As Chief Compliance Officers rise in the corporate hierarchy, they will become the focus of more enforcement actions. This increased focus on prosecution of CCOs could have a chilling effect on their performance and the rapidly increasing pool of talent seeking to enter the compliance profession.
As always, the devil is in the details. Just because a CCO has the title CCO, does not mean they are immune from prosecution.
On the other hand, this is an area that is ripe for abuse. If a CCO engages himself or herself in misconduct designed to promote or further an illegal venture, the CCO could very well be liable and should be prosecuted. However, if the CCO is prosecuted for “failing to act” or to implement appropriate controls or procedures, then prosecuting the CCO for such failures in the compliance program may not be justified and could easily be turned into a strict liability standard.
Prosecutors and regulators have to walk a fine line here. CCOs are important gatekeepers who play a valuable function in restraining corporate actors from engaging in unethical or illegal conduct. Prosecutors and regulators should use all the tools they have to empower CCOs within every organization.
In recent years, DOJ and SEC officials have made speeches and public pronouncements touting the importance of the CCO.
Last year, Mary Jo White, Chairwoman of the SEC, told an audience of compliance professionals that the SEC “encourage[s] companies to give [CCOs] the recognition that you deserve, the resources that you need and the authority that your role demands, so you can succeed.”
Just last month, Andrew Ceresney, SEC Enforcement Director, reminded CCOs of the importance of empowerment, noting that violations usually occurred in firms that did not rely on CCOs as important partners in the business operations. To encourage CCOs to provide advice and raise potential issues for resolution, Ceresney reaffirmed the SEC’s position that by doing so, CCOs would not be deemed to fall under the umbrella of “supervisory” liability.
In the same speech, however, Ceresney warned CCOs that the SEC has brought – and will continue to bring – actions against CCOs when a CCO has “affirmatively participated in the misconduct,” helped to mislead regulators, or “when they have clear responsibility to implement compliance programs or policies and wholly failed to carry out that responsibility.”
Talk about a potential chilling effect – I have no quarrel with a CCO being prosecuted for affirmative participation in an illegal scheme, or for misleading a regulator (assuming there was an affirmative act required), but for failing to implement compliance policies and programs and carrying out that responsibility – the latter could be a broad concept applied unfairly.
Again, this statement may be nothing more than enforcement hot air, but to CCOs under SEC scrutiny, this would cause me some concern. The line, as defined, is troubling and could lead to abuse.
The SEC is speaking out of both sides of its mouth when it attempts to empower CCOs, but then warns them that a failure to implement could lead to an enforcement action against the CCO. Instead, the message should be stated – CCOs do not have immunity and will be prosecuted for engaging in illegal behavior. That is all that needs to be said.
Unfortunately, the SEC’s comments suggesting that a failure to act in implementing a compliance program could warrant prosecution is completely unwarranted, especially in situations where a CCO’s ability to implement a compliance program may depend open the approval and support of senior management and the board.