Getting Personal

doi:10.2469/cfm.v28.n1.15

Rhea Wessel

New legal risks threaten compliance careers.

Getting Personal View this article as a PDF

Key Points

Individual professionals are increasingly being held financially and even criminally liable for institutional compliance errors.

High-level compliance jobs come with an enormous amount of risk, including personal reputational risk.

Compliance professionals may need to supplement a company's directors and officers (D&O) insurance coverage with personal liability insurance.

Introduction

In June 2015, the SEC filed charges against Chief Compliance Officer (CCO) Eugene Mason of SFX Financial Advisory Management Enterprises that led to Mason agreeing to pay $25,000 to settle the case. The charges said Mason failed to implement compliance policies and procedures that should have detected an alleged misappropriation of client assets by an executive at the firm. They also said Mason was responsible for material misstatements in the firm’s Form ADV filing.

Another CCO, Bartholomew Battista, was deemed personally liable for company happenings in April of the same year. Battista, a former CCO at BlackRock, agreed to pay a $60,000 penalty after the SEC charged him with failing to implement compliance policies to prevent violations of the Advisers Act and its rules about the outside activities of BlackRock’s employees.

These are just two recent examples of a trend that many inside and outside the compliance world are noticing: Individuals are increasingly being held liable for the things that do—or don’t—take place at the institutions where they work. More than ever, employees are facing greater personal risk of prosecution for the lapses or failings of their employers.

The so-called “Yates Memo,” issued in September 2015 by former Deputy US Attorney General Sally Yates, was entitled “Individual Accountability for Corporate Wrongdoing.” According to the memo, “One of the most effective ways to combat corporate misconduct is by seeking accountability from the individuals who perpetuated the wrongdoing.”

This trend is important for charterholders given the growth in jobs related to compliance and the skills overlap that may make compliance work a viable or attractive option. Often, recruiters for compliance jobs look for people who show attention to detail, an ability to see the big picture, and the skills needed to synthesize large amounts of information and spot trends within it. Another attractive skill (and one shared by many charterholders) is the ability to manage risk. Many compliance programs take a risk-based approach—much like an investment manager would manage risk within a portfolio.

Whether you are working in compliance or not, focusing more on individual accountability, sometimes referred to as living in the “post–Yates Memo world,” means it’s important to follow developments and take measures to limit personal liability. For instance, consider the accountability culture of a current or potential employer. How serious is the leadership about checks and balances, compliance, and the risks inherent to the business? You may also request the chance to double-check and/or change compliance procedures and processes at your employer to ensure the firm empowers and does not hinder you in following the law in all jurisdictions. Finally, before taking a job, consider what type of personal liability insurance coverage you have or may need, and obtain full details on the company’s policies to determine whether the coverage suffices.

Risky Business

Arthur Middlemiss, a specialist in financial crimes compliance and partner at the New York office of Lewis Baach Kaufmann Middlemiss, a finance litigation boutique, says high-level compliance jobs at multinational financial institutions pay well for good reason: These professionals take on an enormous amount of risk to hold the job, including personal reputational risk.

“Increasingly, enforcements try to place the blame at the feet of the individual who is the face of the program,” says Middlemiss. “Gauge the attitude toward compliance within the organization. Does compliance have a valued role? Find out if your input as a compliance officer will be valued and that you will not only have the authority to change things but also the resources. You don’t want to be left with great responsibility but no power.”

Braden Perry, a partner at Kennyhertz Perry in Kansas City, Missouri, and a former CCO and federal enforcement attorney, says independent compliance audits of a company, either by a third party or someone who is not actively involved in compliance management, provide an added layer of protection for individuals. “One of the main challenges of a current compliance officer is promoting a ‘proactive’ compliance program,” Perry says. “Many regulated companies are ‘reactive,’ meaning that they do not anticipate issues but wait for issues to arise and then act or react.” A proactive compliance function also includes acquiring proper training, having the right IT systems in place, and making sure lines of reporting are adequate if a matter must be escalated.

“The compliance staff has the best chance of being successful in a proactive organization where the culture is open to change and forward thinking,” Perry adds. “Success in a reactive organization, by contrast, is an uphill battle.”

Mind Your D’s & O’s

Even if your employer scores high marks with you for its compliance function, you may still want your own personal liability coverage in addition to what the company offers as part of its directors and officers (D&O) coverage. If you are considered an officer or director, then you are probably covered under the company’s policy. But, every policy is different, and working internationally can cause unforeseen complications for personal liability.

In Germany, for instance, a company sued its top manager after the company was fined for breaking anti-trust law. According to Franz Held, a member of the executive board of VOV (a broker of D&O insurance contracts and provider of services to companies issuing D&O coverage) in Cologne, Germany, the company wanted recourse, saying it was the manager’s job to keep the company from breaking the law.

That’s why it’s critical to consult an expert, he says, adding there is much fine print to consider about D&O policies, including upper limits to the amounts covered in a policy. For instance, though Volkswagen is not a financial company, the potential scale of coverage needed amid charges that the automaker broadly deceived the public about emissions is exemplary. “Consider the pecking order and if you would still be covered under the policy in such circumstances [when the top executives would use up all the coverage on the policy first],” says Held.

Perry added that potential tools to reduce a compliance officer’s personal exposure include requesting a written indemnification agreement from the employer and making sure the firm has comprehensive insurance in place. “This is a tough ask, because no one wants to raise concerns in an employer before taking a job,” Perry says. “But, it’s crucial in today’s environment. Also, CCOs typically aren’t insurance experts, and your broker may not understand potential personal exposure and sources of liability. This can lead to inadequate coverage for the CCO. The main way to minimize it is to be aware of your responsibilities, material compliance information, and the program as a whole and to properly report up the chain.”

Criminal Mistakes

For some observers, a separate but related trend is noticeable. Not only are officials increasingly holding individuals responsible for firms’ breaches of compliance, there’s also a heightened risk of civil or criminal liability related to the financial function within companies, says Monique Bachner, a Luxembourg-based lawyer and independent director who participated in the International Directors Programme at INSEAD.

In Luxembourg, for instance, if you miss a deadline for filing your corporate accounts, you could face a criminal charge that would go on your personal record, Bachner says. Seen globally, “It seems like officials are trying to find somebody to blame to get a sound bite,” she says. “But the situation is nuanced. Doing something wrong can be active or passive. With the complexity of organizations, there’s nobody who can really know absolutely everything that is going on. In the end, you have to rely on people doing their best and having adequate and proper training, budgets, monitoring, and testing of the systems.”

Bachner does suggest, however, that “if you have exposure to the US, you’ll want more personal liability coverage.” Recent examples of US judicial reach touching a Europe-based bank include the US Department of Justice’s fine against Deutsche Bank related to residential mortgage-backed securities. Notably, no bank executives were charged.

Bachner says protecting yourself includes managing the risks by getting the proper training and making sure you have the right reporting lines. If faced with a decision to blow the whistle or not, even in countries where whistleblowers do not have broad protection, “it’s better to risk losing your job than to stain your personal reputation.”

Bachner adds: “I actually think the risk of personal liability for compliance officers is limited if you do your best in a supportive organization. Courts would usually have to show gross negligence or willful wrongdoing.”

Indeed, as SEC Chair Mary Jo White said in her opening remarks at the Compliance Outreach Program for Broker–Dealers on 15 July 2015, “We do not bring cases based on second-guessing compliance officers’ good faith judgments but rather when their actions or inactions cross a clear line that deserve sanction.”

“A Chilling Effect”

For Peter K.M. Chan, a partner at Morgan Lewis and the former head of the SEC Chicago office’s Municipal Securities and Public Pensions Unit, the community of compliance officers needs more reassurance. In an August 2015 article, Chan writes that “the US Securities and Exchange Commission has long recognized that chief compliance officers and other legal and compliance personnel serve the public interest as the first line of defense against misconduct.” But, with recent enforcement actions by the SEC against the CCOs of investment advisory firms for allegedly being a cause of their respective firm’s compliance failure, the SEC is being “inconsistent with the agency’s historical policy to tread carefully in charging legal and compliance personnel,” Chan says.

“In the past, the SEC tended not to charge such personnel unless they acted beyond their consulting and monitoring role to become a ‘supervisor’ under the federal securities laws,” he continues. “Overzealous enforcement actions that deviate from this policy could create a ‘chilling effect’ that would discourage the best talents from taking on compliance roles in the financial industry. In addition, if legal and compliance personnel make decisions based primarily on the fear of personal liability, their advice and guidance would not be trusted.”

Chan recommends the SEC clarify its position on enforcement actions against legal and compliance personnel and that CCOs consult with outside counsel when facing high-risk compliance issues.