| Americas | Articles
The recent action against a hedge fund CIO serves as a reminder not only to ensure that your compliance controls are up to scratch, but also to make sure your governance supports them.
The CFTC has released several enforcement actions since the beginning of the year covering various rule violations and allegations of misconduct. These enforcement actions are intended to remind market participants of their requirements and sends a clear message that regulators are focused on customer protection and ensuring that individuals who manipulate or attempt to manipulate the markets will be held accountable.
Learnings from Velissaris fine
One such action was taken against James R. Velissaris of Atlanta GA in connection with a multi-faceted scheme to overvalue the assets managed by his multi-billion- dollar hedge fund. The SEC simultaneously issued a civil complaint against Velissaris for violations of the Securities Exchange Act and the U.S. Attorney’s Office announced the indictment of Velissaris on criminal charges.
The complaint alleges that Velissaris, in his role as Chief Investment Officer of Infiniti Q Capital Management LLC, among other things, intentionally corrupted the independent third-party pricing service models that Infinity Q used, changing the models’ standard underlying computation codes to guarantee the pricing service would return whatever artificial values he wanted rather than the values that the independent pricing service models would produce without Velissaris’ input. This resulted in the firm showing millions in inflated gains, creating a false record of success that the firm in turn used to charge inflated fees and gain additional pool participants.
The complaint further alleges that Velissaris took steps to conceal his fraud by providing falsified term sheets to auditors, making retroactive changes to the firm’s written valuation policy and creating phony minutes for meetings of Infinity Q’s valuation committee that never happened.
Your internal control framework
The issues presented in this case remind us of the importance of maintaining an adequate, functioning internal control framework, a key component to maintaining investor confidence. Aside from fund performance, investors want to know that there is proper oversight and control over funds they have contributed to in a collective investment vehicle. A firm’s failure in this regard could have adverse reputational and financial implications for the firm and its employees.
Meeting NFA requirements
From a regulatory perspective, NFA requires each CPO member to implement an internal control system that is designed to deter fraudulent activity by employees, management, and third parties in order to address the safety of customer funds and provide reasonable assurance that a CPO’s commodity pool’s financial reports are reliable, and that the Member is in compliance with all CFTC and NFA requirements. (see, NFA Interpretive Notice 9074 for additional information).
The COSO framework defines internal control as, “a process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance of the achievement of objectives in the following categories: effectiveness and efficiency of operations, reliability of financial reporting, compliance with applicable laws and regulations.”
Commodity Pool Operators generally offer a variety of safeguards to prospects during the due diligence phase, including the use of third-party administrators, third party valuation sources, documented valuation procedures/processes and independent accountants. This often provides some level of comfort to investors, but how do you implement an adequate internal control system that does not allow key personnel to independently override controls? After all, Velissaris was CIO and majority owner of the firm in the case presented.
In accordance with NFA’s Interpretive Notice 9074, in developing an internal controls framework, CPOs are required to implement controls at the entity level as well as transaction level controls. In so doing, firms need to demonstrate how the Board of Directors or similar governing body exercise oversight of the development and performance of internal control. The regulator’s assessment of the adequacy of the Board’s oversight will include factors such as the independence of the board of directors, their industry knowledge and how it remains informed of regulatory and industry changes.
There should be established reporting lines within the firm and assignments, limitations and authority of key personnel should be clearly defined. Firms should also maintain an appropriate escalation policy for employees to report attempts by individuals to improperly override the CPO’s internal controls systems, including communication to the CPO’s Board of Directors.
With respect to transaction controls – CPOs should identify and assess the risks of mis-reporting the pool’s financial condition, mishandling customer funds and the risk of fraud and implement adequate controls designed to mitigate such risks. A good internal control framework includes appropriate separation of duties where collusion with someone else is needed to go around controls.
CPOs are required to document their internal controls process including the processes and systems in place to ensure that control functions are performing effectively. In documenting these procedures, a CPO should consider the circumstances that would allow management to override transaction level controls, what approvals would be required to perform such an override and the manner in which the firm will ensure that senior management was informed of the override. Finally, the firm should periodically evaluate their internal control processes and ensure there is adequate tracking of identified weaknesses for timely remediation.
We can help
Our team of regulatory experts can have the knowledge and experience necessary to assess your written internal controls procedures against NFA’s Interpretive Notice. We can also perform targeted reviews of the applicable internal control functions to ensure the appropriate personnel are performing the controls as documented and understand their regulatory obligations.
