Article originally published in Law360.com.
Private equity and hedge fund firms are under greater compliance scrutiny and, as a result, increased regulatory and legal exposure. The responsibilities of board members are not limited to investment performance monitoring. Regulators are now moving up the corporate ladder to identify wrongdoing. That means bringing actions against people who did not think they could be held accountable.
Understanding the risks of noncompliance extends far beyond the period when due diligence for an investment is conducted. Hedge funds and private equity funds are learning this lesson the hard way: With authority comes responsibility, and authority is not limited to a formal management title. Key for fund board members, and fund managers, in this new regulatory regime is knowing how to prevent being subject to an enforcement action. Ensuring that the firm remains compliant also supports deal flow and helps protect relationships with limited partner investors, in addition to guarding against reputational and financial damages.
What this means is understanding that a board member will have to take on the same responsibilities as those managing the fund and can be held liable for noncompliance. Moreover, the fund will have to ensure that the compliance program in place works, that it is adequately funded, and that the red flags can be detected and investigated properly.
This issue is not limited to the United States. Major global investment firms are also taking note. Norges Bank Investment Management, which manages the Norwegian Sovereign Wealth Fund, the world’s largest sovereign fund, has adopted a strict anti-corruption policy on all of its investments, setting clear standards that portfolio company boards must meet.
Those requirements include establishing a clear policy on anti-corruption that includes a comprehensive corruption risk assessment, conducting due diligence on all third-party relationships, and making these policies publicly known.
These are shifts that private equity firms are also facing in the U.S. Take the case of Patient Care America, a compounding pharmacy. In February, the U.S. Department of Justice filed a False Claims Act complaint against both Patient Care America and its private equity investor, Riordan Lewis & Haden. In the complaint, the DOJ alleged that Riordan used an unlawful strategy to increase its profits, which included alleged kickbacks. To add fuel to the fire, Riordan had a controlling interest in Patient Care America, making the private equity firm even more vulnerable to government action.
There are similar examples on the regulatory front. What would appear to be a clerical requirement for a private equity manager, submitting basic informational forms, is, in fact, being looked at carefully by the U.S. Securities and Exchange Commission.
In a recent proposal, the SEC also made its view clear that senior management is accountable for the effective implementation of the compliance program with the mandate that the chief executive officer and the board of directors review the program.
Going Beyond Due Diligence
Conducting buyout due diligence is one thing and maintaining a robust compliance risk assessment program afterward is something different. Every buyout deal includes a compliance review of the target company. What’s crucial, though, is ongoing compliance risk monitoring done during the life of the investment in the portfolio, which can typically run from five to seven years. A lot can happen on the regulatory and legal fronts over that time period at a portfolio company.
This ongoing portfolio company risk assessment begins with a review that classifies both the external and internal risks, according to the level of potential severity: low, medium and high. It also determines what needs to be paid attention to urgently. You can’t rely on a risk review you performed seven years ago.
Continuously evaluating your risks is key. A timely inquiry into a potential compliance problem may single-handedly protect a firm from liability, malpractice and other criminal proceedings — and by proxy, devastating financial and reputational repercussions.
If a firm appoints an internal team to perform the risk assessment, the legitimacy of the process may come into question. There is the perceived potential for further misconduct to “cover up” the initial failure in compliance, which will put the firm at further risk.
The SEC has made it clear that independent reviews have value. Its June 5, 2018, proposed ruling on proprietary trading provided clarity on prohibited activities for banking entities, including private equity firms. It mandated that compliance programs are to be independently reviewed and tested, to “ensure the entity’s internal audit, compliance, and internal control functions are effective and independent.”
The message here is clear: If a private equity firm suspects the actions of a portfolio company might put its firm’s core compliance initiatives in jeopardy, it should consider appointing an independent investigator.
A Focus on Compensation
Portfolio company employees whose conduct do not meet ethical and compliance parameters should see this reflected not just in the form of disciplinary action, but also their compensation.
One way to achieve that is through implementation of a performance review program, which not only measures an employee’s results, but also includes how those results were achieved. A comprehensive evaluation allows a compliance auditor to detect any suspicious activity and then investigate and propose a remedy, before the situation spirals out of control.
What’s key here is determining the level of involvement by the private equity managers. Typically, managers wouldn’t get deep into the weeds of portfolio company executive performance reviews. However, in this new compliance regime, attention to select review, especially if a red flag is identified, is advisable.
Showing that your ethical standards are not something you will let be compromised, and that the price for those who have committed an infraction is steep, resonates positively with regulators and law enforcement.