Determining chief compliance officer liability has been something of a moving target for the Securities and Exchange Commission in recent years. In some cases, compliance can be lauded for its part in trying to detect and prevent misconduct that still occurs; in others, blame is placed directly on the CCO when his or her program appears to not do enough to stop fraudulent activity.

Hester Peirce

Hester Peirce

SEC Commissioner Hester Peirce is aware of the mixed messages this could cause and is considering taking action to address it. In a speech delivered virtually before the National Society of Compliance Professionals on Monday, Peirce revealed she is mulling developing a draft framework to share with her fellow commissioners that would aim to clarify when the Commission may seek personal liability in compliance cases.

“A framework detailing which circumstances will cause the Commission to seek personal liability and which circumstances will militate against seeking personal liability would help the compliance community by eliminating uncertainty and inspiring good practices,” Peirce said. Such guidance carries added importance for the commissioner, who expressed her increasing concern that cases that include personal liability could discourage individuals from pursuing a career in compliance.

“Just because the Commission can do something under our rules does not mean that we should do it,” she said. “Charging CCOs based on mere negligence could be harmful to our efforts to foster compliance, because it dissuades people from taking jobs in compliance and can encourage dishonest efforts to ‘cover up’ failings rather than openly correcting them.”

“By providing sufficient detail when we do not charge a compliance officer, we illustrate what doing the job right looks like.”

SEC Commissioner Hester Peirce

Not to mention, shifting the blame from the business to the compliance officer is not what Peirce and her colleagues want to do. “The SEC’s enforcement actions can be career-ending and are always traumatic events for their subjects,” she said. “So questions of CCO liability are important and deserve more discussion.”

Perhaps a sign that the discussion is overdue is that Peirce based most of her speech around a keynote address delivered by then-Director of Enforcement Andrew Ceresney for the same organization in 2015. In his speech, Ceresney broke down the SEC’s scope on charging CCOs into three primary categories:

  1. Cases where the compliance officer participated in the underlying misconduct unrelated to his or her compliance duties;
  2. Cases where compliance officers obstructed or misled SEC staff; and
  3. Cases where the CCO has “exhibited a wholesale failure to carry out his or her responsibility.”

Of the categories, Peirce focused on the third, which she said “is the most challenging area” for her. She mentioned how Rule 206(4)-7 of the Investment Advisers Act can exacerbate the issue, as it supports placing responsibility on the CCO in cases where negligence could be perceived.

“We have brought cases, for example, when compliance officers have failed to identify and follow-up on ‘red flags’ in connection with firms’ failure to file suspicious activity reports,” Peirce said. “Some might categorize these instances as wholesale failures on the part of a compliance officer to carry out [his or her] duties, but I worry that applying that label without first taking a step back from the particular violation alleged [doesn’t] consider … all the duties placed on a CCO.”

Peirce concedes there is benefit to the enforcement actions in that they provide an example for compliance officers to note, but she argues the cases where it is explained why a CCO isn’t facing charges are just as important. Creating a framework would give the SEC something to refer to in these instances, in addition to providing chief compliance officers a rosier look at the importance of the job and what can be accomplished.

“By providing sufficient detail when we do not charge a compliance officer, we illustrate what doing the job right looks like,” Peirce said. “In short, context matters, and we can provide more of it.”