GRC Professional - February 2015 Edition | Page 13

for Spencer Edwards, for his failure to supervise two employees who had sold unregistered stock. Spencer Edwards’ policies and procedures named the CCO – that is, Price – as the person responsible for, “anything of a legal nature that was part of our procedures.” Although vague, this grant of supervisory responsibility sufficed to hold him liable for his subordinates’ actions. Price was barred from association with any broker or dealer in a supervisory capacity and ordered to pay $55,000 in civil penalties. There is some good news. Griffin says a CCO who discharges his or her supervisory responsibility adequately can escape liability. The case involving Theodore Urban highlighted this. Urban served as the general counsel, executive vice president and member of the board of directors of Ferris Baker Watts, a registered broker-dealer and investment adviser. Ferris Baker Watts had hired Stephen Glantz, who later plead guilty to securities fraud charges arising from his involvement in a stock manipulation scheme. “The SEC pursued Urban under the theory that Urban was Glantz’s supervisor, and thus bore some responsibility for Glantz’s actions. Eventually, the administrative law judge dismissed the case, because Urban had approached his compliance department and the firm’s management regarding his suspicions about Glantz, and had even recommended terminating him, although the board vetoed the recommended termination.” There are a lot of compliance officers who notice a problem and who follow up a little bit, and then let it drop. Aggressive regulators Griffin says regulators defend their aggressive stance by saying that, if compliance professionals were doing their job properly, these breaches would have never happened. They go even further i n some cases and argue that, “not only were you asleep at the wheel, but you were also participating in the wrong doing.” Griffin also warns that what the US government considers as participating in the wrong doing, may just be what you consider to be a simple oversight. “You have cases were a compliance officer did not focus as intently on a problem as they should have, and in addition to prosecuting the person who did the misdeed, they are also prosecuting the compliance officer and holding them liable.” Griffin says compliance officers need to protect themselves. “There are two things I recommend compliance officers do. The first is that when you identify a problem, or potential problem, get out in front of it. Investigate problems aggressively and thoroughly. Ask questions and follow up on those questions.” `“The second thing is to document every step of your investigation. The government will look for evidence that you thoroughly investigated a potential problem. For your sake, and your company’s, you need that evidence. As a compliance officer, you need to be able to prove you thoroughly and properly investigated a matter.” Griffin says one of the issues compliance officers face is that they lack the authority to fire or demote people. This means they also lack that control to change behaviour. But the US Government does X not see it that way. 11