SEC commissioners address CCO liability, crypto regulation, more at CW2022

Democrat Allison Herren Lee and Republican Hester Peirce were asked for their take on what would compel the SEC to prosecute a CCO by moderator Ken Joseph, a former SEC supervisor who is now a managing director at Kroll.

Lee said assessing individual CCO liability depends on the facts of the case. She said the SEC should be “bolstering the efforts of” CCOs in their work, and that CCOs that participate in securities law violations should be prosecuted. But in cases where fraud occurs at a firm on their watch, Lee said civil charges should be on the table.

“In those instances where they fail miserably, we have to enforce” securities laws and hold CCOs accountable, she said.

Peirce said the SEC must do a better job of providing CCOs with a framework that encourages firms to give them resources and authority to do their jobs properly.

“The lack of clarity around CCO liability is problematic,” she said. She agreed with Lee that CCOs who participate in fraud and violate securities laws, or who actively attempt to thwart SEC investigators, are clear-cut cases.

“If it’s just a case of being bad at your job, that’s a much different case,” she said.

CCO liability has been a hot topic for compliance professionals for some time, particularly for CCOs who work for entities regulated by the SEC. In January, the National Society of Compliance Practitioners issued a framework urging regulators to consider CCO liability holistically, in a way that acknowledges compliance culture challenges within a firm that may be beyond the CCO’s control. Another framework by the New York City Bar Association issued in June 2021 encouraged regulators to weigh some affirmative factors that should be present in order to bring charges against a CCO and some mitigating factors that would weigh against bringing charges. At their core, these frameworks are nonbinding and have not been formally adopted by the SEC to influence a decision on whether to charge a CCO with a securities law violation.

The commissioners also answered questions on other topics of interest to CCOs, including digital assets and cryptocurrency; cybersecurity; and compliance’s role in environmental, social, and governance (ESG) initiatives.

On digital assets, Peirce said the ultimate decision on how to regulate the industry lies with Congress but acknowledged developing and passing a federal law “takes a long time.” In the meantime, the SEC should continue to act on aspects of the cryptocurrency industry that are “within our sphere,” which include token sales and platforms. She said she is against the establishment of a new and separate cryptocurrency regulator “because a lot of cryptocurrency is merged with traditional finance,” and pulling out the cryptocurrency pieces could lead to some “difficult regulatory issues.”

Lee, who announced she will be leaving the SEC in June, added the agency has regulatory authority over all securities, and that if a cryptocurrency is deemed to be a security, it should be registered as such with the SEC. That has been a bone of contention between the agency and the cryptocurrency industry, and the SEC’s ongoing lawsuit against Ripple Labs and its XRP token is being watched closely.

Joseph asked the commissioners whether regulated entities that suffer cybersecurity breaches should be treated as victims rather than defendants by the SEC.

Lee said if a firm’s defenses failed to halt a cyberattack, they may have “failed to have the proper defenses in place,” but have not necessarily failed in their duty to have reasonable polices and procedures in place to protect the financial information of their investors and customers.

On ESG, Lee said an “unprecedented shift in investor focus” is forcing firms to take climate and diversity issues seriously, and that proper disclosures to the SEC will stop firms from claiming to make more progress than they actually are.

Peirce, who has previously voiced her opposition to the SEC’s proposed climate-related disclosure rule, said at the panel ESG issues are “nebulous in scope” and that existing disclosure requirements related to ESG are more than adequate.

Editor’s note: The story was updated May 18 to correct the reference of criminal charges against CCOs to civil charges. Wording was also changed regarding Commissioner Lee’s thoughts on firms that fail to halt a cyberattack.