New legal risks threaten compliance careers.
Key Points
Individual professionals are increasingly being held financially and even criminally liable for institutional compliance errors.
High-level compliance jobs come with an enormous amount of risk, including personal reputational risk.
Compliance professionals may need to supplement a company's directors and officers (D&O) insurance coverage with personal liability insurance.
Introduction
Another CCO, Bartholomew Battista, was deemed personally liable for company happenings in April of the same year. Battista, a former CCO at BlackRock, agreed to pay a $60,000 penalty after the SEC charged him with failing to implement compliance policies to prevent violations of the Advisers Act and its rules about the outside activities of BlackRock’s employees.
These are just two recent examples of a trend that many inside and outside the compliance world are noticing: Individuals are increasingly being held liable for the things that do—or don’t—take place at the institutions where they work. More than ever, employees are facing greater personal risk of prosecution for the lapses or failings of their employers.
The so-called “Yates Memo,” issued in September 2015 by former Deputy US Attorney General Sally Yates, was entitled “Individual Accountability for Corporate Wrongdoing.” According to the memo, “One of the most effective ways to combat corporate misconduct is by seeking accountability from the individuals who perpetuated the wrongdoing.”
This trend is important for charterholders given the growth in jobs related to compliance and the skills overlap that may make compliance work a viable or attractive option. Often, recruiters for compliance jobs look for people who show attention to detail, an ability to see the big picture, and the skills needed to synthesize large amounts of information and spot trends within it. Another attractive skill (and one shared by many charterholders) is the ability to manage risk. Many compliance programs take a risk-based approach—much like an investment manager would manage risk within a portfolio.
Whether you are working in compliance or not, focusing more on individual accountability, sometimes referred to as living in the “post–Yates Memo world,” means it’s important to follow developments and take measures to limit personal liability. For instance, consider the accountability culture of a current or potential employer. How serious is the leadership about checks and balances, compliance, and the risks inherent to the business? You may also request the chance to double-check and/or change compliance procedures and processes at your employer to ensure the firm empowers and does not hinder you in following the law in all jurisdictions. Finally, before taking a job, consider what type of personal liability insurance coverage you have or may need, and obtain full details on the company’s policies to determine whether the coverage suffices.
Risky Business
“Increasingly, enforcements try to place the blame at the feet of the individual who is the face of the program,” says Middlemiss. “Gauge the attitude toward compliance within the organization. Does compliance have a valued role? Find out if your input as a compliance officer will be valued and that you will not only have the authority to change things but also the resources. You don’t want to be left with great responsibility but no power.”
Braden Perry, a partner at Kennyhertz Perry in Kansas City, Missouri, and a former CCO and federal enforcement attorney, says independent compliance audits of a company, either by a third party or someone who is not actively involved in compliance management, provide an added layer of protection for individuals. “One of the main challenges of a current compliance officer is promoting a ‘proactive’ compliance program,” Perry says. “Many regulated companies are ‘reactive,’ meaning that they do not anticipate issues but wait for issues to arise and then act or react.” A proactive compliance function also includes acquiring proper training, having the right IT systems in place, and making sure lines of reporting are adequate if a matter must be escalated.
“The compliance staff has the best chance of being successful in a proactive organization where the culture is open to change and forward thinking,” Perry adds. “Success in a reactive organization, by contrast, is an uphill battle.”
Mind Your D’s & O’s
In Germany, for instance, a company sued its top manager after the company was fined for breaking anti-trust law. According to Franz Held, a member of the executive board of VOV (a broker of D&O insurance contracts and provider of services to companies issuing D&O coverage) in Cologne, Germany, the company wanted recourse, saying it was the manager’s job to keep the company from breaking the law.
That’s why it’s critical to consult an expert, he says, adding there is much fine print to consider about D&O policies, including upper limits to the amounts covered in a policy. For instance, though Volkswagen is not a financial company, the potential scale of coverage needed amid charges that the automaker broadly deceived the public about emissions is exemplary. “Consider the pecking order and if you would still be covered under the policy in such circumstances [when the top executives would use up all the coverage on the policy first],” says Held.
Perry added that potential tools to reduce a compliance officer’s personal exposure include requesting a written indemnification agreement from the employer and making sure the firm has comprehensive insurance in place. “This is a tough ask, because no one wants to raise concerns in an employer before taking a job,” Perry says. “But, it’s crucial in today’s environment. Also, CCOs typically aren’t insurance experts, and your broker may not understand potential personal exposure and sources of liability. This can lead to inadequate coverage for the CCO. The main way to minimize it is to be aware of your responsibilities, material compliance information, and the program as a whole and to properly report up the chain.”
Criminal Mistakes
In Luxembourg, for instance, if you miss a deadline for filing your corporate accounts, you could face a criminal charge that would go on your personal record, Bachner says. Seen globally, “It seems like officials are trying to find somebody to blame to get a sound bite,” she says. “But the situation is nuanced. Doing something wrong can be active or passive. With the complexity of organizations, there’s nobody who can really know absolutely everything that is going on. In the end, you have to rely on people doing their best and having adequate and proper training, budgets, monitoring, and testing of the systems.”
Bachner does suggest, however, that “if you have exposure to the US, you’ll want more personal liability coverage.” Recent examples of US judicial reach touching a Europe-based bank include the US Department of Justice’s fine against Deutsche Bank related to residential mortgage-backed securities. Notably, no bank executives were charged.
Bachner says protecting yourself includes managing the risks by getting the proper training and making sure you have the right reporting lines. If faced with a decision to blow the whistle or not, even in countries where whistleblowers do not have broad protection, “it’s better to risk losing your job than to stain your personal reputation.”
Bachner adds: “I actually think the risk of personal liability for compliance officers is limited if you do your best in a supportive organization. Courts would usually have to show gross negligence or willful wrongdoing.”
Indeed, as SEC Chair Mary Jo White said in her opening remarks at the Compliance Outreach Program for Broker–Dealers on 15 July 2015, “We do not bring cases based on second-guessing compliance officers’ good faith judgments but rather when their actions or inactions cross a clear line that deserve sanction.”
“A Chilling Effect”
“In the past, the SEC tended not to charge such personnel unless they acted beyond their consulting and monitoring role to become a ‘supervisor’ under the federal securities laws,” he continues. “Overzealous enforcement actions that deviate from this policy could create a ‘chilling effect’ that would discourage the best talents from taking on compliance roles in the financial industry. In addition, if legal and compliance personnel make decisions based primarily on the fear of personal liability, their advice and guidance would not be trusted.”
Chan recommends the SEC clarify its position on enforcement actions against legal and compliance personnel and that CCOs consult with outside counsel when facing high-risk compliance issues.