It is staggering to consider how much a chief compliance officer has to lose when his or her company faces regulatory enforcement.

The actions of one rogue employee—however major or minor—are enough to disrupt any CCO’s career path. Competition for top-level compliance jobs is stiff, and with hiring processes often mirroring window shopping, the sight of any misconduct that occurred under a CCO’s watch at a previous employer is enough to sabotage one’s credentials.

It is with this in mind that the New York City (NYC) Bar Association earlier this month proposed a framework for regulators—namely, the Securities and Exchange Commission (SEC)—to use when considering charging CCOs or their companies. The framework strives to express just how much of an uphill battle CCOs inherently face and the vulnerability that such a position creates.

“The system designates CCOs as personally responsible for something—securities law compliance at their firms—that is ultimately determined by other human beings whom the CCO cannot control and, as a cost center, is poorly suited to do so,” the framework states.

Acknowledging this underscores the importance of setting the CCO aside from the company. The relationship between the two is often one-sided in favor of the business. The SEC and other regulators assure they will punish companies that do not support their CCOs, but this is of little comfort to a compliance officer whose career would be damaged by any enforcement taken against their employer, as the NYC Bar notes. Talk about a catch-22.

One suggestion the framework offers is that the SEC take care to note the contributions of a CCO to its investigation. Mitigating factors are often shared in the context of an institution, not an individual. If the point is to demonstrate what the job looks like done right, what better way than to highlight the work of the person doing it?

“Context matters, and we can provide more of it,” said SEC Commissioner Hester Peirce in discussing CCO liability during an October 2020 speech. Eight months later, the same could still be said.

Just two days after the NYC Bar’s proposal, the SEC announced settled charges with investment adviser VII Peaks Capital. The firm was cited for breaching its fiduciary duty by engaging in transactions that benefitted it to the detriment of its client, VII Peaks Co-Optivist Income BDC II.

In short, VII Peaks Co-Owner and Chief Investment Officer Gurprit Chandhoke oversaw the relationship between his company and the BDC and allegedly retained due diligence fees paid from the BDC to VII Peaks for third-party consultants that were never hired. The SEC individually sanctioned Chandhoke but also penalized Michelle MacDonald, CFO of the BDC, for “causing” the alleged breaches of fiduciary duty by exhibiting negligence in not properly disclosing the mishandling of the fees.

MacDonald is also CCO of VII Peaks, but her work in that capacity—good or bad—is not specifically acknowledged further in the SEC’s complaint. Context is nowhere to be found.

Any guidance regarding CCO liability will only be as strong as it is transparent. As much as it benefits CCOs to understand in what situations they may face charges, it is equally necessary to explain what mitigating factors will help a CCO to get themselves or their company off the hook. The latter is just as important, as it tends to take the former down with it.

The NYC Bar suggests the formation of a compliance advisory committee where “regulators and CCOs can work together for mutual benefit.” I add emphasis to mutual, because that’s where the current system falls short. Whether it’s the company or regulators, compliance is more give than take, and it’s long overdue for the scales to be balanced.

The stakes are high when it comes to working in this profession. The NYC Bar’s framework simply seeks that recognition. Is that too much to ask?