The New York City Bar Association Goes to Bat for Compliance Officers
The New York City Bar Association Compliance Committee (“Committee”) recently issued a report encouraging financial regulators to provide a clear framework for when compliance officers may be held personally liable for the misconduct of their employing institutions.[1] The Committee notes that, due to a recent increase in enforcement actions brought against compliance officers, there is a growing belief that individuals in compliance positions will face undue exposure for a company’s regulatory failures.
At times, the confusion felt by compliance professionals has only increased despite regulators’ attempts to provide reassurances. For example, in 2015, the SEC’s Director of Enforcement outlined three circumstances in which the SEC will individually charge a compliance officer. While the first two circumstances (affirmative involvement in the misconduct and obstructing or misleading the SEC) were straightforward, the third (“a wholesale failure to carry out his or her responsibilities”), poses more questions than answers. Another reason for uncertainty related to increased exposure is the rise of attestation and certification requirements for compliance officers, such as when FinCEN added a requirement to the Bank Secrecy Act that financial institutions “establish and maintain written procedures” with respect to beneficial ownership of certain clients. This general perception of compliance officers is not purely the result of regulatory changes, however, but is also exacerbated by the fact that many compliance professionals are shut out of corporate decision making for which they will ultimately be held to account. Additionally, compliance officers have to make real-time decisions on sensitive compliance issues often without the benefit of regulatory guidance.
The Committee highlights a number of trends that compliance officers can look to in determining when they may be held liable for institutional misconduct. These include situations where the compliance officer:
- fills multiple roles in the business at the same time [2];
- obstructs a regulatory investigation [3];
- is directly aware of the cause of the violation [4];
- fails to properly investigate wrongdoing [5]; or
- fails to implement reasonable written policies [6].
These trends have led to compliance officers facing liability regardless of whether they have prior knowledge of the facts underlying the misconduct.
As a result of its review, the Committee offers a number of recommendations to regulators in order to provide compliance officers with a clearer framework for fulfilling their important functions within the current regulatory environment. These include:
- issuing formal guidance as to when compliance officers will be pursued in a personal capacity in regulatory action;
- providing added detail in enforcement releases, risk alerts, and other existing regulatory communications;
- increasing the channels of informal communication with compliance officers, similar to initiatives the CFTC has undertaken with fintech innovators and the roundtables hosted by FINRA; and
- creating advisory groups for compliance professionals.
It remains to be seen whether any regulator adopts the recommendations of the Committee, but it is clear from the report that personal liability is a sensitive issue for compliance officers throughout the financial services industry, and one that must be addressed in a clear and comprehensive manner.
[1] The complete report can be accessed online at https://s3.amazonaws.com/documents.nycbar.org/files/Report_CCO_Liability_vF.pdf.
[2] See, SEC v. Hope Advisors, LLC, No. 1:16-cv-01752, 2017 WL 6997134 (N.D.Ga. Nov. 28, 2017) (alleging that the CCO, who also served as the controller and a trader at the investment adviser, “aided and abetted” a fraudulent scheme to conceal actual losses where he helped track account balances used to calculate the size and number of misleading trades to be executed).
[3] For example, in March 2018, the SEC found that the former compliance officer of a broker-dealer had failed to file SARs on behalf of his firm despite receiving AML red flags identified by a clearing firm in his firm’s low-priced securities transactions. Administrative Proceeding File No. 3-18414 (Mar. 28, 2018), https://www.sec.gov/litigation/admin/2018/34-82958.pdf. The SEC views this type of inaction as “aiding and abetting.”
[4] The Commission found that the firm’s CCO knew for years about numerous violations of the Advisers Act, including violations of the Custody Rule, the Compliance Rule, the Safeguards Rule, and had direct knowledge of violations for years and failed to act on them. Administrative Proceeding File No. 3-18323 (Dec. 22, 2017), https://www.sec.gov/litigation/admin/2017/34-82397.pdf.
[5] Supra, note 3. The SEC further accused the compliance officer of failure to investigate why the firm’s internal personnel or surveillance system had not raised alerts to his attention.
[6] Recently, the SEC brought an enforcement action against Channing Capital Management, LLC because of its failure to adequately implement written policies and procedures governing the allocation of trading commission costs associated with aggregated (or block) securities trades on behalf of its institutional investor and pension fund clients. Administrative Proceeding File No. 3-19605 (Nov. 22, 2019), https://www.sec.gov/litigation/admin/2019/ia-5412.pdf.