For far too long, the Securities and Exchange Commission (SEC) has taken the compliance industry for granted. That needs to alter.
Compliance officers serve as the SEC's gatekeepers, advising their employers on a daily basis on how to abide by the agency's rules not only to avoid being targeted for enforcement actions but also because it is the right thing to do. Customers and investors benefit when people abide by the rules. It is also profitable.
The regulatory agenda that the SEC is getting ready to implement is breathtaking in its breadth and depth. The agency is considering new regulations that would compel businesses to disclose their greenhouse gas emissions and encourage them to reduce their carbon footprint, improve cybersecurity defenses and how quickly they report data breaches, increase diversity on their boards of directors and in their workforces, and demonstrate that their environmental, social, and governance (ESG) goals for investment funds are more than just lofty ideals.
The SEC needs allies to carry out its agenda, not just to get it approved. Compliance officers are a regulator's ideal ally. They should be consulted as the SEC makes changes to its proposed rules, from the initial comment period to the final decision.
However, there is not much communication going on between the SEC and the compliance community—or at least not as much as compliance practitioners would like. Compliance officers are consequently more worried than ever that the SEC will single them out for enforcement action.
What can the SEC do, then, to assuage the compliance community's fears about chief compliance officer liability and persuade them to work enthusiastically with them rather than become potential targets of enforcement action?
Create your own CCO liability framework or use one that the compliance community has already created. CCOs want to know exactly how the regulator will evaluate their actions at companies where SEC rules have been found to have been broken, as well as how those rules will be applied. The National Society of Compliance Professionals (NSCP) and the New York City Bar Association both published CCO liability frameworks for the SEC to take into consideration.
Both frameworks are built around a set of questions CCOs want answered so they can better understand the various circumstances in which the SEC might hold a CCO accountable for misconduct that took place under their watch, for what has previously been referred to as "wholesale failure" to fulfill compliance obligations.
In a recent statement regarding a case in which the CCO, Jeffrey Kirkpatrick, was disciplined for wrongdoing by an investment adviser representative at his firm, SEC Commissioner Hester Peirce stated that "the compliance obligation belongs to the firm, not to the CCO."
"Reminding firms that compliance is their responsibility helps to ensure that they dedicate adequate resources to, and appropriately defer to the judgment of, their compliance departments," according to her. She claimed that failing to do so deters qualified compliance professionals from pursuing careers in the industry.
Peirce has been the most vocal supporter of the SEC enacting a CCO liability framework among current and recently retired commissioners. She is currently the only member of the five-member commission, and as a Republican, she is in the minority. That gives me more than a little hopelessness.
How could the SEC assess the current CCO liability frameworks and possibly create something that would be acceptable to the organization and the compliance community?
The first step would be to establish an advisory committee with two Democratic and Republican SEC commissioners and compliance professionals. The committee might research current CCO liability frameworks and follow their example in creating their own. Both parties would benefit from the process as the compliance community could strengthen its relationship with the SEC.
In the interim, the compliance community would like the SEC to provide more details into how it decides whether to charge a CCO. Risk alerts or official agency statements may serve as general direction. However, details about particular instances where a CCO is charged would also be useful.
Partners at the law firm Eversheds Sutherland, Brian Rubin and Adam Pollet, recently published a critique of the allegations made against Kirkpatrick by the SEC. Rubin also serves on the NSCP's board of directors.
The article demanded more information from the SEC regarding the enforcement actions taken against CCOs. Understanding whether the CCO has the power, responsibility, or capacity to take action within the company if they find wrongdoing is crucial. Whether Kirkpatrick had the authority to demand that an independent advisory representative complete an outside business activity form is the crux of the prosecution's case against him. He did, according to the SEC, and Peirce agreed with them.
Rubin and Pollet countered that the SEC had not offered sufficient proof to support that claim. Additionally, they wanted the agency to elaborate on what was meant by a "inadequately implemented" compliance program, who was in charge of the independent advisory representative, why some transactions were deemed to not be "legitimate," how the CCO dealt with them, and the "insufficient" measures the CCO took to enforce the company's policies and procedures.
" Enforcement actions are to provide ‘guidance’ to market participants so that other firms and individuals will ‘do the right thing’ in the future, protecting other clients and the marketplace. But the order did not do that. What it does, instead, is to create the appearance that CCOs have targets on their backs and that the SEC will continue to second-guess CCOs’ conduct," they wrote
It does not seem appropriate to treat a partner in that manner.
By fLEXI tEAM