Working long hours to address changing regulatory, investor and internal requirements, are an accepted part of everyday life.
Yet, chief compliance officers and legal experts now say that the stress is hitting closer to home on a personal level. Securities watchdogs are drawing even more attention to individual shortcomings, particularly when it comes to anti-money laundering (AML) specialists.
While there are no hard official numbers on the differential between AML and other compliance directors who are being individually cited — and fined — by the SEC and FINRA, there is some anecdotal evidence to suggest that AML compliance directors are taking more heat than others.
“The SEC and FINRA have been quick to name AML compliance officers in their settlements,” observes Robert Herskovits, managing partner at Herskovits PLLC in New York, a law firm specializing in regulatory compliance and litigation matters for broker-dealers.
The most recent case in point: a whopping US$8 million fine FINRA levied on Brown Brothers Harriman and an additional $25,000 fine and month’s suspension imposed on its anti-money laundering compliance director Harold Crawford. That settlement followed yet another $475,000 penalty paid by Banorte-Ixe in January and a one-month suspension of its AML director Anthony Simmons for failing to adequately report US$28 million in customer accounts tied to Mexican drug cartels.
In 2012 alone, say industry studies, of FINRA’s 40 AML-related penalties totaling US$9.3 million, 30 were levied against individuals. Those hefty settlements are separate from far larger ones paid by HSBC, Standard Chartered, and Clearstream Banking Luxembourg (CBL), among others to US banking regulators and other government agencies which also cited poor AML procedures. HSBC’s federal fine in 2012 came to US$1.92 billion while Standard Chartered’s federal and New York State fines that same year amounted to over US$600 million. Earlier this year international securities depository CBL forked over US$152 million.
Broker-dealers are required, under FINRA’s rules, to appoint dedicated compliance directors to prevent money-laundering activities. Statutes within the US Bank Secrecy Act also specifically require bank board members to approve AML controls and have compliance officers on staff.
With a greater regulatory focus on doing away with terrorist activities funded by dirty money, it stands to reason that AML directors would attract more attention than others, says Herskovits. Whether or not such targeting is justified is another matter. While FinOps was interviewing compliance specialists for its article posted on February 21, a consistent response emerged: Crawford got a raw deal.
“We’re caught between a rock and a hard place,” one compliance officer at a New York brokerage tells FinOps. “We can provide the best advice possible, but if it falls on deaf ears, we’re the ones paying the price.”
Still, as Herskovits notes, all compliance specialists need to be vigilant about about their risk of a personal regulatory enforcement action. “Compliance leaders are being held to increased accountability amidst an ever-increasing volume of regulations, the expectation to move and comply fast, and the exposure to record fines for non-compliance now totaling in the billions of dollars,” says Chris Perry, managing director of risk for Thomson Reuters, which just released the findings of its study of 600 compliance officers worldwide at fund managers, banks, broker-dealers and insurance firms.
Fifty-three percent of compliance officers responding to the survey feel that their personal liability will increase in 2014 and seventeen percent expect it to increase “significantly.” They have good reason to believe so: in 2013 more individuals than firms faced enforcement action in the UK alone.
Last year brought on several new regulations and more are expected in 2014, such as the European Market Infrastructure Regulation (EMIR), the European Market in Financial Instruments Directive (MiFID), and the Foreign Account Tax Compliance Act (FATCA) to name a few. Requirements for more electronic trading, centralized clearing, customer account management and regulatory reporting will certainly keep compliance officers on their toes.
Adding to the pressure of new and changing regulations are more specific demands in how regulations are managed. While policy and procedures are typically planned and handled at a departmental level, the compliance director is officially the in-house expert and ultimately responsible for all of the results — making the potential personal liability of compliance directors even greater than ever before.
“The focus will no longer simply be on compliance with a set of rules and guidelines, but will increasingly look to explore a firm’s culture — the how of the business as well the what,” the report says. The Financial Stability Board, for one, has set out detailed role and requirements for key positions in financial services firms, including duties to be added in job descriptions of senior managers.
Just how is a compliance officer supposed to address these broader requirements — in an organization that may or may not be totally on board with the spirit and letter of the new rules — while protecting himself or herself from legal, financial and reputational risk?
Interacting with crucial other departments appears to be one way, but surprisingly that doesn’t seem to be happening as often as it should be. Forty four percent of respondents in the Thomson Reuters survey say they spend less than an hour a week liaising with their internal audit units and thirty percent spend less than an hour a week speaking to their legal departments. About a third spend less than an hour a week speaking to other risk departments.
“For many compliance professionals, the explicit management of their own personal regulatory risk will have to be fitted into an already very full range of activities,” explains Thomson Reuters’ report. Here is the breakdown of a typical work week: about 16 percent of time must be spent on tracking regulatory developments and 14 percent reporting to the board and amending policies and procedures. That leaves 70 percent of the work week left. Fifty four percent of the remaining time needs to be spent on an array of responsibilities: interacting with regulators, regulatory inspections and exams, regulatory reporting, project management of regulatory implementation as well as compliance monitoring and training. That leaves just 16 percent to liaise with control functions.
There is a silver lining. Sixty-four percent of respondents are expecting budget increases in 2014, reflecting not only more staff, but higher compensation. But that might not be enough to mitigate the stress of personal liability. The compliance department is typically the first line of defense in investigating allegations of wrongdoing and employee complaints.
If problems are unresolved, compliance staff have the option of submitting information on potential wrongdoing to regulatory bodies, but collecting any money is far from certain and the action carries huge professional risk.
The Securities and Exchange Commission’s whistleblower program established by the 2010 Dodd-Frank Wall Street Reform Act places a number of restrictions on compliance officers’ participation in its bounty program, which pays individuals if their report results in successful enforcement action. Under Dodd-Frank, compliance personnel also have to wait 120 days after reporting alleged wrongdoing internally before going to the SEC, enabling potentially criminal activity to continue and even snowball in seriousness.
Thomson Reuters’ survey doesn’t make any explicit recommendations on what compliance officers can do to mitigate their personal legal liability, given the restrictions on whistleblowing, but it does suggest they reverse their weak interaction with internal audit departments. That scenario leaves them vulnerable to regulatory action at both a firm and individual level.
Yet another suggestion: engage extensively with board of directors and senior managers to ensure there is a firm-wide understanding of the changing regulatory environment and the implications of the new focus on a culture of compliance. Of course, documentation could also go a long way to provide evidence of consistent high levels of compliance.
The premise of Thomson Reuters’ report is that compliance officers have plenty of internal clout and making a best effort counts for something with regulators. That might not always be the case, as shown in the BBH scenario where FINRA took a too-little too-late attitude in fining not only BBH, but also Crawford for not stopping bad business relationships quickly.
So what’s really left to do? Ten US compliance officers at banks and brokerages contacted by FinOps Report, say they are in a no-win situation and short of resigning can do little to reduce their personal liability. They just have to count on their chief operating officers, chief financial officers and chief executive officers to support their role and follow their recommendations, because regulators will hold them responsible for poor operational controls and oversight no matter what.
Even if additional staff is added, AML surveillance is still vulnerable to substantial error,not of their own making. “Financial firms are often willing to make due with multiple technology platforms with little to no integration to match suspicious conduct with specific customers or counterparties or to update risk profiles correctly,” says the New York-based compliance officer. “Even worse, trading, payments, and other business line units — not compliance directors — often have the final say in whether or not a client is kept or eliminated from the roster.”
While the Dodd-Frank legislation explicitly prohibits firms from retaliating — dismissing –compliance officers who spill the beans on suspected bad conduct, doing so could still mean the end of a promising career, when the whistleblower tries to find another position. “There have been instances in which careers are negatively impacted, so I can understand why compliance officers would be reluctant to do so,” says Herskovits.
Compliance specialists agree. “Compliance officers typically consider whistleblowing an anathema and would rather resign,” says another chief compliance officer at a New York brokerage firm in a stance shared with her peers. “The risk of personal liability and career damage aren’t worth any extra compensation dangled in front of us.”
Herskovits argues that first-tier banks and broker-dealers, as a rule of thumb, do allocate sufficient resources to compliance. C-level executives are paying attention to recommendations of their compliance specialists. But when all else fails, resignation is a viable option, he agrees.
“Compliance officers will continue to resign if a situation arises where budgetary constraints or management mandates become untenable,” says Herskovits.