For nearly a decade now, regulators have placed the Chief Compliance Officer (“CCO”) squarely within the sights of enforcement, on the logic that holding CCO’s individually liable for violations would prompt robust compliance programs, and deter lackluster supervision. The reasonableness of such assumptions is a topic for a different post. However, despite these drastically raised the stakes for compliance leadership, many institutions fail to keep pace with appropriate corporate governance attention, respect, and funding needed to keep CCOs out of harm’s way.
Some further argue that regulatory enforcement’s focus on CCOs has a chilling effect on the industry, with significant personal risks driving experienced compliance leadership from their roles. And their concerns are not idle.
Earlier this year, FINRA took aim at CCOs for conflicts of interest in accepting “dual hat” roles where compliance responsibilities were at odds with operational roles, and found that such conflicts “failed to observe high standards of commercial honor.” FINRA imposed hefty fines to boot.
In April, the SEC filed an action against an investment adviser for cherry picking trades for special clients and favoring personal accounts, and leveled fraud allegations against the CCO for signing annual (ADV) disclosures that stated that trades were “allocated fairly.” (See https://www.sec.gov/litigation/litreleases/2021/lr25042.htm)
What is responsible policing of the (compliance) police? The New York City Bar Association, in conjunction with a few financial services trade organizations, published their answer to this thorny question in June, offering a framework for the SEC to adopt in considering CCO liability: https://s3.amazonaws.com/documents.nycbar.org/files/NYC_Bar_CCO_Framework.pdf. For any CCO, compliance professional, executive or audit committee, its considerations are illuminating.
The report encourages the SEC to consider factors such as:
1) General: Does the CCO conduct charge help fulfill the SEC’s regulatory goals?
2) “Wholesale Failure”: Did the CCO fail to make a good faith effort to fulfill his or her responsibilities? Does the failure represent a lapse in an otherwise well-run compliance program? Or has the SEC issued recent guidance that puts the CCO on notice of this particular failure?
3) Active Participation: Did the CCO’s conduct facilitate the fraud?
4) Obstruction: Did evidence show an intent to deceive the SEC? Did the CCO course correct after being told of conduct viewed as obstructionist?
While regulators consider these recommendations, compliance obligations continue. Recent regulatory guidance indicates that failing to follow policies and procedures in remote working and client engagement environments will be a top priority for exams. As remote client engagement is the central feature of robo-advisers, they should expect top to bottom review of their processes. The NY Bar questions happen to be a good place to start to evaluate the health of your compliance procedures and the risks to your CCO.