Securities and Exchange Commissioner Daniel Gallagher has garnered attention in recent months as a dissenter within the SEC ranks. Two quite recent dissents stand out, because they involve a distinctive view of the compliance function, and of the proper relationship between the public enforcement agencies, with the SEC at the forefront, on the one hand, and the private operations of compliance officers on the other.
Lately, Gallagher has taken this to a level that reminds me of a comedian of the same name, the “Gallagher” who used to wield his sledge-o-matic at the expense of watermelons.
On June 18th, Gallagher posted a public statement of his views on these two cases.
The earlier case, In the Matter of Blackrock Advisors LLC (April 20, 2015) arose because the SEC charged BlackRock with breaching its fiduciary duty by failing to disclose a conflict of interest concerning the outside business activities of a portfolio manager. As part of that package, the SEC also found that the chief compliance officer (CCO), Bartholomew A. Battista, was responsible for BlackRock’s failure to implement proper policies and procedures such that a disclosure would have been made or the conflict avoided.
The second dissent along these lines arose In the Matter of SFX Financial Advisory Management Enterprises Inc. (June 15, 2015). Here the SEC alleged a multi-year theft of client assets by the former president of the company, Brian J. Ourand, who made a habit of “writing checks to himself and initiating wires from client accounts for his own benefit.” The firm failed to supervise Ourand, and its CCO, Eugene S. Mason, failed to implement the policies and procedures that would have protected clients against this result.
The Nature of the Dispute
Why does Gallagher quarrel with this? He objects to the “Monday morning quarterback” aspect of the finding. Further, as he sees it the SEC is making the life of the CCOs too dangerous. Such folks might react in a way contrary to what the SEC presumably hopes: by skating by with “less comprehensive policies and procedures with fewer specified compliance duties,” thus avoiding liabilities for failure of implementation of the more comprehensive plans.
The rule in question is 206(4)-7, and Gallagher’s quarrel extends beyond the specifics of these two controversies to that rule itself, which he says in a moment of understatement is “not a model of clarity.” What is worse, in the eleven years since its adoption, the SEC has never issued any guidance about how to comply.
Registered IAs, according to 206(4)-7, must adopt and implement written policies and procedures reasonably designed to prevent violations of the Advisers Act and its rules. Presumably adoption is one thing and implementation is another. The gravamen of Gallagher’s dissents is that in these two instances the CCO was held liable for failure to implement the policies that were adopted, not for a failure to adopt sensible and sufficiently comprehensive policies. Gallagher believes that a strict liability approach to implementation, aimed at the CCO, constitutes a serious mistake.
Not Like Watermelons
What is more, some recent enforcement actions he says “have unfairly contorted the rule to treat the compliance function as a new business line” thus giving compliance officers the role of business heads.
The issue is important because, as Gallagher rightly says there is no self-regulatory organization interposed between the SEC and investment advisors. In that respect, IAs are different creatures from broker-dealers. The compliance officer at an IA is “not only the first line of defense,” but in most situations “the only line of defense.” The SEC should try really hard not to treat them the way the other Gallagher used to treat watermelons for a laugh.
There are situations, this Gallagher concedes, in which the authorities must hold CCOs responsible for violations of the law. But regulators “should strive to avoid the perverse incentives that will naturally flow from targeting compliance personnel who are willing to run into the fires that so often occur at regulated entities. This includes exercising restraint and discretion even at the investigation stage” so as to avoid psychological and reputational impacts that can be as chilling as an actual finding of a violation.