In recent years, the Securities and Exchange Commission (the “SEC”) has increasingly brought enforcement actions against chief compliance officers (“CCOs”) in their personal capacities.1 On June 2, 2021, the New York City Bar Association released a report calling on financial regulators, such as the SEC and the Financial Industry Regulatory Authority (“FINRA”) to adopt a comprehensive framework for holding CCOs personally liable for violations (the “Report)”.2 Per the Report, “increased enforcement actions holding CCOs personally liable” — especially where the CCOs did not engage in fraud or obstruction — are counter-productive, because they “discourage individuals from becoming or remaining compliance officers and performing vital functions that regulators stretched too thin would otherwise be unable to perform. . . .”3 The Report notes that CCOs need not risk being subject to “career-ending enforcement actions” when “other options, such as providing legal advice or becoming an outside compliance service provider or businessperson, involve less personal risk.”4
The Report recommends that regulators use the following analytical framework in deciding to bring charges against a CCO:
First, the Report recommends that regulators weigh the following “affirmative factors” in reaching their decision on charging a CCO:
- “Does the CCO Conduct Charge help fulfill the SEC’s regulatory goals?”
- “Did the CCO not make a good faith effort to fulfill his or her responsibilities?”
- “Did the Wholesale Failure relate to a fundamental or central aspect of a well-run compliance program at the registrant?”
- “Did the Wholesale Failure persist over time and/or did the CCO have multiple opportunities to cure the lapse?”
- “Did the Wholesale Failure relate to a discrete, specified obligation under the securities laws or the compliance program at the registrant?”
- “Did the SEC issue rules or guidance on point to the substantive area of compliance to which the Wholesale Failure relates?”
- “Did an aggravating factor add to the seriousness of the CCO’s conduct?”
- “Did the CCO’s conduct “add value” to the fraud committed at the firm?”
- “Were the acts of obstruction or false statements repeated?”
- “Was the obstruction denied when confronted, or did the CCO not immediately reverse course and cooperate?”
- “Did the obstruction relate to a necessary or highly relevant part of the examination or investigation?”
“Did evidence show other indicia of intent to deceive or disregard for cooperation with the SEC’s regulatory mission?”5 Second, the Report recommends that regulators weigh the following “mitigating factors” in reaching their decision on charging a CCO:
- “Did structural or resource challenges hinder the CCO’s performance?”
- “Did the CCO at issue voluntarily disclose and actively cooperate?”
- “Were policies and procedures proposed, enacted or implemented in good faith?”6
The Report acknowledges that “[m]any of the factors in our proposed Framework are likely already used to some extent in decisions regarding whether to prosecute,” but argues “that formalizing such factors will help provide clear guidance to CCOs and enable them to confidently engage in their necessary work.” Id. at 2.
As support for its recommendations, the Report points to comments made by various SEC personnel in speeches. For example, in an October 2020 speech before the National Society of Compliance Professionals, SEC Commissioner Hester Peirce stated that “[a] framework detailing which circumstances will cause the Commission to seek personal liability and which circumstances will militate against seeking personal liability would help the compliance community by eliminating uncertainty and inspiring good practices.”7 Peirce further noted that “[s]uch a framework also would prove useful for me and my colleagues at the SEC to use in deciding whether to charge CCOs.”8 In that speech, Peirce recognized that the “most challenging area” for the SEC is deciding whether to prosecute a CCO for negligence, and stated that, in such cases, “just because the commission can do something under our rules [i.e., charge a CCO] does not mean that we should do it.”9
While this does not necessarily suggest that the SEC will adopt the Report’s framework anytime soon, it perhaps suggest a recognition by the SEC that it must seriously consider the circumstances under which charging COOs is justified. Nevertheless, CCOs should therefore be particularly cognizant of ensuring that their organization’s policies are in full SEC compliance.
1 See, e.g., Andrew Ceresney, Dir., Div. of Enf’t, U.S. Sec. & Exch. Comm’n, Keynote Address at Compliance Week 2014 (May 20, 2014) (the SEC has brought “and will continue to bring — actions against legal and compliance officers”).
2 See New York Bar Ass’n, Framework for Chief Compliance Officer Liability in the Financial Sector 1 (2021), https://s3.amazonaws.com/documents.nycbar.org/files/NYC_Bar_CCO_Framework.pdf.
3 Id.; see also id. at 3 (“[W]e believe that CCO Conduct Charges will fail to advance the interests of protecting the capital markets and investors . . . . [W]e believe that CCO Conduct Charges may potentially increase future securities law violations. . . .”).
4 Id. at 1.
5 Report at Executive Summary.
7 Hester M. Peirce, Comm’r, U.S. Sec. & Exch. Comm’n, Speech at 2020 National Society of Compliance Professionals National Conference (Oct. 19, 2020), https://www.sec.gov/news/speech/peirce-nscp-2020-10-19.