The Securities and Exchange Commission filed two separate administrative complaints last week related to the misappropriation of client funds by the former president of an investment adviser.

In one action, the SEC sued Brian Ourand, the former president of SFX Financial Advisory Management Enterprises, for allegedly stealing client funds from 2006 to 2011. SFX was registered with the SEC as an investment adviser from 1992 through 2012.

In the second action, the SEC sued SFX and Eugene Mason, SFX’s chief compliance officer. The SEC charged Mr. Mason with causing SFX not to have adequate compliance policies and procedures reasonably designed to detect the theft by Mr. Ourand.

According to the SEC, during the relevant time, Mr. Ourand wrote unauthorized checks from client accounts to himself. Without client approval, he also allegedly wired funds from such accounts to others as well as himself. According to the SEC, Mr. Ourand stole in excess of US $670,000 from clients.

The SEC acknowledged that Mr. Mason discovered Mr. Ourand’s activities as a result of a client complaint. In response to the complaint, SFX and Mr. Mason investigated Mr. Ourand’s conduct, SFX fired Mr. Ourand, and SFX reported Mr. Ourand’s theft to criminal authorities, said the SEC.

The SEC said that Mr. Ourand was able to commit his fraud because SFX granted Mr. Ourand full signatory power over client bank accounts. This was because the firm’s compliance policies and procedures “were not reasonably designed, and were not effectively implemented, to prevent the misappropriation of client funds,” said the SEC. The SEC claimed that, as CCO, Mr. Mason was responsible for the implementation of these policies and procedures.

The SEC also said that SFX’s compliance policies and procedures mandated that there be a review of cash flows in client accounts. The SEC said that neither SFX nor Mr. Mason complied with this requirement.

As a result of these and other alleged violations, the SEC charged SFX with engaging in fraudulent conduct and failing to supervise Mr. Ourand, as well as with not having adequate written policies and procedures designed to avoid violations of law. The SEC charged Mr. Mason with causing SFX not to have such policies.

To resolve this matter, SFX agreed to pay a fine of US $150,000 and Mr. Mason a fine of US $25,000, among other sanctions. Mr. Ourand’s action is pending.

In a separate written statement, departing Securities and Exchange Commissioner Daniel Gallagher criticized this and another recent enforcement action involving BlackRock Advisors LLC (click here to access the relevant order) against chief compliance officers, claiming such actions misapplied Commission rules regarding who is responsible for implementing investment adviser compliance policies and procedures.

According to Mr. Gallagher, investment advisers have the responsibility to implement such policies under the applicable rule, not CCOs (SEC Rule 275.206(4)-7; click here to access). Mr. Gallagher claimed that any contrary position risks

sending a troubling message that CCOs should not take ownership of their firm’s compliance policies and procedures, less they be held accountable for conduct that … is the responsibility of the adviser itself. Or worse, that CCOs should opt for less comprehensive policies and procedures with fewer specified compliance duties to avoid liability when the government plays Monday morning quarterback.

Mr. Gallagher said he voted against the two enforcement actions naming the CCOs of BlackRock and Mr. Mason because, in both cases, the SEC charged the CCO with not implementing compliance policies and procedures that addressed the substantive violation of the investment adviser (in the BlackRock matter, a conflict of interest of one of its portfolio managers and in the SFX matter, the misappropriation of clients funds by the adviser’s former president).

Mr. Gallagher claimed it is unfair to name CCOs in enforcement actions because the language of the relevant regulation "is not a model of clarity" although it appears to place the burden for implementing compliance policies and procedures on investment advisers, not CCOs. In any case, he said, “we should not be resolving this uncertainty through enforcement actions.”

My View: Mr. Gallagher’s legal analysis is spot on. The relevant regulation clearly states that if you are an investment adviser you must “adopt and implement written policies and procedures to prevent violation by you and your supervised persons” of applicable law (emphasis added). The same regulation separately says that chief compliance officers are responsible for administering such policies. The difference between the responsibilities of the adviser itself and the CCO could not be clearer and Mr. Gallagher is diplomatic when he says the relevant language is "not a model of clarity." Worse, the recent enforcement actions against BlackRock’s and SFX’s CCOs continue a worrisome development worldwide whereby regulators increasingly are looking to CCOs as the insurers of financial services firms’ overall compliance with law. (Click here for background in the article, "FCA Sanctions Bank of Beirut, Former Compliance Officer and Former Internal Auditor for Providing Misleading Information Regarding AML Systems and Controls Remediation" in the March 8, 2015 edition of Bridging the Week.) As Mr. Gallagher correctly points out, this confuses the role of CCOs with business supervisors, and places on CCOs untenable obligations and potential liability.