – 0.85 after each FIFA World Cup event]

Based on the complexity of the scoring system one would assume that the brackets in the World Cup would be determined by which teams ranked highest. One would be wrong! The ranking system appears to simply determine the 32 qualifying teams who will compete in the World Cup.
A Final Draw is conducted of the 32 teams to decide which team is placed into one of 4 groups which must then be rebalanced after the draw to sort out the correct number of teams placed in each group of play. Once the competition begins an even more confusing system is used to determine who advances in the World Cup.
Here is how it works: The two teams with the most points in each group make it to the Round of 16. If teams are level on points, the first tiebreaker is goal differential. The next tiebreaker is goals scored. If that number is the same, then the result of the head-to-head match is determinative. If the head-to-head game ended in a draw, then finally, lots are drawn.
Got it so far?
How could an archaic and complex system like this have anything to do with risk management? Well, if your risk assessment program resembles this scoring system you know you have a real problem.
It is no wonder that at least one of the groupings earned the moniker, “The Group of Death”. This is when one group is selected with an unusually heavy weight of top competitors. The US team found itself in the Group of Death and almost escaped defying the odds.
So what are the lessons for risk managers? First of all, complex or elaborate risk scoring systems do not result in better outcomes. If you can’t easily explain how you assess risks to senior management you may have created a “FIFA”. Complexity does not ensure accuracy and in many cases may hide the weaknesses inherent in your risk assessment program.
Next, complex risk systems may unintentionally predetermine outcomes because of a bias the designers used in determining what should rise to the top. I am not suggesting that FIFA has rigged the outcome of World Cup events; others will judge the fairness of the system for themselves.
What I am saying is that over-engineering a process tends to incorporate a bias or the inherent biases of designers into the ultimate outcome(s) whether they are aware of it or not. When designing a process to assess how results develop over time the program design should err toward capturing randomness as opposed to assumed outcomes based on past experience or fairness.
Don’t create your own version of a “Group of Death” simply because you know these risks exist. FIFA-proof your risk program to gain credibility with senior management and ensure that you haven’t predetermined the risk outcomes in your program.
Futbol may never be as popular as American football or baseball in the US but you have to admit that some of the matches were exciting to watch, especially the drama of the US team or your other favorites in the World Cup! Gooooooooaaaaaaaallllllllll!

James Bone is executive director of TheGRCBlueBook, the largest online directory of GRC tools for risk, audit, compliance and IT professionals, and a risk consultant for an international financial services firm.

<a href=”http://feedshark.brainbliss.com”>Feed Shark</a>