Who would be a Chief Compliance Officer? It’s not enough to keep their firms straight and narrow—they’ve got to manage their liability risks, too. But does it need to stay this way?
Talk of a liability framework for compliance leaders is a well-trodden path, but what is standing in the way of making it a reality? And is it time for the SEC to walk its talk?
The Human Face of Compliance Challenges
CCOs find themselves in a precarious position where their liability can be invoked for various compliance failures within their organizations. This liability can arise from several specific scenarios, each underscoring the weighty responsibilities and risks associated with the CCO role.
High-profile cases have brought this to light. Jeffrey Kirkpatrick, who served as the CCO and principal at Hamilton Investment Counsel LLC, faced the wrath of the SEC for not fixing compliance issues within his firm. The SEC’s settlement order was blunt, explicitly pointing out Kirkpatrick’s authority as a principal to address the deficiencies despite having identified areas for improvement in the firm’s compliance program.
Failure to act in good faith is a primary trigger for CCO liability. As highlighted in the Kirkpatrick case, neglecting to identify and address compliance issues, despite having the authority to do so, can lead to severe consequences. The SEC’s emphasis on Kirkpatrick’s knowledge of the inadequacies and failure to take appropriate action despite multiple opportunities underscores the expectation of proactive compliance management.
Direct involvement in or facilitation of fraudulent activities or serious violations can also result in CCO liability. Take the curious case of Dean Vagnozzi from Par Funding. The SEC’s charges against him for misleading investors about the safety and use of their funds in significant unregistered securities show the grave consequences of active participation in or failure to prevent fraudulent activities.
Inadequacies in the Current System
The current approach to CCO liability is plagued by inconsistency and a need for clear guidelines. Without a standardized framework, CCOs can navigate a maze of regulatory expectations. This unpredictability fosters a climate of fear and uncertainty, deterring qualified professionals from assuming CCO roles.
SEC Commissioner Hester Peirce has raised concerns about this. She says ambiguity undermines compliance programs’ effectiveness and places undue stress on CCOs. She holds that the compliance obligation belongs to the firm, not solely to the CCO, highlighting the need for a more balanced approach.
Proposals from organizations like the National Society of Compliance Professionals (NSCP) and the New York City Bar Association offer potential solutions. The NSCP’s framework, updated in 2023, emphasizes compliance as a firm responsibility and suggests that CCOs should not be charged for rule violations if they acted reasonably and in good faith. The framework’s adoption by many firms and CCOs underscores its relevance in assessing compliance functions.
The New York City Bar Association’s framework proposes evaluating factors such as the CCO’s good faith effort to fulfil responsibilities and the centrality of the compliance failure to the firm’s compliance program. This approach acknowledges the complexities of the CCO role and aims to create a more equitable system.
CCO Liability in the Global Context
The issue of CCO liability extends beyond the United States, with various jurisdictions grappling with similar challenges. In the United Kingdom, the Corporate Criminal Offence (CCO) legislation imposes significant liabilities on companies and partnerships for failing to prevent the facilitation of tax evasion. The only defense against this charge is having ‘reasonable prevention procedures’ in place, emphasizing the importance of thorough risk assessments and robust controls.
Directives and regulations in the European Union, such as the General Data Protection Regulation (GDPR) and the Anti-Money Laundering Directive (AMLD), impose significant responsibilities on CCOs. The EU’s approach ensures CCOs have adequate resources and support to implement effective compliance programs, with regular audits and assessments to mitigate risks.
Australia’s approach, governed by corporate governance and financial regulations, holds CCOs accountable for ensuring compliance with financial services laws. The Australian Securities and Investments Commission (ASIC) emphasizes the need for CCOs to thoroughly understand their firm’s compliance obligations and ensure appropriate measures are in place to manage risks effectively.
Expert Opinions and the Call for a Consistent Framework
Experts are divided on the best approach to establishing a consistent liability framework for CCOs. Some argue for stringent regulations to ensure accountability and protect investors, while others advocate for a balanced approach that recognizes the unique challenges CCOs face.
The call for a liability framework that clarifies and protects CCOs acting in good faith while maintaining rigorous compliance standards is gaining traction. SEC Commissioner Mark Uyeda’s support for clearly defining the circumstances under which a CCO will be held liable underscores the need for fair and predictable enforcement.
Charting the Path Forward
As the regulatory landscape changes, a consistent CCO liability framework becomes increasingly urgent. The ongoing discussions and proposals within the industry reflect a growing consensus that change is necessary.
The SEC’s adoption of a standardized approach, guided by the advocacy of Commissioners like Hester Peirce and Mark Uyeda, could provide much-needed clarity and support for compliance professionals. Striking a balance that upholds accountability without discouraging talented individuals from assuming CCO roles is crucial.
As the industry awaits the SEC’s next steps, the hope is that reforms will foster a more predictable and supportive environment for CCOs. The introduction of a consistent liability framework would not only alleviate the burdens faced by compliance professionals but also strengthen the overall effectiveness of compliance programs.
