Skip to content

Broker-Dealer Regulation & Litigation Insights
  • About Us
  • Contributors
  • Resources
  • Presentations
  • Visit the Faegre Drinker website

The SEC’s CCO Guidance Month

In an unprecedented move, the U.S. Securities and Exchange Commission (SEC) released guidance on several platforms in a 30-day period in 2020 regarding certain views on the important role and potential liability risks of chief compliance officers (CCOs). The SEC’s focus on the role of compliance is not new but sometimes the SEC’s support for compliance has not appeared to extend beyond the SEC’s Office of Compliance Inspections and Examinations (OCIE). In this article, we analyze the guidance provided by each source.

October 19, 2020, SEC Commissioner Hester M. Peirce Remarks before the National Society of Compliance Professionals

Commissioner Peirce focused on “the question of how to define the parameters of personal liability for compliance officers,” noting that “the nature of the liability they face in executing [their] responsibilities remains unclear.” The most recent guidance on the issue from the SEC’s perspective, she observed, dates back to 2015, when then‒Enforcement Director Andrew Ceresney “identified three broad categories of cases where the Commission has charged chief compliance officers.” While the first two (instances in which the officer participated in the misconduct or obstructed or misled the Commission) are generally uncontroversial, the third – “cases where … ‘the CCO has exhibited a wholesale failure to carry out his or her responsibility’” – is more problematic. Commissioner Peirce stated, “typically, in such cases, the Commission charges the compliance officer with aiding and abetting the company’s violations, causing the company’s violations, or both.” While aiding and abetting requires proof of reckless conduct, causing violations only require a showing of negligence. “Thus, where a company has committed a violation that does not require scienter – such as failing to have sufficient policies and procedures – a compliance officer can be held to have caused the violation based on her own negligent conduct.”

According to Commissioner Peirce, “Rule 206(4)-7, the investment adviser compliance rule, exacerbates the problem” because, although “[i]t supports negligence-based charges against an adviser’s CCO,  [in practice] the rule’s standard has looked more like strict liability.” But, she argued, “an overly aggressive approach to charging CCOs when something goes wrong shifts responsibility for compliance from the firm to the CCO.” Additionally, she reasoned, “charging CCOs based on mere negligence could be harmful to … efforts to foster compliance because it dissuades people from taking jobs in compliance and can encourage dishonest efforts to ‘cover up’ failings rather than openly correcting them.”

She further cautioned against heavy reliance on arguments that “causing” charges against compliance officers are fairly rare and tend to carry light sanctions, acknowledging that “even the SEC’s enforcement actions can be career-ending and are always traumatic events for their subject.” Thus, she recognized the need for greater transparency regarding why the SEC does and does not bring actions against compliance professionals: “In short, context matters, and we can provide more of it.” She also encouraged general discussion “about ways to provide guidance to compliance professionals about what a wholesale compliance failure means and how to avoid one,” appreciating that compliance officers are not governed by a “formal regulatory structure.”

Thus, Commissioner Peirce concluded that developing “[a] framework detailing which circumstances will cause the Commission to seek personal liability and which circumstances will militate against seeking personal liability would” both “help the compliance community by eliminating uncertainty and inspiring good practices” and “prove useful for … the SEC to use in deciding whether to charge CCOs.” Moreover, she argued, “[i]t also is time for us to examine how well the compliance rules under the Investment Advisers and Investment Company Acts are functioning” and “to provide greater clarity” to those roles. To do so, she suggested the creation of a “public-private advisory group” and generally encouraged greater dialogue between the SEC and compliance professionals.

November 19, 2020, Risk Alert ‒ OCIE Observations: Investment Adviser Compliance Programs

The OCIE Compliance Risk Alert generally provides guidance regarding the compliance programs of investment advisers. It also specifically addresses the role and duties of the CCO:

… the Compliance Rule [Rule 206(4)-7] requires each adviser to designate a [CCO] to administer its compliance policies and procedures. An adviser’s CCO should be competent and knowledgeable regarding the Advisers Act and should be empowered with full responsibility and authority to develop and enforce appropriate policies and procedures for the firm. The CCO should have a position of sufficient seniority and authority within the organization to compel others to adhere to the compliance policies and procedures.

The Risk Alert continues by listing examples of notable deficiencies or weaknesses identified by OCIE staff. Importantly, the first two focus on CCOs. The first is titled “Inadequate Compliance Resources,” and the first point under this subheading describes the SEC’s and OCIE’s longstanding concern with CCOs wearing “multiple hats.” It specifically describes this deficiency/weakness as follows:

CCOs who had numerous other professional responsibilities, either elsewhere with the adviser or with outside firms, and who did not appear to devote sufficient time to fulfilling their responsibilities as CCO. While CCOs may have multiple responsibilities, OCIE observed instances where such CCOs did not appear to have time to develop their knowledge of the Advisers Act or fulfill their responsibilities as CCO.

OCIE titled the next deficiency/weakness “Insufficient Authority of CCOs” and went into greater detail to describe this deficiency/weakness:

Insufficient Authority of CCOs. OCIE staff observed CCOs who lacked sufficient authority within the adviser to develop and enforce appropriate policies and procedures for the adviser. For example:

  • Advisers that restricted their CCOs from accessing critical compliance information, such as trading exception reports and investment advisory agreements with key clients.
  • Advisers where senior management appeared to have limited interaction with their CCOs, which led to CCOs having limited knowledge about the firm’s leadership, strategy, transactions, and business operations.
  • Instances where CCOs were not consulted by senior management and employees of the adviser regarding matters that had potential compliance implications.

As our readers know, we recommend that firms take the guidance in OCIE’s Risk Alerts very seriously, as OCIE staff and staff from the Division of Enforcement apply the guidance in OCIE’s Risk Alerts to their examinations and investigations.

OCIE Director Phil Driscoll’s Opening Remarks at the National Investment Adviser/Investment Compliance Outreach 2020

 OCIE Director Driscoll’s November 19, 2020, speech seeks to strike a somewhat different tone than the enforcement-focused tone of Commissioner Peirce’s speech and the examination deficiencies and weaknesses discussed in the OCIE Compliance Risk Alert. After opening remarks regarding the impacts of the pandemic on firms, OCIE Director Driscoll turned to this topic under the heading “Empowering Chief Compliance Officers” and a subheading, “Empowerment, seniority and authority.”

He started by reciting constructive points consistent with the OCIE Compliance Risk Alert, but then he turned and raised the following points to attempt to empower and encourage firms and CCOs:

  • OCIE observes good practices where CCOs are routinely included in business planning and strategy discussions and brought into decision-making early-on, not for appearances, but for their meaningful input.
  • OCIE notices CCO access and interaction with senior management, prominence in the firm, and when they are valued by senior management.
  • OCIE Director Driscoll pointed out that a good CCO can be a true “value-add” to the business; by keeping up with regulatory expectations and new rules, they can assist in positioning their firms not only to avoid costly compliance failures, but also provide pro-active compliance guidance on new or amended rules that may provide advisers with additional business options.

OCIE Director Driscoll concluded his speech by discussing the similarities between OCIE and CCOs:

Compliance officers are on the front lines to help ensure that registrants meet their obligation under applicable securities laws and regulations. We too are on the front lines and with a similar mission, and in many ways examiners and compliance officers and personnel are two-sides of the same coin. We cannot overstate a firm’s continued need to assess whether its compliance program has adequate resources to support its compliance function. Resources means a lot of different things, including training, automated systems and adequate staff to support firm growth, but perhaps most importantly, it means “empowerment.” Compliance must be integral to an adviser’s business and part of its senior leadership.

Conclusion/Takeaways

Although it is still unclear whether or how quickly the guidance discussed in this article takes hold, Commissioner Peirce’s observations and acknowledgements of the unique challenges compliance professionals face are encouraging. Similarly, OCIE Director Driscoll’s efforts to empower firms and CCOs regarding compliance programs and to emphasize the important role of the CCO are commendable. As we anticipate a Democrat-appointed Chair and more aggressive agendas for both the SEC’s enforcement and examination programs, firms and CCOs should heed this guidance and engage in any remedial efforts in this important area as soon as is reasonably practicable. That said, unfortunately none of this guidance addresses the historical and current opaque nature of the federal securities laws applicable to CCO potential liability.

This blog post was condensed from the December 1, 2020, edition of Faegre Drinker’s Enforcement Highlights. Read the entire article at https://enforcementhighlights.com/2020/the-secs-cco-guidance-month/.

Subscribe and Receive Alerts to New Articles

SUBSCRIBE
December 15, 2020
Written by: James G. Lundy, David W. Porteous and Victoria L. Andrews
Category: Compliance, OCIE, SEC, supervision

Post navigation

Previous Previous post: Broker-Dealer Regulation & Litigation Digest – Fall 2020
Next Next post: The DOL’s Fiduciary Interpretation and Exemption: Impact on Rollover Recommendations

Subscribe to Alerts

Recent Posts

  • Broker-Dealer Regulation & Litigation Digest – Winter 2021
  • FINRA’s Focus on Variable Annuity Switches Continues
  • SECURE Act 2.0: Key Provisions Affecting Retirement Plans
  • Recent State Fiduciary Duty Developments: Eight States Have Proposed or Finalized Best Interest Standards for Annuity Producers
  • The Second Phase of the SEC’s Reg BI Exams

Categories

  • 12b-1 Fees
  • 3270
  • 3280
  • 3290
  • Anti-Money Laundering
  • Arbitration
  • BD
  • Best Execution
  • Best Interest Contract Exemption
  • Best Interest Standard of Care
  • Business Continuity Planning
  • Churning
  • Class Certification
  • Compensation Issues
  • Compliance
  • Concurrent jurisdiction
  • Conflicts of Interest
  • Congress
  • Covered class actions
  • Covered securities
  • Credit
  • Cryptocurrencies
  • Customer Due Diligence Rule
  • Customer Protection
  • Cybersecurity
  • Dark Pools
  • Data Integrity
  • DOL Fiduciary Rule
  • Elder Abuse
  • Enforcement
  • Event Study
  • Examination
  • Exchange-Traded Funds (“ETF”)
  • exemptions
  • Fair Pricing
  • Fees
  • Fiduciary
  • Fiduciary Duty
  • Financial Services
  • FinCEN
  • FINRA
  • FINRA 2018 Annual Regulatory and Examination Priorities Letter
  • FINRA 360
  • FINRA Code of Arbitration Procedure 12204
  • FINRA Code of Arbitration Procedure 13204
  • FINRA Notice 13-45
  • FINRA Regulatory Notice 16-25
  • FINRA Rule 12200
  • FINRA Rule 13200
  • FINRA Rule 2111
  • FINRA Rule 2165
  • FINRA Rule 2232
  • FINRA Rule 3310(c)
  • FINRA Rule 4210
  • FINRA Rule 4512
  • FINRA Summary Report
  • Fixed Income
  • Fraud
  • Goldman v. City of Reno, 747 F.3d 733(2014)
  • Goldman v. Golden Empire Schools Financing, 767 F.3d 210(2014)
  • IA
  • Impartial Conduct Standards
  • In the Matter of Merrill Lynch, Pierce, Fenner & Smith Incorporated, Respondent (AWC 2009020188101/January 25, 2012)
  • Initial Coin Offerings
  • Investment Recommendation
  • Investor
  • IRA
  • Liquidity
  • Manipulation
  • Margin
  • Market Access
  • Market Access Controls
  • Mortgage
  • Mutual Funds
  • New FINRA Rule
  • OCIE
  • Office of the Solicitor General
  • Options
  • Outside Activities
  • Outside Business Activities (“OBA”)
  • Policies and Procedures
  • Price Impact
  • Private Securities Transactions (“PST”)
  • Private Securities Transactions of an Associated Person”
  • Prohibited Transactions
  • Prudence
  • Quantitative Suitability
  • Reading Health v. JP Morgan, No. 16-4234 (3d Cir. Aug. 7, 2018)
  • Reasonable Fees
  • Recommendation
  • Regulation Best Interest
  • Regulation SHO
  • Regulatory Notice 18-13
  • Retirement Account
  • Risk
  • Rollovers
  • SEC
  • SEC 2018 National Exam Program Examination Priorities
  • SEC Reg BI
  • SEC RIA Interpretation
  • Securities Act of 1933
  • Securities Class Action
  • Securities Litigation Uniform Standards Act of 1998 (SLUSA)
  • Senior Safe Act
  • Seniors
  • Service Providers
  • Short Sales
  • Suitability
  • supervision
  • Supreme Court
  • Surveillance
  • Technology Governance
  • UBS v. Carilion Clinic, 706 F.3d 319(2013)
  • Uncategorized
  • Unit Investment Trusts (“UIT”)
  • Verification of Assets and Liabilities

archives

  • 2021
    • March 2021
    • February 2021
    • January 2021
  • 2020
    • December 2020
    • November 2020
    • October 2020
    • September 2020
    • August 2020
    • July 2020
    • June 2020
    • May 2020
    • April 2020
    • March 2020
    • February 2020
    • January 2020
  • 2019
    • December 2019
    • November 2019
    • October 2019
    • September 2019
    • August 2019
    • July 2019
    • June 2019
    • May 2019
    • April 2019
    • March 2019
    • February 2019
    • January 2019
  • 2018
    • December 2018
    • October 2018
    • September 2018
    • August 2018
    • July 2018
    • June 2018
    • May 2018
    • April 2018
    • March 2018
    • February 2018
    • January 2018
  • 2017
    • December 2017
    • November 2017
    • October 2017
  • About Us
  • Contributors
  • Resources
  • Presentations
  • Visit the Faegre Drinker website

© 2021 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.
Privacy Policy

We use cookies to improve your experience with our website. By browsing our site, you are agreeing to the use of cookies. For more information about how we use cookies, please review our privacy policy and cookie policy. OK
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.