Gurbir Grewal, the head of enforcement at the Securities and Exchange Commission (SEC), has outlined the specific scenarios in which the agency might bring charges against a chief compliance officer for violations of securities laws.
Speaking at the New York City Bar Association's Compliance Institute, Grewal stressed that the SEC does not seek to question the good faith judgments made by compliance personnel after conducting reasonable inquiry and analysis, making such actions rare. He identified three situations in which charges against compliance officers might be considered: Grewal stated, "The short answer is that we do not second-guess good faith judgments of compliance personnel made after reasonable inquiry and analysis. That is why such actions are rare."
Regarding the first category, Grewal explained, "The first category is easy: being a member of the compliance function is not a ‘get-out-of-jail’ card." He added, "[W]hen compliance officers violate the securities laws in ways that have nothing to do with exercising their compliance responsibilities, they are held accountable just like anyone else."
In the third category, referred to as the "wholesale failure" category, Grewal acknowledged that many compliance officers have requested more clarity from the SEC. He elaborated further during a question-and-answer session, stating, "If someone was aware of red flags, we'd ask, 'How did they respond to them or fail to respond to them?' This can't be a check-the-box exercise. We ask that you think about the risks your entity is dealing with and take steps to enforce those policies and procedures."
He provided an example, saying, "If a compliance officer was involved in the process of creating disclosures and those disclosures were inaccurate, 'I think it's fair game.'"
The third category has raised concerns among compliance officers, as they often do not control access to information within a firm or have the final say on the contents of a disclosure. They may work in organizations with a weak compliance culture or limited support from top leadership, making it challenging to vet information adequately. In such cases, it remains unclear whether the SEC would hold the compliance officer responsible or complicit in securities law violations.
Grewal also mentioned enforcement actions stemming from what the SEC considered to be wholesale failures by compliance officers or those in gatekeeper roles. One case involved a former partner at an accounting firm who faced a $75,000 penalty and suspension for failing to address numerous quality control deficiencies linked to the firm's special purpose acquisition company client boom. Another case involved the Chief Compliance Officer of a registered investment firm who was fined $25,000 for neglecting to develop and implement the firm's compliance policies and code of ethics from 2012 to 2021. The CCO had adopted a professional trade organization's compliance handbook as the firm's written compliance policies over that period and failed to conduct compliance training, annual reviews, or the adoption and enforcement of a code of ethics, according to the SEC.
In summary, Grewal clarified that while the SEC does not second-guess good faith judgments of compliance personnel, there are specific circumstances where charges against compliance officers may be pursued, primarily related to misconduct, misleading regulators, or wholesale failures in compliance responsibilities. The line between CCO liability and organizational factors remains a topic of concern for many compliance professionals.
By fLEXI tEAM