DLA Piper was proud to be a sponsor of last week’s Securities Industry and Financial Markets Association (SIFMA) Compliance and Legal Society Annual Seminar in Orlando. The seminar brought together nearly 2,000 lawyers, compliance professionals and regulators for a three-day series of discussion panels and breakout sessions focusing on a wide array of critically important issues for market participants of every type. Each year this seminar provides something for everyone connected with the securities markets and the financial community, and this year was no different. Topics covered everything from enforcement to cybersecurity to regulatory examinations to electronic and algorithmic trading (and pretty much everything in between). There were a number of senior regulators in attendance as well as representatives from a broad cross-section of the broker-dealer and financial services community.
Notwithstanding the broad and diverse list of discussion topics, one theme ran across all three days of discussions—the necessity for each financial services provider to establish a “culture of compliance.” Drawing, no doubt, from the emphasis that regulators have been placing on the concept of a culture of compliance, including FINRA’s 2016 Regulatory and Examination Priorities Letter, and its targeted exam letter to selected firms focusing on the ways in which they “establish, communicate and implement cultural values, and whether cultural values are guiding business conduct,” the seminar clearly emphasized the need for every firm to establish a culture of compliance and, at least by implication, for legal and compliance personnel to take a leading role in establishing and maintaining that culture.
Certainly no one will dispute the critical importance of establishing an ethical tone and culture of compliance at a financial services firm. It goes without saying that these things should be a part of each firm’s DNA. However, what is disquieting to the compliance community is the level of responsibility that some regulators appear to suggest should fall on individual compliance officers—especially those wearing the Chief Compliance Officer title. While the regulators speaking at the SIFMA seminar made some effort to assure CCOs and other compliance officers that they would only be held personally responsible in the most egregious of situations, there nevertheless seems to be a general uneasiness that compliance professionals could themselves be targeted for a perceived failure in a firm’s culture of compliance.
Last October, in a speech at the National Regulatory Services 30th Annual Fall Investment Adviser and Broker-Dealer Compliance Conference, SEC Chief of Staff Andrew J. “Buddy” Donohue spoke about the role of compliance professionals and the SEC in today’s financial markets. While Mr. Donohue stated that the elevated expectations of compliance professionals would not, in his opinion, expose them to increased personal liability, he said that if he were a CCO, he “would insist” that his firm “endeavor to ‘do the right thing.’” What was left unsaid was what the impact to the CCO would be if the firm, despite the CCO’s efforts and insistence, did not “do the right thing.”
Last June, former Commissioner Daniel M. Gallagher, in a statement discussing certain SEC settlements of enforcement actions charging CCOs with violations of the Investment Advisers Act, expressed significant concerns about the message being sent to the compliance community. He explained that CCOs are the first and, in many cases, the only line of defense, and highlighted the risk that CCOs may not take full ownership of their firms’ compliance policies and procedures for fear that they will be held personally accountable for conduct of others over which they have no real control.
Commissioner Gallagher is clearly correct that a financial firm’s compliance professionals are the first line of defense. Over the years, I have heard them described as the “eyes and ears” of the regulators, the “cops on the beat” and the “boots on the ground” in the effort to ensure that financial firms do the right thing and, yes, establish and maintain an appropriate culture of compliance. And while it clearly is not the intention of the regulators to scare the compliance community into a defensive posture, it would be a shame if a lack of clarity in the message resulted in compliance professionals feeling the need to spend time and energy protecting themselves rather than their firms, investors, and the financial markets generally.