With the change in SEC leadership, now is the perfect time for the commission to reevaluate its approach to chief compliance officer (“CCO”) liability.  In a new article, I contend that the SEC’s current approach to CCO liability has failed and propose a recklessness legal standard to help promote cultures of compliance and meet regulatory goals.

CCOs at financial services firms are essential in ensuring that the approximately 15,000 SEC-registered firms, including investment advisers, broker-dealers, and private funds, comply with federal securities laws.  The CCO role is so important  that regulators have sought to hold CCOs personally liable for compliance violations of their firms, even when they were not involved in the misconduct. Yet, the SEC has not promulgated a legal standard for personal liability in the absence of such involvement, and the commission’s attempts to clarify the factors that would trigger personal liability have only added to the confusion.

Behavioral studies and related research support and feed into the recklessness legal standard – under which  CCOs would be personally liable for the wrongdoing of their firms only when the CCOs acted recklessly – demonstrating that the standard would lead to stronger compliance programs. The SEC’s current approach to CCO liability has had negative consequences in five key areas and, conversely, adopting a standard of recklessness would improve compliance at financial services firms in those same areas:

(1) the “chilling effect” on knowledgeable and competent CCOs due to fears of personal liability;

(2) the incentive for  CCOs to implement a reactionary, “check-the-box” compliance program that protects them from assuming “supervisory authority” and thus personal liability rather than to construct a proactive, holistic, and pragmatic compliance program that research demonstrates is necessary for firmwide compliance;

(3) the failure of the SEC to understand that compliance failures often derive from problems with an organization’s culture and that senior management should not be able to deflect blame  those problems onto an individual CCO;

(4) the risk of hindsight bias; and

(5) the failure to support the SEC’s own regulatory goals.

Cutting-edge research and information from legal authorities demonstrate what creates strong organizational cultures that prevent unlawful behavior.  CCOs must be proactive in ensuring that compliance violations do not occur.  Perversely, the SEC’s approach to CCO liability discourages CCOs from taking necessary steps because taking those steps would make them a “supervisory authority” who could be personally liable for any misconduct.

A recklessness legal standard would allow CCOs to promote effective cultures of compliance without significant personal liability.  The CCO must have the knowledge and resourcefulness necessary to ensure that the firm factors compliance considerations into its decisions.  An effective  CCO must also engage with employees throughout the organization, helping them solve problems, proposing innovative solutions, and preventing misconduct.  Here, the CCO’s pragmatism, armed with a thorough understanding of the business, allows her to find the “middle ground” while ensuring compliance with regulatory requirements and supporting the firm’s business needs.

In many ways, the SEC’s current approach to CCO liability gives a CCO an incentive to take a reactionary, “check-the-box” approach to compliance.  A reactionary compliance culture is characterized by a CCO reciting rules, saying “no,” and likely being viewed by employees as an intimidating or ineffectual umpire who does not understand the firm’s business.  As a result, compliance is isolated, not taken seriously, and not incorporated into decision-making, exposing the firm to compliance liability.  When a CCO recites an incomprehensible rule or legalese to employees without explaining what the rule means and how it applies to employees’ responsibilities, the employees are less likely to speak to the CCO, further isolating the CCO within the organization.  If the CCO says “no” to every employee request and does not attempt to creatively solve problems by providing alternative solutions, the compliance culture is further weakened, and decisions are made without compliance input.  Employee engagement is essential for a strong compliance culture: a reactionary approach where employees do not engage with the CCO is the antithesis of an engaged compliance culture and makes compliance violations more likely to occur.

CCOs have challenging jobs in fast-paced, competitive environments where they are critical in promoting compliance in the securities industry.  It is time for the SEC to support them by promulgating a clear legal standard for CCO personal liability that reflects the challenging nature of CCO roles and promotes firmwide compliance.

This post comes to us from Professor David Lourie at the University of Detroit Mercy School of Law. It is based on his recent article, “The ‘Wholesale Failure’ of the SEC’s Approach to Chief Compliance Officer Liability,” available here.