Prosecution of Chief Compliance Officers: Establishing Basic Professional Standards
We all know that sometimes the press just gets it wrong. They do not understand the nuance of an issue that may be right in the core of our legal and/or compliance practice. We all have read an article in our area of expertise and shake our heads – the press missed the nuance and focused on the wrong issue.
I felt this way when I read the latest scare article designed to upset everyone in the compliance field that they are going to be prosecuted for failing to do their job. Nothing could be further from the truth. In fact, Chief Compliance Officers will not get prosecuted when they exercise reasonable efforts to ensure compliance. If a company ignores the CCO and makes no effort to implement an effective compliance program, the CCO has only one choice – leave the company.
CCOs, however, do not have immunity. If they participate and promote a criminal scheme, they should and will be prosecuted. There is nothing controversial about that point. In the Siemens bribery case, for example, the CCO was involved in the bribery scheme and helped to promote it. The CCO was not prosecuted but it certainly is an example of when it may be appropriate to prosecute a CCO.
In recent press reports, writers have emphasized statements made by US regulators to hold CCOs accountable at financial institutions for control violations. The focus of the concern has been two cases – the Moneygram case prosecuted by the Treasury Department’s Financial Crimes Enforcement Network (“FinCEN”) and the Financial Industry Regulatory Authority (“FINRA”).
Contrary to all the doomsayers, CCOs will not be prosecuted, civilly or criminally, for exercising good faith judgments.
Without going into all of the facts, if you read the basic charging documents in the MoneyGram case, you will understand why FinCEN’s proposed enforcement action was reasonable. (See Charging Documents Here)
In fact, as a former prosecutor, I can see plenty of reasons why prosecutors may have considered charging the CCO with participating in a crime. The misconduct in MoneyGram was pervasive and egregious. The CCO was aware of the misconduct for years and did nothing to stop it. He should have done the right thing – report the misconduct to the board, request an investigation and remediate as much and as quickly as possible. If the board would not act, the CCO should have left the company.
Similarly, FINRA’s fine of Brown Brothers Harriman’s CCO was entirely reasonable given the surrounding circumstances. See Summary of Facts Here.
FINRA fined the company $8 million for substantial anti-money laundering compliance lapses, including an inadequate system to monitor and detect suspicious penny stock transactions, as well as failures to investigate suspicious penny stock activity brought to the firm’s attention.
BBH’s CCO was fully aware of the fact that penny stock transactions are high risk. By definition, penny stocks are red flags – meaning a cause for concern. Over a four year period, BBH executed transactions involving at a minimum six billion (yes, billion) shares of penny stocks, many of which were for undisclosed customers of foreign banks in countries known for bank secrecy. Talk about a red flag – these were bloody, red flags. BBH did not verify any information with respect to these stock trades – BBH did not know the beneficial owner, how the stock was obtained, and the seller’s relationship to the issuer – BBH earned over $850 million in fees from the transactions.
FINRA also cited the fact that BBH knew that customers were depositing and selling large blocks of penny stocks – it conducted no supervisory review of these transactions.The CCO tried to establish tighter controls over penny stock transactions but the company failed to implement them for over a year. In the face of rampant and egregious violations, the CCO should have done more.
These two cases do not raise a real risk that CCOs will be prosecuted if they do not perform at a competent level. Instead, these two cases stand for one thing – CCOs cannot exercise their responsibilities by permitting violations to occur, and failing to take appropriate actions, which are basic to the compliance function. The title CCO means something – if the company is breaking the law, CCOs have to do something about it and cannot sit idly by for 5 years or 8 years while the conduct is continuing.
CCOs have to advance basic professional standards and requirements. Not every CCO will act with integrity. The profession is not immune from misconduct and improper – indeed, even illegal conduct.
CCOs need to establish appropriate professional standards and hold each other accountable for meeting these basic requirements. Lawyers have done so; accountants have done so; and so should CCOs.