The need for every organization to understand the legal environment in which it operates (through a comprehensive, continuously improving compliance program) was underscored by significant announcements issued by federal enforcement agencies over the past few weeks. These announcements apply to all U.S. persons, even investors which are not required to register with a financial regulatory authority (such as the SEC).
Moreover, even SEC registrants that fully comply with SEC compliance requirements may still fall short of the new guidelines. The reason is simple: the new guidelines apply to activities that go beyond the requirements set out in the federal securities laws.
In the eyes of the U.S. federal regulators, you have been put on notice. Expect other domestic and international regulatory authorities to espouse similar programs. (Indeed, many have already done so.)
Ignoring this type of enforcement guidance is a little like crossing a busy street with your eyes closed. Some might make it across unscathed; but why risk investment returns and reputations over “unseen” requirements? Casting a blind eye is unwise because a little advance planning can greatly reduce unfortunate surprises and their consequences. By way of example, one regulator describes the lack of a formal compliance program as the number one “root cause” leading to enforcement actions.
What’s happened? In the past few weeks important federal regulators have shared expectations that instruct enforcement personnel to “go easy” on missteps and oversights where a meaningful compliance program exists. Conversely, those lacking a meaningful program may be judged harshly.
DOJ’s April 30th guidance, “Evaluation of Corporate Compliance Programs,” (“DOJ Guidance”) instructs prosecutors to consider “as a threshold matter” whether a company has a code of conduct setting out “the company’s commitment to full compliance with relevant Federal laws…” (DOJ Guidance at page 3).
OFAC’s May 2nd guidance, “A Framework for OFAC Compliance Commitments,” (“OFAC Guidance”) applies to “all U.S. persons.” OFAC will consider compliance program adequacy for “all enforcement cases” and will “consider favorably” those that had effective programs “at the time of an apparent violation.”
On May 8, the CFTC (which recently has increased its enforcement activities) released its first-ever “Enforcement Manual.” Section 7 of that manual underscores the value of self-reporting, cooperation and remediation, all facilitated by a well-functioning compliance program. The manual instructs CFTC enforcement staff to consider a company’s “relative culpability” which includes whether the misconduct was addressed (or not) under compliance policies in place at the time of the misconduct, and the use of internal controls for remediation. See Section 7 and here.
The message is clear: be on top of all applicable laws. The DOJ guidance instructs prosecutors to evaluate whether a company’s assessment of compliance risks is adequate and sufficiently far-reaching. Risks to be evaluated include the location of operations, competitiveness, potential clients and business partners, payments to foreign officials, and the use of third parties, among others (DOJ Guidance at page 2). Further, the guidance instructs prosecutors to review guidance “published by relevant federal and state agencies” (DOJ Guidance at page 18, note 2). Elsewhere, the document contains references to international information sources. Indeed, international regulators are also raising the bar on compliance programs. For example, the European Commission has issued draft guidance on best practices for compliance programs for export controls and sanctions, and the UK Ministry of Justice has released Adequate Procedures Guidance to prevent bribery offenses.
Legal and regulatory risk analysis is complicated because, in this day and age, requirements permeate every aspect of operations—from the making of investments (where risks should be identified as part of the due diligence process), to dealing with third parties (where, again, diligence is required), and to scrutiny of potentially every action at the organizational level. RFG can provide cost-effective assistance through its proprietary online methodology that identifies laws applicable to U.S. investors and private fund investment managers. We have counseled the most sophisticated investors on these issues and stand ready to share our experience and insights with those seeking to build compliance programs to regulatory expectations.
Senior management is in the regulatory line of sight. The guidance places responsibility squarely at the foot of senior management and governing bodies. See DOJ Guidance at page 9 and OFAC Guidance at 2. Even prior to the issuance of the recent guidance, senior personnel have been sanctioned for “failure to supervise,” when staff violated regulations.
The recent guidance sets the stage for further prosecutions along these lines.
It comes as the UK has also been increasing its focus on the responsibility of senior management with the Senior Managers and Certification Regime (which is extended to all Financial Conduct Authority solo regulated firms December 9, 2019). Under this regime, a senior manager may be held personally liable for violations if the manager failed to satisfy governance, compliance and human resources requirements—even if the manager was not personally involved in the wrongdoing.
Allocators should take heed. As the recent documents demonstrate, the need for a compliance program is not keyed off of SEC, CFTC or bank registration status: it derives from the increasingly complex web of legal and regulatory requirements that apply to all entities, even those that are “unregulated.” Further, compliance programs are especially important when regulators, legislators, and courts have moved to criminalize even unintended or unknowing violations. (See a discussion of this trend in “An Examination of the Criminalization of Commercial Activity.”)
Investment markets and securities trading are highly regulated sectors of our economy and participants are expected to be well-versed in the rules and knowledgeable about their organization’s activities—and obligations. For example, RFG has identified more than 20 U.S. federal reporting requirements that might apply to an allocator, has detailed knowledge of these requirements and offers a decision tree highlighting the requirements most likely to apply to a particular investor.
Charitable organizations are not out of scope. Nonprofits can no longer count on being viewed as a separate, venerated segment of society. Too often, the press alludes to public resentment and disappointment with the sector. Indeed, prosecutors, as well as the press, have been carefully scrutinizing nonprofits in the past year. Nonprofits may not be subject to SEC examination as an investment adviser, but they are subject to their own unique set of federal and state laws. Many of these relate to investment activities. We count at least five major nonprofit organizations which have recently been caught in the headwinds. Often the entanglements concern conflicts of interest and, a subset of that, transactions with insiders. As a result, a range of organizations, staff and trustees, many of which had the best intentions, have faced accusations of wrongdoing.
How can RFG help? RFG is uniquely positioned to help address these issues, as it represents clients that have approximately $150 billion in combined assets under management, including a consortium of the nation’s leading endowment investment offices. As a result, RFG has substantial materials that describe regulatory expectations and industry benchmarks for allocators. These materials include sample risk assessments and sample compliance manuals tailored for use by investors (as opposed to registered investment advisers) and detailed analysis of the laws and regulations that apply to the investor community. Our time-tested approach is codified in our unique online knowledge management portal, RFG Pathfinder®. Additionally, our expertise encompasses gap analysis, risk assessments, building a compliance program, training and testing. RFG can provide support when an organization lacks experienced or full-time compliance staff, has experienced recent compliance staff turnover or simply seeks an outside perspective.
In short, RFG can help in many ways:
RFG can review your organization’s activities and identify risk areas.
RFG can examine your organization’s structure and activities and work with your staff to bring your compliance program into line with the evolving regulatory landscape.
RFG can meet with trustees and investment committee members to share information on the relevant laws and practices within the industry, the components of a compliance program, and appropriate program structure and documentation.
RFG can craft a manual tailored to your organization, but based on work already done to develop RFG’s standard form investor compliance manual.
RFG Pathfinder, a web-based knowledge management platform, identifies regulatory requirements for investors and investment advisers, many of which go beyond federal financial regulations. We share these insights with clients based on our compliance process methodology that, in turn, is based on our CEO’s years of experience as an in-house general counsel.
RFG can assist in the build out and ongoing operations of your compliance function.
Finally once a compliance program has been created, it is the job of the compliance function to monitor changes to the legal and regulatory landscape in order to keep policies and procedures and the risk assessment up to date. (See DOJ Guidance at page 3.) RFG assists in this process through its weekly newsletters, webinars and conferences.
Allocators interested in developing a compliance program, or in strengthening any aspect of their existing program, should contact Information@RegFG.com.