SEC Provides Clarity on When and How the Enforcement Division Goes After CCOs

Yesterday, Director of the Enforcement Division of the Securities and Exchange Commission, Andrew Ceresney was the keynote speaker at the National Society of Compliance Professionals National Conference in Maryland. His remarks highlighted several hot topics relating to Chief Compliance Officers (“CCOs”) including CCO liability and recent enforcement actions. Director Ceresney laid out a three-fold plan in his speech. First, he discussed recent cases that support the compliance position receiving adequate resources. Second, he addressed the significance of Rule 206(4)-7 (the “Compliance Rule”). Last, he addressed recent cases brought against CCOs.

Mr. Ceresney said that “the state of a firm’s compliance function says a lot about the firm’s likelihood of engaging in misconduct and facing sanctions.” Ceresney went on to say that you can “predict a lot about the likelihood of an enforcement action by asking a few simple questions about the role of the company’s compliance department in the firm”. Examples he provided included:

  • Are compliance personnel included in critical meetings?
  • Are their views typically sought and followed?
  • Do compliance officers report to the CEO and have significant visibility with the board?
  • Is the compliance department viewed as an important partner in the business and not simply as a support function or a cost center?
  • Is compliance given the personnel and resources necessary to fully cover the entity’s needs?

Mr. Ceresney observed that “far too often, the answer to these questions is no, and the absence of real compliance involvement in company deliberations can lead to compliance lapses, which, in turn, result in enforcement issues”. Mr. Ceresney reassured the audience that “the Commission is in your corner when your work is hindered by uncooperative or obstructionist business personnel, and that a number of our actions have sent the clear message that you must be provided with the resources and support necessary to succeed”.

Next, Ceresney opined on the Compliance Rule and its purpose to empower CCOs and make them accountable. All leading into the third point.

Ceresney used this opportunity to express the perspective of the Division with regard to how the Commission determines whether or not to bring enforcement actions against adviser CCOs in particular. As we have heard previously, Ceresney shared that enforcement actions brought against CCOs generally fall into three broad categories:

  • Cases against CCOs who are affirmatively involved in misconduct that is unrelated to their compliance function.
  • Cases against CCOs who engage in efforts to obstruct or mislead the Commission staff.
  • Cases where the CCO has exhibited a wholesale failure to carry out his or her responsibilities.

Taking a step back, the Commission has brought more than 8,000 enforcement actions since 2003, and 807 in fiscal year 2015 alone. Ceresney emphasized that in the last 12 years, the enforcement Division has only brought five enforcement actions falling into the third category above. Mr. Ceresney’s point was that “these numbers make clear that the Commission only rarely charges CCOs for causing violations of Rule 206(4)-7. There has not been any recent trend toward more enforcement activity involving CCOs in their compliance function.”

Mr. Ceresney also highlighted a few important points that investment advisers should remember. Ceresney noted that compliance officers have the full support of the Commission and that the SEC relies on them “as essential partners in ensuring compliance with the federal securities laws” and “will do all we can to help you perform your work”. Mr. Ceresney made clear that the SEC will bring enforcement actions against personnel in circumstances where they have deceived or misled, or where their failure to provide compliance professionals with adequate resources and information causes compliance rule violations.

Mr. Cerseney made a point to note that “Enforcement and the Commission take the question of whether to charge a CCO very seriously and consider it carefully. We think very hard about when to bring these cases. When we do, it is because the facts demonstrate that the CCO’s conduct crossed a clear line”.

Our Perspective

The enforcement case naming the SFX’s CCO is particularly telling. The CCO was tagged as responsible for implementing policies and procedures around money transfers, but allegedly did not review them.  CCOs are well advised to be diligent and know where they are deemed responsible. In addition, CCOs should still look to the infamous Ted Urban case to implement controls to limit their liability and make sure they are covered by appropriate insurance policies.   

SEC3 can assist you with your compliance related responsibilities. For further information, please contact your SEC3 representative or contact us at