Yvonne I. Pytlik is a Managing Partner at GlobalCompliance Risk Management Corporation(GlobalRMC) in New York City. GlobalRMC, astrategic advisory and compliance risk manage-ment firm, focuses on Enterprise RiskManagement principles, governance techniquesand cutting-edge compliance solutions. Yvonneis a senior executive and one of the industry’smost highly regarded strategists in compliancerisk management and corporate governance forfinancial institutions. As a global head of riskmanagement at Deutsche Bank AG, she devel-oped and implemented global risk managementand governance oversight in the Americas,Europe and Asia-Pacific regions. She is a com-pliance subject-matter expert in CCO regula-tions for global asset managers.

Jennifer S. Myers is a Managing Partner atGlobalRMC. She is a senior compliance and riskmanagement lawyer who provides analysis andstrategic advice to financial institutions andasset managers on regulatory compliance, riskmanagement, and corporate governance issues.She began her career at the New York City officeof Shearman & Sterling. Jennifer holds a JDdegree from Harvard Law School and a BA fromYale University.

ABSTRACT

2010 presents a historical moment to define thepath forward to the ‘future of enterprise risk

management and mitigation strategies’ ofincreasing compliance risk for asset managers.1–4

The recent financial crises and cases of materialcompliance violations, Ponzi schemes, fraudulentactivities, misappropriation of investors’ assetsand collapse of major financial firms have hadsignificant, harmful impact on investors andshareholders. Serious compliance violations, suchas insider trading, have proven to be self-destruc-tive to asset managers. No one is immune tothese trends. ‘Enterprise Risk Management —2010 and Beyond Forward Looking Approachby Asset Managers’ is a series of papers dedi-cated to regulatory developments and industrybest practices in the enterprise risk managementwith a focus on ‘compliance risk: a critical busi-ness risk for asset managers’.

Keywords: risk management, compli-ance, compliance risk, governance,chief compliance officer, SEC, FINRA,FED, FDIC, FSA

INTRODUCTIONThe most recent financial crisis and majoroverhaul of financial ser vices regulations arecausing asset managers to challenge theirenterprise risk management infrastructure,governance, methodologies, stand ards andprocesses to further improve their risk man-agement efforts. 2010 is a historical

Journal of Securities Law, Regulation & Compliance Volume 3 Number 2

Page 180

Journal of Securities Law,Regulation & ComplianceVol. 3 No. 2, pp. 180–189� Henry Stewart Publications,1758–0013

Compliance risk: A critical business riskfor asset managers

Yvonne I. Pytlik* and Jennifer S. Myers**Received (in revised form): 25th February, 2010*Global Compliance Risk Management Corporation, 245 Park Avenue, 24th Floor, New York, NY 10022, USA. Tel: +1 781 835 8360; E-mail: ypytlik@GlobalRMC.com**Global Compliance Risk Management Corporation, 245 Park Avenue, 24th Floor, New York, NY 10022, USA.E-mail: jmyers@GlobalRMC.com

Pytlik:JSC page.qxd 26/04/2010 13:56 Page 180

moment to define the path forward to the‘future of enterprise risk management’ andmitigation strategies of increasing compli-ance risk for asset managers.

The recent array of material compli-ance violations, Ponzi schemes and fraud-ulent activities,5 misappropriation ofinvestors’ assets and collapse of majorfinancial institutions have had significant,harmful impact on investors and share-holders.6

Compliance is becoming a critical ele-ment of an overall enterprise risk manage-ment framework. Leading asset managersare taking a proactive and comprehensiveapproach in identifying emerging risks,such as compliance and business risks.Compliance risk is expected to increaseeven further due to re-assessing post-crisiseconomic conditions, increasing complex-ity of business offerings, global businessexpansions combined with increasingcomplexity of the regulatory landscape,cross-jurisdictional regulations and theimposition of higher compliance standardsby regulators and investors.

The challenge for most asset managers isto effectively manage enterprise and com-pliance risks, find efficiency in the way thatrisk management protects and creates thegreatest value for asset managers, investorsand shareholders by balancing risk, costand value across the enterprise. Asset man-agers who effectively address this challengewill not only protect their firm by creatingsustainable values, but will also outperformtheir competitors.

2010 REGULATORY FOCUS Regulators are urging board members andsenior managers to be more proactive insetting risk ‘appetite’ for financial institu-tions, establish effective risk governanceoversight and compliance programmes,and in setting and maintaining a stated tol-erance for risk. Enterprise Risk

Management is a critical strategic andbusiness decision-making framework foridentifying, monitoring and managing riskacross the whole organisation.

The recent financial crisis and materialcompliance violations, in many cases,resulted from inadequate risk managementfunctions and weaknesses in compliancegovernance leading to business risks. Theserisks directly resulted in reputationaldamage for asset managers, a collapse offinancial institutions and significant capitallosses for investors and shareholders.

In her 2010 Testimony Concerning theState of the Financial Crisis, US Securitiesand Exchange Commission (SEC)Chairman Mary L. Schapiro highlightedthe primary causes of the financial crisisrelated to risk management:7

• A siloed financial regulatory frameworkthat lacked the ability to monitor andreduce risks across entities and markets.

• Insufficient risk management and riskoversight by boards and management.

• Perverse incentives and asymmetriccompensation arrangements thatencouraged significant risk-taking.

• A widespread view that markets werealmost always self-correcting resulted inweaker standards and regulatory gaps.

• The proliferation of complex financialproducts that was not fully transparent.

The SEC and other regulatory agencieswill continue to address legal and regula-tory gaps that came to light during therecent crises thus helping policymakers tobuild better regulatory oversight acrossfinancial services industry.

COMPLIANCE RISK IS EMERGING ASCRITICAL BUSINESS RISKEnterprise Risk Management with com-pliance as a critical component to mitigatebusiness risk is a forward-looking

Page 181

Pytlik and Myers

Pytlik:JSC page.qxd 26/04/2010 13:56 Page 181

approach that regulators will enforce andpro-active asset management embracegoing forward to protect their firms,investors and shareholders.8–10

Regulators and leading asset manage-ment firms strive to improve their riskmanagement efforts and aspire towards theintegration of risk management infrastruc-ture, methodologies and standards withcompliance as a critical component of a‘single view of risk’ across the organisation.

The US Federal Reserve BoardChairman Ben S. Bernake has explicitlystated that ‘policy makers must insist thatthe large financial firms be capable of mon-itoring and managing their risk in a timelymanner and on an enterprise-wide basis’.

In October 2009, a group of seniorfinancial supervisors from five majornations reported that financial firms stillneed ‘full and ongoing commitment torisk control by management, as well asdedication of considerable resourcestoward developing the necessary informa-tion technology infrastructure’ to imple-ment the best practices for pro-active riskmanagement in their firms.11

President Obama’s ‘FinancialRegulatory Reform’ and other regulatoryinitiatives currently before the US Senate,also impose higher regulatory standardsand implies best practices that will guidethe financial services industry in imple-menting effective risk management andcompliance programmes. This new regula-tory framework clearly positionsEnterprise Risk Management as the bestpractice for financial institutions to recali-brate in a post-crisis global financialsystem.12

COMPLIANCE VIOLATIONS AREDETRIMENTAL TO ASSETMANAGERSAs economic turmoil leads to compliancerisk, reputational damage and eventually to

business risk, equally, material complianceviolations lead to serious consequences forasset managers, which in turn, becomebusiness risk.13

The recent cases of insider trading,Ponzi schemes, fraud and other compli-ance violations have had a tremendousimpact on the industry. Serious compli-ance violations impact investors, share-holders and are self-destructive to assetmanagers themselves. No one is immuneto these trends.14

As the recent demise of GalleonManagement LP clearly shows, one of themost significant business risks that assetmanagers face today is compliance risk.Perhaps, a better word might be ‘vaporisa-tion’ — in the face of parallel civil andcriminal cases brought by the SEC againstGalleon, the former high-flying hedgefund went out of business in a matter ofdays.

As Robert Khuzami, Director of theSEC’s Division of Enforcement,15 point-edly stated in announcing the Galleonindictments: ‘We [SEC] are developing avariety of initiatives to do that involvegreater specialisation and expertise,improved technological tools to track andanalyse trading, better coordinationamong regulators and law enforcement,new legis lative initiatives, and othermeans to address these areas. It would bewise for investment advisers and corpo-rate executives to closely look at today’scase, their own internal operations, andthe increasing focus and scrutiny onhedge fund trading activity by the SECand others, and consider what lessons canbe learned and applied to their ownoperations.’16

REGULATORY ENFORCEMENTRegulatory agencies clearly will enforcenon-compliance and vigorously prosecutefirms for violations. The SEC has histori-

Compliance risk: A critical business risk for asset managers

Page 182

Pytlik:JSC page.qxd 26/04/2010 13:56 Page 182

cally combated fraud in the financial mar-kets as one of its key missions.17

From fiscal year (FY) 2007 through FY2009, the SEC opened 2,610 investiga-tions and brought 1,991 cases charging avariety of securities laws violations includ-ing, and beyond, those related to the causesof the financial crisis.18 Major recent regu-latory enforcement actions include:

• October 2009, Galleon Group founderis arrested along with five others forUS$20m insider trading scheme involv-ing IBM, Intel and McKinsey;

• December 2008, Bernard L. Madoff,who is currently serving a 150-yearsentence in federal prison, orchestrateda multi-billion dollar Ponzi scheme thatswindled money from thousands ofinvestors;

• September 2009, the SEC accuses RezaSaleh for making US$8.6m in illegalprofit, which he agreed to return in set-tlement with the SEC;

• February 2008, Hong Kong banker andtwo others paid 24 million US Dollarsto settle civil charges.

Even aside from the Galleon and Madoffcases, this is a critical moment for assetmanagers to reassess their compliance riskmanagement programmes. Both Congressand the SEC have identified a need formore rigorous risk management practicesfor the financial institutions, and hedgefund regulation as key goals of an ambitiousfinancial regulatory reform programme.

REGULATORY REFORMSThe SEC’s enforcement initiatives to datein 2010 reflect the broader scope of thepending regulatory reform. The SEC con-siders much more aggressive enforcementa ‘vital part of risk management and crisisavoidance’ to restore investor confidenceand hold market participants accountable.

In her testimony concerning the stateof the financial crisis, SEC ChairmanMary L. Schapiro stated: ‘Consistent andvigorous enforcement is a vital part of riskmanagement and crisis avoidance — par-ticularly in times and areas of substantialfinancial innovation’ highlighting majorfuture regulatory initiatives:19

• The vital importance that vigorousenforcement of existing laws and regu-lations plays in the fair and proper func-tioning of financial markets.

• Vigorous enforcement is essential torestoring and maintaining investor con-fidence.

• Through aggressive and even-handedenforcement, we deter others fromengaging in wrongdoing.

• Enforcement agencies should continueto work together to address financialcrimes.

• Large financial crimes can often involvemultiple jurisdictions and legal frame-works making it essential for differentagencies to work closely together.

LEADING ERM AND COMPLIANCEINDUSTRY BEST PRACTICESLooking forward, a ‘single view across theorganisation towards the future of enter-prise risk management’ becomes a neces-sary response to the evolution of risk.20–22

Enterprise Risk Management practicesthat ‘demonstrated a comprehensiveapproach to viewing firm-wide exposuresand risks’ were cited by the SeniorSupervisory Group as differentiating fac-tors to more effectively mitigate overallbusiness risks.

Enterprise Risk Management, a firm-wide integrated risk managementapproach allows financial firms to analysecurrent, evolving and emerging risksacross the whole firm. Compliance andregulatory risk management is a vital

Page 183

Pytlik and Myers

Pytlik:JSC page.qxd 26/04/2010 13:56 Page 183

component to prevent compliance viola-tions thus to mitigate significant businessrisk to financial firms, banks, hedge funds,and asset managers.

This is a critical moment for asset man-agers to reassess their compliance riskmanagement programmes and take muchmore proactive actions to address compli-ance risk as a critical business risk.

There are several areas where proactiveasset managers may protect their firms andinvestors: first and foremost, having asingle view across the organisation andtruly identifying in a systematic andmethodological way the highest risk acrossthe organisation. One of these risks isinsider trading which should be on theagenda for boards and senior managementand executive committees.23

COMPLIANCE RISK MITIGATIONSTRATEGIESAs an integral part of an enterprise riskmanagement strategy, financial firmsshould be looking at their internal envi-ronments and achieving a greater under-standing as to how compliance violationscan be prevented, monitored and resolvedin a timely manner.

Having a strong governance, escalationprocess and remediation strategy is criticalin mitigating compliance and businessrisks. From that perspective, asset managersneed strong methodologies and standards.

The second area to be evaluated in lightof insider trading and other serious com-pliance violations is companies’ complianceprogrammes across the organisation. Whattypes of policies are in place to addressserious compliance violations, includinginsider trading and other critical regulatoryrules and laws? What kinds of proceduresand control infrastructure are in place onthe business side, and what supervision is inplace to effectively identify insider tradingand serious compliance violations?24

The compliance programme shouldgenerate a comprehensive and timelyreport for senior management and govern -ance boards that provides current industry‘hot topics’, emerging regulatory, businessstrategic, operational, financial, and marketrisks. Both qualitative and quantitativemeasures of internal controls’ effectivenessand mitigation strategies of high risks foreach business and compliance unit shouldbe an integral part of corporate risk gover-nance and oversight.

CORPORATE RISK GOVERNANCEIn December 2009, the SEC adopted ruleamendments that will significantlyimprove disclosure in the key areas of risk,compensation, corporate governance anddirector qualifications, including:

• Management and Boards of Directorsto be more accountable. The quality ofa board’s oversight of risk managementcan make an enormous difference inour economy, and particularly in finan-cial markets.

• A fundamental concept underlying cor-porate law is that a company’s board ofdirectors, while charged with oversightof the company, is accountable to itsshareholders, who in turn have thepower to elect the board.

• Thus, boards are accountable to share-holders for their decisions concerning,among other things, executive pay, andfor their oversight of the companies’management and operations, includingthe risks that companies undertake.

• Enhanced disclosure about the deci-sions and performance of directors willhelp shareholders make informed deci-sions about the election of directors.

• Short-term compensation incentivescan drive long-term risk. Anotherlesson learned from the crisis is thatthere can be a direct relationship

Compliance risk: A critical business risk for asset managers

Page 184

Pytlik:JSC page.qxd 26/04/2010 13:56 Page 184

between compensation arrangementsand corporate risk taking.

• Financial institutions created asymmet-ric compensation packages that paidemployees enormous sums for short-term success, even if these same deci-sions result in significant long-termlosses or failure for investors and tax-payers.25

FIDUCIARY RESPONSIBILITIESIn addition, the SEC is focusing on assetmanagers’ fiduciary standard of conduct aspart of a heightened regulatory regimewhen providing services to theirclients:26–28

• Regulation should be rationalised forbroker-dealers and investment advisers,particularly with respect to the servicesthey provide to retail investors.

• Investment advisers are fiduciaries totheir clients with a fundamental obliga-tion to act in the best interests of clientsand to provide investment advice inclients’ best interests.

• They have a duty of undivided loyaltyand utmost good faith and must notengage in any activity in conflict withthe interest of any client.

• Fiduciary obligations mandate reason-able care to avoid misleading clients andto provide full and fair disclosure of allmaterial facts to clients and prospectiveclients, including conflicts of interests.Generally, facts are ‘material’ if a reason-able investor would consider them to beimportant.

• Departure from fiduciary standards mayconstitute ‘fraud’.

Registered investment companies andregistered investment advisers must haveeffective compliance programmes29 toprevent, detect and promptly correct com-pliance violations.

The Chief Compliance Officer shouldbe empowered with full responsibility andauthority to develop and enforce appro-priate policies and procedures for the firm.

GUIDING PRINCIPLES FORCOMPLIANCE RISK MANAGEMENTAccording to the SEC Rules, a compli-ance programme should be reasonablydesigned to ensure compliance with fed-eral securities laws, including the follow-ing key components:30–35

• Corporate governance with clearlydefined accountabilities and responsibil-ities for compliance programme;

• ‘Tone at the Top’ and a strong compli-ance culture should be establishedthrough senior management commit-ment and partnership with compliance;

• Enterprise risk assessment and manage-ment to properly identify systematicrisks and mitigation strategies across anorganisation;

• Appropriate oversight committees as aforum for the business to raise its con-cerns with Compliance and Legalshould be in place and meet regularly;

• A high awareness level of complianceissues, including developing regulatorytrends, should be established;

• A risk assessment methodology andrisk-based compliance programme,including compliance audits, reviewsand testing, and service provider over-sight should be in place;

• A ‘global view’ on compliance andregu latory requirements should beextended to encompass all relevantbusiness activities and regions globally.

BUILDING AN EFFECTIVECOMPLIANCE PROGRAMMEThe Chief Compliance Officer shouldhave a position of sufficient seniority and

Page 185

Pytlik and Myers

Pytlik:JSC page.qxd 26/04/2010 13:56 Page 185

authority within the organisation tocompel others to adhere to the compli-ance policies and procedures:36–38

• Written compliance policies and proc -edures should be reasonably designedand implemented to prevent, detect andpromptly correct any violation of thefederal securities laws.

• Comprehensive compliance monitor-ing, surveillance programmes and foren-sic testing over regulatory requirementsshould be established.

• Training should be regularly providedby Compliance and Legal to businesspersonnel so they are aware of and mayproperly supervise compliance withregulatory requirements.

• Regular management reporting ofstanding compliance/legal issues andopen audit points should be in place toensure accountability and expedientresolution of compliance issues.

• Open communication and escalation ofcompliance matters and issues to invest-ment company boards should be estab-lished.

• Compliance issues should be effectivelyresolved and business groups shouldtake responsibility for addressing areasidentified for improvement.

COMPLIANCE RISK ASSESSMENTMETHODOLOGYA compliance risk assessment is an integralpart of a compliance programme, guidingthe allocation of compliance resources,assisting in the development of compli-ance monitoring surveillance programmes,and testing activities for those areas thatpose the greatest potential risks to assetmanagers and their clients.

Because regulatory, economic, industryand operating conditions will continue tochange, regulatory and market risk moni-toring should be built into the risk assess-

ment methodology to ensure that theidentification and evaluation of compli-ance risks is a proactive and dynamicprocess.

Asset managers should consider estab-lishing a disciplined compliance riskassessment methodology for identifying,measuring and mitigating compliancerisks.

ANNUAL RISK-BASED REVIEW ANDTESTING PROGRAMMEThe review and testing programme is arobust process to validate key infrastruc-ture supporting the compliance pro-gramme requirements in place, to identifypotential conflicts of interest within theorganisation and to identify compliancerisk ‘trigger events’. The review and test-ing programme should encompass anevalu ation of the adequacy of the policiesand procedures and an assessment of theeffectiveness of their implementation,supervisory controls, existence and evi-dence of supervision, training and moni-toring programmes by asset managers inconnection with complying with federalsecurities laws.

COMPLIANCE AND SURVEILLANCEMONITORING, FORENSIC TESTINGAsset managers should have a comprehen-sive on going compliance programme formonitoring, surveillance and testing ofbusiness activities to prevent, detect andpromptly correct violations of federalsecurities laws.

A comprehensive compliance pro-gramme should monitor the following keyregulations:

• Insider trading and Chinese walls, con-flicts of interests, portfolio management— investment guidelines and restric-tions monitoring;

Compliance risk: A critical business risk for asset managers

Page 186

Pytlik:JSC page.qxd 26/04/2010 13:56 Page 186

• Portfolio trading monitoring, cross-trade activity, trade allocation andbunching, trading with affiliates, softdollars, insider trading, and personaltrading monitoring;

• Gifts and entertainment monitoring;• Code of Ethics, proxy voting, conflicts

of interests; sales practices, licensing andregistration, disclosures, marketingmaterials review;

• Anti-money laundering review andmonitoring.

An asset manager’s goal should be todevelop and implement system-basedcompliance monitoring, surveillance pro-grammes and forensic testing with a max-imum level of automation.

CORPORATE OVERSIGHT ANDESCALATION REPORTINGThe compliance programme should gen-erate a comprehensive and timely reportfor senior management and investmentgovernance boards. These reports typicallyprovide current industry ‘hot topics’ andemerging enterprise-wide risks, including:business strategic, regulatory compliance,operational, financial, credit and marketrisks. The qualitative and quantitativemeasurements of internal controls effec-tiveness and mitigation strategies of highrisks should encompass each business andcompliance unit across an organisation.

FORWARD-LOOKING RISKMANAGEMENT AND COMPLIANCEThe current economic and business envi-ronment is forcing a fundamental changein the regulatory landscape, organisationalculture, corporate governance and compli-ance oversight of asset managers, and ismoving the industry towards a holisticview of enterprise risk management.39–41

The choice facing asset managers is not

whether to implement these changes butwhat approach to take in implementingthem. As the business and regulatory envi-ronment continues to evolve, asset man-agers that succeed will be those that candemonstrate the ability to drive businessperformance and achieve regulatory com-pliance by strategically aligning risk man-agement and business strategies.

One central mechanism for reducingsystemic risk and pro-actively manageavoiding future crises as well as achievingregulatory compliance is to ensure thesame rules apply to economically equiva-lent asset managers globally. Asset managersshould ensure that risk for similar productsand asset classes are mitigated similarly.

CONCLUSIONEnterprise risk management is set to be onregulatory authorities, boards, investors,shareholders and asset managers’ agendasfor some time to come. As asset managersseek the right enterprise risk managementapproaches, there is a clear need in thefinancial services industry for more proac-tive, leading practice toward the ‘future ofenterprise risk management’. A strategicenterprise risk management approach canhelp asset managers to navigate anddevelop a more forward-looking approachto effectively manage increasing compli-ance risk as a critical business risk.

An effective compliance programmeacross the organisation is a critical compo-nent of business stability and success.

References(1) Schapiro, M. L. (2010) ‘Testimony

Concerning the State of the FinancialCrisis’, SEC, Before the Financial CrisisInquiry Commission, 14th January,http://www.sec.gov/news/testimony/2010/ts011410mls.htm.Of the 1,991 cases, 519 (over 26 per

Page 187

Pytlik and Myers

Pytlik:JSC page.qxd 26/04/2010 13:56 Page 187

cent) involved financial fraud or publiccompany reporting violations; 511 (over25 per cent) involved fraud or othermisconduct by broker-dealers,investment advisers, or transfer agents;330 (over 16 per cent) involvedfraudulent or unregistered offerings; and272 (over 13 per cent) involved insidertrading or market manipulation. Othertraditional programme areas includedelinquent filings and municipalofferings. As part of these cases, the SEChas sued among others, publiccompanies, corporate officers, auditorsand audit firms, attorneys,broker-dealers, investment advisers, andself-regulatory organisations under theSEC’s purview.

(2) Khuzami, R. (2009), Speech by SECStaff: Remarks at Press Conference, SECDivision of Enforcement, SEC, 16thOctober. http://www.sec.gov/news/speech/2009/spch101609rk.htm.

(3) Rodier, M. ‘Insider Trading — CanInsider Trading Be Stopped’, Wall Streetand Technology. In what has beentermed the biggest insider trading ringin a generation, the SEC recentlybrought cases against the founder of theGalleon Group hedge fund and formerdirectors at a Bear Stearns hedge fund.In a series of interviews, Senior EditorMelanie Rodier spoke with Larry Tabb,founder and CEO of TABB Group, andYvonne Pytlik, managing partner, GlobalCompliance Risk Management Corp.,about what processes and technologyfinancial firms can use to stop insidertrading. http://www.globalcompliancerisk.com/index.php/news.

(4) President’s Obama ‘Financial RegulatoryReform’ and the US Regulators arefurther imposing higher regulatorystandards and best practices to guide‘Financial Services Industry inimplementing Risk Management andCompliance Programs’. PresidentObama’s Plan for Financial RegulatoryReform. See generally, Draft of theRestoring American Financial StabilityAct, as introduced to the US Senate on

15th March, 2010, and predecessor drafts.(5) See ref. 3.(6) Ibid.(7) See ref. 1.(8) Ibid.(9) See ref. 2.

(10) See ref. 3.(11) October 2009, Senior Supervisors Group

issued the ‘Risk Management Lessonsfrom the Global Banking Crisis of2008’, which concludes that there arefour risk practices critical to achieve abalance of the effective enterprise riskmanagement and banks performance inthe financial crisis: Effective firm-widerisk identification and analysis;Consistent application of independentand rigorous valuation practices acrossthe firm; Effective management offunding liquidity, capital, and the balancesheet; and Informative and responsiverisk measurement and managementreporting, http://www.sec.gov/news/press/2009/report102109.pdf.

(12) See ref. 4.(13) See ref. 3.(14) Ibid.(15) See ref. 2.(16) Ibid.(17) Litigation Release No. 21407/4th

February, 2010. Securities and ExchangeCommission v. Bank of AmericaCorporation, Civil Action Nos. 09-6829,10-0215 (S.D.N.Y). Bank Of AmericaAgrees to Pay US$150m to Settle SECCharges. SEC Charges State Street for‘Misleading Investors About SubprimeMortgage Investments’. Boston-BasedFirm to Settle Charges by RepayingFund Investors More Than US$300m.‘The Securities and ExchangeCommission today chargedBoston-based State Street Bank andTrust Company with misleading itsinvestors about their exposure tosubprime investments while selectivelydisclosing more complete information tospecific investors’, http://www.sec.gov/litigation/litreleases/2010/lr21407.htm.

(18) See ref. 2.(19) See ref. 1.

Compliance risk: A critical business risk for asset managers

Page 188

Pytlik:JSC page.qxd 26/04/2010 13:56 Page 188

Page 189

Pytlik and Myers

(20) Ibid.(21) See ref. 2.(22) See ref. 3.(23) Ibid.(24) Ibid.(25) President’s Working Group on Financial

Markets (PWG) (2008) The AssetManagement Committee (‘AMC’)released best practices for Hedge FundIndustry (‘AMC Report’),http://amaicmte.org/Public/AMC%20Report%20-%20Final.pdf.

(26) Managed Funds Association (2009),‘Sound Practices for Hedge Funds’,released 31st March, http://www.managedfunds.org/mfas-sound-practices-for-hedge-fund-managers.asp.

(27) See ref. 25.(28) President’s Working Group on Financial

Markets (PWG) (2008) InvestorsCommittee (‘IC Report’) issued

Principles and Practices for Hedge FundInvestors, http://amaicmte.org/Public/Investors%20Report%20-%20Final.pdf.

(29) ‘2010 and Beyond — Chief ComplianceOfficer Compliance Programme’ —New Regulatory Requirements andBest Practices, http://www.globalcompliancerisk.com/pdfs/PytlikAuthorSeptember2009F.pdf.

(30) See ref. 1.(31) See ref. 2.(32) See ref. 3.(33) See ref. 26.(34) See ref. 25.(35) See ref. 28.(36) See ref. 1.(37) See ref. 2.(38) See ref. 3.(39) See ref. 1.(40) See ref. 2.(41) See ref. 3.

Pytlik:JSC page.qxd 26/04/2010 13:56 Page 189