A family office was censured and fined for failing to implement procedures to prevent the misuse of material nonpublic information. The firm’s business model involved buying small cap stocks and conducting research through contact with insiders and investment bankers. Because it frequently obtained material nonpublic information, the firm’s policies required the Chief Compliance Officer to maintain a restricted list of companies in which neither the firm nor its covered persons could invest. The SEC asserts that the CCO did not maintain or timely update a restricted list, relying instead on ad hoc communications and changes to the order management system. The SEC also faults the firm for relying solely on the CCO because nobody communicated restrictions when he was not in the office or failed to communicate. Additionally, the SEC faults the firm because it relied on insiders reporting potential restricted securities rather than implementing a monitoring system. The firm’s owner, founder and managing member owned 60% of the firm’s assets under management.
Compliance is a series of procedures and processes, not a person. Just because your policies designate a person responsible doesn’t mean you have satisfied your compliance obligation to implement reasonable policies. It is also notable that the SEC fined this firm for weak policies even though it did not allege that the firm or its principal actually engaged in insider trading.