Personal Liability for CCOs: How to Negotiate the Growing Concern
Jon Siegler | October 24, 2016
In early 2016, the Wall Street Journal published an article titled, “The Most Thankless Job on Wall Street Gets a New Worry,” and it’s no exaggeration—chief compliance officers (CCOs) are increasingly finding themselves in the limelight for compliance failures. In cases where CCOs are found to be willfully negligent of their duties, they’re having to pay out-of-pocket, sometimes in the millions.
This trend has led many to believe that roles in compliance functions at corporations is going to experience a talent drain in the near future, as these specialists decide they would rather work in a field that doesn’t put them directly in harm’s way. That said, many companies and CCOs are discovering better ways to navigate growing regulation and mitigate the threat of being held liable.
The growing history of CCO personal liability
Back in 2012, the U.S. Department of Justice began to pursue MoneyGram International Inc., for failing to maintain an anti-money laundering (AML) program. In November of that year, the company agreed to forfeit $100 million and enter a deferred prosecution agreement. Years later, in January 2016, the Financial Crimes Enforcement Network fined Thomas Haider, MoneyGram’s former CCO, $1 million for failing to pursue of money laundering and fraud, and not ensuring the MoneyGram adhered to AML laws.
The SEC fined Bartholomew Battista, CCO at BlackRock Advisors LLC, for failing to report a conflict of interest in a new investment. He had invested $50 million of his own money into an energy company owned by his family, which then turned into a joint venture. He managed a fund that held a major stake in that joint venture, creating a conflict of interest he failed to report. Neither Battista or BlackRock admitted to any wrongdoing, even after paying $60,000 and $12 million fines, respectively.
In June 2015, the SEC charged SFX Financial Advisory Management Enterprises Inc. and CCO Eugene Mason for not implementing policies that would prevent misappropriating client assets and failing to conduct annual reviews, among other offenses. The SEC compelled SFX to pay $150,000, while the CCO paid $25,000 to settle the case.
Other cases are currently being litigated, or are still under wraps. Those within the compliance field are hunkering down and preparing for more investigations and similar fines. Given that New York Governor Cuomo is tying Wall Street money laundering and compliance misdeeds to funding global terrorism, the degree of scrutiny and prosecution won’t be slowing down any time soon.
How companies and CCOs can protect themselves
Given the difficult landscape, one might think that CCOs are fated to take on huge personal risk just to show up to work. While there is some truth to that, there are also some smart decisions that can be made to mitigate the threat—beyond simply behaving ethically.
Back in November 2015, the SEC blasted out an alert explicitly warning financial services companies against using third-party, or outsourced, CCOs. Any CCO needs to have intimate access to the entire organization’s documents, which can be a hurdle for IT in the case of outsourcing the CCO’s duties. And because the CCO might need to demand dramatic change within an enterprise, they need to command a high level of respect among their peers—typically impossible without long-term personal contact. By outsourcing CCO duties, organizations are put at significantly higher risk.
Insurance is an option.
Many CCOs are demanding that their contracts include directors and officers (D&O) liability insurance, which would cover defense costs or pay out a settlement that might result if they’re prosecuted for unintentional wrongful conduct. Willful violations are another story. This extra layer of security will give CCOs the comfort they need to conduct their work to the best of their ability, and mitigate the threat of “brain drain,” as many talented CCOs re-think their career choices.
Investing in compliance technology.
No company or CCO should have to pursue all potential compliance risks manually. Today, there are cloud-based governance, risk management, and compliance (GRC) systems that help give these key players a leg-up. GRC systems will help CCOs navigate existing regulation and keep tabs on new rules coming down the pike. Automated discovery helps these key players find less-than-ideal activity within the organization. Because business processes are documented, internal audits are made easier than ever. Additionally, government regulators have shown leniency when the right programs and technology are in place for the issue at hand.
It might seem like a scary time for CCOs, but the truth is that those who begin on a foundation of ethical behavior and investment in GRC systems will find that new risk of personal liability isn’t much higher than it ever was. Simple, smart moves can keep CCOs out of the litigation limelight and ensure the entire industry works toward bettering itself.