CCO Liability – Line in the Sand

In an October 2013 speech that delved into CCO liability, SEC Chair Mary Jo White said, “(a)lthough we do occasionally bring enforcement actions against compliance personnel, compliance officers who perform their responsibilities diligently, in good faith, and in compliance with the law are our partners and need not fear enforcement action.”

As the saying goes, actions speak louder than words, so until the SEC draws a hard straight line in the sand indicating the level of follow-through/due diligence by a chief compliance officer (CCO), there will be a need for protecting yourself against escalating defense cost. Remember, a CCO needs to fight for his or her reputation to ensure future employment. The “broken window” approach does not allow for settlement without an admission of guilt. This is contrary to the CCO’s goal of continuous employment and a secure financial future.
3Recently, I attended the Investment Company Institute (ICI) Compliance Conference in Washington, DC that reinforced the belief that CCOs need to protect themselves and that not everything is warm and fuzzy with the regulators. As a matter of fact, from my perspective as an insurance broker dealing with investment industry claims regularly, the concerns go beyond the SEC and carry over to the DOL. It makes you wonder how closely the two agencies are working together when initiating investigations against investment management firms.

As stated at the ICI Conference, “Notwithstanding those reassurances, the SEC has brought actions against CCO’s for negligence in conducting reviews of client accounts and for failing to put policies and procedures into place. These cases seem to fall outside the more egregious actions one would expect of enforcement action. Orders stating that the CCO was responsible for “implementation” of firm’s policies and procedures prompted dissent from former Commissioner Gallagher, who believes that the SEC is trending toward strict liability for CCO’s actions. This sends “a troubling message that CCOs should not take ownership of their firm’s compliance policies and procedures, lest they be held accountable for conduct that, under (the Rule), is the responsibility of the adviser itself.”

The point is, the CCO is a target, and the legal defense costs are going to add up. Don’t expect the regulators to reimburse you, even if you come out on top. This is demonstrated by the Thomas Delaney case that recently went through an EAJA (The Equal Access to Justice Act) administrative hearing to recoup attorney fees and litigation expense. Within the SEC Initial Decision Release No. 976 Administrative Proceeding File No. 3-15873, it states the following

The Division acknowledges that its position encompassed two charges – aiding and abetting, on the one hand, and causing, on the other.” Div. Resp. at 8. But it argues that Delaney’s victory on the aiding and abetting charge is meaningless for EAJA purposes because it was not a “discrete” portion of the proceeding. Id. at 8-10. I reject the Division’s assertion, for which it cites no legal precedent, that claims cannot be discrete if they involve the same underlying facts. Although I found, and the parties agree, that similar evidence was relevant to both the aiding and abetting claim and the causing claim (see Initial Decision at 49; Delaney Supp. Resp. at 4; Div. Resp. at 9-10), this does not displace Congress’s creation of different substantive law standards and remedies for the two distinct theories of secondary liability.

The bottom line is this: defense costs continue and they add up whether you did something wrong or not. This creates the need to consider an individual liability policy for Chief Compliance Officers. Unless the firm’s bylaws appoint the CCO as a corporate officer and/or filed with the state in which the firm is incorporated, they are under no obligation to indemnify the CCO’s legal fees. As a matter of fact, the CCO could be at odds with his/hers employer; thus, they may withhold any indemnification. There is an insurance product that provides the necessary defense costs, including situations where the employer withholds indemnification for a certain period of time. Keep in mind that the employer’s liability policy may not have the appropriate coverage in place and that it’s the employer who owns and controls the insurance policy, not you, the CCO.

 

Andrew J. Fotopulos is President of Starkweather & Shepley Insurance Corp. of Massachusetts and their Financial Institution Practice Group.  He also developed CCO Protect (www.ccoprotect) offered through RISCO Insurance, the wholesale division of Starkweather & Shepley Insurance.

Latest Content

Ascendant’s Jason Morton to Speak on RegTech at Strata Data Conference

Alongside technology experts from American Express, Credit Suisse and CIBC, Ascendant’s Jason Morton will speak on developments in regulatory technology at the ‘Fintech Data Day’ at the annual Strata Data Conference on September 26, 2017 in New York. The Strata Data Conference is an annual conference for technology and business professionals who are seeking innovative … Continued

Hurricane Season: How Does your BCM Program Stack Up?

As Hurricane Harvey touches down on U.S. soil and we hope for the safety of the millions in its path, we encourage all firms, even those outside Harvey’s path of flooding and damaging winds, to consider their BCM readiness for such an event. Business Continuity Plans are designed to ensure firms have conducted sufficient advance preparation so … Continued

Surprise, Surprise: SEC Conducting Unannounced Exams

The Boston Regional Office of the SEC has recently conducted roughly 20 unannounced visits to registered investment advisers in the region. This fact, confirmed during the recent meeting of the New England Broker-Dealer and Investment Adviser Association (NEBDIAA), is in keeping with the SEC’s renewed focus on a more robust examination program. While onsite, the … Continued

One Phish, Two Phish, Red Phish, Blue Phish: How to Detect and Mitigate Social Engineering and Ransomware Techniques

Ransomware attacks like WannaCry and NotPetya are increasing in both frequency and damage, routinely making headline news with their abilities to bring down networks of established companies. Yet these cyberattacks typically start by compromising the weakest point in your security chain – people – through simple or complex phishing techniques before spreading to other parts … Continued

DOL Fiduciary Rule Transition Period Extension to 2019 Requested

The Secretary of Labor, Alexander Acosta, made a court filing on August 9 requesting the Transition Period and Delay of Applicability for the Department of Labor Fiduciary Rule be extended from January 1, 2018 to July 1, 2019. This court filing included extending the deadlines for the following Prohibited Contract Exemptions: Best Interest Contract Exemption … Continued

Mailing List

Subscribe to the Ascendant Compliance email list for the latest compliance resources, conferences, ComplianceCasts™, and more.

Loading form...

Contact Us

Ascendant works together with clients to identify and assess critical needs through customized plans. If you need assistance with compliance functions, regulatory services, cybersecurity or technology tools, we’d love to speak with you.