Over the past 15 years, chief compliance officers (“CCOs”) for financial services firms have come under increased scrutiny as the Securities and Exchange Commission (“SEC”) and Financial Industry Regulatory Authority (“FINRA”) have brought more frequent enforcement actions seeking to hold CCOs personally liable. CCOs understandably have been concerned about this trend and financial service firms have focused on the chilling effect that the enforcement actions may have on the vital role CCOs play in their organizations and the quality of the COO applicant pool.
Although SEC Commissioners and Staff members, as well as various FINRA executives, have attempted to ease the concerns and offer guidance on when they will pursue an action against a CCO personally for conduct relating to their compliance-related duties (COO Conduct Charges), there is no formal framework that lays out the factors for regulators to consider in determining whether to charge CCOs.
In a recently released report, the New York City Bar Compliance Committee (the “Committee”) attempted to fill that void with a “proposal of non-binding factors for the SEC to consider in creating a Framework under which to evaluate whether to bring . . . CCO Conduct Charges under the federal securities laws.”
The Committee recommended one general affirmative factor that should be considered in all CCO Conduct Charges and specific affirmative factors relevant to three types of claims brought against CCOs: 1) the CCO exhibited a “wholesale failure” to carry out responsibilities; 2) the CCO obstructed the investigation; and 3) the CCO participated directly in the fraud. The Committee also recommended certain mitigating factors that should be considered in the decision to bring charges.
Affirmative: General Factor
The Committee recommended that in all cases, the SEC “should carefully consider whether [charging the CCO] helps the SEC fulfill its ultimate regulatory goals.” One of those primary goals is deterrence and the Committee argues that CCO Conduct Charges do not meaningfully deter CCO’s from improper conduct. Instead, it may actually increase future securities law violations because it may lead to the departure from the profession by qualified individuals or result in their withdrawal from deep involvement in their organizations due to the fear of future prosecution. Thus, the Committee recommended fewer enforcement proceedings and resolving the conduct underlying many CCO Conduct Charges through a deficiency letter or other nonpublic methods. At bottom, the Committee recommended that the SEC should have a “slightly higher standard for charging CCOs than against a registrant or a businessperson.”
Affirmative: Wholesale Failure Factors
The Committee noted that the compliance community was most concerned about cases brought against CCOs for “wholesale failures in carrying out responsibilities that were clearly assigned to them” or failing “meaningfully to implement compliance programs, policies and procedures for which he or she has direct responsibility.” Accordingly, the Committee recommended that regulators should exercise judicious discretion in such cases and conclude that the following factors were present prior to charging a CCO in such cases:
- Did the CCO not make a good faith effort to fulfill his or her responsibilities?
- Did the wholesale failure relate to a fundamental or central aspect of a well-run compliance program of the registrant?
- Did the wholesale failure persist over time and/or did the CCO have multiple opportunities to cure the lapse?
- Did the wholesale failure relate to a discrete, specified obligation under the securities laws or the compliance program at the registrant?
- Did the SEC issue rules or guidance on point to the substantive area of compliance to which the wholesale failure relates?
- Did an aggravating factor add to the seriousness of the CCO’s conduct?
The proposed guidance is grounded in the SEC’s prior statements that “good faith judgments of CCOs made after reasonable inquiry and analysis should not be second guessed,” and the reality that CCOs must frequently make decisions in real time with limited guidance. Given the number of issues that CCOs handle, the Committee recommended that CCO liability only apply to certain types of incidents and when aggravating factors were also present. Specifically, the Committee recommended that CCO liability apply to claims related to core aspects of compliance such as fulfillment of a fiduciary duty, failing to disclose fees and expenses or conflicts of interest, or other cases involving monetary impact to investors or clients. The Committee also provided examples of aggravating factors, including that the CCO already had a discussion with the SEC about the issue and failed to change course, or that the “CCO exhibited indicia of intentional conduct, a disregard for the SEC’s regulatory mission, or extreme disregard for the CCO’s responsibilities.”
Affirmative: Obstruction Factors
The SEC may bring claims against a COO if they obstruct the SEC in an examination or investigation. Prior to bringing such an action, the Committee recommended that the SEC seek to establish one of more of the following as a means to evaluate any kind of obstruction:
- Were the acts of obstruction or false statements repeated?
- Was the obstruction denied when confronted, or did the CCO not immediately reverse course and cooperate?
- Did the obstruction relate to a necessary or highly relevant part of the examination or investigation?
- Did evidence show other indicia of intent to deceive or disregarding for cooperation with the SEC’s regulatory mission?
Affirmative: Active Participation in Fraud
The Committee recommended that if there is a CCO Conduct Charge related to alleged fraudulent conduct that the SEC demonstrate that the “CCO’s conduct ‘added value’ in some way to the fraud committed by the firm or the other individuals charged.” The SEC may demonstrate such conduct with evidence indicating that the “CCO’s conduct aided the primary violators in avoiding detection, increased harm to investors or otherwise exacerbated the fraud.” The Committee was clear that if the fraud is not connected to the CCO’s compliance duties then the SEC should not consider any additional factors in bringing charges against the CCO.
The Committee also suggested specific mitigating factors that the SEC should consider in its charging decision, including:
- Did structural or resource challenges hinder the CCO’s performance?
- Did the CCO at issue voluntarily disclose and actively cooperate?
- Were policies and procedures proposed, enacted or implemented in good faith?
The Committee’s suggested mitigation factors reflect a concern that the CCO or compliance function may not be provided adequate resources or have the necessary authority to make decisions that could have prevented the alleged misconduct and, thus, it would be unfair to hold CCO’s liable, particularly where they were prevented from fully doing their job.
Much of the Committee’s proposed framework has been suggested by Commissioners and Staff in speeches, at conferences or in other communications. Hopefully, the Committee’s report will lead to further dialogue between the securities industry and the SEC to develop official guidance regarding situations where the SEC will pursue claims against a CCO. We note that the Committee’s report only applies to the SEC and does not address oversight of CCOs by other regulatory agencies such as FINRA, the Office of the Comptroller of the Currency, Commodity Futures Trading Commission, or National Futures Association. Many CCOs work for entities that are regulated by multiple regulators, and they may seek to have a broader dialogue with all of their regulators to formalize guidance on when CCOs may have personal liability.