The question of how to define the parameters of personal liability for compliance officers in the financial services industry has been around for several years. In a 2015 speech, then-SEC Enforcement Director Andrew Ceresney attempted to provide some clarity on this topic when he explained that the SEC generally charges compliance officers in three circumstances: (1) when the CCO is “affirmatively involved in misconduct”; (2) when the CCO “engage[s] in efforts to obstruct or mislead the Commission”; and (3) when the CCO exhibits “a wholesale failure to carry out his or her responsibilities.”[1] Recent cases against compliance officers have made clear that in the first two instances, liability should be expected for knowing and intentional misconduct. Ceresney’s third category, however, continues to present a larger issue, as it has not been sharply delineated from operational failures or missteps that fall short of a “wholesale failure” to discharge duties. In February 2020, the Compliance Committee of the New York City Bar Association, in partnership with the Association for Corporate Growth, the American Investment Council, and the Securities Industry and Financial Markets Association, published a report (the “NYC Bar Report”) that distilled these concerns and offered several recommendations to regulators.[2] The NYC Bar Report’s recommendations included issuing formal guidance on the exercise of enforcement discretion, using existing regulatory communications to provide additional guidance, creating new platforms for informal communications between regulators and compliance officers, and creating compliance advisory groups.[3]

Last month, SEC Commissioner Hester M. Peirce gave a speech before the National Society of Compliance Professionals where she acknowledged that “the nature of the liability [compliance officers] face in executing [their] responsibilities remains unclear” and referenced several of the NYC Bar Report’s recommendations to address the issue.[4] Commissioner Peirce stated that, while Ceresney’s first two categories are not controversial, the third category of cases – those involving a wholesale failure of a compliance officer – “is the one that understandably generates the most controversy and is the most challenging area.” Commissioner Peirce noted that in these cases, the SEC typically charges the compliance officer with aiding and abetting a company’s violation, which entails a showing by the SEC that the compliance officer engaged in reckless conduct. Commissioner Peirce stated that “[t]his standard is not simply negligence on steroids; rather, the evidence must show that there was ‘a danger so obvious that the [compliance officer] must have been aware of the danger.’”[5]

However, Commissioner Peirce noted that, in contrast, in administrative proceedings in which a company is charged with a violation that does not require scienter – such as failing to have sufficient policies and procedures – a compliance officer can be held to have caused the violation based on her own negligent conduct. Moreover, the standard under Rule 206(4)-7, which requires compliance for investment advisers, “has looked more like strict liability.”

Commissioner Peirce expressed concern about charging compliance officers on mere negligence under Ceresney’s “wholesale compliance failure” category, as that could be harmful to the SEC’s efforts to foster compliance by dissuading talented individuals from taking compliance positions and encouraging dishonest efforts to cover up failures. She also cautioned that an overly aggressive approach to charging compliance officers when something goes wrong shifts responsibility for compliance from the firm to the CCO. In light of these concerns, Commissioner Peirce stated that the SEC should consider ways to provide guidance to compliance officers about what a wholesale compliance failure means and how to avoid one:

• Highlighting the NYC Bar Report’s recommendation that the SEC better indicate the facts and circumstances underlying enforcement decisions against compliance officers, Commissioner Peirce stated that guidance in the context of enforcement actions can be instructive. She commented that details in an enforcement decision about why the SEC brought charges against a compliance officer “can calm the fears of diligent, well-intentioned compliance personnel.” Likewise, enforcement decisions that provide sufficient detail as to why the SEC did not charge a compliance officer can “illustrate what doing the job right looks like.”
• Referencing another NYC Bar Report recommendation, Commissioner Peirce stated that she is considering developing a draft framework to share with her colleagues at the SEC that would detail “which circumstances will cause the Commission to seek personal liability and which circumstances will militate against seeking personal liability.” She noted that such a framework, which has precedent, would help the compliance community by eliminating uncertainty and inspiring good practices, and also help the SEC in deciding whether to charge compliance officers.
• Finally, in referencing another NYC Bar Report suggestion, Commissioner Peirce posited the idea of forming a public-private advisory group to periodically discuss current and potential regulatory, examination, and enforcement efforts and to publish guidance reflecting insight from both the regulators and the regulated. In addition, the SEC “could make a habit of conducting periodic public roundtables with compliance officers.”

BakerHostetler will provide further updates as the SEC’s approach to compliance officer liability evolves.

[1] Andrew Ceresney, Dir., Div. of Enf’t, U.S. Sec. & Exch. Comm’n, Speech at 2015 National Society of Compliance Professionals National Conference (Nov. 4, 2015), available at https://www.sec.gov/news/speech/keynote-address-2015-national-society-compliance-prof-cereseney.html.
[2] N.Y.C. Bar, Report on Chief Compliance Officer Liability in the Financial Sector (Feb. 4, 2020), available at https://s3.amazonaws.com/documents.nycbar.org/files/Report_CCO_Liability_vF.pdf.
[3] Id. at 16-25.
[4] Hester M. Peirce, Comm’r, U.S. Sec. & Exch. Comm’n, Speech at 2020 National Society of Compliance Professionals National Conference (Oct. 19, 2020), available at https://www.sec.gov/news/speech/peirce-nscp-2020-10-19.
[5] Id. (quoting Howard v. S.E.C., 376 F.3d 1136, 1143 (D.C. Cir 2004)).