FINRA Publishes Guidance on CCO Liability
March 29, 2022
The question of how to define the parameters of potential liability for compliance officers (CCOs) in the financial services industry has been around for years, with many believing that the lack of clarity hampers CCOs’ compliance effort for fear of being subject to personal liability. To address the issue of CCO liability, FINRA recently published guidance outlining when CCOs have and may be liable for failing to discharge their supervisory responsibilities.
The guidance is clear that the CCO’s role, in and of itself, is advisory, not supervisory, and that the CCO is responsible for overseeing written compliance guidelines setting forth the applicable rules and policies the firm must adhere to, but not for business line supervision unless delegated that responsibility. FINRA will generally not bring an action against a CCO for failure to supervise except when the firm conferred upon the CCO supervisory responsibilities and the CCO then failed to discharge those responsibilities in a reasonable manner.
FINRA does not oversee investment advisers, but its new guidance might be helpful in thinking about the SEC’s enforcement approach. In a November 2015 speech, Andrew Ceresney, then Director of the SEC’s Division of Enforcement, outlined the three areas where the Enforcement Division generally brings cases against CCOs. According to Director Ceresney, the SEC will bring cases against CCOs where they have directly engaged in misconduct unrelated to the compliance function, attempted to obstruct or mislead the SEC staff, or exhibited a “wholesale failure” to carry out their responsibilities as CCOs.
As a general matter, the SEC and FINRA agree that CCOs should not fear enforcement action if they perform their responsibilities diligently, in good faith, and in compliance with the law. However, while the SEC and FINRA engage in a careful and measured approach to determine whether an enforcement action should be brought against a CCO, one common theme is that many SEC and FINRA enforcement actions involve CCOs who also occupy another position at a firm, such as CFO or CEO, and that the liability is based upon the non-CCO position they hold within a firm’s management structure. Director Ceresney made this point explicitly, stating that often the CCOs involved in affirmative misconduct wear other hats in addition to their CCO hat and it is frequently their actions in those other roles that lead to an enforcement action.
Even where CCOs do not hold a separate title or specific non-CCO job function, where they have been delegated supervisory responsibility, they will be subject to the rules governing the non-compliance functions and may be liable for supervisory failures, especially where the failures created a high likelihood of client harm. Thus, it would be prudent for CCOs to make clear in writing that their function is to oversee compliance policies and procedures and that management has responsibility for making sure the firm’s staff follow them.
According to the FINRA guidance, factors that would mitigate against bringing an action against a CCO include whether the CCO had enough resources and support, whether their responsibilities were poorly defined or there was unclear overlapping of responsibility, whether the CCO acted in good faith, including, for example, whether the CCO escalated the issue to firm leadership, and whether there is a more appropriate individual for FINRA to pursue in an enforcement action.