Good morning. Thank you for inviting me to speak to you today. Before I begin my remarks, let me give the necessary disclaimer that the views I express here today are my own and do not necessarily represent the views of the Commission or its staff.[1]

It is a pleasure to join you at your annual meeting, and to applaud your hard work and dedication as compliance professionals in the financial services industry. You have a challenging and difficult job and play a critical role in fostering compliance with the federal securities laws. You work to ensure that your firms have robust compliance programs and to provide sound advice and guidance to business line personnel. The Commission and its staff hold compliance professionals in high regard and consider you key partners in our efforts to serve and protect investors. We thank you for your diligence and commend and support your work.

Today I want to address Enforcement’s perspective on compliance officers and how we approach enforcement cases that touch compliance personnel. I have heard, both from the leaders of your organization and others, that certain recent enforcement actions by the Commission against compliance personnel in the investment adviser space have caused concern in the compliance community. I am hopeful that, after you hear my remarks, you will understand that these actions punish misconduct that falls outside the bounds of the work that nearly all of you do on a daily basis; do not involve the exercise of good faith judgments; and are consistent with the partnership we have developed to foster compliance with the laws.

I should note at the outset that my remarks today are largely going to be focused on the investment adviser space because that is where the recent actions I referenced arose and where I think much of the concern lies. Some of what I will say has relevance to broker-dealers, and indeed in this day and age of dual registrants, some of these lines have blurred. But I will primarily be focused on the duties and responsibilities of compliance personnel of investment advisers and the cases we have brought in that area.

My plan is first to discuss recent cases that emphasize the importance we place on compliance personnel receiving the resources, cooperation, and transparency from the firm’s business personnel they need to do their job. These cases show that the Commission is in your corner when your work is hindered by uncooperative or obstructionist business personnel, and that a number of our actions have sent the clear message that you must be provided with the resources and support necessary to succeed.

Second, I will discuss Rule 206(4)-7 under the Investment Advisers Act, which is a key provision underpinning the responsibilities of investment advisers towards their clients. As you know, the Rule creates certain requirements for SEC-registered investment advisers. The Commission’s adoption of Rule 206(4)-7 empowered compliance personnel to improve compliance procedures, but also placed important responsibilities on the firm to adopt written policies and procedures reasonably designed to ensure compliance with the Advisers Act and the regulations thereunder.

Finally, I want to address the rare instances in which the Commission has charged CCOs in an enforcement action. I want to emphasize that we and the Commission carefully weigh recommending and bringing actions against CCOs. We look hard at the facts and fairness concerns in each case. The overwhelming majority of the cases we bring involve CCOs who crossed a clear line by engaging in affirmative misconduct or obstructing regulators, or who wore multiple hats. I haven’t heard any concern about those cases. The concern I have heard relates to the small number of cases where we have charged CCOs with causing violations, i.e., where the CCOs exhibited wholesale failures in carrying out responsibilities that were clearly assigned to them. In my view, a complete understanding of these cases should provide comfort that we are exercising our judgment appropriately to recommend actions only when the conduct crossed a clear line.

Enforcement’s Efforts to Protect the Compliance Function

Let me start by speaking first about a line of cases that sometimes gets lost in the discussion of compliance-related enforcement actions — those cases demonstrating our support for the compliance function and its resource needs. In my time at the Commission and in private practice, I have come to appreciate that the state of a firm’s compliance function says a lot about the firm’s likelihood of engaging in misconduct and facing sanctions. I have found that you can predict a lot about the likelihood of an enforcement action by asking a few simple questions about the role of the company’s compliance department in the firm:

• Are compliance personnel included in critical meetings?
• Are their views typically sought and followed?
• Do compliance officers report to the CEO and have significant visibility with the board?
• Is the compliance department viewed as an important partner in the business and not simply as a support function or a cost center?
• Is compliance given the personnel and resources necessary to fully cover the entity’s needs?

Far too often, the answer to these questions is no, and the absence of real compliance involvement in company deliberations can lead to compliance lapses, which, in turn, result in enforcement issues.[2]

Now, I recognize that it can be difficult for compliance professionals to stand up to management, particularly in organizations where they are not supported. I also recognize that compliance personnel may sometimes lack the resources and information to do their jobs effectively. In the end, while compliance officers have certain responsibilities, which I will discuss, it is the business that is primarily responsible for compliance with the law. Two recent enforcement actions demonstrate that we recognize these issues and take them into account in our charging and sanction determinations, and that our intent is to encourage firms to give compliance the prominence and resources it needs to be effective.

In Pekin Singer, for example, the Commission charged an investment adviser with numerous compliance failures, and also charged the adviser’s president with causing those violations.[3] The compliance failures were significant and widespread. Among other things, the adviser failed to conduct timely annual compliance program reviews and failed to implement and enforce provisions of its policies and procedures and its code of ethics. Of particular importance, the Commission’s order found that the firm did not dedicate sufficient resources to its compliance program. The CCO, who was not charged, was tasked with numerous non-compliance responsibilities that severely limited his ability to focus on his compliance function. The CCO repeatedly told the firm’s president that he needed help to fulfill his compliance responsibilities, including the annual compliance program review. The CCO also expressed concern about not completing compliance testing, and warned that the firm would not be ready for an SEC examination. The CCO’s pleas for help went unanswered for over a year, and before Pekin Singer could get its compliance program in order, the Commission’s examination staff was knocking on the door.

An important takeaway from that case is not only did we not charge the CCO, but we did charge the president of the firm with causing the firm’s compliance violations, in large part because he ignored the CCO’s pleas for more resources and support. The clear message from that case to the business side of firms is to ensure that your calls for resources and support are heeded.

Our 2013 enforcement action in Carl Johns, in which we filed our first-ever charge against an individual for misleading and obstructing a CCO, also underscores how we have used our enforcement program to support your efforts.[4] In that case, an assistant portfolio manager at an SEC-registered investment adviser failed to pre-clear or report his personal securities transactions. He also submitted false quarterly and annual reports related to his securities trading, altered trade confirmations, and manually deleted securities holdings on his brokerage statements. When the CCO detected irregularities in the altered documents and confronted the portfolio manager, he misled the CCO about the transactions, and even accessed the hard copy file of his previously submitted brokerage statements and physically altered them.

The message of Pekin Singer and Carl Johns, as well as similar cases, is clear: we will aggressively pursue business line personnel and firms who mislead or deceive you, or obstruct the compliance function, or who fail to support you in a manner that causes compliance violations.

Rule 206(4)-7

Now let me turn to actions involving compliance officers. The recent matters of most interest to the compliance community involved Rule 206(4)-7 under the Investment Advisers Act of 1940. Before I discuss those actions, I want to spend a little time discussing the Rule and the circumstances surrounding its adoption because that bears, in part, on how we view compliance officer actions in connection with the written policies and procedures and annual review required under the Rule.

In 2003, the Commission proposed and adopted the Rule.[5] As described in the Commission’s Adopting Release, the Commission and state securities authorities found that some fund advisers, broker-dealers, and other service providers were engaging in or facilitating inappropriate market timing and late trading of fund shares and misusing material, nonpublic information about fund portfolios.[6] The Adopting Release also reported the finding that some senior executives of fund advisers had breached their fiduciary duties to the funds involved and their shareholders by placing their own interests ahead of those of their funds and their shareholders.[7] The Adopting Release concluded that these actions harmed the funds, their management organizations, and fund investor confidence.[8] Finally, and critically, the Adopting Release noted that the failure of an adviser or fund to have in place adequate compliance controls was something the Commission should address before that failure had a chance to harm clients or investors.[9]

To address the failure of an adviser or fund to have in place adequate compliance controls, the Commission, among other things, adopted Rule 206(4)-7. The Rule requires registered investment advisers to “adopt and implement written policies and procedures reasonably designed to prevent violation[s]” of the Advisers Act and the rules thereunder and periodically “[r]eview . . . the adequacy of the policies and procedures . . . and the effectiveness of their implementation.”[10] In the Adopting Release, the Commission indicated that the policies and procedures should be reasonably designed to prevent violations from occurring, detect violations that have occurred, and correct promptly any violations that have occurred.[11]

Under Rule 206(4)-7, each registered investment adviser must designate a CCO. The Adopting Release noted that the CCO should be competent and knowledgeable regarding the Advisers Act and empowered with “full responsibility and authority to develop and enforce appropriate policies and procedures for the firm.”[12] Rule 206(4)-7 also specifies that the CCO is “responsible for administering [the adviser’s] compliance policies and procedures.”[13] The Release emphasizes that the CCO should have a position of seniority and authority sufficient to compel others to adhere to the compliance policies and procedures.[14]

Essentially, I believe that the Commission in this rule sought to empower CCOs within their organizations. At the same time, it also placed certain responsibilities upon the CCO. As I will discuss in a moment, when we have charged a CCO with causing violations of this provision, we have not second guessed their professional judgment, critiquing the choices they made in the creation of policies; rather, we have brought actions when there was a wholesale failure to develop such policies or to implement them, and where the CCO was properly held responsible for that failure.

Compliance Officer Liability

Let me then turn now to the infrequent circumstances in which the Commission charges CCOs. At your annual meeting two years ago, Chair White addressed the potential liability of compliance professionals for securities law violations.[15] She said that compliance officers should not fear enforcement action if they perform their responsibilities diligently, in good faith, and in compliance with the law. That is still true today.[16] You should know that both we in Enforcement and the Commission take the question of whether to charge a CCO very seriously and consider it carefully. We think very hard about when to bring these cases. When we do, it is because the facts demonstrate that the CCO’s conduct crossed a clear line.[17]

As I have said before, when we do bring actions against CCOs, they generally fall into three categories. In the first category are cases against CCOs who are affirmatively involved in misconduct that is unrelated to their compliance function. I trust that everyone in this room agrees with that approach. We bring cases against these CCOs when they are directly involved in fraudulent activity or other conduct that harms investors. Often, the CCOs involved in affirmative misconduct wear other hats in addition to their CCO hat, such as serving as CEO or CFO, and it frequently is their actions in those other roles that lead to charges.[18] A good example of this is our recent action against AlphaBridge Capital Management’s CCO. There we charged a CCO who was also a co-portfolio manager who affirmatively misled the fund administrator and auditor about asset values.[19]

We also charge CCOs who engage in efforts to obstruct or mislead the Commission staff.[20] For example, in Parallax, we charged a CCO for compliance-related violations where he, in the course of an exam, altered documents to deceive the staff about whether the firm had conducted the required annual compliance review.[21] We also charged a former Wells Fargo Advisors compliance officer who altered a document before it was provided to the SEC during an insider trading investigation. The compliance officer, who was responsible for identifying and reviewing potentially suspicious trading by Wells Fargo personnel or the firm’s customers and clients, conducted a review of a broker’s trading and closed her review with no findings. After we charged the broker with insider trading, she altered her review document to make it appear that she performed a more thorough review than she actually had and provided the document to our staff.[22] An administrative law judge found her liable for violating the federal securities laws, although he imposed no remedies.[23] I think you will agree that in these sorts of cases, charges against the CCOs or other compliance personnel are warranted.

The third category of cases where we have charged CCOs are where the CCO has exhibited a wholesale failure to carry out his or her responsibilities. It is in this category that you will find CCOs charged for causing their firm’s compliance failures under Rule 206(4)-7 and other compliance-related rules.[24] This category is considerably smaller than the first but has drawn significantly more attention.[25]

Taking a step back, the Commission has brought more than 8,000 enforcement actions since 2003,[26] and 807 in fiscal year 2015 alone, including follow-on administrative actions and delinquent filings.[27] Of those 8,000 enforcement actions since 2003, approximately 1,300 were investment adviser/investment company cases,[28] including 126 in fiscal year 2015 alone.[29] During this 12-year period, the Commission has only brought five enforcement actions against individuals with CCO-only titles affiliated with investment advisers that involved charges under Rule 206(4)-7 and other compliance-related violations, where there wasn’t otherwise efforts to obstruct or mislead Commission staff.[30]

These numbers make clear that the Commission only rarely charges CCOs for causing violations of Rule 206(4)-7. There has not been any recent trend toward more enforcement activity involving CCOs in their compliance function. The two recent charges against the CCOs do not signal a change in how Enforcement staff or the Commission approaches the issue of CCO liability. The facts in each case demonstrate why the Commission held the CCO responsible for causing his firm’s compliance failures. Being a CCO does not provide immunity from liability. When CCOs completely fail in their responsibilities, and particularly when significant investor harm results, it is appropriate for us to address that misconduct.

Turning to the facts of those two cases, in BlackRock, the firm, one of the largest money management firms in the world, did not have any written policies and procedures regarding the outside business activities of its employees, even though the BlackRock CCO knew of and approved numerous outside activities engaged in by BlackRock employees. BlackRock’s CCO also was involved in extended discussions about a significant outside family business of a senior portfolio manager that posed a conflict with the investments his funds held. Despite these red flags, the CCO failed to develop and implement written policies and procedures to assess and monitor the outside activities of BlackRock employees and to disclose related conflicts of interest to the BlackRock funds’ boards and to advisory clients.[31]

It is important to recognize that we did not charge the CCO with failing to disclose the conflict of the senior portfolio manager to the fund boards; we only charged the firm with that conduct. Rather, we charged the CCO with a wholesale compliance failure — causing BlackRock’s failure to adopt written policies regarding outside business activities such as those engaged in by the senior portfolio manager. The absence of an outside business policy, in the face of red flags, was a clear compliance failure given the CCO’s awareness of, and focus on, the issue.

The facts in SFX are similarly compelling. In SFX, an employee of the investment adviser with full signatory power over client bank accounts misappropriated client assets for more than five years by withdrawing money directly from those accounts. The CCO was not involved in and was not charged with the misappropriation. However, he was charged with causing the firm’s violation of Rule 206(4)-7. The firm’s policies and procedures specifically assigned the CCO with responsibility to implement the firm’s policy requiring review of “cash flows in client accounts.” Yet, for more than five years, the CCO failed to ensure that any review occurred, even though certain SFX employees had full signatory power over client bank accounts.[32]

As in BlackRock, SFX’s compliance failures had significant consequences — had the CCO fulfilled his obligation to implement the firm’s cash flow review policies, the firm likely would have uncovered the misappropriation years earlier.

I hope it is clear from a recitation of the facts in each of these cases that they do not represent a deviation from the Commission’s historical approach to CCO liability but instead a reaffirmation of our traditional views.

Conclusion

There are three important takeaways from my remarks today. First, you have the Commission’s full support. We rely on you as essential partners in ensuring compliance with the federal securities laws and we will do all we can to help you perform your work.

Second, and to that end, we will bring enforcement actions against business line personnel in appropriate circumstances where they have deceived or misled you, or where their failure to provide you with adequate resources and information causes compliance rule violations.

Third, there has been no change in our longstanding careful and measured approach to determining whether we should charge a CCO. As reflected in the small number of enforcement actions brought against CCOs for their compliance work, and the clear facts in each of those actions, we decide to recommend charging a CCO only when warranted after a thorough analysis of the facts and circumstances and consideration of fairness and equity. As I have previously said, you should not hesitate to provide advice and help remediate when problems arise. And I do not want you to be concerned that by engaging in good faith judgments, you will somehow be exposed to liability.

Thank you for your time and attention.