FINRA barred a Chief Compliance Officer for using his access to confidential employee records to create false online bidding accounts at auction houses. The respondent, who also served as the firm’s president, used his access as CCO to obtain employees’ driver’s license and passport information to impersonate those employees so that he could bid and acquire auction items. The auction houses had previously banned him because he successfully bid on items and did not pay for them.
The Chief Compliance Officer has extraordinary (and in some cases, unwarranted) access to employee records in addition to other confidential information such as executive meetings and emails. Firms should pursue enhanced background due diligence on potential CCO candidates, create information barriers so that the CCO does not have access to non-regulatory information, and implement a supervisory structure that ensures CCO accountability. Alternatively, consider outsourcing to a third-party firm that has limited access to firm systems as well as direct legal liability for breaches of confidentiality.