CLS Blue Sky Blog

Skadden Discusses Approach of SEC Enforcement Division to Compliance Officer Liability

In a speech on October 24, 2023, the director of the Securities and Exchange Commission’s (SEC’s) Enforcement Division, Gurbir Grewal, described the scenarios in which the commission would bring an enforcement action against a compliance officer.

In remarks to the New York City Bar Association Compliance Institute, Grewal emphasized that enforcement actions against compliance officers are “exceedingly rare” because the commission has “no interest” in pursuing actions against compliance personnel who act reasonably or in good faith. He explained, however, that the Enforcement Division may recommend that the commission charge a compliance officer when the individual:

The first and second categories are relatively non-controversial. The third category — compliance officers who allegedly have not done enough to prevent violations by others in the organization — has been the subject of considerable discussion and uncertainty, however, particularly given that the SEC has not provided formal guidance as to how it will evaluate a compliance officer’s conduct in such situations.

Affirmative Misconduct Unrelated to Compliance Duties

Grewal said the Enforcement Division will recommend charges against compliance officers who violate the securities laws in ways that are unrelated to their compliance responsibilities. These are “easy” cases, he said, in which officers willfully violate securities laws and thus must be “held accountable just like anyone else.” Grewal pointed to a case in which the SEC charged a chief compliance officer (CCO) of an international payment processing company with insider trading after he allegedly traded based on nonpublic information he secretly obtained from his girlfriend.

Purposely Misleading Regulators

Grewal also said the Enforcement Division will charge compliance officers who mislead or provide false information to regulators. Here, Grewal stressed that these cases do not involve the SEC second-guessing good faith judgment calls. Instead, the focus is on deliberate conduct by the officer that was intended to undermine the commission’s ability to exercise its oversight functions.

As an example, Grewal mentioned a case in which the SEC charged a CCO with aiding and abetting for, among other things, providing factually inaccurate compliance review memos to the commission. This conduct also resulted in a suspension under Rule 102(e) of the SEC’s Rules of Practice, barring the CCO from appearing or practicing before the commission in her capacity as a lawyer.

Failure To Carry Out Compliance Obligations

Finally, Grewal said the Enforcement Division may charge a compliance officer when the SEC believes he or she has completely failed to exercise their compliance responsibilities in a particular area, where the officer is aware of deficiencies in their organization’s compliance policies and procedures and fails to take appropriate remedial actions or conduct basic inquiry and analysis.

Grewal noted, as an example, the case of a national partner in a large accounting firm who, while not a CCO, was responsible for quality controls across the firm’s assurance practice, including those relevant to compliance with Public Company Accounting Oversight Board (PCAOB) quality control and audit standards. The respondent allegedly failed to take reasonable measures to remediate deficiencies in the firm’s quality control system despite knowing about them for years.

In another action fitting this category, the SEC charged the CCO of an investment advisory firm for, among other things, failing to take appropriate corrective actions for more than two years after the commission issued an order finding that the firm had violated the “custody rule.”


Compliance officers, as well as other officers of an organization who may be viewed to have responsibility for ensuring compliance with the securities laws, should stay up to date, understand, and take reasonable steps to ensure that they and their organizations comply with the federal securities laws. As Grewal noted, the SEC encourages organizations to create a “culture of proactive compliance.”

In that spirit, and to ensure that they are not viewed in hindsight as having failed to carry out their obligations, compliance officers should:

This post comes to us from Skadden, Arps, Slate, Meagher & Flom LLP. It is based on the firm’s memorandum, “SEC Enforcement Division Director Clarifies Approach to Compliance Officer Liability,” dated October 30, 2023, and available here. 

Exit mobile version