Statement on Recent SEC Settlements Charging Chief Compliance Officers With Violations of Investment Advisers Act Rule 206(4)-7
Commissioner Daniel M. Gallagher
June 18, 2015
I recently voted against two settled SEC enforcement actions involving alleged violations of Investment Advisers Act Rule 206(4)-7 by chief compliance officers (“CCOs”): In the Matter of Blackrock Advisors, LLC (April 20, 2015) and In the Matter of SFX Financial Advisory Management Enterprises, Inc. (June 15, 2015). I have long called on the Commission to tread carefully when bringing enforcement actions against compliance personnel. These recent actions fly in the face of my admonition, and I feel compelled to explain my rationale for dissenting.
In Blackrock, the Commission charged a CCO with causing the firm’s Rule 206(4)-7 violations in connection with his alleged failure to ensure that the firm had compliance policies and procedures to assess and monitor the outside activities of employees and disclose conflicts of interest to fund boards and advisory clients. In SFX, the Commission alleged that a CCO failed to implement compliance policies and procedures that, if carried out appropriately, would have detected an alleged multi-year theft of client assets by the president of the firm. In both instances, the Commission’s order states that the CCO was responsible for the implementation of the firms’ policies and procedures.
Both settlements illustrate a Commission trend toward strict liability for CCOs under Rule 206(4)-7. Actions like these are undoubtedly sending a troubling message that CCOs should not take ownership of their firm’s compliance policies and procedures, lest they be held accountable for conduct that, under Rule 206(4)-7, is the responsibility of the adviser itself. Or worse, that CCOs should opt for less comprehensive policies and procedures with fewer specified compliance duties and responsibilities to avoid liability when the government plays Monday morning quarterback.
I am especially worried about the potential impact of this trend on small advisers, as it appears that many such advisers have just one set of policies and procedures covering both compliance and business functions. At these firms, there is a significant risk that by taking ownership of the implementation of the policies and procedures, CCOs could unwittingly also be taking ownership of business functions, subjecting them to strict liability whenever there is a violation of the securities laws.
Much of the blame, of course, can be laid at the feet of Rule 206(4)-7 itself, which is not a model of clarity. The rule merely states that registered investment advisers are required to “[a]dopt and implement written policies and procedures reasonably designed to prevent violation[s]” of the Advisers Act and its rules, but offers no guidance as to the distinction between the role of CCOs and management in carrying out the compliance function. And in the eleven years since the rule was adopted, the Commission has not issued any guidance about how to comply with the rule.
Unfortunately, the only guidance market participants have at their disposal are enforcement actions, which in some cases have unfairly contorted the rule to treat the compliance function as a new business line, with compliance officers assuming the role of business heads. On its face, Rule 206(4)-7 speaks directly to the responsibility of the adviser, but all too often, the Commission interprets the rule as being directed at CCOs. The rule expressly states that the firm must designate a CCO to administer its compliance policies and procedures. At the end of the day, ultimate responsibility for implementation of policies and procedures rests with the adviser itself.
The Commission needs to be especially cognizant of the messages it sends to the compliance community, and in particular to CCOs of investment advisers. To put it bluntly, for the vast majority of advisers, CCOs are all we have. They are not only the first line of defense, they are the only line of defense. There are nearly three times as many investment advisers registered with the SEC than there are broker dealers — approximately 11,700 investment advisers versus about 4,200 broker-dealers — yet the SEC devotes roughly the same amount of resources to examining broker-dealers as it does to investment advisers. And unlike the brokerage industry, there is no SRO interposed between the SEC and advisers. Given the vitally important role played by compliance personnel, I am very concerned that continuing uncertainty as to the contours of liability under Rule 206(4)-7 will disincentivize a vigorous compliance function at investment advisers.
One thing is certain: we should not be resolving this uncertainty through enforcement actions. There are, of course, situations where CCOs should be held accountable for violations of the securities laws. However, as regulators, we should strive to avoid the perverse incentives that will naturally flow from targeting compliance personnel who are willing to run into the fires that so often occur at regulated entities. This includes exercising restraint and discretion even at the investigation stage. The psychological impact, and in many cases reputational damage, that can come with months or years of testimony, the Wells process, and settlement negotiations can be just as chilling as the scarlet letter of an enforcement violation.
The Commission must take a hard look at Rule 206(4)-7 and consider whether amendments, or at a minimum staff or Commission-level guidance, are needed to clarify the roles and responsibilities of compliance personnel under the rule so that these individuals are not improperly held accountable for the misconduct of others. The status quo simply will not do. As it stands, the Commission seems to be cutting off the noses of CCOs to spite its face.
 SEC Charges BlackRock Advisors With Failing to Disclose Conflict of Interest to Clients and Fund Boards, SEC Rel. No. 2014-71 (Apr. 20, 2015), available at http://www.sec.gov/news/pressrelease/2015-71.html.
 Investment Advisory Firm’s Former President Charged With Stealing Client Funds, SEC Rel. No. 2015-120 (June 15, 2015), available at http://www.sec.gov/news/pressrelease/2015-120.html.
 See, e.g., SEC Commissioner Daniel M. Gallagher, Remarks at “The SEC Speaks in 2012” (Feb. 24, 2012) (cautioning against holding compliance personnel liable for failure to supervise), available at http://www.sec.gov/News/Speech/Detail/Speech/1365171489872; Remarks at The 2013 National Compliance Outreach Program for Broker-Dealers (Apr. 9, 2013) (noting expanded scope and complexity of compliance function at regulated entities and resulting increase in potential liability for compliance personnel), available at http://www.sec.gov/News/Speech/Detail/Speech/1365171515226; Introductory Remarks at The Evolving Role of Compliance in the Securities Industry Presentation (May 12, 2014) (addressing increasingly important role of compliance function at regulated entities), available at http://www.sec.gov/News/Speech/Detail/Speech/1370541797850.
 17 CFR 275.206(4)-7 (2004), Compliance procedures and practices.