Ceresney: SEC Takes ‘Careful, Measured Approach’ to CCO Liability

It is stating the obvious to say that compliance officers are on edge these days amid recent enforcement actions that have underscored their risk of personal liability. Once again, Andrew Ceresney, director of the Securities and Exchange Commission’s Division of Enforcement, is trying to sooth some of the angst.

Speaking at the National Society of Compliance Professionals’ national conference in Washington D.C. this week, he offered fresh perspective on how the division approaches enforcement cases that involve compliance personnel. In summary, the actions causing concern are “rare instances” that do not involve the exercise of good faith judgments and, instead, punished misconduct.

“We and the Commission carefully weigh recommending and bringing actions against CCOs. We look hard at the facts and fairness concerns in each case,” Ceresney said. “The overwhelming majority of the cases we bring involve CCOs who crossed a clear line by engaging in affirmative misconduct or obstructing regulators, or who wore multiple hats.”

These cases aren’t as much a concern, he said, as “the small number of cases where we have charged CCOs with causing violations,” where the CCOs “exhibited wholesale failures in carrying out responsibilities that were clearly assigned to them.”

As part of an investigation, the Enforcement Division will look at the role of the company’s compliance department. Are compliance personnel included in critical meetings? Are their views typically sought and followed? Do compliance officers report to the CEO and have significant visibility with the board? Is the compliance department viewed as an important partner in the business and not simply as a support function or a cost center? Is compliance given the personnel and resources necessary to fully cover the entity’s needs?

 “Far too often, the answer to these questions is no, and the absence of real compliance involvement in company deliberations can lead to compliance lapses, which, in turn, result in enforcement issues,” Ceresney said.

“I recognize that it can be difficult for compliance professionals to stand up to management, particularly in organizations where they are not supported,” he added. “I also recognize that compliance personnel may sometimes lack the resources and information to do their jobs effectively. In the end, while compliance officers have certain responsibilities, it is the business that is primarily responsible for compliance with the law.” He cited recent cases where CCOs were not held responsible for compliance failures, executives who rebuffed their advice and demands for necessary resources were. “We will aggressively pursue business line personnel and firms who mislead or deceive you, or obstruct the compliance function, or who fail to support you in a manner that causes compliance violations,” he told the audience.

Cases where the SEC charges compliance officers are infrequent and, echoing recent remarks by Chairman Mary Jo White, CCOs have little to fear if they perform their responsibilities diligently, in good faith, and in compliance with the law. Enforcement actions are warranted only when the CCO’s “conduct crossed a clear line.”

Actions against CCOs generally fall into three categories. In the first category are cases where they were affirmatively involved in misconduct, especially if it harmed investors, Ceresney said. CCOs who attempt to obstruct or mislead Commission staff are also likely to face repercussions. For example, a former Wells Fargo Advisors compliance officer who altered a document before it was provided to the SEC during an insider trading investigation was held liable for violating federal securities laws.

More problematic, in many ways, are cases where compliance officers “ exhibited a wholesale failure to carry out his or her responsibilities.” Ceresney detailed enforcement statistics to illustrate that, at least in the investment advisers space, these remedies are rare. The Commission has brought more than 8,000 enforcement actions since 2003, and 807 in fiscal year 2015 alone. Of those, 1,300 were investment adviser/investment company cases.  During this 12-year period, the SEC has only brought five enforcement actions against individuals with CCO-only titles affiliated with investment advisers that involved charges under Rule 206(4)-7 and other compliance-related violations, where there wasn’t otherwise efforts to obstruct or mislead Commission staff.

“Recent charges against the CCOs do not signal a change in how enforcement staff or the Commission approaches the issue of CCO liability,” Cresney said. “The facts in each case demonstrate why the Commission held the CCO responsible for causing his firm’s compliance failures. Being a CCO does not provide immunity from liability. When CCOs completely fail in their responsibilities, and particularly when significant investor harm results, it is appropriate for us to address that misconduct.”

 “There has been no change in our longstanding careful and measured approach to determining whether we should charge a CCO,” he added.