Recent enforcement actions have made it clear that Chief Compliance Officers are at risk of personal exposure if regulatory violations happen under their watch, posing a significant concern for CCO's. The National Society of Compliance Professionals (NSCP) reports that 72% of compliance professionals are concerned that regulators have expanded the role of compliance officers and the scope of their responsibilities in imposing personal liability.
In March of 2022 FINRA released Regulatory Notice 22-10 to remind firms of their obligation under FINRA Rule 3110 regarding the potential liability of Chief Compliance Officers for Failure to discharge their designated supervisory responsibilities. The notice points out that the responsibility to meet regulatory obligations ultimately rests with a firm’s business management, not its compliance officials. The CCO’s role, in and of itself, is advisory, not supervisory. Accordingly, FINRA will only bring an action against a CCO in an instance where the CCO was conferred supervisory responsibilities within the firm and then failed to meet those responsibilities in a reasonable manner.
In June of 2022 the SEC settled an action against a Chief Compliance Officer for failure to carry out their responsibilities pursuant to Section 206(4) of the Advisers Act and Rule 206(4)-7. The complaint alleges that the CEO was aware of deficiencies in the firm's compliance program around the disclosure of outside business activities and compliance with outside business activity policies but failed to make sufficient changes to the design of the compliance program to address the issues. The CCO was barred from working in a supervisory or compliance capacity within the financial services industry and fined $15,000. The firm was assessed a fine of $150,000.
In a statement on the matter, SEC Commissioner Hester M. Pierce states that "The SEC’s determinations about whether to charge a compliance officer are consequential not only for the particular compliance officer, but more generally for the profession." She noted that in this situation the CCO charged was also a principal of the firm and had the authority to address the weaknesses that he was aware of in the compliance program, but did not. Pierce added that a CCO framework can help provide a clearer understanding of potential CCO liability. According to Pierce, " a decision to charge a CCO who is complicit in a fraud is easy, but the framework concentrates much of its attention on the more difficult question of distinguishing conduct that is only “debatably inappropriate” from conduct that is “wildly inappropriate”—or, as it has been called in the past—“a wholesale failure” to carry out compliance responsibilities."
The New York City Bar Association released a report calling on financial regulators including the SEC and FINRA to adopt a comprehensive and analytical framework for holding CCOs personally liable for violations.
The report recommends that regulators weigh affirmative factors when evaluating CCO liability, including:
NSCP released updates to their Firm and CCO Liability Framework in February of 2023. According to a NSCP task force, to more effectively address potential CCO liability, it is necessary to focus on the larger context of the compliance function within firms and to do so earlier in regulatory reviews, whether that's during examinations or enforcement investigations. According to NSCP, the framework can reduce uncertainty and promote investor protection and market integrity.
Building robust supervisory structures that clearly define roles and responsibilities can help limit potential CCO exposure. Join MCO and Scott Noah, Of Counsel at Stevens & Lee, for the on-demand webinar Minimizing the Risk of CCO Liability.
The presentation provides practical guidance on how the right supervisory structure can reduce the risk of CCO liability, including:
Do your goals for 2023 include compliance automation or better identification of conflicts of interest? MCO can help you reach those goals easily and affordably with our fully integrated compliance risk platform that uses a global company and security master dataset to identify conflicts across employees, firm transactions and third parties and provide proof of regulatory governance and compliance.
Let us know and one of our experts will be in touch.