Chief Compliance Officers Subject to Expanding SEC Enforcement Trend – What “Personal Liability” Means Now

On April 20, 2015, the Securities and Exchange Commission (“SEC”) issued a press release announcing an enforcement order (the “Order”) reflecting the settlement of charges against BlackRock Advisors LLC (“BlackRock” or the “Firm”) and Bartholomew A. Battista, who had previously served as the Firm’s Chief Compliance Officer (“CCO”).

The Order is significant in at least two respects. One, it is the first SEC enforcement case to charge violations of Rule 38a-1 under the Investment Company Act of 1940, as amended (the “Investment Company Act”), for failure to report a material compliance matter to a fund’s board. Two, the Order reinforces concerns regarding personal liability of compliance officers by charging the CCO with causing violations (i) by affiliated funds of Rule 38a-1 and (ii) of Section 206(4) under the Investment Advisers Act of 1940, as amended (the “Investment Advisers Act”), and Rule 206(4)-7 thereunder, on account of the Firm’s failure to adopt and implement written policies and procedures to assess and monitor the outside activities of its employees.

It appears from the SEC’s press release that the determination to charge Mr. Battista reflected a view that his perceived failures prevented “critical compliance information” from being brought to the attention of the boards of affiliated registered funds. To guard against becoming future targets of SEC enforcement actions, legal and compliance officers that become aware of material compliance information should ensure that such information is always appropriately reported up the chain of command in accordance with applicable procedures and legal requirements.

The SEC’s case against the Blackrock CCO follows closely on the heels of the SEC’s recent case against the CCO of Penson Financial Services, Inc. for causing violations by that firm of the close out requirements of Rules 204T and 204 of Regulation SHO. The Pension and BlackRock cases represent a disturbing trend by the SEC of bringing negligence-based cases against compliance officers and arguably expand the standards previously announced by the Director of the SEC’s Division of Enforcement governing when the SEC would prosecute cases against legal and compliance officers.

Relevant Facts of the Case

The case centered on conflicts involving one of the Firm’s portfolio managers (the “Portfolio Manager”) who managed registered funds, private funds and separate accounts. In December 2006, the Portfolio Manager formed and funded a trust (the “Trust”) to hold interests in a yet to be formed company that was to be family-owned-and-operated. The Portfolio Manager funded the Trust with $2.4 million in gifts as well as $23.5 million in term loans.

Shortly thereafter, the Order states that the Firm learned that the Portfolio Manager had formed and funded the Trust “in violation of the [the Firm’s] private investment policy.” The Firm’s Legal and Compliance Department, including Mr. Battista, reviewed the matter and concluded that it did not see any conflict of interest. The Firm did not (i) report the formation or funding of the Trust to the boards of directors of the registered funds managed by the Portfolio Manager or to advisory clients; (ii) advise the funds’ boards of the Portfolio Manager’s violation of the Firm’s private investment policy; or (iii) monitor or reassess the Portfolio Manager’s outside business activities over the next three years.

In February 2007, the Portfolio Manager formed the contemplated family-owned-and-operated company (the “Private Company”). Over a three year period, the Portfolio Manager invested or loaned a total of approximately $50 million dollars to the Private Company. The Portfolio Manager was active in the operations of the Private Company and was also the owner of the entity that acted as the sole general partner of the Company. The Private Company was managed by the Portfolio Manager’s three sons.

In 2008, the Portfolio Manager solicited a joint venture with a public company, whose shares were held in funds and separate accounts managed by the Portfolio Manager. That public company merged into another public company (the “Public Company”), which formalized a joint venture with the Private Company in February 2010. Shares in the Public Company were a significant position in funds and separate accounts managed by the Portfolio Manager.

In January 2010, the Firm’s Legal and Compliance Department conducted fact-gathering discussions with the Portfolio Manager regarding the impending joint venture. This resulted in the preparation of a memorandum identifying several potential conflicts resulting from the Portfolio Manager’s involvement with the Private Company and that company entering into a joint venture with the Public Company whose shares were held by funds and separate accounts managed by the Portfolio Manager.

Notwithstanding the Firm’s acknowledgement of these potential conflicts, the Firm allowed the Portfolio Manager to continue managing the funds and separate accounts that held shares in the Public Company, provided that the Portfolio Manager (i) did not participate in any decisions with respect to the joint venture; (ii) did not become a board member of the joint venture; (iii) did not receive material information about the joint venture; and (iv) pre-cleared with the Firm any future board seats on the Private Company to be taken by the Portfolio Manager.

The Firm did not provide disclosure about the Private Company or the joint venture to the relevant fund’s boards or to advisory clients. The Firm did not follow-up with the Portfolio Manager further or monitor or initiate any reassessment of these matters or verify whether certain steps specified, such as removing references to the Firm from the website of the Private Company, were in fact taken by the Portfolio Manager.

Findings

The Order found that:

• The Firm breached its fiduciary duty to its clients by failing to disclose the potential conflicts posed by the Portfolio Manager’s involvement in the Private Company, including the joint venture.
• The Portfolio Manager’s violation of the Firm’s private investment policy was a “material compliance matter” that should have been reported to the boards of directors of the registered funds managed by the Portfolio Manager.
• The CCO and the Firm were aware of the Portfolio Manager’s violation of the Firm’s private investment policy and knew or should have known that the funds did not report the Portfolio Manager’s violations to the funds’ board.
• The Firm failed to adopt and implement policies and procedures that addressed how outside activities of the Firm’s employees were to be assessed for conflicts purposes, including who was responsible for decisions related to such activities and how such activities should be monitored.
• The CCO was responsible for the design and implementation by the Firm of written policies and procedures reasonably designed to prevent violations of the Advisers Act and its rules.

Violations

The Order found that:

• The failure by the Firm to disclose the potential conflicts violated Section 206(2) of the Advisers Act, which prohibits engaging in any transaction, practice, or course of business that operates as a fraud or deceit upon a client or prospective client.
• The failure by the Firm to adopt and implement written policies and procedures to assess and monitor the outside activities of its employees violated Section 206(4) of the Advisers Act and Rule 206(4)-7 thereunder.
• The CCO caused the Firm’s violation of Section 206(4) of the Advisers Act and Rule 206(4)-7.
• The Firm and the CCO caused the violation by the funds of Rule 38a-1(a) under the Investment Company Act, which requires registered investment companies, through their chief compliance officers, to provide a written report at least annually to their board of directors that addresses each “material compliance matter” that has occurred since the date of the last report.

SEC Standard of Liability for Legal and Compliance Officers

In a keynote address at Compliance Week 2014, the SEC’s Enforcement Director, Andrew Ceresney, set out the following test of when the SEC would bring actions against legal and compliance officers. As stated by Mr. Ceresney, such actions would “typically . . . occur when the Division believes legal or compliance personnel have affirmatively participated in the misconduct, when they have helped mislead regulators, or when they have clear responsibility to implement compliance programs or policies and wholly failed to carry out that responsibility.”

There is nothing in the Order to suggest that Mr. Battista “affirmatively participated” in any misconduct or “mislead regulators.” As to the third standard, that standard applies to the CCO’s actions, if at all, only if applied in the most literal manner, that is, without taking into account whether the CCO’s failure to act may have reflected a reasonable judgment regarding the applicability of the underlying regulatory requirement.

As to the Rule 38a-1 related violation, the Order does not make it clear whether Mr. Battista even had any responsibility with respect to Rule 38a-1, which by its terms applied not to Mr. Battista but rather to the chief compliance officer of affiliated funds. Even assuming Mr. Battista had such responsibility, however, a determination by Mr. Battista that the Portfolio Manager’s violations of the Firm’s private investment policy were not sufficiently material to justify reporting under Rule 38a-1 does not seem unreasonable.

Rule 38a-1 requires reporting of “material compliance matters”, which term is defined to mean a “matter about which the fund’s board of directors would reasonably need to know to oversee fund compliance. . . .” According to the Order, Mr. Battista was aware of two separate violations by the Portfolio Manager of the Firm’s outside investment policy. The first came to the Firm’s attention in January 2007 when the Firm learned that the Portfolio Manager had formed and funded the Trust. That funding had only recently occurred and was still in a nascent stage. That is, the investment in the Trust was nothing more than an investment to make an investment and, therefore, at most, a technical violation of the Firm’s outside investment policy. The second violation came to the Firm’s attention in January 2010 when the Firm learned that the Portfolio Manager had made additional loans of approximately $14 million to a subsidiary of the Private Company. While $14 million seems like a large number, as the Firm already knew and had approved, the Portfolio Manager had funded the Private Company with $2.4 million in gifts and $23.5 million in loans. Moreover, the Private Company was wholly owned by the Portfolio Manager. Accordingly, the additional investment could also be seen as, at most, a technical violation of the Firm’s outside investment policy and certainly not as a material violation warranting disclosure to the boards of the affiliated funds.

As to the decision to charge Mr. Battista with causing the Firm’s violation of Section 206(4) of the Advisers Act and Rule 206(4)-7 thereunder by failing to adopt and implement written policies and procedures to assess and monitor the outside activities of its employees, it could be argued that whether Mr. Battista “wholly failed to carry out [his] responsibility” to implement appropriate policies should turn on the question of whether it was obvious that procedures were needed in the first place.

The Firm, with Mr. Battista’s involvement, first determined that the Portfolio Manager’s involvement in the Private Company did not present any conflicts. Perhaps, especially in hind sight, that was the wrong decision. Nevertheless, it was the decision that the Firm reached after deliberation and there is no reason to believe it was reached in bad faith. Given that decision, it is not clear why Mr. Battista should have realized that policies and procedures were needed to monitor activity that the Firm did not believe posed any conflicts.

Similarly, while the Order appears to disapprove of the Firm’s decision to rely upon the Portfolio Manager to report back to the Firm, it can be argued that this is a reasonable approach. Indeed, due to the fact that outside business activities occur outside the normal purview of firms’ supervision and compliance, it is typically the case that policies and procedures related to outside business activities rely, in the first instance, on voluntary reporting by covered individuals. Given such an approach as the norm, it is not clear why it was obviously unreasonable for the Firm to rely upon the Portfolio Manager to report back to the extent there were changes in the approved activities. It is also not clear how the Firm would have monitored those activities should it have chosen to do so since the activities in question concerned a private company.

When the Firm next considered the Portfolio Manager’s outside activities, including the joint venture, it is clear that the Firm thought the Portfolio Manager could be isolated or screened from the activities of the Private Company. While this may seem like a poor decision, especially in hindsight, there is again no reason to believe that it was made in bad faith. Assuming the Firm’s view that the Portfolio Manager was not actively involved in the Private Company, again it is not obvious why Mr. Battista should have realized that written policies and procedures to monitor the Portfolio Manager were needed.

Accordingly, even as to the Firm’s violations of Section 206(4) of the Advisers Act and Rule 206(4)-7 thereunder, it not necessary obvious that Mr. Battista’s actions fell within the standards for liability previously announced by Mr. Ceresney.

While the SEC can disagree with the wisdom of the decisions made by the Firm and by Mr. Battista, in the absence of indications of bad faith or gross negligence, however, it seems unfair to charge Mr. Battista with a failure to implement procedures that seemed unnecessary in light of the Firm’s and Mr. Battista’s view of the situation at hand.

Rather than apply the standards announced by Mr. Ceresney, it appears likely that the SEC was motivated by the fact that Mr. Battista played a significant role in the Firm’s failure to report information concerning the Portfolio Manager to the boards of the relevant funds. As the SEC stated in its press release relating to the Order, this failure prevented the boards from considering and acting on what the SEC characterized as “critical compliance information” that would have alerted the boards to the Portfolio Manager’s outside business interests.

This view is consistent with another keynote address that was delivered at Compliance Week 2014, this time in a speech by Commissioner Kara M. Stein. In her speech, Ms. Stein discusses the role of “gatekeepers,” which includes compliance offices and boards of directors. Ms. Stein states that “A recurring theme in many of the cases that I review each week is the failure of some of these important players or gatekeepers to disrupt or prevent misconduct.” Ms. Stein further discusses the possibility that holding individuals to account for such failures might be more useful then imposing large penalties against the organizations with which such individuals are associated. Assuming gatekeepers should be held responsible for their failure to act, it is not a far reach to assume that compliance and legal personnel that fail their duty to provide “critical compliance information” to the gatekeepers should similarly be held responsible for such failure.

Protecting Legal and Compliance Officers from Enforcement Liability

The Order suggests several actions that legal and compliance officers can take to protect themselves from enforcement liability.

First and foremost, legal and compliance officers that become aware of “material compliance information” should ensure that such information is always appropriately reported up the chain of command in accordance with applicable procedures, whether to their boss or to senior management or the board. While the Order is not clear as to what makes something “material,” legal and compliance officers should consider that decisions concerning whether something is “material” are likely to be made by the SEC with the benefit of hindsight and take into account whether the information, if reported, would have been likely to ameliorate or even prevent the violations and/or harm that subsequently occurred. When in doubt report.

Additional actions include:

• Documenting actions taken and the reasons therefore. What is deliberate should not be mistaken for carelessness but may be absent documentation.
• Verifying and documenting fixes put in place or actions required to be taken.
• Documenting that ongoing activities are monitored on a periodic basis.
• Ensuring that compliance issues are addressed by appropriate and reasonable policies and procedures. In particular, these policies and procedures should address who has decision making authority over the issue at hand and how the matter in question is to be assessed.