In recent speeches, SEC officials Andrew Ceresney and Buddy Donohue sought to assure and offer guidance to CCOs, after several recent enforcement actions that included charges against CCOs caused some angst in the community and sparked debate among Commissioners. The comments follow a July speech by Chair Mary Jo White in which she assured CCOs that the SEC was not seeking to second guess their good faith decisions.
Ceresney, the SEC’s Director of the Division of Enforcement, acknowledged that CCOs have a “challenging and difficult job and play a critical role in fostering compliance with the federal securities laws.” He said that “[t]he Commission and its staff hold compliance professionals in high regard and consider you key partners in our efforts to serve and protect investors.” He attempted to reassure compliance professionals by emphasizing that recent enforcement actions against compliance personnel were intended to “punish misconduct that falls outside the bounds of the work that nearly all of you do on a daily basis; do not involve the exercise of good faith judgments; and are consistent with the partnership we have developed to foster compliance with the laws.”
Ceresney noted that “while compliance officers have certain responsibilities, . . . it is the business that is primarily responsible for compliance with the law.” Ceresney categorized enforcement actions against CCOs as those in which the CCO: 1) was affirmatively involved in misconduct unrelated to their compliance function; 2) obstructed or mislead SEC staff; or 3) “exhibited a wholesale failure to carry out his or her responsibilities.” He argued that the number of cases in the last category is “considerably smaller” than the number of cases for affirmative misconduct, but that those cases have garnered the most attention. He noted that, of the more than 8,000 overall enforcement actions and approximately 1,300 investment adviser/investment company specific cases brought since 2003, only five cases were brought in the third category against CCO-only individuals.
Ceresney refuted any charge of a trend towards greater enforcement activity against CCOs and said that “two recent charges against the CCOs do not signal a change in how Enforcement staff or the Commission approaches the issue of CCO liability.” Ceresney argued that the cases against BlackRock and SFX represented “a reaffirmation of our traditional views” and not “a deviation from the Commission’s historical approach to CCO liability.”
Buddy Donohue, the SEC’s Chief of Staff, also recently addressed CCOs and stressed the SEC’s support for compliance professionals. Like Ceresney, Donohue stressed the merits of the cases the Commission has brought against CCOs, noting that the SEC “will continue to bring enforcement actions against compliance officers when appropriate.”
Both Ceresney and Donohue offered advice for CCOs and firms in how they address compliance. Ceresney suggested that a few questions “can predict a lot about the likelihood of an enforcement action”:
- Are compliance personnel included in critical meetings?
- Are their views typically sought and followed?
- Do compliance officers report to the CEO and have significant visibility with the board?
- Is the compliance department viewed as an important partner in the business and not simply as a support function or a cost center?
- Is compliance given the personnel and resources necessary to fully cover the entity’s needs?
Putting himself in the shoes of a compliance officer, Donohue noted that he would want to develop a strong understanding of the firm’s clients, the organization and operations of the firm, and how conflicts are identified and handled. He suggested that CCOs should have “first-hand knowledge” of the applicable laws and regulations that apply, as well as and understanding of the markets in which the firm operates and related business practices in those markets. CCOs should also “grasp the culture of the firm,” “develop a deep understanding of the compliance and other technology platforms utilized by the firm,” and know the policies and procedures of the firm and how they are implemented and monitored. Lastly, as a CCO, Donohue would want to “have an appreciation for what Idon’tknow or recognize when I am relying on the knowledge or expertise of others.”