A unanimous SEC, in a decision upholding sanctions against a Chief Compliance Officer, stated that it will not exempt a CCO from liability if the CCO “fails meaningfully” to implement the compliance program. Although the Commission will defer to “good faith judgments of CCOs made after reasonable inquiry and analysis,” the SEC will hold the CCO liable where the CCO engages in wrongdoing (or attempts to cover it up), “crosses a clearly established line,” or fails to implement policies and procedures for which he or she has direct responsibility. In the case itself, the SEC upheld FINRA’s findings of CCO liability because the CCO abdicated his obligation to review emails and failed to follow up on red flags relating to payments to a disqualified individual.
We think the standard should be much higher i.e. that a CCO should only be liable if s/he participated in the wrongdoing, actively covered it up, or directly and personally benefited. We in no way condone the lack of diligence alleged in this case. Perhaps, the CCO should have been terminated (or never hired in the first place). However, so long as the SEC continues to hold CCOs liable based on retrospective and subjective determinations of how well the CCO implemented the program, good compliance people will continue to either leave the industry or demand hazard pay.