The SEC routinely hears appeals arising from FINRA disciplinary proceedings, and in turn issues “Adjudicatory Orders” announcing its decisions. To the extent that these Orders are issued by vote of the full Commission, they stand as highly useful guidance to industry players on the thoughts of the SEC’s ultimate leadership. In a recent Adjudicatory Order, the SEC articulated its current position on Chief Compliance Officer (“CCO”) liability for securities regulatory violations, as well as the liabilities of other members of a securities firm’s senior management for failure to supervise the CCO. See Application of Thaddeus J. North for Review of Disciplinary Action Taken by FINRA, Order of the Commission, Rel. No. 34-84500 (Oct. 29, 2018).
The facts of the case involve findings by FINRA that the CCO (Mr. North) of a multi-office 50+ representative brokerage firm violated FINRA rules by failing to establish a reasonable supervisory system for the review of electronic correspondence, failing to reasonably review electronic correspondence, and failing to report a relationship with a statutorily disqualified person. Specifically, despite being the person responsible for reviewing the firm’s electronic communications, the record showed that for a roughly two-year period North completely failed to review any Bloomberg messages/chats (such messages making up 85% of the firm’s electronic communications). North testified that he “did not understand” his firm’s Smarsh e-mail retention/retrieval system, and further attributed his failure to review electronic communications to that activity being “boring.” Separately, North failed to either independently investigate or report to FINRA his knowledge of a material relationship between one of his firm’s registered representatives and a statutorily-disqualified person. This particular failure came despite North’s knowledge that the representative had paid the disqualified person over $150,000, had executed a services agreement with that person, and that FINRA was actively investigating the matter.
On these facts, the SEC upheld FINRA’s disciplinary action as “clearly appropriate” in light of North’s “egregious” conduct in “fail[ing] to make reasonable efforts to fulfill the responsibilities of his position.” Notably, “North ignored red flags and repeatedly failed to perform compliance functions for which he was directly responsible.”
In reaching this conclusion, the SEC took time to explain its past decisions involving CCO liability, noting that “[t]hese decisions reflect the principle that, in general, good faith judgments of CCOs made after reasonable inquiry and analysis should not be second guessed.” Additionally, according to the Commission, “indicia of good faith or lack of good faith are important factors in assessing reasonableness, fairness and equity in the application of CCO liability.”
The SEC then laid out what amounts to a road map for how certain categories of cases involving CCO liability should be handled in a “straightforward” manner:
For example, absent unusual mitigating circumstances, when a CCO engages in wrongdoing, attempts to cover up wrongdoing, crosses a clearly established line, or fails meaningfully to implement compliance programs, policies, and procedures for which he or she has direct responsibility, we would expect liability to attach. In contrast, disciplinary action against individuals generally should not be based on an isolated circumstance where a CCO, using good faith judgment makes a decision, after reasonable inquiry, that with hindsight, proves to be problematic. When the facts and circumstances of matters fall outside these relatively clear examples of where liability should or should not attach, liability determinations will require matter-specific analysis and informed judgment.
Having found that Mr. North’s case clearly fell into the former category dictating liability, the SEC then launched into an interesting side discussion (since the only legal party to the case was Mr. North individually) involving potential ancillary liability on the part of other members of senior management as well as the firm itself. Specifically, the SEC noted its view that “the chief executive officer of a brokerage firm is responsible for compliance with all of the requirements imposed on his firm unless and until he reasonably delegates particular functions to another person in the firm and neither knows nor has reason to know that a problem has arisen.” Notably, the SEC stressed that “[i]t is not sufficient for the person with overarching supervisory responsibilities to delegate supervisory responsibility to a subordinate, even a capable one, and then simply wash his hands of the matter until a problem is brought to his attention.” If as to put an underscore on this point, the SEC, in conclusion, also noted that “[i]mplicit is the additional duty to follow-up and review that delegated authority to ensure that it is being properly exercised.”
Indeed, the SEC even went so far as to question the aggressiveness of FINRA’s disciplinary action in this matter, commenting that “it is not clear from the record why FINRA did not charge [Mr. North’s firm]”, in that a firm “is accountable for the actions of its responsible officers,” adding that “[w]e think it important to make it clear to firms—by holding them responsible when there are problems—that it is in their interest to have effective, diligent compliance officers to help them remain in compliance with their obligations.”
In unpacking this Order, we make note of the following take-away points:
- While the Order involves review of a FINRA disciplinary action against a brokerage firm CCO, the SEC’s analysis is generally applicable to CCO’s of investment advisers as well.
- The Order provides a fairly clear road map as to when the Commission will and will not find individual liability as against a CCO.
- The Order so much as warns CEOs and other senior managers and/or principals of a firm that they cannot reasonably expect to be able to hide behind the concept of delegated authority in order to escape liability for compliance violations, especially in cases where a CCO has effectively abdicated his core responsibilities.
- Indeed, the SEC has articulated a “duty to follow-up and review” that delegated authority is in fact being properly administered.
- It is appropriate to also find a firm itself liable for especially egregious cases of abdication of compliance responsibility by a CCO.
Parker MacIntyre provides legal and compliance services to investment advisers, broker-dealers, registered representatives, hedge funds, and issuers of securities, among others. Our regulatory practice group assists financial service providers with complex issues that arise in the course of their business, including compliance with federal and state laws and rules. Please visit our website for more information.