Whether chief compliance officers have supervisory authority is key to the Financial Industry Regulatory Authority’s (FINRA) determination of CCO liability, the organization clarified in a regulatory notice Thursday.

FINRA stated it considers a CCO’s role to be advisory in nature, not supervisory. The responsibility to oversee the compliance function at a regulated broker-dealer lies with the management of the firm, including senior management and supervisors.

Only in the case of a firm specifically conferring supervisory obligations to a CCO will that CCO be considered for punishment in an enforcement action under Rule 3110, which covers supervision and supervisory procedures.

“FINRA will not bring an action against a CCO under Rule 3110 for failure to supervise except when the firm conferred upon the CCO supervisory responsibilities and the CCO then failed to discharge those responsibilities in a reasonable manner,” the organization stated. “As a result, charges against CCOs for supervisory failures represent a small fraction of the enforcement actions involving supervision that FINRA brings each year.”

From 2018-21, only 28 of FINRA’s nearly 440 enforcement actions involving violations of Rule 3110 have included charges against CCOs. Of that group, 18 of the CCOs were also the chief executive officer or president at the business. If a CCO holds such a dual role, his or her liability is increased, the organization noted.

Another way for a CCO to be considered liable for compliance failures is if the firm’s written procedures explicitly designated the CCO to have supervisory responsibility. This could happen in three general ways, FINRA said.

  1. The firm’s written procedures assign the CCO the responsibility to establish, maintain, and update written supervisory procedures.
  2. The firm’s written procedures “assign to the CCO responsibility for enforcing the member’s written supervisory procedures or other specific oversight duties usually reserved for line supervisors.”
  3. A firm’s president or some other senior business manager “expressly or impliedly designate(s) the CCO as having specific supervisory responsibilities on an ad hoc basis” or asks the CCO to take on specific supervisory duties, “such as the review of trading activity in customer accounts or oversight of associated persons.”

“Only in circumstances when a firm has expressly or impliedly designated its CCO as having supervisory responsibility will FINRA bring an enforcement action against a CCO for supervisory deficiencies,” the organization said.

Once FINRA has established a CCO has supervisory responsibilities, it would only assign liability if he or she “failed to discharge those responsibilities in a reasonable manner.”

“For example, if the CCO is responsible for establishing, maintaining, and enforcing the firm’s written supervisory procedures, FINRA will ask whether the procedures were reasonably tailored to the firm’s business and whether they addressed the specific activities of the firm’s personnel,” the organization stated.

Factors that would be in favor of assessing liability include if the CCO:

  • Was aware of multiple red flags or actual misconduct and failed to take steps to address them;
  • Failed to establish, maintain, or enforce a firm’s written procedures as they related to the firm’s line of business;
  • Failed to properly supervise an activity designed as his or her responsibility that “resulted in violative conduct (e.g., a CCO who was designated with responsibility for conducting due diligence failed to do so reasonably on a private offering, resulting in the firm lacking a reasonable basis to recommend the offering to its customers)”; and
  • Whether that violative conduct caused or created a high likelihood of customer harm.

Factors against assessing liability include if the CCO was:

  • Given insufficient support in terms of staffing, budget, training, or otherwise to reasonably fulfill his or her designated supervisory responsibilities;
  • Unduly burdened in light of competing functions and responsibilities;
  • Assigned supervisory responsibilities that were “poorly defined or shared by others in a confusing or overlapping way”;
  • Not given reasonable time to update the firm’s systems and procedures after the firm joined with a new company, adopted a new business line, or made new hires; and
  • Found to have attempted in good faith to reasonably discharge his or her designated supervisory responsibilities by, among other things, “escalating to firm leadership when any of the [previous four examples] were occurring.”

FINRA said it would be more likely to charge the firm, its president, or an executive manager or business line supervisor with direct responsibility for the supervisory task at issue for supervision failures rather than the CCO.

The notice regarding CCO liability follows a pair of frameworks on the subject recently published by legal and compliance organizations for consideration by the Securities and Exchange Commission and other U.S. regulators.

The New York City Bar Association in June 2021 created a framework to determine whether to charge a CCO for securities law violations that occur at his or her financial services firm. The framework zeroed in on charging decisions made for actions that do not result from fraud or obstruction on the part of the CCO.

The National Society of Compliance Professionals (NSCP) in January issued a framework of its own urging regulators to consider CCO liability more holistically, in the context of the compliance culture within a CCO’s firm.

Is the compliance function adequately supported by management? Is it properly funded? Is the CCO and his or her team empowered to enforce violations within the firm? Regulators concluding the answer is “no” to these questions should consider these mitigating circumstances that affect the CCO’s ability to do his or her job within those particular circumstances and environment, the NSCP said.