The Importance of Effective Compliance Programs in Preventing Enforcement Actions

Stephen L. Cohen, the Securities and Exchange Commission’s (“SEC”) Associate Director of Enforcement, spoke recently at the Society of Corporate Compliance and Ethics’ Annual Conference.  In his remarks he noted what he considers characteristics of effective and ineffective compliance programs and how having a strong compliance program can impact the SEC staff’s decision on whether or not to bring an enforcement case against a firm as well as the extent of penalties and sanctions pursued. Mr. Cohen said: “When evaluating a company’s misconduct, we typically give credit when a company can demonstrate a strong compliance culture”.

Effective and Ineffective Compliance Programs

Mr. Cohen noted in various iterations a characteristic  he considered to be indicative of a strong compliance program; early detection of compliance issues.  In contrast, a hallmark of an ineffective compliance is one which fails to detect issues and where firms “do not take compliance seriously until misconduct comes to light.”  He noted cases brought by the SEC or the Department of Justice “where issues were not discovered, not escalated, or where management ignored push-back from compliance staff.”  The firms considered favorably by regulators are those “that display an exemplary commitment to compliance, cooperation and remediation.”

Culture and Governance

Throughout his remarks, Mr. Cohen mentioned a culture of compliance(a phrase often used by SEC staff) and a firm’s governance (an emphasis of the SEC staff since the fallout of the financial crisis).  He noted that: “A strong compliance and ethics program must start with proper governance, including a tone at the top built on actions rather than words.”  Again, he used a SEC staff buzzword, “tone at the top”, which may seem trite, but  is  assessed by SEC staff and is considered telling.

Distilled from the speech, the following demonstrates a culture of compliance and good governance:

  • involving the board of directors and senior management;
  • providing compliance and ethics programs with the necessary resources, independence, standing, and authority to be effective;
  • leaders promoting integrity and ethical values in decision-making across the organization;
  • legal staff and chief compliance officer having access to senior management or are themselves part of senior management.

He noted that the staff of the SEC’s National Examination Program is meeting with those who govern an organization, as well as compliance personnel, “to assess the culture of compliance and ethics in the organization” and that the results “can factor into the level of risk the staff ascribes to a firm, which can affect how frequently they are examined.”


While Mr. Cohen noted the benefits and elements of an effective compliance program and of good corporate governance, he said the SEC staff would not hesitate to seek to punish those whose programs had failed to detect issues.  The SEC staff would seek, through enforcement, substantial financial penalties and admissions of wrongdoing in some instances.  He reiterated the benefits of an effective compliance program in relation to possible enforcement action by saying: “Isolated conduct combined with good compliance and internal controls make it less likely that we will bring an action at all.”  He described matters involving two firms, Morgan Stanley and Ralph Lauren, where internal controls, the compliance program, training and risk assessment were instrumental in the SEC not bringing charges against the firms.

The SEC staff, specifically the National Exam Program, Investment Management Division, and the Enforcement Division’s Asset Management Unit, have been “coordinating efforts to identify and bring cases against registered investment advisers who lack effective compliance programs and procedures.”  Mr. Cohen noted six actions that arose out of these efforts and that there are more in the pipeline.  While not mentioned specifically in his remarks, in October, a set of SEC enforcement actions addressed inadequate policies and procedures.  The first is the case of Equitas Capital Advisers, Equitas Partners, its owner, former owner and chief compliance officer and a successor firm named Crescent.  The SEC alleged that they failed to adopt and implement written compliance policies and procedures and conduct annual compliance reviews as required under the Investment Advisers Act of 1940.   In a similar case, Modern Portfolio Management and its owners also allegedly failed to correct ongoing compliance violations at the firm despite prior warnings from SEC examiners and also failed to complete annual compliance reviews.

“Continual self-evaluation and improvement”

How, precisely, does a firm heed Mr. Cohen’s warnings?  A firm should take concrete and demonstrable actions to continually assess the strength of its compliance program, the risks involved in the organization and the compliance program’s ability to identify wrongdoing to correct gaps in the program.  Mr. Cohen noted that firms “must proactively keep pace with developments and leading practices as part of a commitment to a culture of ongoing improvement.”  Not all chief compliance officers are career compliance officers and many have other duties beyond compliance, such as serving as chief financial officers and chief operating officers. This is the case with many recently-registered private fund firms.  Thus, it is recommended that given a lack of a regulatory and compliance background, chief compliance officers should endeavor to educate themselves; share ideas and experiences with colleagues; attend conferences, roundtables and SEC events; and read about developments.

Although often costly, consider bringing in others to evaluate the risks, strengths, weaknesses, effectiveness of the program. Such parties include internal audit, regulatory consultants and attorneys.  Among the methods employed by such parties are mock SEC examinations, targeted reviews of areas of risk for a firm, risk assessments, and reviews of policies and procedures.  Firms that undergo these exercises are often better prepared for a SEC staff examination.  As Mr. Cohen noted, one shouldn't wait until an enforcement action to change behavior. Unfortunately, many do.


Get the latest compliance news and insights - delivered weekly. The SEC3 Communique covers all compliance topics. CCO3 focuses on CCO topics.
tip: check both to keep informed!


Overlooked Benefits of E&O/D&O

While asset managers should always be aware of the protections provided by their E&O/ D&O coverage, there are more reasons than ever to think about it now. The SEC continues to... read more »

SEC3 Newsletter

Commentary: How Compliance Officers & Firms Can Help Limit CCO Personal Liability This article originally appeared on the Thomson Reuters Regulatory Intelligence subscription service for compliance and risk professionals and is... read more »

Wishing One-and-All a Happy, Healthy and Prosperous New Year

We hope each of you found some peace and tranquility in the company of loved ones this holiday season and want to wish one-and-all a happy, healthy and prosperous New... read more »

Understanding How to Mitigate Liability and Navigate Insurance Options (Part II)

In June, we shared our thoughts around common insurance gaps and insurance riders that CCOs as well as managers should understand. One of the gaps we shared related to pre-claim... read more »

Cybersecurity - What have we learned and what have we done?

Regulatory Landscape In April 2015, the Securities and Exchange Commission ("SEC's") Division of Investment Management issued a guidance update, identifying cybersecurity as a critical issue. Several regulators are in fact focusing... read more »

Gatekeepers in SEC Crosshairs

Ever since the enforcement cases were announced as part of the SEC’s “Operation Broken Gate,” the SEC enforcement division has continued to ramp up scrutiny of gatekeepers including third-party service... read more »


Upcoming Events - September & October 2017

Upcoming Events Don’t miss the opportunity to meet with us in person to discuss the topics that matter most to you. SEC3 is teaming up with industry experts in NYC to discuss...

May 23, 2017 - Webcast: WannaCry Ransomware: Were You Really Protected or Just L…

When: Tuesday, May 23rd, 2017 | Schedule: 12pm - 1pm EST Who: Paul Caiazzo, CEO and Co-Founder, TruShield Security Solutions Michael Brice, Founder, BW Cyber Services John Lukan, Managing Director, SEC Compliance Consultants, Inc. We...

June 14, 2017 - Compliance Breakfast Briefing

8:30-9:00am - Networking and Continental Breakfast 9:00-10:30am - Program Location: Willkie Farr & Gallagher LLP | 600 Travis Street | Suite 2310 | Houston, TX Barry Barbash from Willkie Farr & Gallagher LLP,...

June 13, 2017 - Compliance Breakfast Briefing

8:30-9:00am - Networking and Continental Breakfast 9:00-10:30am - Program Location: Haynes and Boone, LLP | 2323 Victory Avenue | Suite 700 | Dallas, TX 75219 Validated parking is available in the garage attached...

May 31, 2017 - Chicago

9:00-9:30 a.m - Networking and Continental Breakfast 9:30-11:00 a.m - Program Location: Baker & McKenzie LLP | 300 East Randolph Drive | Suite 5000 | Chicago, IL 60601 Kristin Gonzalez and Jerome Tomas...

May 17, 2017 (NYC WIMF)

This event is by invitation only. Please email to learn more.

May 15, 2017 (NYC Chief Compliance Officer Roundtable)

9:00-9:30am - Networking and Continental Breakfast 9:30-11:00am - Program Location: Blank Rome LLP | The Chrysler Building | 405 Lexington Avenue | New York, NY 10174 | 22nd Floor Boardroom | Phone:...

Webcast: The Most Insidious Cybersecurity Threat Is Also The Least Understood

When: Tuesday, April 25th | Schedule: 12pm - 1pm EST Who: Paul Caiazzo, CEO and Co-Founder, TruShield Security Solutions Michael Brice, Founder, BW Cyber Services John Lukan, Managing Director, SEC Compliance Consultants, Inc. Ransomware, the...

CCO Liability (Part III): Managing Liability Webinar

In this webinar, panelists discuss indemnifications and insurance as potential remedies to address the direct financial risks to a CCO. Attendees will learn: What terms and conditions should Chief Compliance Officers be...

Webinar: CCO Liability (Part III): Managing Liability: Navigating Indemnities an…

When: Tuesday, February 21, 2017 Schedule: 11:00am ET / 10:00am CT / 9:00am MT / 8:00am PT / 7:00am AT Description of Webinar: The National Society of Compliance Professionals is pleased to host...

Webcast: SEC 2017 Examination Focus Area – Cybersecurity Testing

Penetration Testing & Vulnerability Assessments - Examining the SEC & FINRA Requirements When: Wednesday, January 25th | Schedule: 12pm - 1pm EST Who: Paul Caiazzo, CEO and Co-Founder, TruShield Security Solutions Michael Brice, Founder,...

Chief Compliance Officer Roundtable: Breakfast Briefing

When: October 20, 2016 Where: Blank Rome LLP | The Chrysler Building | 405 Lexington Avenue | New York, NY 10174 | 22nd Floor Boardroom | Phone: 212.885.5000 Thomas Westle and Janaya...

Practicing Law Institute - Hedge Fund Management 2016

When: September 15, 2016 Where: New York & concurrent webcast | 1177 Avenue of the Americas | New York, NY 10036 Schedule: 9:00 am – 5:00 pm Janaya Moscony, President of SEC3 will...


When: April 13, 2016 Where: Blank Rome LLP | The Chrysler Building | 405 Lexington Avenue | New York, NY 10174 22nd Floor Boardroom Thomas Westle and Janaya Moscony, along with industry experts,...


When: November 17, 2015 Where: Convene Midtown East | 730 Third Avenue | New York, NY 10017 Janaya Moscony, President, SEC Compliance Consultants, Inc. will be moderating a...