Welcome to GRIP, Global Relay’s new digital information service on practical compliance and regulatory change.

Please enjoy this free trial of our subscription content service, for a limited time only.

  

Rules

Understanding enforcement actions against compliance teams

Gurbir Grewal
Gurbir Grewal, Director of Enforcement, SEC. Photo by Michael M. Santiago/Getty Images

Sam Tyfield | Shoosmiths

 Click to share on Facebook (Opens in new window/tab) Click to share on Twitter (Opens in new window/tab) Click to share on LinkedIn (Opens in new window/tab) Click to share on WhatsApp (Opens in new window/tab)

Assessing key points made by SEC enforcement chief Gurbir Grewal in his recent speech.

Gurbir Grewal recently addressed the New York City Bar Association, and his speech covered a range of topics, highlighting the landscape of regulatory enforcement and compliance by the SEC with three themes: education; engagement; and execution.

We wanted to explore their implications for financial institutions, particularly in comparison to the regulatory landscape in the United Kingdom.

Employment terms and regulatory scrutiny

One of the critical areas Grewal addressed was the issue of employment terms in the financial industry. The SEC has taken action against firms for including certain provisions in their employment agreements that are against the SEC’s principles.

These provisions include requiring:

  1. employees to attest that they have not filed a complaint against the company with any federal agency;
  2. employees to waive their rights to financial whistleblower awards; and
  3. departing former employees to provide notice to the company if they received a request for information from SEC staff.

In the United States, such provisions have resulted in significant fines against firms, with the largest penalty reaching $10 million.

The law in the UK has jurisprudence and rules already in relation to these issues.

Whistleblowing

Whistleblowing in the UK differs from the US, not least as there are no bounties offered to whistleblowers. However, the law protects whistleblowers, prohibiting employers from taking action against individuals who report specific concerns (for example, breach of a legal obligation). Any provision in a UK employment agreement – or indeed any other agreement – which seeks to prevent an employee from making a protected disclosure is void.

The FCA and the Prudential Regulation Authority (PRA) go even further. The FCA Handbook in SYSC Chapter 18 states, in what has been described as thinly-veiled threat, that any evidence that any regulated firm had acted to the detriment of a whistleblower could call into question the fitness and propriety of the firm or relevant members of its staff. Relevant firms must also establish, implement and maintain appropriate and effective arrangements for the disclosure of reportable concerns, including breach of the firm’s policies and procedures and anything likely to harm the firm’s reputation, and cannot ask staff to warrant that they have not made a protected disclosure, or that they are not aware of anything that could form the basis of one.

The Solicitors Regulation Authority (SRA) has also issued a warning notice, warning law firms against “improper use” of NDAs, and setting out its “expectation” that NDAs clearly set what disclosures can and cannot be made and to whom. In other words, external and internal legal counsel would likely be in breach of their own regulator’s rules in advising clients that provisions of the type described by Grewal were acceptable in firm agreements.

Taken together, this results (by-and-large) in a self-policing employment market. Firms are increasingly keen to encourage a “speak up” culture, not least so they can address any concerns at an early stage – no one, let alone the compliance team, wants to be the last to know.

Compliance officers’ role

Grewal emphasised that actions by the SEC against individuals in compliance roles are relatively rare. The SEC avoids second-guessing the good faith judgments of compliance personnel, made after reasonable inquiry and analysis. However, there are exceptions, such as when compliance personnel affirmatively participate in misconduct unrelated to their compliance function, mislead regulators, or where there is a wholesale failure in carrying out their responsibilities.

In the UK, the compliance oversight role is formally recognised as a Senior Manager Function (SMF), and the FCA’s Senior Manager & Certification Regime (SMCR) holds SMFs personally accountable for their actions. While fines and penalties are more commonly imposed on firms, SMFs can be fined personally and may be restricted from future roles in the industry. This differs from the role of a general counsel, which is not a SMF. Enforcement action against general counsels is rare in the UK, but in the US, a “Chief Legal Officer” can face direct enforcement by the SEC for placing commercial imperatives above professional duties, as well as action by the general counsel’s own bar/regulator.

Engagement with the front line

Grewal touched briefly on compliance’s interaction with the front office. He mentioned the importance of not “second-guessing” businesses on decisions reasonably made. In the UK, discussions around the “three lines of defense” and structuring compliance’s interaction with the front office have been going on for years.

However, the FCA’s stance on these issues is considered by many to be confusing, as the FCA takes the approach that a compliance team which is embedded in the front-office can “go native”, while a compliance team which is too remote from the front-office may not understand how the business operates. Evidence of an effective compliance team is a number of filed suspicious transaction and order reports in the “Goldilocks Zone” (neither too many nor too few) according the FCA’s own expectations. The “three lines of defense” is the accepted monitoring structure paradigm, although with uncertainty about separation between the first two lines of defense, there is scope for undermining the role of compliance.

Grewal’s speech highlights the intricate differences between US and UK regulators’ agendas and requirements. These variations are of significant interest to international organizations dealing with multiple regulators. Trust in financial institutions and the delicate balance between regulatory enforcement and compliance remain key considerations for firms operating in the financial sector on both sides of the Atlantic. Understanding these nuances is crucial to navigate the complex world of financial regulation effectively.

Sam Tyfield is co-head of the Blockchain & Digital Assets at Shoosmiths. Sam’s background is in Corporate/M&A and he has been Chief Operating Officer and General Counsel of a high-frequency trading firm.

Disclaimer

This information is for educational purposes only and does not constitute legal advice. It is recommended that specific professional advice is sought before acting on any of the information given. © Shoosmiths LLP 2023.

, , , , , , , , , , , , ,

You may also like