In the Securities and Exchange Commission’s (SEC) recent settlement of an enforcement action against the Swiss bank, Credit Suisse Group AG (CSAG), the SEC required CSAG to admit to improperly providing cross- border brokerage and investment advisory services to U.S. clients using unlicensed personnel.1 CSAG will pay USD196 million to settle the SEC’s charges that it improperly provided cross-border brokerage and investment advisory services to U.S. clients using unlicensed personnel and retain an Independent Consultant to assess its compliance with applicable U.S. securities laws.2
Non-U.S. financial firms should carefully consider their
challenges in this respect. Any person, regardless of their location, who offers products or services to a U.S. person, irrespective of the customer’s personal wealth and financial sophistication, must either be appropriately registered and licensed under U.S. law or must limit their activities to fall within an appropriate exemption. The CSAG action also adds weight to Chair Mary Jo White’s promise to “vigorously” bring enforcement actions across the entire industry spectrum,”3 including for rule violations in the cross-
border space4 through the SEC’s continued reliance on
specialized enforcement units tasked with understanding these technical areas better and bringing
U.S. regulatory obligations with respect to services for
One specialized enforcement
U.S.-based clients. Institutions serving high-net-worth individuals with U.S. and non-U.S. accounts across a global financial firm are particularly likely to face
unit, the Asset Management Unit, focuses, in part, on
investigations involving investment advisers in all capacities, e.g., to funds or high-net-worth individuals.
The SEC forced CSAG to admit to willfully violating the federal securities laws by engaging in cross-border brokerage and investment advisory services without obtaining the appropriate licenses and registration or, alternatively, complying with an available exemption. The SEC also found that CSAG failed to wind down those activities in a sufficiently expedient manner after it discovered the potential violations during an internal audit.6
The Order Instituting Administrative Cease and Desist Proceedings (Order) states that CSAG began offering cross-border brokerage and advisory services to U.S.- resident clients from at least 2002.7 The Order reports that between 2002 and 2008, CSAG opened nearly 8,500
accounts for U.S. clients with the total securities held in those accounts of approximately USD5.6 billion8 and that CSAG’s client relationship managers were neither registered with the SEC to provide brokerage or advisory services, nor otherwise associated with a U.S.- registered entity or relying on an applicable exemption.
The SEC found that while CSAG took limited steps to address the failure of some of its units to be properly licensed, it nonetheless failed to adequately implement its existing policies and procedures and failed to sufficiently monitor and address the totality of its U.S. cross-border securities business.9 For example, the Order stated that CSAG’s internal audit group identified
issues in a draft 2006 audit report with respect to CSAG’s
U.S. advisory and brokerage services, but found no significant issues in its final report notwithstanding strong evidence of U.S. conduct by non-U.S. advisers and the apparently related receipt of funds from U.S. customers.10 The Order also found that CSAG conducted periodic training programs, including country-specific training and instructions to relationship managers not to solicit business in the U.S., but CSAG did not provide this training to some relationship managers who were actually engaged in advising U.S. clients.11 Moreover, although CSAG began in 2002 to undertake steps to remedy the violations, including migrating U.S. client accounts to an affiliated registered entity, CSAG did not complete its remediation until 2010.12 The SEC concluded that this conduct
reflected a failure by CSAG to implement its own policies and procedures and that CSAG’s compliance efforts were slowed by “internal pressures to continue to grow the U.S. cross-border securities business.”13
CSAG admitted to the alleged misconduct and agreed to pay a USD196m settlement, consisting of USD82m in disgorgement, USD64m in prejudgment interest, and a USD50m civil penalty.14 In addition, CSAG was required to retain an Independent Consultant to verify that CSAG has terminated its U.S. brokerage and advisory services and to evaluate CSAG’s existing policies and procedures to ensure they are reasonably capable of detecting and preventing similar activity in the future.15
The Order reinforces a broad enforcement theme repeatedly articulated in recent months by the SEC about its focus on operating risk. It is not just about having policies and procedures: it is about effective implementation of those policies and procedures and heeding the lessons learned from surveillance and oversight.
The Order also highlights the perils for financial firms and global financial groups with cross-border clients that do not
appreciated its exposure to risk, a fact that the SEC leveraged to require CSAG to admit violations in light of the failure to properly implement its policies.16 CSAG’s audit group identified the potential regulatory violations, but the SEC found that CSAG failed to appropriately respond to the findings.17 CSAG had training programs in place related to its cross-border advisory services, but the SEC found that CSAG did not require all relevant personnel to participate in the
fully understand the complexities of the applicable legal
And while CSAG ultimately took steps to
requirements with respect to their business activities. An institution that engages in cross-border activities must have
comply with U.S. securities laws and resolve known
violations, the SEC found that it was too slow to
a comprehensive understanding of the foreign jurisdictions in which they conduct business and establish and maintain a robust, global compliance program that is well-equipped to timely detect and remedy potential violations of those laws.
CSAG appeared to have in place all the elements of a properly functioning compliance program, including procedures to detect regulatory violations. But policies and procedures that are not effectively implemented are useless in defending allegations of regulatory violations. CSAG’s policies and procedures confirmed to the SEC that it fully
implement those remedial measures.
In light of the CSAG case, all firms should be mindful that policies and procedures that are not effectively implemented cannot be used as a shield against enforcement; on the contrary, they confirm that the organization was aware of the risk. Non-U.S. financial firms should review the adequacy and effectiveness of their cross-border policies and procedures with respect to U.S. clients, identify key risk areas within the firm, and carefully assess whether their compliance systems are both properly designed and effectively
implemented. In particular, non-U.S. firms should ensure that their employees or agents who engage in the business of effecting transactions in securities with U.S. persons are appropriately trained to comply with any applicable exemption (such as Exchange Act Rule 15a-6) or are appropriately licensed and associated with a U.S.-registered broker-dealer.20 A non-U.S. person acting as an investment adviser for a U.S. client must either appropriately comply
with an exemption, such as under a “participating affiliates” model consistent with SEC guidance;21 or an exemption from registration such as the narrow “foreign private adviser”22 exemption or the “exempt reporting adviser”23 exemption, or register as an investment adviser under the Investment Advisers Act of 1940.
The CSAG case exemplifies a number of significant SEC enforcement initiatives. This settlement may also demonstrate that the 2010 reorganization of the SEC’s Enforcement Division into specialized units is resulting in the desired outcome of achieving comprehensive investigations and pursuing more complex cases.
First, Chair White has made clear that the Enforcement
firms that are traded on the U.S. markets or provide services to U.S. residents. Indeed, the Commission views such cross-border enforcement as “paramount to ensuring transparency and public confidence in the markets.”27 In 2013, the SEC’s Cross-Border Working Group’s efforts contributed to the filing of 65 fraud cases against foreign issuers and executives and the deregistration of the
Division will vigorously “cover the whole market.” This initiative includes aggressively pursuing “smaller technical and compliance-related violations,”24 including registration requirements, and scrutinizing “every market participant category in every market strata.”25 It is therefore likely not a coincidence that there has been a recent and notable rise in non-fraud related SEC enforcement actions taken against firms and individuals – foreign and domestic – who are conducting business with
U.S. persons without a proper license.26
Second, the SEC has made the activities of investment
securities of more than 50 companies.
Finally, there are two key terms in the settlement that demonstrate the effect of the SEC’s active enforcement efforts on compliance programs: the admission of wrongdoing and the requirement that CSAG retain an Independent Consultant. The SEC’s new policy of obtaining admissions in in a broader category of settlements has garnered significant press attention. It is noteworthy for compliance personnel that the SEC relied upon the existence of CSAG’s policies regarding these activities to demonstrate that the violations were knowing
advisers a clear enforcement priority, particularly when
This trend is likely to continue; as Chair
dealing with U.S. retail clients, regardless of their level of
White stated in January: “You will see more cases
wealth and financial acumen. The establishment of a
Moreover, at PLI’s “SEC
specialized Asset Management Unit within the Division of Enforcement necessitates those non-U.S. firms providing private wealth, private banking or any other advisory services to U.S. clients to reassess their current and ongoing compliance with U.S. law.
Third, the SEC’s focus on cross-border enforcement more generally is clearly on the rise and the SEC will not shy away from exercising jurisdiction over non-U.S. financial
Speaks” in 2014, the Enforcement staff stated that more
cases requiring admissions are in the pipeline. The requirement that CSAG retain an Independent Consultant adds another complexity and expense for compliance programs. In this case, the Independent Consultant must examine CSAG’s activities, verify the relevant business activities have been terminated, evaluate whether CSAG’s existing policies and procedures are reasonably capable of detecting and preventing any similar violative
The SEC continues its focus on unlicensed activities of non-U.S. employees of non-U.S. financial institutions:
The recent Credit Suisse settlement – March 2014
future conduct, and draft a report that will be provided to the SEC’s Enforcement Division. CSAG must also “bear the full expense of the Independent Consultant’s
examination.”31 This reflects Chair White’s promise to include “forward-looking measures” in settlements “to prevent future wrongs.”32
In sum, all non-U.S. firms with U.S. client relationships should review the CSAG action (and the prior UBS action) and carefully consider their own business practices and compliance programs.
It is particularly important for firms providing private wealth services to high-net-worth individuals holding multiple accounts across a global entity, including within the U.S., to understand:
which employees and entities with the client relationships are actually providing the services to
whether those individuals (and their employing or supervising entity) are appropriately licensed to provide such services in the U.S. (or whether any registered U.S. affiliates need to be utilized or an exemption is available);
whether the firm’s policies and procedures are designed to address the demands and complexities of today’s global client relationships, including whether the laws of all relevant jurisdictions (including the U.S.) are being complied with and that employees are being properly incentivized to comply with such policies and procedures; and
whether the policies and procedures are actually being implemented.
Allen & Overy has significant experience in assisting global firms with evaluating their compliance programs across multiple jurisdictions, identifying critical regulatory gaps and exposures, and creating tailored policies and procedures to help prevent, detect, and remedy potential violations.