February 16, 2022
Estimated reading time: 4 minutes
FINRA charges Compliance Officer: where does the buck stop for non-compliance?
The US’s Financial Industry Regulatory Authority (FINRA) has issued a compliance officer with a $25,000 fine and a two-month suspension after finding that he had failed to properly oversee his employer’s anti-money laundering program.
Arnold Feist was an anti-money laundering compliance officer at Interactive Brokers LLC between 2006 and 2018 (though he remained registered through the company until 2020). In his role, he was responsible for the company’s AML program.
Following investigations, FINRA found that between January 2013 and August 2018, while Feist presided as a compliance officer, Interactive Brokers had failed to meet regulatory expectations surrounding financial crime and AML. In particular, it found that Feist had failed to familiarise himself with the company’s day-to-day operations. Moreover, he had failed to properly supervise the broker dealer’s AML analysts, did not understand how the firm was running its AML program, failed to submit surveillance reports, and did not conduct sufficient monthly reviews. In fact, FINRA found that Feist “took no steps to investigate or address” the firm’s review processes around AML.
In a letter between FINRA and Feist, it was noted that despite having learned about the company’s AML program, Feist did not notice that it was not sufficient and that it was failing to detect and report suspicious activity. FINRA found that Feist was responsible for filing suspicious activity reports (SARs) but had failed to understand when it was necessary to do so.
Instead of taking against the broker-dealer as a whole, FINRA has held Feist personally liable for the failures. The fine does, however, follow broader enforcement action against Interactive Brokers in 2020, which also concerned AML failings.
Feist neither admits nor denies the failings but has agreed to the fine and the suspension.
This is the latest in a string of actions from US regulators against individuals. Of course, it is not unusual for FINRA to hold individual compliance officers to account, but it does raise broader questions around accountability, responsibility, and the upward trend of regulatory activity around both.
Over the past few years, there is no doubt that regulators are taking affirmative action, not only against non-compliant firms but the bad actors within.
What is particularly interesting in this case is that Feist appears to have laid dormant over a period of years – exposing Interactive Brokers to AML and financial crime risks. This was not an active case of proactive ill-will, but instead a lack of action and understanding. While it is true that Feist enabled non-compliance within his team, I cannot help but wonder how his carelessness went unnoticed for an extended period. In fact, it was not until Interactive Brokers was the subject of a 2020 enforcement action that Feist’s inaction was uncovered.
While FINRA’s letter does not directly depict Feist’s level of seniority, it is likely that Feist had a direct report, perhaps a manager or a member of the C-Suite. Surely then, if Feist was inactive in his role, whoever he reported to similarly failed to notice or question a lack of reporting and review coming out of the AML compliance team. This raises a wider question about where the buck stops – or rather where it should stop.
Conduct – whether it be good or bad – is often engrained within an organisation. It trickles from the top down. If employees are met with a top-down culture that enables bad practice, bad practice will occur. If, however, a company fosters a culture of good practice, responsibility, and accountability from the outset – the same will likely be the result.
FINRA’s action is not the first against compliance officers, nor will it be the last. But it carries with it a handful of potentially detrimental outcomes. How well will compliance officers operate if they work under the threat of being held individually accountable for failure? Will this lead to greater compliance, or encourage a culture of fear and a tendency to hide mistakes rather than come clean?
As an aside, it is striking that the UK’s Financial Conduct Authority (FCA) developed bespoke rules in the form of the Senior Managers and Certification Regime (SM&CR), which were created to hold individuals to account. However, despite this, in our Global Overview of Global Enforcement Trends Report, we found a distinct lack of individual accountability within UK financial services – with only 2 cases against individuals in 2021. Despite the absence of an accountability regime in the US we continue to see far more individual culpability than in the UK, which begs the question: is SM&CR working?