The Financial Industry Regulatory Authority issued a regulatory notice clarifying the scope of supervisory liability under FINRA Rule 3110 of a broker-dealer’s chief compliance officer (CCO) (Regulatory Notice).¹ FINRA’s Head of Enforcement, Jessica Hopper, stated that CCOs “play an important role in facilitating compliance …. That does not automatically make them supervisors, subject to FINRA’s supervisory requirements.”² The Regulatory Notice was issued on March 17, 2022, and is intended to clarify the circumstances under which a CCO will be held liable under FINRA Rule 3110.

Background and Discussion

Rule 3110 sets forth general requirements for FINRA member firms’ supervisory systems and procedures. In relevant part, the Rule requires that broker-dealers establish and maintain a supervisory system to oversee associated persons and ensure compliance with the securities laws and regulations and FINRA rules. The supervisory system must “establish, maintain and enforce written procedures” to oversee the types of business in which the member and each of its associated persons engage.³ Supervisory liability under Rule 3110 “is predicated upon the firm’s express or implied designation of supervisory personnel and the delegation of supervisory responsibility to the designated individuals.”⁴

The Regulatory Notice reiterates an often-overlooked principle that the “firm’s president (or equivalent officer or individual), not its CCO, ‘bears ultimate responsibility for compliance with all applicable requirements ...’” Accordingly, a broker-dealer’s supervisory structure should start at the top with the firm’s president (or equivalent position) and “flow down by delegation to the firm’s designated supervisors.”⁵ By contrast, a CCO’s role at a broker-dealer is advisory, rather than supervisory, unless the CCO explicitly or impliedly is delegated supervisory authority.⁶ The Regulatory Notice further explains the distinction between a CCO’s role and a person with supervisory responsibilities under Rule 3110, noting key distinctions between written compliance guidelines and written supervisory procedures. Generally, compliance guidelines provide standards and policies to which member firms should adhere, in order to remain in compliance with securities laws and regulations and FINRA rules. However, written supervisory procedures: document the supervisory system that member firms must maintain pursuant to Rule 3110; and instruct supervisors as to the steps they should take to ensure a firm’s compliance guidelines and other written procedures are being implemented. Supervisory procedures also should describe activities that supervisors must conduct if they determine that the compliance guidelines or other written procedures are not being adhered to.⁷

Given these distinctions, a CCO will be held liable pursuant to Rule 3110 only if the firm, through its supervisory procedures or otherwise, delegates supervisory responsibility to the CCO. As discussed in the Regulatory Notice, this can occur in several ways, including by assigning to the CCO responsibilities regarding the establishment, maintenance or enforcement of the firm’s written supervisory procedures. A firm’s president (or an officer with equivalent authority) also may explicitly or implicitly delegate supervisory authority to the CCO. For FINRA to bring an action against a CCO for supervisory deficiencies, the CCO first must be found to have been delegated supervisory authority.⁸ In circumstances where a CCO has been delegated supervisory responsibilities, FINRA’s next inquiry will be whether the CCO exercised his or her supervisory responsibilities “in a reasonable manner,” which is largely a facts-and-circumstances inquiry.⁹

In connection with this inquiry, the Regulatory Notice identifies factors that are taken into consideration when determining whether a CCO should be disciplined. These factors have been articulated in numerous enforcement proceedings involving the failure to supervise and are outlined below.¹⁰

• Whether the CCO was aware of any actual misconduct or of any “red flags” or “suggestions” of misconduct and failed to take steps to remediate the actual or alleged misconduct;¹¹

• Whether the CCO failed to “establish, maintain, or enforce” the firm’s written procedures, intended to maintain compliance with the securities laws and regulations and FINRA rules;¹²

• Whether the CCO’s failure to supervise “resulted in violative conduct … and whether that violative conduct caused or created a high likelihood of customer harm.”¹³

Certain mitigating factors identified in the Regulatory Notice are outlined below.

• Whether the CCO was given insufficient support by the firm, by way of staffing or other resources, such that the CCO was not reasonably able to fulfill his or her supervisory obligations;¹⁴

• Whether the CCO was unduly burdened by his or her other responsibilities;¹⁵

• Whether the CCO’s supervisory obligations were poorly defined or overlapped with another official at the firm;¹⁶ and

• Whether the CCO attempted in good faith to exercise the responsibilities incumbent upon him or her, including by addressing these mitigating factors with the firm’s leadership.¹⁷

Conclusion

While a CCO’s role generally is advisory rather than supervisory, it would be prudent for broker-dealers to define compliance and advisory duties clearly, distinguishing those duties from supervisory roles in the firm. In circumstances where a CCO clearly is designated as a supervisor, he or she should perform the supervisory responsibilities in a reasonable manner, keeping in mind the facts and circumstances established by various enforcement proceedings, as well as SEC and FINRA guidance.

_____________________________________________________

Footnotes

1) FINRA Regulatory Notice 22-10 (March 2022).

2) Ray Pellecchia, FINRA Issues Reminder About the Scope of Chief Compliance Officer Supervisory Liability, FINRA (Mar. 17, 2022).

3) FINRA, Rule 3110(b)(1).

4) Regulatory Notice 22-10, supra note 1; See Securities Exchange Act of 1934 Sections 15(b)(4) and 15(b)(6).

5) Regulatory Notice 22-10, supra note 1.

6) Id.; See FINRA, Rule 3130, Supplementary Material .05 (identifying the CCO’s role as “a primary advisor to the member on its overall compliance scheme and the particularized rules, policies and procedures that the member adopts”); Frequently Asked Questions about Liability of Compliance and Legal Personnel at Broker-Dealers under Section 15(b)(4) and 15(b)(6) of the Exchange Act (last updated Sept. 30, 2013) (“Compliance and legal personnel are not ‘supervisors’ of business line personnel for purpose of Exchange Act Sections 15(b)(4) and 15(b)(6) solely because they occupy compliance or legal positions. Determining if a particular person is a supervisor depends on whether, under the facts and circumstances of a particular case, that person has the requisite degree of responsibility, ability or authority to affect the conduct of the employee whose behavior is at issue”).

7) FINRA Regulatory Notice 99-45 (June 1992).

8) From 2018 to 2021, nearly 440 disciplinary actions were brought before FINRA involving Rule 3110, 28 of which led to charges against a CCO. Of those 28 charged, 18 involved CCOs that also were the chief executive officer or president of the broker-dealer firm. FINRA Issues Reminder About the Scope of CCO Liability, supra note 2.

9) Regulatory Notice 22-10, supra note 1.

10) The SEC enforcement proceeding involving Theodore W. Urban provides broker-dealers with an in-depth discussion of the facts and circumstances regulators may consider in this regard. See Theodore W. Urban, SEC Administrative Proceeding File No. 3-13655, Initial Decision Release No. 402 (Sept. 8, 2010) (finding that Mr. Urban did not violate Section 15(b)(4)(E) because he believed that the supervisory procedures in place at the firm were being followed and Mr. Urban performed his responsibilities “in a cautious, objective, thorough, and reasonable manner.”).

11) Dep’t of Enforcement v. Cantone Research, Inc., No. 2013035130101, 2019 FINRA Discip. LEXIS 5 (NAC Jan. 16, 2019); In re Gutfreund, Rel. No. 34-31554, 51 SEC 93 (Dec. 3, 1992); See Thaddeus J. North for Review of Disciplinary Action Taken by FINRA, SEC Exchange Act Release No. 84500 (Oct. 29, 2018) (indicating that, when determining appropriate sanctions, FINRA will consider whether the individual ignored “red flag” warnings that should have resulted in additional supervisory scrutiny. In this regard, FINRA also will consider “the nature, extent, size and character of the underlying misconduct; and the quality and degree of the supervisor’s implementation of the firm’s supervisory procedures and controls”).

12) See In the Matter of the Application of Merrimac Corp. Sec., Inc. & Robert G. Nash for Rev. of Disciplinary Action Taken by FINRA, Release No. 10662 (July 17, 2019).

13) See Matthew Bahrenburg, Letter of Acceptance, Waiver, and Consent (FINRA Case No. 2018057457101) (Aug. 24, 2020).

14) See In the Matter of the Application of Thaddeus J. N. for Rev. of Disciplinary Action Taken by FINRA, Release No. 84500 (Oct. 29, 2018) (citing Stuart K. Patrick, Exchange Act Release No. 32314, 1993 WL 172847 (May 17, 1993)).

15) Id. (citing Richard J. Rouse, Exchange Act Release No. 32658, 1993 WL 276149 (July 19, 1993)).

16) Id. (citing Scott G. Monson, IA-28323, 2008 WL 2574441 (June 30, 2008)).

17) Id. (James Arthur Huff, Exchange Act Release No. 29017, 1991 WL 296561 (Mar. 28, 1991).