<img alt="" src="https://secure.mean8sigh.com/214862.png" style="display:none;">
Arrow

The True Cost of Non-Compliance in the United States: Lessons Learned from Chief Compliance Officers in 2022

by
Amanda Brief, Marketing Director
The True Cost of Non-Compliance in the United States: Lessons Learned from Chief Compliance Officers in 2022

We’ve highlighted the top personal liability stories from this year and provided tips for how CCOs can take the appropriate measures to prevent these common mistakes and breaches from taking place within their company.

2022 marked a significant year for Chief Compliance Officers (CCO) in the United States as regulators put more emphasis on holding individuals accountable for non-compliance. Executives now risk being fined and serving jail time for failing to supervise the implementation and organization-wide adoption of policies and procedures. Back in September, US Deputy Attorney, General Lisa Monaco, announced changes to the Department of Justice’s (DOJ) corporate enforcement strategy, making it known that individual accountability is their top priority. As organizations adapted to a post-Covid workplace, new risks and economic uncertainty impacting budgets, hiring, and more, CCOs found themselves fearful of being held liable for compliance failures within their organization.

So what is the cost of not being compliant for CCOs as individuals?

We’ve highlighted the top personal liability stories from this year and provided tips for how CCOs can take the appropriate measures to prevent these common mistakes and breaches from taking place within their company.

1. Failure to oversee an AML Compliance Program

Back in February, Arnold Feist, the former Chief Compliance Officer at Interactive Brokers, was charged with failing to oversee the company’s anti-money laundering compliance program properly. The Financial Industry Regulatory Authority (FINRA) fined Feist $25,000 and banned him from working with any FINRA-regulated broker-dealer firm for two months. Included among the AML items that Feist mishandled over a five-year period was failure to  supervise the firm’s AML analysts or their managers and not evaluating the adequacy of the firm’s surveillance reports.

TIP: Identify the right technology to make your job easier

Many compliance teams are still relying on legacy tools and manual processes to fight AML threats. With the speed of the market and emerging risks, it’s important to find the right systems and technology to detect AML and implement policies that will ensure appropriate action is taken once threats and risks are identified. In our recent webcast, Dana Lawrence, Chief Compliance Officer at Fideseo, shared how to explain the value of compliance technology to your leadership team.

2. Failure to adopt and implement required written compliance policies and procedures.

In June, the US Securities and Exchange Commission (SEC) charged Hamilton Investment Counsel’s (HIC) Chief Compliance Officer, Jeffrey Kirkpatrick, with failing to implement the firm’s policies and procedures by not responding appropriately to the red flags surrounding HIC’s Investment Advisor’s outside business activities. In addition to charges brought against HIC and its Investment Advisor, Kirkpatrick agreed to a cease-and-desist order, a civil penalty of $15,000, and the imposition of a five-year limitation on his ability to act in a supervisory or compliance capacity with any broker, dealer, investment adviser, municipal securities dealer, municipal advisor, transfer agent, or nationally recognized statistical rating organization.

Tip: Achieve a state of continuous compliance awareness

It’s important to have a single source of truth to host your policies and procedures. Avoid the stressful process of collecting and organizing your documents when a compliance audit is approaching or when new regulations are published. With compliance technology like Clausematch, you can adequately prepare your company for an upcoming audit and prove to regulators that you have a mature compliance process.

3. Lack of a transparent Bring Your Own Device (BYOD) policy

While CCOs were less liable in this next compliance violation, we’d be remiss not to highlight the story of how sixteen of the largest financial institutions were fined a total of $1.8 billion for their failure to monitor how employees use personal devices for work-related purposes. The pandemic forced many businesses to operate remotely, in turn, opening a huge gap for confidential information passing through unauthorized channels that are harder to surveil. 

Given that the DOJ will now be carefully monitoring the actions of organizations to not only have policies but also to enforce them, CCOs need to ensure that not only do they have policies for these scenarios, but that the policies are actually followed by employees.

Tip: Make sure employees are aware that there is a BYOD policy in place

To address this concern, CCOs should provide adequate training to employees when a new policy is released and ensure they communicate any changes across multiple channels, so the staff fully understands what to do and the consequences of non-compliance. Here are some steps you should consider:

  • Announce the new policy on a company-wide call and record it for anyone who is unable to attend
  • Provide a banner on your company’s intranet to bring awareness to the new policy
  • Make sure that you have a streamlined process and platform to help you easily disseminate the new or updated policy across your organization and effectively track adherence
  • Review the changes of the policy with managers and ensure they disseminate this information to their teams, thus providing an outlet for employees to ask any questions or address any concerns.

Read more tips on implementing a BYOD policy here.

As we head into 2023, organizations will need to ensure they achieve a state of continuous compliance awareness and robust governance to avoid running into any liability issues, be them at a personal or corporate level. Having a modern, reliable platform, like Clausematch, to manage and host all types of compliance documents will help them meet regulatory obligations, mitigate liability, and cut compliance costs.

To learn more about Clausematch, click here.