CCOs need to fill in compliance gray areas with paperwork

An SEC ruling on email monitoring has done little to clarify the limits of compliance chiefs’ liability.

OK, you are reading this email. But are you monitoring everyone else’s?

In late October, the Securities and Exchange Commission upheld a Financial Industry Regulation Authority ruling against Thaddeus North – who was chief compliance officer of Southridge Investment Group, a Connecticut-based hedge fund, in 2010 – for failure to “reasonably review” e-mail correspondence, and for failure to report an employee’s relationship with a disqualified FINRA member.

While most of the memo dealt with broker-dealers (subject to different regulatory requirements and FINRA disciplinary action), it is applicable to all CCOs of private funds.

At the heart of the ruling is the fundamental question of when CCOs are liable for compliance failings of their colleagues. It leaves plenty of grey area.

In one specific passage the SEC lays out situations where it is likely to charge a CCO, such as with improper conduct or engaging in a cover-up, and where it isn’t, such as when CCOs act in good faith or engage in reasonable inquiry and analysis.

Still, “that’s not really where the struggle is. It’s in the gray area, in between,” says Sam Waldon, a partner in the litigation department at law firm Proskauer. Waldon served for eight years as assistant chief counsel in the SEC’s Division of Enforcement, where he helped develop and implement many of the unit’s policies and procedures.

“And the way I read this opinion in the gray area, they pretty much punt; and what they say is, ‘When the facts and circumstances of matters fall outside these relatively clear examples of where liability should or should not attach, liability determinations will require matter-specific analysis and informed judgment.’”

He offered an example of an investment advisor to the fund having been found to engage in an undisclosed conflict of interest. That could result in a compliance rule violation by the advisor, and the SEC would then be able to charge the CCO for causing that violation based on negligent conduct.

“Is it right to do it purely based on negligence, or should it be some higher standard?” Waldon asks. “What we’ve gotten from the North opinion is ‘maybe.’ They really haven’t answered it. The SEC leaves open the possibility that they could bring a case based on purely negligent conduct. But they also don’t say that that is necessarily the standard. Basically, what they’re saying is they’re going to look at the facts and use their judgment and decide whether or not it’s appropriate to bring an action.”

In other words, the SEC is basically saying, “we’ll know it when we see it,” which may not be hugely comforting to CCOs.

The answer, as often, is documentation. Says Waldon: “If I am a CCO, and I’m confronting a problem, I’m going to clearly document everything I do: and not just what I do but why I do it. Because at the end of the day, you could have someone come in and essentially second-guess what you’ve done and why you’ve done it.”

Write to the author: