Can We Calm Down Over CCO Liability?

Thank the lord! Yesterday the SEC fined an investment advisory firm and one of its senior managers for failure to prevent insider trading—and did not fault the firm’s chief compliance officer. Now maybe we can all, finally, step back from the fears over CCO liability that have gripped this profession too much.

The firm in question is Artis Capital Management, one of those shadowy investment advisers that offers market research to hedge funds. On Thursday it agreed to pay $8.9 million in fines and penalties, including $5.1 million Artis made in profits from the illicit trading. The executive implicated in the misconduct is Michael Harden, one of the firm’s senior research analysts; he agreed to pay a fine of $130,000 and was barred from the securities industry for one year. (To add insult to injury, Artis is now closing up shop and has de-registered with the SEC; you won’t find it online any more.)

The SEC cited both parties for failure to prevent insider trading committed by one of its employees, Matthew Teeple. That name might sound familiar; Teeple was picked up as part of an SEC probe into insider trading in 2013. He and one of his sources, an executive at Foundry Networks, were both sentenced to prison for passing along insider information about Foundry before Brocade Communications acquired it in 2008. Teeple is now a guest of the federal prison system until the end of this decade.

cco liabilityBack to Artis Capital and Harden, who was Teeple’s boss at the time. According to the SEC’s complaint, Teeple joined the firm in 2007 and reported to Harden. Unlike most research analysts, however, Teeple didn’t do much statistical analysis, provide many written reports, or make his files available for Harden and other senior managers to review. He was too busy wheeling non-public information from his sources by phone, and that was red flag No. 1: unusual work practices, that left a slim amount of evidence for managers to review.

Red flag No. 2: at least twice in 2008, as Teeple obtained insider information about Foundry Networks, he mentioned those insider tips to Harden—or as the SEC phrased it, “Teeple shared information with Harden that should have caused a reasonable supervisor to question whether Teeple had improperly obtained material nonpublic information from a corporate insider.” Rather than investigate how Teeple acquired this lucrative information, Artis gave him a $1 million bonus at the end of 2008.

Whither Compliance?

Now let’s bring compliance back into the story. As an investment adviser, Artis was subject to the Investment Advisers Act, including Section 204A, which requires firms to have policies and procedures against insider trading. Artis did have some insider trading policies and procedures, although none that specifically addressed Teeple’s frequent interaction with companies in Artis’ trading portfolio.

Artis also failed to enforce its policies. It did have a policy requiring employees who knew about possible insider trading to report their concerns to the chief compliance officer. Harden never did.

The SEC’s complaint is clear about the problem at Artis: an ineffective compliance program. “Artis did not take steps to ensure that (i) its policies relating to insider trading were adequately enforced; and (ii) it had systems in place to ensure that Artis was not trading on the basis of material nonpublic information.” When you’re talking about poor enforcement and missing systems, you’re talking about ineffective compliance at the program level.

Throughout all of this complaint, however, Artis’ chief compliance officer appears hardly at all. The firm had one, but the complaint only identifies “the CCO” and says that person was never informed of anything going on with Harden and Teeple’s insider trading. I couldn’t find the name of any CCO for Artis at the time of this misconduct in 2008, although in later years Artis apparently assigned that role to other executives such as its general counsel or the firm’s CFO (who is the chief compliance officer today).

Still, let’s stick with what we do know: the SEC fined the firm for its weak compliance program, and the errant employee’s manager for failing to enforce compliance standards. That is exactly how it should be.

Liability Fears

This enforcement action should soothe CCO nerves because the responsible parties were held responsible. If a firm has a poor compliance culture, then the firm should suffer the consequences. And if we truly believe that “the business unit owns the risk”—well, at a hedge fund advisory firm that traffics in market research, the business unit is the market research department. Both parties were held accountable here.

chillaxI’ve long thought that the compliance community’s fears about CCO liability for program failures are overblown. Certainly for those outside the financial services sector—where you need to be compliant, but aren’t legally required to have a formal compliance program or a chief compliance officer—the chance of liability is virtually nil. The only example that comes to my mind at all is the former chief compliance officer of Alstom, Jean-Daniel Laine, and he was only charged by British authorities. U.S. regulatory enforcement hasn’t done anything comparable.

Compliance officers at registered investment advisory firms (like Artis) do have more concerns, but that doesn’t mean you have lots of concern. Given the size of the RIA industry, only a tiny number of compliance officers have personally felt the hammer of regulatory enforcement. Yes, some people argue the contrary; former SEC Commissioner Dan Gallagher is one, who raised concerns about the threat of CCO liability several times in 2015.

I’m much closer to the thinking of SEC Enforcement Director Andrew Ceresney. In a speech last year, he laid out four questions the agency asks itself before putting a CCO in the crosshairs. The SEC only wants to pursue CCOs, he said, who are complicit in the misconduct, obstruct an investigation, or are grossly negligent in their duties. In other words, the SEC knows how much more difficult its duties would be, if it started handing out sanctions to compliance officers simply because their programs failed.

The Artis case is a good example of how enforcement should look when the compliance program fails. Let’s all relax, take a breath, and hope we see more like it in the future.

Leave a Comment

You must be logged in to post a comment.