SEC member Hester Peirce has raised concerns about the potential regulatory liabilities facing chief compliance officers (CCOs) and has suggested the commission – and the compliance profession – develop new guidance.
In a speech earlier this month, Peirce said she shared fears some observers have raised that a growing ‘specter of personal liability’ may lead to some talented individuals giving up a career in compliance. She noted that the New York City Bar earlier in 2020 published a report outlining this and other issues and offering recommendations.
The question of how to define CCOs’ personal liability has been debated for several years following a number of high-profile SEC enforcement cases. But Peirce said concerns ‘have increased over the past two years. Compliance officers’ responsibilities are growing, but the nature of the liability they face in executing those responsibilities remains unclear.’
She noted that a former director of the SEC’s enforcement division in 2015 described three broad categories of cases where the commission has charged CCOs:
- Where they participated in the underlying misconduct unrelated to their compliance duties
- Where they obstructed or misled SEC officials
- Where, in the director’s words, ‘the CCO has exhibited a wholesale failure to carry out his or her responsibility.’
The first category should not be controversial, Peirce said: ‘After all, serving in a compliance capacity is not a get-out-of-jail-free card for clearly unlawful conduct. If it were, lots of bad actors would want the compliance officer title to shield them from liability.’ She also noted that she had recently supported a case in which the SEC’s allegations fell under the second category.
‘The third category of cases – those involving a wholesale failure of a compliance officer – is the one that understandably generates the most controversy and is the most challenging area for me,’ Peirce told her audience. She noted that in such cases the commission usually charges the compliance officer with aiding and abetting the company’s violations, causing the company’s violations, or both, and that the distinctions between these charges is important.
In order to establish that a compliance officer aided and abetted the company’s violation, the commission needs to show that the person engaged in reckless conduct. ‘This standard is not simply negligence on steroids; rather, the evidence must show that there was a danger so obvious that the [compliance officer] must have been aware of [it],’ Peirce said.Â
But in order to establish in an administrative proceeding that a compliance officer was the cause of a company’s violation, the commission need only show that the individual committed ‘an act or omission the person knew or should have known would contribute’ to the violation.
The SEC and courts have taken the ‘should have known’ language as setting a negligence standard for liability, Peirce said: ‘Thus, where a company has committed a violation that does not require scienter – such as failing to have sufficient policies and procedures – a compliance officer can be held to have caused the violation based on his/her own negligent conduct.’
This concerns Peirce, who said: ‘Just because the commission can do something under our rules does not mean that we should do it… Indeed, charging CCOs based on mere negligence could be harmful to our efforts to foster compliance because it dissuades people from taking jobs in compliance and can encourage dishonest efforts to cover up failings rather than openly correcting them.’ Compliance officers are key to a company’s compliance efforts, ‘but an overly aggressive approach to charging CCOs when something goes wrong shifts responsibility for compliance from the firm to the CCO,’ she added.
‘[W]e should think about ways to provide guidance to compliance professionals about what a wholesale compliance failure means and how to avoid one,’ Peirce said. ‘Some of that guidance comes not from a regulator but organically through what you are doing right now: co-ordinating and collaborating with your fellow compliance professionals.’
The commission can also provide guidance in the context of enforcement actions, or absence thereof, she noted. If the SEC provided details about why it has charged a CCO it may reassure diligent and well-intentioned compliance officers, Peirce said. Equally, if the SEC provided information when it does not charge a CCO it would help explain what constitutes doing the job properly, the commissioner added.
‘A framework detailing which circumstances will cause the commission to seek personal liability and which circumstances will militate against seeking personal liability would help the compliance community by eliminating uncertainty and inspiring good practices,’ Peirce said.
‘Such a framework would also prove useful for me and my colleagues at the SEC to use in deciding whether to charge CCOs. To further this approach, I am considering developing a draft framework to share with my colleagues. I welcome your input on what factors you believe are relevant to the decision about whether to charge compliance personnel.’
Overall, the best route for creating greater clarity is through collaboration, Peirce suggested. She noted that the New York City Bar report lays out some ‘sensible recommendations’ including creating public-private advisory groups that would discuss regulatory, examination and enforcement efforts.