FINRA’s Olive Branch on CCO Liability
FINRA, the regulator for broker-dealer firms, is trying to ease tensions over chief compliance officer liability with a new alert stressing that FINRA typically will not bring enforcement actions against CCOs personally because compliance officers don’t inherently have a supervisory role at their firms.
FINRA published the alert late last week, after several pleas from legal and compliance groups for regulators to clarify when a CCO would or wouldn’t be subject to enforcement actions for a compliance failure at the CCO’s firm. FINRA didn’t outright say the alert was in response to those calls for clarity, but clearly this guidance was meant as a gesture to the compliance community.
Essentially, the alert makes clear that compliance officers do not inherently have a supervisory role at the broker-dealer firm, where they might face individual liability for a compliance program failure. Rather, the assumption is that a compliance officer acts in an advisory role (meaning no personal liability) unless the firm designates the chief compliance officer to act in a supervisory capacity. Only then could he or she face liability under FINRA Rule 3110, which says supervisory personnel can face liability for compliance failures.
“Chief compliance officers play an important role in facilitating compliance by promoting strong practices that protect investors and market integrity. That does not automatically make them supervisors, subject to FINRA’s supervisory requirements,” Jessica Hopper, FINRA’s head of enforcement, said in a statement. “This notice helps to clarify when a CCO is — and is not — subject to potential liability under FINRA’s Supervision rule.”
Or, as the FINRA alert says:
A CCO is not subject to liability under Rule 3110 because of the CCO’s title or because the CCO has a compliance function at a member firm. A CCO will be subject to liability under Rule 3110 only when — either through the firm’s written supervisory procedures or otherwise — the firm designates the CCO as having supervisory responsibility.
And how can a firm “designate” the CCO as having supervisory responsibility? Several ways, FINRA said:
- Written procedures can assign to the CCO the responsibility to establish, maintain and update written supervisory procedures, either generally or for specific areas, such as electronic communications.
- Written procedures can assign to the CCO responsibility for enforcing the firm’s written supervisory procedures or other specific oversight duties usually reserved for line supervisors.
- The firm’s president “or some other senior business manager” might also expressly or impliedly designate the CCO as having specific supervisory responsibilities on an ad hoc basis.
- Or the CCO might be asked to take on specific supervisory responsibilities as circumstances demand, such as the review of trading activity in customer accounts or oversight of associated persons.
The first two of those four ways don’t alarm me too much; if the written procedures seem a bit too uncomfortable for a CCO, you can at least try to negotiate for better terms or more resources. The latter two points seem more vague. They give room for senior management to foist supervisory duties onto the CCO.
‘Reasonably Discharging’ Supervisory Duties
Even when the CCO does have supervisory duties, FINRA stressed that it won’t rush to bring charges against a compliance officer. Rather, enforcement officers will consider whether the compliance officer “reasonably discharged his or her designated supervisory responsibilities” — which is the same standard FINRA uses for enforcement actions against any supervisory personnel.
Fair enough, but FINRA was not terribly clear on what “reasonably discharged” actually means:
Whether a CCO’s performance of these responsibilities was reasonable depends upon the facts and circumstances of a particular situation. When assessing potential liability under Rule 3110, FINRA will evaluate whether the CCO’s conduct in performing designated supervisory responsibilities was reasonable in terms of achieving compliance with the federal securities laws, regulations, or FINRA rules.
What? You were expecting a bright-line standard that might ease compliance officers’ worried minds? We’re talking about a government regulator here. Dream on.
Still, even when FINRA does decide that a CCO failed to reasonably discharge his or her duties, that does not automatically mean an enforcement action against the compliance officer. FINRA’s alert listed several factors, both aggravating and mitigating, that it would consider before bringing a charge.
The aggravating factors:
- The CCO was aware of multiple red flags or actual misconduct and failed to take steps to address them;
- The CCO failed to establish, maintain, or enforce a firm’s written procedures as they related to the firm’s line of business;
- The CCO’s supervisory failure resulted in actual violations; and
- Whether that violative conduct caused or created a high likelihood of customer harm.
And the mitigating factors:
- The CCO was given insufficient support in staffing, budget, training, or otherwise to reasonably fulfill his or her designated supervisory responsibilities;
- The CCO was unduly burdened in light of competing functions and responsibilities;
- The CCO’s supervisory responsibilities, once designated, were poorly defined, or shared by others in a confusing or overlapping way;
- The firm joined with a new company, adopted a new business line, or made new hires, where it would be appropriate to allow the CCO a reasonable time to update the firm’s systems and procedures; and
- The CCO attempted in good faith to reasonably discharge his or her designated supervisory responsibilities by, among other things, escalating to firm leadership when any of the prior issues were occurring.
Even after all those factors, FINRA added, enforcement officers will still also consider whether it’s more appropriate to charge the firm or senior managers rather than the CCO; or whether it’s wiser to give the CCO a cautionary letter rather than a formal enforcement action, especially if this was the CCO’s first offense.
Is All This Enough?
Clearly FINRA is trying to win over the compliance community by walking through a litany of issues it will consider before charging a compliance officer. Both the National Society of Compliance Professionals and the New York City Bar Association have advocated for more clarity on CCO liability — and even if this alert from FINRA doesn’t implement all their proposals, its structure and direction are very much in step with what the NYC Bar Association and the NSCP want to see.
To that point, Brian Rubin, a partner at law firm Eversheds and a member of the NSCP’s regulatory advisory committee, published a statement last week saying it was “terrific” that FINRA acknowledges compliance officers aren’t supervisors by default. “The devil, as always, will be in the details,” Rubin said, but he also added, “The bottom line is that FINRA is providing some comfort to CCOs.”
Next we’ll need to see whether the SEC puts out any similar statement, although I won’t hold my breath.
Plus, as always, enforcement actions against compliance officers are rare. Beyond the investment world, such actions are essentially unheard of. Regulators know that compliance officers are valuable allies; they don’t want to alienate you. So when I hear about CCO liability cases, I give the regulator the benefit of the doubt and look at the facts closely. They’re often not flattering to the CCO.