On October 29, 2018, the Securities and Exchange Commission issued an opinion that shed significant light on how it thinks about chief compliance officer (CCO) liability. Even though the case involved a CCO of a broker-dealer, it is relevant more broadly to all CCOs, including those at private funds.
In the case, In the Matter of the Application of Thaddeus J. North for Review of Disciplinary Action Taken by FINRA, the SEC upheld a FINRA decision finding that Thaddeus North, the CCO of a registered broker-dealer, had failed: (1) to establish a reasonable supervisory system to review electronic correspondence, (2) to reasonably review electronic correspondence, and (3) to report the firm’s relationship with a statutorily disqualified person. The SEC affirmed the sanctions imposed by FINRA: a two-month suspension in all principal and supervisory capacities and a 30-day suspension in all principal and supervisory capacities to run consecutively; a $40,000 civil penalty; and the payment of hearing and appeal costs.
In deciding the North matter, the SEC examined the questions of whether and when it is appropriate to bring an enforcement action against a CCO. There are five key takeaways for CCOs – including those at private funds – from that discussion.
1. The SEC left open the possibility that it may charge CCOs based on simple negligence
In recent years, there has been a sometimes public debate among various constituencies within the SEC over whether it is appropriate for the agency to bring enforcement actions against CCOs based on negligence. As commissioner Daniel M. Gallagher explained, “[g]iven the vitally important role played by compliance personnel, I am very concerned that continuing uncertainty as to the contours of liability under Rule 206(4)-7 will disincentivize a vigorous compliance function at investment advisers.”
The North matter offered the SEC an opportunity to provide greater clarity regarding the contours of liability for CCOs and to limit future cases against CCOs based on negligent conduct. The SEC could have explained that, as a matter of policy, it is only appropriate to charge CCOs who engage in knowing or reckless conduct, even while affirming the FINRA decision against North. Instead, the SEC stated only that “in general, good faith judgments of CCOs made after reasonable inquiry and analysis should not be second-guessed.” That is little more than saying that the SEC will not bring charges against a CCO who has not acted negligently on a strict liability theory; it is not clear that the SEC would have a legal basis to bring such a claim against a CCO. Thus, North leaves open the possibility that the SEC will bring negligence-based claims against CCOs in the future, for example, based on causing a compliance rule failure (Rule 206(4)-7).
2. The SEC provided guidance regarding when it will typically bring an action against a CCO
The commission stated that charging decisions against CCOs “generally are straightforward” when, absent mitigating circumstances, “a CCO engages in wrongdoing” or “attempts to cover up wrongdoing.” This is consistent with prior statements by Andrew Ceresney, the director of enforcement under the prior SEC chair, Mary Jo White.
The commission also explained that charging decisions against CCOs are generally straightforward when a CCO “crosses a clearly established line, or fails meaningfully to implement compliance programs, policies and procedures for which he or she has direct responsibility.” This guidance is less clear. It is not clear from the opinion exactly what the SEC means by “clearly established lines” or a failure “meaningfully” to implement a compliance program.
3. The commission articulated a standard for “grey area” cases that amounts to “we know it when we see it”
The Commission explained that “when the facts and circumstances of matters fall outside these relatively clear examples of where liability should or should not attach, liability determinations will require matter-specific analysis and informed judgment.” That seems to be another way of saying that “we know it when we see it.”
The question of when to bring an action against a CCO is a complicated one, with important policy considerations on both sides of the argument. It may be that a “matter-specific analysis and informed judgment” is the best the SEC can do in providing guidance on the standard for CCO liability, particularly when trying to craft a standard that is agreed upon by all five commissioners (the North opinion was unanimously approved by all five current commissioners). But for a CCO trying to determine whether or when he or she may be subject to liability, this seems less than satisfactory. It is a standard that leaves CCOs forced to speculate about how the SEC will apply its matter-specific analysis and informed judgment.
4. When dealing with a significant compliance issue, carefully document your response
As noted above, the SEC explained that, “in general, good faith judgments of CCOs made after reasonable inquiry and analysis should not be second-guessed.” Accordingly, when confronting a significant compliance issue, a CCO should carefully document the steps taken to investigate the matter, the actions taken and the rationale behind those actions – all with an eye towards being able to explain in the future how the CCO made good-faith judgments based on a reasonable investigation and analysis.
5. If possible, avoid wearing multiple hats
In a speech she gave a day after the North opinion, commissioner Hester M. Peirce warned that a CCO wearing multiple hats at a firm my face greater risk of being subject to second-guessing. She recommended that a CCO make certain that their CCO and non-CCO functions are clearly delineated in writing, preferably in the CCO’s employment agreement. She also cautioned that CCOs should avoid employment or other agreements that suggest that the CCO is somehow “responsible for ‘ensuring’ that the firm will comply with the securities laws.” Obviously, a CCO who has that responsibility within a firm faces a much higher risk that he or she may be subject to an enforcement action in the event that the firm violates a provision of the securities laws.
Bottom Line: CCOs should be careful when confronted with a significant compliance issue. In the North opinion, the SEC has left open the possibility that it may second-guess a CCO’s actions in responding to such a problem and rely on simple negligence (i.e., causing a compliance rule violation) in bringing charges.
There is no reason for panic right now – the current commission and Division of Enforcement have demonstrated a thoughtfulness that suggests that they are unlikely to take an aggressive approach towards CCO liability any time soon. But the SEC operates under a five-year statute of limitations for seeking penalties and disgorgement. As a result, conduct that takes place today may not be evaluated through the lens of an enforcement action until many years later – when there may be a very different commission with a very different approach to actions against CCOs. And there is no way of knowing what a “we know it when we see it” approach may look like then.
Sam Waldon is a partner in Proskauer’s Litigation Department with a focus on securities and asset management litigation. Erica Jones is a litigation law clerk in Proskauer’s Washington, DC office with a particular focus on securities litigation.