Ronald Rollins, CCO of Comprehensive Capital Management (CCM) and of an affiliated broker-dealer, agreed to a settlement with the SEC pursuant to allegations that Rollins failed to supervise and implement compliance policies and procedures thereby aiding and abetting violations of the Investment Advisers Act of 1940 and the Securities Exchange Act of 1934. Most notably, Rollins failed to implement a custody policy, a policy requiring daily review of transactions, an e-mail policy, and an office audit policy. On July 29, 2013, Rollins agreed to a 12-month ban from working in the financial industry and a 3-year ban from associating in a supervisory capacity with a financial institution. This indicates the importance the SEC places on a CCO’s supervisory responsibility such that, even without malicious intent, failure to reasonably supervise and to implement appropriate policies and procedures will be aggressively pursued.
The predicating circumstances centered on Timothy Roth, a registered representative of the broker-dealer. Roth misappropriated over $16 million of client funds. He accomplished this by setting up an account (Custody Account) over which he had custody at CCM’s clearing broker-dealer which was also the custodian of CCM’s clients’ assets.
The settlement highlights the SEC’s stance that ultimate supervisory responsibility lies with the CCO especially where a CCO, with proper due diligence, could have detected violations of applicable law and the firm’s policies and procedures. Rollins was aware of the Custody Account, correctly identified Roth as having custody of client funds in 2003, and notified Roth that maintaining custody of client assets violated CCM policies. Thereafter, Rollins did not investigate the matter further though Rollins had access to information on which he could have concluded that Roth had constructive custody of client funds. The SEC asserted that Rollins should have investigated to ensure steps were taken to remedy custody or to put in place proper procedures to accommodate custody (e.g., independent verifications); instead Rollins relied on associated persons to self-report.
The SEC went on to assert that Rollins failed to implement CCM’s policy to conduct a daily review of transactions. While not necessarily required, the SEC claimed that omitting such review represented a failure to implement stated policies and would have served to put Rollins on notice of Roth’s suspicious activity. Third, the SEC asserted that Rollins failed to enforce an e-mail policy requiring all work-related e-mails be sent through company e-mail. Rollins himself communicated with Roth through Roth’s personal e-mail address. Finally, the SEC accused Rollins of failing to conduct annual audits of all supervised persons. While documented, the SEC found these audits were “perfunctory and were not designed to prevent or detect fraud.”
CCOs should be aware that the SEC will pursue circumstances where, without malicious intent, a CCO fails to catch a supervised person’s violation of policies and procedures. Equally egregious are those instances where policies and procedures are codified and not followed or not followed effectively. As such, it is important to review any policies and procedures to be sure they reflect actual practices and address identified problem areas or concerns.