The National Society of Compliance Professionals recently submitted a letter to SEC Director of Enforcement Andrew Ceresney urging greater use of prosecutorial discretion in actions against compliance officers. The group took issue with recent actions “predicated on a theory that [compliance officers] caused a violation by their firm or its personnel by the manner in which they discharged their responsibilities as a compliance officer,” a strategy that it called “liability by hindsight.” The letter comes amidst a public debate by Commissioner Aguilar and Gallagher over the effect of such enforcement actions, and assurances by Chair Mary Jo White that the SEC is not seeking to second guess CCOs.
The group stressed the importance of compliance officers and suggested that their role has “lessened the burden on the Commission in both its inspection and enforcement programs and has greatly enhanced the protection of the investing public.” As a result, the letter argued that compliance officers “do not need the threat of enforcement action to do their jobs well” and that it is in the public interest for the Commission to support their work. The group also questioned “whether enforcement actions against compliance officers will motivate them to greater vigilance or risk a demoralizing belief that even exercising their best judgment will not protect them from the risk of a career ending enforcement action, with the result that many of the best compliance officers will choose to leave the profession rather than face the risks.”
The letter noted several issues with utilizing a simple negligence standard. It argued that “[w]hile compliance officers may administer policies and procedures, they do not implement them.” As a result, “holding compliance officers accountable for a negligent miss that conceivably could be linked to an implementation failure by the firm fails to reflect the realities and limitations of a compliance officer’s responsibilities.” Further, “charging a compliance officer for designing what, with the benefit of hindsight, turns out to be a less than perfect policy and procedure, fails to acknowledge that policies or procedures are rarely ‘perfect.’” Lastly, the letter noted that using a negligence standard also conflicts with policy statements made by Commissioners and SEC staff that highlighted the importance to the Commission of compliance officers and suggested that enforcement actions will only be taken in the presence of affirmative misconduct.
The group acknowledged that bad actors should be held accountable and noted that in instances where a compliance officer has “intentionally violate[d] or participate[d] in a violation of the securities laws . . . there is no reason to differentiate a compliance officer from any other defendant.” Thus, the letter urged the SEC to adopt internal guidelines that require the following elements to charge a compliance officer for “causing” a violation: “(i) a primary securities law violation, (ii) knowing or extremely reckless conduct, and (iii) substantial assistance to the primary violator.”