The SEC’s prosecution of chief compliance officers is still a contentious and sensitive issue. Questions about the function of CCOs and the criteria the SEC employs in disciplining them may become even more complicated considering a recent announcement of an imposed settlement with a financial advisory firm and its CCO. Two partners at Eversheds Sutherland offer us a detailed analysis of the SEC’s order in the case and talk about the issues it creates.
Longtime CCOs have felt under attack. In fact, the National Society of Compliance Professional (NSCP) conducted industry-wide surveys, and the results show that 72% of compliance professionals are concerned that regulators have increased the role of compliance officers and the range of their responsibilities in imposing personal liability.
As a result, over the years, several SEC commissioners and staff members have given speeches emphasizing the value of trying to “get it right” by only sometimes charging CCOs. The commission should
“tread carefully when bringing enforcement actions against compliance personnel.”
According to former Commissioner Daniel M. Gallagher.
“We should not bring enforcement actions simply because we disagree, in hindsight, with [CCOs’] judgment.”
Current Commissioner Hester Peirce said.
Due to the significance of this issue for compliance specialists and others working in the financial services sector, a few groups, including the New York City Bar Association (NYCBA) and the NSCP, have put forth frameworks to help regulators with the challenging task of evaluating the conduct of CCOs.
In fact, Peirce attempted to apply the NYCBA’s approach and addressed some of these difficulties in a separate declaration that supported the settlement against the registered investment adviser and the CCO.
“I have spoken in the past of the importance of thinking carefully about when to impose liability against a CCO. I have underscored that the compliance obligation belongs to the firm, not to the CCO. Reminding firms that compliance is their responsibility helps to ensure that they dedicate adequate resources to, and appropriately defer to the judgment of, their compliance departments.”
Peirce
Peirce found it challenging to apply the NYCBA’s methodology given the paucity of evidence asserted in the order. The NYCBA’s framework, for instance, poses the question of whether the CCO made a sincere endeavor to carry out his or her duties. In response to this query, Peirce concluded that “He had adequate authority to remedy the compliance shortcomings” as the firm’s principal.
The order did mention that the CCO was a principal, but it did not define that term in this situation. The CCO was a minority owner of the RIA, according to additional research (done independently of the order). Additionally, despite Peirce’s use of the word “authority,” the order never did.
The order instead said that the CCO was “responsible” for “implementing” the firm’s compliance policies and procedures as well as “administering” the compliance program. The order, however, made no mention of his power, accountability, or capacity to influence the behavior of investment advising professionals (IARs). And that matter is significant since the CCO is accused in the order of failing to ask one particular IAR to fill up and submit an outside business activities (OBA) form.
The NSCP’s “Firm and CCO Liability Framework,” which focuses on “the larger context of the compliance function within firms,” could have been used by the commissioners to decide whether to charge the CCO in this case. This framework assesses practical concerns like whether the compliance officer actually had the power to influence behavior and the resources necessary to perform their duties.
In order to “examine by regulators where a compliance breakdown may have occurred,” the framework provided nine questions. A “yes” response to any of the questions “mitigates against CCO responsibility,” according to the framework.
Even though the order did not address many of the following considerations, it seems that the following inquiries would have been pertinent in this case:
- Did the CCO have nominal rather than actual responsibility, ability or authority to affect the violative conduct?
- Was there insufficient support from firm leadership to compliance, including, for example, insufficient resources, for the CCO to affect the violative conduct?
- Did the CCO escalate the issue or violative conduct to firm management through a risk assessment, annual review, CEO certification meeting/report or otherwise?
- Did firm management fail to respond appropriately after becoming aware of the issue (through the CCO or otherwise)?
- Did the CCO consult with legal counsel (in-house or external) and/or securities compliance consultants and adhere to the advice provided?
- Did the CCO otherwise act to prevent, mitigate and/or address the issue?
- Did the CCO reasonably rely on information from others in the firm or firm systems?
Some of these criteria are relevant and seem to have been overlooked in the order, even though we won’t discuss each of them individually due to the paucity of information in the order. If these problems had been resolved, businesses and CCOs would know more about the allegations against the CCO and what is expected of them moving forward.
Information from Corporate Compliance Insights