Liability Issues for Compliance OfficersIIB Annual Seminar on Risk Management and Regulatory Examination/Compliance Issues Affecting International BanksOctober 28, 2015

David D. DiBari

Clifford Chance

n In 2005, the Basel Committee issued a paper on compliance risk and the compliance function in banks (the “Basel Paper”).1 It defined “compliance risk” as “the risk of legal or regulatory sanctions, material financial loss, or loss to reputation a bank may suffer as a result of its failure to comply with laws, regulations, rules, related self-regulatory organization standards, and codes ofconduct applicable to its banking activities.”

n The Basel Paper sets out principles addressing the responsibilities of the board of directors and senior management for compliance as well as specific principles addressing the independence standards, status, organization, governance, resources, and responsibilities of the compliance function.

n The Federal Reserve’s expectations for the compliance function of all supervised banking organizations are consistent with the principles outlined in the Basel Paper.2

n Each foreign banking organization supervised by the Federal Reserve should implement a compliance program that is appropriately tailored to the scope, complexity, and risk profile of the organization’s U.S. operations. The program should be reasonably designed to ensure that the organization’s U.S. operations comply with applicable U.S. rules and standards and should establish effective controls over compliance risks that transcend business lines or legal entities.3

n The Federal Reserve, the FDIC, and the OCC each require the US branches, agencies, and representative offices of the foreign banks they supervise operating in the United States to develop written BSA compliance programs that are approved by their respective bank’s board of directors and noted in the minutes, or that are approved by delegates acting under the express authority of their respective bank’s board of directors to approve the BSA compliance programs.4

The Compliance Function

2Liability Issues for Compliance Officers

1 Basel Committee on Banking Supervision, Compliance and the Compliance Function in Banks (April 2005), available at: http://www.bis.org/publ/bcbs113.pdf.2 FED. RESERVE BD., BANK HOLDING COMPANY SUPERVISION MANUAL § 2124.07 (2015) (the “BHC Supervision Manual”); see also SR 08-8/CA 08-11, Compliance Risk Management Programs and Oversight at Large Banking Organizations with Complex Compliance Profiles (Oct. 16, 2008).3 Id. 4 FED. FIN. INST. EXAMINATION COUNCIL, BANK SECRECY ACT ANTI-MONEY LAUNDERING EXAMINATION MANUAL (2014), available at: https://www.ffiec.gov/bsa_aml_infobase/documents/BSA_AML_Man_2014.pdf.

Clifford Chance

n In a number of recent speeches top regulators have focused on “compliance culture” and "good compliance" as opposed to "merecompliance." For example, Federal Reserve Governor Tarullo has stated: “. . . well-crafted compliance programs are essential. But what we want to see is good compliance, not mere compliance.”1

n Banking organizations are expected to foster respect for the values and goals of applicable laws and regulations, rather than merely comply with applicable regulatory requirements and restrictions. It is important for regulated banking organizations to take steps to shape behavior through stated values that are supported and reinforced by management action, including "setting the tone from the top.“2

n The OCC "heightened standards" for large national banks and federal branches of non-US banks3, finalized in September 2014, are an embodiment of the heightened supervisory expectations for a strong risk management and compliance culture. These standards:– require the establishment of a formal, written risk governance framework and the assignment of specific roles and responsibilities for

the board, senior management, the business units (referred to as "frontline units"), the compliance function (referred to as "independent risk management"), and the audit function.

– among other things, the guidelines address specific responsibilities with respect to: (i) the conduct of risk assessments; (ii) the adoption of a comprehensive written statement that articulates the bank’s risk appetite; (iii) adoption of risk concentration limits; (iv) the implementation of procedures and processes for risk data aggregation and reporting; and (v) conduct of audits.

n Another example of the regulatory focus on fostering compliance culture is the relatively recent FinCEN advisory (issued in August 2014),4 in which FinCEN highlighted the importance of a strong culture of BSA/AML compliance for senior management, leadership and owners of all financial institutions regardless of size or industry sector.

Focus on Compliance and Compliance Culture

3Liability Issues for Compliance Officers

1 Good Compliance, Not Mere Compliance, Remarks by Federal Reserve Governor Tarullo, at the Federal Reserve Bank of New York Conference, “Reforming Culture and Behavior in the Financial Services Industry” (October 20, 2014), available at: http://www.federalreserve.gov/newsevents/speech/tarullo20141020a.htm.2 See e.g., The Rewards Of An Ethical Culture, Remarks by Thomas C Baxter, Executive Vice President and General Counsel of the Federal Reserve Bank of New York, at the Bank of England, London (January 20, 2015), available at: https://www.bis.org/review/r150121a.htm?ql=1.3 OCC Guidelines Establishing Heightened Standards for Certain Large Insured National Banks, Insured Federal Savings Associations, and Insured Federal Branches; Integration of Regulations, 79 Fed. Reg. 54518 (Sept. 11, 2014).4 FinCEN Advisory to U.S. Financial Institutions on Promoting a Culture of Compliance, available at: http://www.fincen.gov/statutes_regs/guidance/pdf/FIN-2014-A007.pdf.

Focus on Compliance

Clifford Chance

n Among other things, the responsibilities of the compliance function include: (i) advising senior management on compliance with laws, rules and standards; (ii) educating staff on compliance issues and establishing written guidance to staff on compliancewith laws, rules and standards through policies and procedures; (iii) identification, documentation and assessment of compliance risk; and (iv) monitoring and testing compliance.1

n Section 352 of the USA Patriot Act and Regulation H require banks supervised by the Federal Reserve, including US banking offices of foreign banks, to designate a qualified individual to serve as a BSA compliance officer.2

n Regulation H and the FFIEC BSA Examination Manual provide that:– The BSA compliance officer is responsible for “coordinating and monitoring” day-to-day BSA/AML compliance.3

n The FFIEC BSA Examination Manual further states that:– The BSA compliance officer is responsible for managing all aspects of the BSA/AML compliance program. The BSA compliance

officer may delegate BSA/AML duties to other employees, but the officer should be responsible for overall BSA/AML compliance. The board of directors also is ultimately responsible for the bank’s BSA/AML compliance.

– The BSA compliance officer should be fully knowledgeable of BSA and related regulations and should receive periodic training that is relevant and appropriate given changes to regulatory requirements as well as the activities and overall BSA/AML risk profile of the bank.

– The line of communication should allow the BSA compliance officer to regularly apprise the board of directors and senior management of ongoing compliance with the BSA. Pertinent BSA-related information, including the reporting of SARs filed with FinCEN, should be reported to the board of directors or an appropriate board committee so that these individuals can make informed decisions aboutoverall BSA/AML compliance.

The Compliance Officer

4Liability Issues for Compliance Officers

1 See Basel Paper; BHC Supervision Manual.2 See 31 U.S.C. 5318(h); Section 208.63 of the Federal Reserve’s Regulation H (12 C.F.R. § 208.63).3 FED. FIN. INST. EXAMINATION COUNCIL, BANK SECRECY ACT ANTI-MONEY LAUNDERING EXAMINATION MANUAL (2014), available at: https://www.ffiec.gov/bsa_aml_infobase/documents/BSA_AML_Man_2014.pdf; Section 208.63 of the Federal Reserve’s Regulation H (12 C.F.R. § 208.63) (stating that banks must designate an individual responsible for “coordinating and monitoring” day-to-day BSA compliance); see also Part 116 of the New York Department of Financial Services Regulations (3 NYCRR § 116.2).

Clifford Chance

Focus on Accountability

n Individual Accountability for Corporate Wrongdoing, September 2015 (the “Yates Memorandum”):1

“One of the most effective ways to combat corporate misconduct is by seeking accountability from the individuals who perpetrated the wrongdoing.”

“Fundamentally, this memo is designed to ensure that all attorneys across the Department are consistent in our best efforts to hold to account the individuals responsible for illegal corporate conduct.”n The NYDFS, under Superintendent Lawsky’s leadership, commenced implementing a policy to hold individuals accountable for identified

personal misconduct:

“… even if there are certain circumstances where the misconduct does not rise to the level of criminal fraud, civil financialregulators can also play a role in imposing individual accountability. . . . we have sought increasingly to move toward individual accountability . . . . we need more individual accountability after misconduct occurs to help produce real deterrence.”2

n In line with this individual accountability policy, individuals have been subject to disciplinary actions as a condition to settlement of enforcement action with the NYDFS and other regulatory and enforcement agencies.

n The Fed, the FDIC, and the OCC can also target individuals through their authority to pursue enforcement actions against “institutional affiliated parties.”3

Focus on Individual Accountability

5Liability Issues for Compliance Officers

1 Individual Accountability for Corporate Wrongdoing, Memorandum by Deputy Attorney General Sally Q. Yates dated September 2, 2015, available at: http://www.justice.gov/dag/file/769036/download.2 Superintendent Lawsky’s Remarks on Financial Regulation in New York City at Columbia Law School (February 25, 2015), available at: http://www.dfs.ny.gov/about/speeches/sp150225.htm.3 See 12 U.S.C. § 1818(e).

Clifford Chance

n April 2014: FINRA imposed a $25,000 fine on the CCO of Brown Brothers Harriman (“BBH”), a broker-dealer, for failing to establish and implement an adequate AML compliance program to monitor and detect suspicious penny stock transactions. BBH conducted penny stock transactions in known bank secrecy heavens such as Guernsey and Jersey. BBH had an AML compliance program that included suspicious activity surveillance, but the program allegedly failed to adequately monitor activity involving penny stock transactions and resulted in SAR filing failures.1

n December 2014: FinCEN imposed a $1 million fine on the CCO of MoneyGram, an MSB, for failing to ensure AML compliance. In its penalty assessment, FinCEN stated that the CCO willfully violated the BSA and its implementing regulations by failing to ensure the establishment and implementation of an effective AML program, and by failing to report suspicious activity as required by the BSA. According to FinCEN, the CCO’s failures included: (i) Failure to Implement a Discipline Policy; (ii) Failure to Terminate Known High-Risk Agents/Outlets; (iii) Failure to File Timely SARs; (iv) Failure to Conduct Effective Audits of Agents/Outlets; and (v) Failure to Conduct Adequate Due Diligence on Agents/Outlets.2

n April 2015: The SEC charged the CCO of BlackRock Advisors LLC, an investment adviser, with causing the firms compliance-related violations for failing to implement compliance policies and procedures reasonably designed to prevent violations of the Advisers Act and its rules concerning the outside activities of BlackRock’s employees, including how they should be assessed and monitored for conflicts purposes, and when conflicts of interest should be disclosed to BlackRock fund’s boards and advisory clients. The CCO agreed to pay a $60,000 penalty.3

n June 2015: The SEC charged the CCO of SFX Financial Advisory Management Enterprises Inc., an investment adviser, with failing to implement compliance policies and procedures that should have detected an alleged misappropriation of client assets by an executive at the firm and with responsibility for material misstatements in the firm’s Form ADV filing. The CCO agreed to pay a $25,000 penalty.4

Recent Enforcement Cases Against CCOs

6Liability Issues for Compliance Officers

1 FINRA Enforcement v. Brown Brothers Harriman & Co., et al., FINRA AWC No. 2013035821401 (Feb. 5, 2014).2 In re: Thomas E. Haider, FinCEN Assessment of Civil Money Penalty No. 2014-08 (Dec. 18, 2014); see also U.S. Dept. of Treasury v. Thomas E. Haider, 14 CV 9987 (U.S. District Court, SDNY) (Dec. 18, 2014) (seeking to enforce the civil money penalty and to enjoin Mr. Haider from employment in the financial industry). 3 In re: Blackrock Advisors LLC, et al., SEC Rel. No. IA-4065 (Apr. 20, 2015).4 In re: SFX Financial Advisory Management, et. al, SEC Rel. No. IA-4116 (June 15, 2015).

Clifford Chance

1 Introductory Remarks at The Evolving Role of Compliance in the Securities Industry Presentation (May 12, 2014), available at:http://www.sec.gov/News/Speech/Detail/Speech/1370541797850.2 Statement on Recent SEC Settlements Charging Chief Compliance Officers With Violations of Investment Advisers Act Rule 206(4)-7 (June 18, 2015), available at: http://www.sec.gov/news/statement/sec-cco-settlements-iaa-rule-206-4-7.html.

“Today’s compliance personnel have to address an ever-broadening array of complex and novel financial products, new trading and communication technologies, and multiple, diverse market venues. They must do so in the face of an unprecedented torrent of new laws and regulations promulgated in response to the financial crisis, most particularly the Compliance Officer and Securities Attorney Full Employment in Perpetuity Act of 2010, or as it’s more commonly known, Dodd-Frank. And although securities firms have been generally increasing the amount of resources they devote to compliance matters, compliance budgets have increased in a linear manner while the demands faced by compliance officers have increased exponentially.” SEC Commissioner Daniel M. Gallagher (May 2014)1

“[a]s regulators, we should strive to avoid the perverse incentives that will naturally flow from targeting compliance personnel who are willing to run into the fires that so often occur at regulated entities.”SEC Commissioner Daniel M. Gallagher (June 2015)2

Are Compliance Personnel Being Targeted?

7Liability Issues for Compliance Officers

Clifford Chance

“I am concerned that the recent public dialogue may have unnecessarily created an environment of unwarranted fear in the CCO community. Such an environment is unhelpful, sends the wrong message, and can discourage honest and competent CCOs from doingtheir work.”

“In the seven years that I have served as a Commissioner, it has been my experience that the Commission does not bring enforcement actions against CCOs who take their jobs seriously and do their jobs competently, diligently, and in good faith to protect investors. I do not believe that these CCOs should fear the SEC.”SEC Commissioner Luis A. Aguilar (June 2015)1

Have No Fear?

8Liability Issues for Compliance Officers

1 The Role of Chief Compliance Officers Must be Supported (June 29, 2015), available at: http://www.sec.gov/news/statement/supporting-role-of-chief-compliance-officers.html.

Clifford Chance

1 Keynote Address at Compliance Week 2014 (May 20, 2014), available at: http://www.sec.gov/News/Speech/Detail/Speech/1370541872207.2 Opening Remarks at the Compliance Outreach Program for Broker-Dealers (July 15, 2015), available at: http://www.sec.gov/news/speech/opening-remarks-compliance-outreach-program-for-broker-dealers.html.

n In a keynote address at Compliance Week 2014, the SEC’s Enforcement Director, Andrew Ceresney, stated that actions against legal and compliance officers would “typically . . . occur when the Division believes legal or compliance personnel have affirmatively participated in the misconduct, when they have helped mislead regulators, or when they have clear responsibility to implementcompliance programs or policies and wholly failed to carry out that responsibility.”1

n More recently SEC Chair Mary Jo White further stated:

“Being a CCO obviously does not provide immunity from liability, but neither should our enforcement actions be seen by conscientious and diligent compliance professionals as a threat.”

“We do not bring cases based on second guessing compliance officers' good faith judgments, but rather when their actions or inactions cross a clear line that deserve sanction.”

“To be clear, it is not our intention to use our enforcement program to target compliance professionals.” SEC Chair Mary Jo White (July 2015)2

Should You Be Concerned?

9Liability Issues for Compliance Officers

Clifford ChanceClifford Chance

What Does the Future Hold for the Compliance Function?

10Liability Issues for Compliance Officers

Worldwide contact information 36* offices in 26 countries

* Clifford Chance’s offices include a second office in London at 4 Coleman Street, London EC2R 5JJ. ** Linda Widyati & Partners in association with Clifford Chance.

Abu DhabiClifford Chance9th Floor, Al Sila TowerAbu Dhabi Global Market SquarePO Box 26492Abu DhabiUnited Arab EmiratesTel +971 (0)2 613 2300Fax +971 (0)2 613 2400

Bucharest Clifford Chance BadeaExcels ior Center28-30 Academiei Street12th Floor, Sector 1Bucharest, 010016RomaniaTel +40 21 66 66 100Fax +40 21 66 66 111

Hong KongClifford Chance27th FloorJardine HouseOne Connaught PlaceHong KongTel +852 2825 8888Fax +852 2825 8800

MadridClifford ChancePaseo de la Castellana 11028046 MadridSpainTel +34 91 590 75 00Fax +34 91 590 75 75

PerthClifford ChanceLevel 7, 190 St Georges TerracePerth, WA 6000AustraliaTel +618 9262 5555Fax +618 9262 5522

ShanghaiClifford Chance40th FloorBund Centre222 Yan An East RoadShanghai 200002ChinaTel +86 21 2320 7288Fax +86 21 2320 7256

AmsterdamClifford ChanceDroogbak 1A1013 GE AmsterdamPO Box 2511000 AG AmsterdamThe NetherlandsTel +31 20 7119 000Fax +31 20 7119 999

CasablancaClifford Chance169, boulevard Hassan 1erCasablanca 20000MoroccoTel +212 520 132 080Fax +212 520 132 079

IstanbulClifford ChanceKanyon Ofis Binasi Kat 10Büyükdere Cad. No. 18534394 LeventIstanbulTurkeyTel +90 212 339 0001Fax +90 212 339 0098

MilanClifford ChancePiazzetta M.Bossi, 320121 MilanItalyTel +39 02 806 341Fax +39 02 806 34200

PragueClifford ChanceJungmannova PlazaJungmannova 24110 00 Prague 1Czech RepublicTel +420 222 555 222Fax +420 222 555 000

SingaporeClifford Chance12 Marina Boulevard25th Floor Tower 3Marina Bay Financial CentreSingapore 018982Tel +65 6410 2200Fax +65 6410 2288

BangkokClifford ChanceSindhorn Building Tower 321st Floor130-132 Wireless RoadPathumwanBangkok 10330ThailandTel +66 2 401 8800Fax +66 2 401 8801

DohaClifford ChanceQFC BranchSuite B, 30th floorTornado TowerAl Funduq StreetWest Bay PO Box 32110DohaState of QatarTel +974 4491 7040Fax +974 4491 7050

Jakarta**LWPDBS Bank TowerCiputra World One 28th FloorJl. Prof. Dr. Satrio Kav 3-5Jakarta 12940IndonesiaTel +62 21 2988 8300Fax +62 21 2988 8310

MoscowClifford ChanceUl. Gasheka 6125047 MoscowRussian FederationTel +7 495 258 5050Fax +7 495 258 5051

RiyadhClifford ChanceBuilding 15, The Business GateKing Khaled International Airport RoadCordoba District, RiyadhP.O. Box: 90239, Riyadh 11613,Kingdom of Saudi ArabiaTel +966 11 481 9700Fax +966 11 481 9701

SydneyClifford ChanceLevel 16No. 1 O'Connell StreetSydney NSW 2000AustraliaTel +612 8922 8000Fax +612 8922 8088

BarcelonaClifford ChanceAv. Diagonal 68208034 BarcelonaSpainTel +34 93 344 22 00Fax +34 93 344 22 22

DubaiClifford ChanceLevel 15Burj DamanDubai International Financial CentrePO Box 9380DubaiUnited Arab EmiratesTel +971 4 503 2600Fax +971 4 503 2800

KyivClifford Chance75 Zhylyanska Street01032 KyivUkraineTel +380 44 390 5885Fax +380 44 390 5886

MunichClifford ChanceTheresienstraße 4-680333 MunichGermanyTel +49 89 216 32-0Fax +49 89 216 32-8600

RomeClifford ChanceVia Di Villa Sacchetti, 1100197 RomeItalyTel +39 06 422 911Fax +39 06 422 91200

TokyoClifford ChanceAkasaka Tameike Tower, 7th Floor17-7 Akasaka 2-ChomeMinato-ku, Tokyo 107-0052JapanTel +81 3 5561 6600Fax +81 3 5561 6699

BeijingClifford Chance33/F, China World Office 1No. 1 J ianguomenwai DajieChaoyang DistrictBeijing 100004ChinaTel +86 10 6535 2288Fax +86 10 6505 9028

DüsseldorfClifford ChanceKönigsallee 5940215 DüsseldorfGermanyTel +49 211 43 55-0Fax +49 211 43 55-5600

LondonClifford Chance10 Upper Bank StreetLondon, E14 5JJUnited KingdomTel +44 20 7006 1000Fax +44 20 7006 5555

New YorkClifford Chance31 West 52nd StreetNew York, NY 10019-6131USATel +1 212 878 8000Fax +1 212 878 8375

São PauloClifford ChanceRua Funchal 418 15th Floor04551-060 São Paulo SPBrazilTel +55 11 3019 6000Fax +55 11 3019 6001

WarsawClifford ChanceNorway Houseul. Lwowska 1900-660 WarszawaPolandTel +48 22 627 11 77Fax +48 22 627 14 66

BrusselsClifford ChanceAvenue Louise 65 Box 21050 BrusselsBelgiumTel +32 2 533 5911Fax +32 2 533 5959

FrankfurtClifford ChanceMainzer Landstraße 4660325 Frankfurt am MainGermanyTel +49 69 71 99-01Fax +49 69 71 99-4000

LuxembourgClifford Chance10 boulevard G.D. CharlotteB.P. 1147L-1011 LuxembourgGrand-Duché de LuxembourgTel +352 48 50 50 1Fax +352 48 13 85

ParisClifford Chance1 rue d'AstorgCS 6005875377 Paris Cedex 08FranceTel +33 1 44 05 52 52Fax +33 1 44 05 52 00

SeoulClifford Chance21st Floor, Ferrum Tower19, Eulji-ro 5-gilJung-gu, Seoul 100-210KoreaTel +82 2 6353 8100Fax +82 2 6353 8101

Washington, D.C.Clifford Chance2001 K Street NWWashington, DC 20006 - 1001USATel +1 202 912 5000Fax +1 202 912 6000

11

Clifford Chance, 10 Upper Bank Street, London, E14 5JJ© Clifford Chance 2015Clifford Chance LLP is a limited liability partnership registered in England and Wales under number OC323571Registered office: 10 Upper Bank Street, London, E14 5JJWe use the word 'partner' to refer to a member of Clifford Chance LLP, or an employee or consultant with equivalent standing and qualifications