SEC's Grewal to Pursue a Culture of Proactive Compliance

<p>When a new year begins, it’s natural to
reflect on our direction and make improvements where we can. This doesn't just
apply to individuals, but organizations, too – it's a clean slate across the
board. As we enter 2024, the Director of the SEC’s Division of Enforcement,
Gurbir Grewal, is focused less on resolutions, and more an actual revolution. </p><p>Speaking at the New York City Bar Association
Compliance Institute in October 2023, he stated: “Public trust in our
institutions is faltering….but it is clear that we cannot reverse those
trends alone. We need your help to do so. We need to work together to create
what I call a culture of proactive compliance.”</p><p>Thankfully, Mr Grewal also revealed
guidelines for <a href="">compliance</a> staff and financial organizations to follow in order
to establish his desired principles. Here we unpick his vision, why he has
chosen now to be so candid, and how his guidelines can help the firms tasked
with making progress.</p><p>What Led to This?</p><p>Gurbir Grewal has occupied his role since July
26th, 2021. He recently revealed that <a href="">his
ambition was to enhance public trust in institutions</a>, and that he wished to ‘impose penalties
that would have a lasting impact across the industry’. </p><p>When analyzing Grewal’s comments at the
Compliance Institute, it’s important to consider the regulatory developments
that preceded them. During his speech, he refers to an erosion of public trust:
“No sector is immune to this trend … If the public doesn’t think the system is
fair … they are not going to invest their hard-earned money. This hurts all
those companies, professionals, and other market participants who are playing
by the rules and doing the right thing”</p><p>The elephant in the room here is undoubtedly
the <a href="">WhatsApp
fines</a> that have dominated the last couple of years, and that have prompted
intense (and very public) media scrutiny. Grewal is aware that this doesn’t
fill consumers with confidence, and so has made it very clear that for the sake
of market integrity, penalties must be applied across the board, and all bad
actors must be held accountable.</p><blockquote data-media-max-width="560"><p lang="en" dir="ltr">Bloomberg opinion columnist Aaron Brown discusses Wall Street brokerages paying fines in the SEC WhatsApp probe. He speaks with David Westin and Romaine Bostick on "Wall Street Week Daily" <a href=""></a> <a href=""></a></p>— Bloomberg TV (@BloombergTV) <a href="">October 2, 2023</a></blockquote><p>The regulator’s unwavering determination
sends a strong message. Firstly, fairness, with no concessions made to culpable
firms, whether large or small. Secondly, it demonstrates that Grewal’s vision
isn’t a flavor of the month box-ticking exercise, but a real shift in mindset
and behavior that will promote the right decisions being made naturally rather
than in a prescriptive manner. It’s not a quick fix, but a long-term solution
to an age-old problem, coaxing people to ‘do the right thing’ rather than what
they can get away with.</p><p>Stuck in the Middle</p><p>During his speech, Grewal also clarified when
CCOs would be held accountable for their actions, and charges would be filed
against them. This would happen…</p><p>·
compliance personnel affirmatively participated in misconduct unrelated to the
compliance function;</p><p>·
where they
misled regulators; and</p><p>·
where there was
a wholesale failure by them to carry out their compliance responsibilities.</p><p>CCOs were also reassured that the SEC “does
not second-guess good faith judgments of compliance personnel made after
reasonable inquiry and analysis”. He appears to acknowledge that
compliance is a difficult profession – they're tasked with enforcing measures
set out by regulators while enabling their companies to flourish, and so give
and take on either side will always be tested. </p><p>It’s helpful for Grewal to clarify exactly
where compliance professionals stand, and what actions will trigger the SEC to
act against them. He is clearly sympathetic to the challenging nature of their
responsibilities, but needs to convey that a role in compliance is not a
get-out-of-jail-free card.</p><p>The Three E’s</p><p>Grewal has shared ‘three E’s’ for firms to
adhere to in order to enable a culture of proactive compliance.</p><p>Education – This entails proactively keeping on top of
new legislation, regulatory enforcement, and cultural developments that may
have an influence on proceedings – the impact of <a href="">artificial intelligence (AI</a>),
for example. By issuing fines publicly and vehemently, Grewal insists that the
SEC is doing its bit in contributing to this education.</p><p>Engagement – Only by engaging with personnel across
organizations can CCO’s learn about their ‘activities, strategies, risks’. This
is vital to accurately assess the compliance gaps in an organization, and where
improvements can be made and processes changed. Engaging with staff also builds
trust and accountability.</p><p>Execution – It's all well and good having written procedures in place – you need to
follow them if you want to enact meaningful change. In the case of the WhatsApp
fines, relevant policies were formalized but largely ignored, and firms were
eventually held accountable for their misconduct. </p><p>As Grewal
explains, “through leadership, training, constant oversight and the right tone
at the top, you need to ensure that the policies are actually implemented and
followed. That’s what proactive compliance requires.”</p><p>The Buffer Period</p><p>An interesting thing to consider is that with
the proliferation of digital channels and developments in technology,
regulators take time to catch up with consumer behavior. They need to be very
precise with the rules they enforce, and so cannot dive headfirst into issues
as they emerge.</p><p>That is what has happened with WhatsApp, and
while many companies were flagrantly breaching record-keeping regulations, you could also argue that the SEC’s
inaction on the matter lulled firms into a false sense of security, resulting
in complacency. It’s clear that having looked the other way for some time, the
regulator has now drawn a line in the sand.</p><p>This perfectly exemplifies the value of
proactive compliance; businesses have a headstart on regulators, and just
because something is not yet explicitly prohibited, that doesn’t make it a
loophole. After all, who knows what the next WhatsApp will be? It’s safest for
firms to ‘do the right thing’ and apply fundamental principles to modern technology, or it could cost them, financially
and reputationally. </p><p>By acknowledging the difficult space
compliance personnel occupy and applying some common sense to proceedings,
Grewal may well have recruited more supporters within the compliance sector.
Those individuals need support themselves, and with the right systems in place
(<a href="">growing
dependence on RegTech platforms is anticipated in 2024</a>), they'll be better equipped to
manage a snowballing workload and adhere to his guidelines. This will make a
difference, and help realize his vision; to build a proactive culture that
regulators and compliance personnel can both buy into, together.</p>

This article was written by Louis Parks at

Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *