Over the past 15 years, chief compliance officers (“CCOs”) for financial services firms have come under increased scrutiny as the Securities and Exchange Commission (“SEC”) and Financial Industry Regulatory Authority (“FINRA”) have brought more frequent enforcement actions seeking to hold CCOs personally liable. CCOs understandably have been concerned about this trend and financial service firms have focused on the chilling effect that the enforcement actions may have on the vital role CCOs play in their organizations and the quality of the COO applicant pool.

Although SEC Commissioners and Staff members, as well as various FINRA executives, have attempted to ease the concerns and offer guidance on when they will pursue an action against a CCO personally for conduct relating to their compliance-related duties (COO Conduct Charges), there is no formal framework that lays out the factors for regulators to consider in determining whether to charge CCOs.

In a recently released report, the New York City Bar Compliance Committee (the “Committee”) attempted to fill that void with a “proposal of non-binding factors for the SEC to consider in creating a Framework under which to evaluate whether to bring . . . CCO Conduct Charges under the federal securities laws.”

The Committee recommended one general affirmative factor that should be considered in all CCO Conduct Charges and specific affirmative factors relevant to three types of claims brought against CCOs: 1) the CCO exhibited a “wholesale failure” to carry out responsibilities; 2) the CCO obstructed the investigation; and 3) the CCO participated directly in the fraud. The Committee also recommended certain mitigating factors that should be considered in the decision to bring charges.

Affirmative: General Factor

The Committee recommended that in all cases, the SEC “should carefully consider whether [charging the CCO] helps the SEC fulfill its ultimate regulatory goals.” One of those primary goals is deterrence and the Committee argues that CCO Conduct Charges do not meaningfully deter CCO’s from improper conduct. Instead, it may actually increase future securities law violations because it may lead to the departure from the profession by qualified individuals or result in their withdrawal from deep involvement in their organizations due to the fear of future prosecution. Thus, the Committee recommended fewer enforcement proceedings and resolving the conduct underlying many CCO Conduct Charges through a deficiency letter or other nonpublic methods. At bottom, the Committee recommended that the SEC should have a “slightly higher standard for charging CCOs than against a registrant or a businessperson.”

Affirmative: Wholesale Failure Factors

The Committee noted that the compliance community was most concerned about cases brought against CCOs for “wholesale failures in carrying out responsibilities that were clearly assigned to them” or failing “meaningfully to implement compliance programs, policies and procedures for which he or she has direct responsibility.” Accordingly, the Committee recommended that regulators should exercise judicious discretion in such cases and conclude that the following factors were present prior to charging a CCO in such cases:

  • Did the CCO not make a good faith effort to fulfill his or her responsibilities?
  • Did the wholesale failure relate to a fundamental or central aspect of a well-run compliance program of the registrant?
  • Did the wholesale failure persist over time and/or did the CCO have multiple opportunities to cure the lapse?
  • Did the wholesale failure relate to a discrete, specified obligation under the securities laws or the compliance program at the registrant?
  • Did the SEC issue rules or guidance on point to the substantive area of compliance to which the wholesale failure relates?
  • Did an aggravating factor add to the seriousness of the CCO’s conduct?

The proposed guidance is grounded in the SEC’s prior statements that “good faith judgments of CCOs made after reasonable inquiry and analysis should not be second guessed,” and the reality that CCOs must frequently make decisions in real time with limited guidance. Given the number of issues that CCOs handle, the Committee recommended that CCO liability only apply to certain types of incidents and when aggravating factors were also present. Specifically, the Committee recommended that CCO liability apply to claims related to core aspects of compliance such as fulfillment of a fiduciary duty, failing to disclose fees and expenses or conflicts of interest, or other cases involving monetary impact to investors or clients. The Committee also provided examples of aggravating factors, including that the CCO already had a discussion with the SEC about the issue and failed to change course, or that the “CCO exhibited indicia of intentional conduct, a disregard for the SEC’s regulatory mission, or extreme disregard for the CCO’s responsibilities.”

Affirmative: Obstruction Factors

The SEC may bring claims against a COO if they obstruct the SEC in an examination or investigation. Prior to bringing such an action, the Committee recommended that the SEC seek to establish one of more of the following as a means to evaluate any kind of obstruction:

  • Were the acts of obstruction or false statements repeated?
  • Was the obstruction denied when confronted, or did the CCO not immediately reverse course and cooperate?
  • Did the obstruction relate to a necessary or highly relevant part of the examination or investigation?
  • Did evidence show other indicia of intent to deceive or disregarding for cooperation with the SEC’s regulatory mission?

Affirmative: Active Participation in Fraud

The Committee recommended that if there is a CCO Conduct Charge related to alleged fraudulent conduct that the SEC demonstrate that the “CCO’s conduct ‘added value’ in some way to the fraud committed by the firm or the other individuals charged.” The SEC may demonstrate such conduct with evidence indicating that the “CCO’s conduct aided the primary violators in avoiding detection, increased harm to investors or otherwise exacerbated the fraud.” The Committee was clear that if the fraud is not connected to the CCO’s compliance duties then the SEC should not consider any additional factors in bringing charges against the CCO.

Mitigating Factors

The Committee also suggested specific mitigating factors that the SEC should consider in its charging decision, including:

  • Did structural or resource challenges hinder the CCO’s performance?
  • Did the CCO at issue voluntarily disclose and actively cooperate?
  • Were policies and procedures proposed, enacted or implemented in good faith?

The Committee’s suggested mitigation factors reflect a concern that the CCO or compliance function may not be provided adequate resources or have the necessary authority to make decisions that could have prevented the alleged misconduct and, thus, it would be unfair to hold CCO’s liable, particularly where they were prevented from fully doing their job.


Much of the Committee’s proposed framework has been suggested by Commissioners and Staff in speeches, at conferences or in other communications. Hopefully, the Committee’s report will lead to further dialogue between the securities industry and the SEC to develop official guidance regarding situations where the SEC will pursue claims against a CCO. We note that the Committee’s report only applies to the SEC and does not address oversight of CCOs by other regulatory agencies such as FINRA, the Office of the Comptroller of the Currency, Commodity Futures Trading Commission, or National Futures Association. Many CCOs work for entities that are regulated by multiple regulators, and they may seek to have a broader dialogue with all of their regulators to formalize guidance on when CCOs may have personal liability.

Back to Commercial Litigation Update Blog

Search This Blog

Blog Editors


Related Services



Jump to Page


Sign up to receive an email notification when new Commercial Litigation Update posts are published:

Privacy Preference Center

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.