Reframing RIA Compliance: Seeing CCO Liability in a New Context
Last year, the Joot Blog wrote about a Framework for Chief Compliance Officer Liability in the Financial Sector suggested by the New York City Bar Association Compliance Committee, the Association for Corporate Growth, the American Investment Council, and the Securities Industry and Financial Markets Association. Collectively, these organizations wanted the SEC to adopt a framework for determining when enforcement actions should be brought against individual chief compliance officers (CCOs). The framework presented a list of affirmative and mitigating factors for the SEC to consider when evaluating whether to hold CCOs personally liable for compliance violations. It also highlighted some of the key challenges that CCOs face at financial services firms, including the difficulty they encounter in getting employees to adopt and follow certain policies and procedures as well as the tendency for industry participants to oversimplify and undervalue compliance.
This month, SEC Commissioner Hester M. Peirce issued a statement about CCO liability in response to a recent SEC enforcement action. In the statement, Commissioner Peirce reaffirms that "CCOs play a vital role in ensuring that investment advisers, broker-dealers, and other registered entities comply with the securities laws.” She goes on to explain: “A good CCO expertly weaves compliance into all of a firm’s activities. Attracting well-qualified people to the profession is important, and fears of facing liability for someone else’s missteps can dissuade excellent candidates from seeking compliance jobs."
Commissioner Peirce then discusses the recent SEC enforcement action as a use case scenario of the NYC Bar Association’s CCO liability framework. In her statement, Commissioner Peirce applies several questions from the CCO liability framework to this specific case to illustrate how the framework functions in practice. These questions were designed to assess whether a “wholesale failure” occurred at a given firm, preventing certain compliance obligations from being met. These questions include the following:
- Did the CCO not make a good faith effort to fulfill his or her responsibilities?
- Did the wholesale failure relate to a fundamental or central aspect of a well-run compliance program at the registrant?
- Did the wholesale failure persist over time and/or did the CCO have multiple opportunities to cure the lapse?
- Did the wholesale failure relate to a discrete specified obligation under the securities law or the compliance program at the registrant?
- Did the SEC issue rules or guidance on point to the substantive area of compliance to which the wholesale failure relates?
- Did an aggravating factor add to the seriousness of the CCO’s conduct?
Commissioner Peirce also addresses potential criticism that the recent SEC enforcement action didn’t offer enough clarity into the compliance failures identified in this case: “Our orders provide the greatest value when they include sufficiently detailed information and explanations so that the public can understand the particular facts of a given case and how it fits into any liability framework. Although greater specificity may have been helpful for some purposes, I believe the Order lays out a sound basis for concluding that this CCO’s conduct here fell materially short.” Commissioner Peirce concludes her statement by inviting ongoing conversation around “designing a properly calibrated CCO liability framework.”
At Joot, we continue to encourage firms to think differently about compliance. As we've written before, compliance isn’t operational baggage; it’s operational freedom. A well-run compliance program protects the integrity of a firm's business and frees employees to focus on doing their best work, including acting in clients’ best interest and increasing the firm’s revenue. For investment advisory firms, a healthy compliance program not only protects business but carves paths for future growth.
If you need help getting your compliance program up to speed, please get in touch. We’d love to hear from you.