Yesterday, the SEC held its 2015 “National Compliance Outreach Program for Broker-Dealers.” The program was designed to “provide[] an open forum for regulators and industry professionals to share strong compliance practices and promote the exchange of ideas to develop an effective compliance structure.” In the spirit of this cooperation, SEC Chairwoman White opened the conference with a speech that included the following remark[1]:

To be clear, it is not our intention to use our enforcement program to target compliance professionals. We have tremendous respect for the work that you do. You have a tough job in a complex industry where the stakes are extremely high. That being said, we must, of course, take enforcement action against compliance professionals if we see significant misconduct or failures by them. Being a CCO obviously does not provide immunity from liability, but neither should our enforcement actions be seen by conscientious and diligent compliance professionals as a threat. We do not bring cases based on second guessing compliance officers’ good faith judgments, but rather when their actions or inactions cross a clear line that deserve sanction.

This comment comes on the heels of Commissioner Aguilar’s Public Statement on June 29, 2015. In that statement, he wrote:

In fact, over the years the Commission has brought relatively few cases targeting CCOs relating solely to their compliance-related activities. In general, the Commission’s enforcement actions against CCOs ebb and flow with the number of cases brought against investment advisers and investment companies. Estimates show the following number of enforcement cases brought against these CCOs, compared to the number of enforcement cases brought against investment advisers and investment companies, between 2009 and 2014:

       2009 — 8 out of 76 cases (11%)

       2010 — 7 out of 112 cases (6%)

       2011 — 14 out of 146 cases (10%)

       2012 — 16 out of 147 cases (11%)

       2013 — 27 out of 140 cases (19%)

       2014 — 8 out of 130 cases (6%)

The vast majority of these cases involved CCOs who ‘wore more than one hat,’ and many of their activities went outside the traditional work of CCOs, such as CCOs that were also founders, sole owners, chief executive officers, chief financial officers, general counsels, chief investment officers, company presidents, partners, directors, majority owners, minority owners, and portfolio managers. Many of these cases also involved compliance personnel who affirmatively participated in the misconduct, misled regulators, or failed entirely to carry out their compliance responsibilities.

Chairwoman White’s remarks and Commissioner Aguilar’s statement stem, in part, from the settlement in the Blackrock Advisors matter.   On April 20, 2015, the SEC issued an order requiring a CCO to pay $60,000 in civil penalties for, in part, “not recommend[ing] written policies and procedures to assess and monitor . . . outside business activities and to disclose conflicts of interest. . . .” The order does not indicate that the CCO wore any other hats or was directly involved in the alleged misconduct. Interestingly, the order recites that the WSPs were amended in January 2013. This decision was also unique in that Commissioner Gallagher issued a Public Statement explaining his dissent from the approval of the settlement. In his Statement (he also dissented from another similar settlement as well), he stated:

Both settlements illustrate a Commission trend toward strict liability for CCOs under Rule 206(4)-7. Actions like these are undoubtedly sending a troubling message that CCOs should not take ownership of their firm’s compliance policies and procedures, lest they be held accountable for conduct that, under Rule 206(4)-7, is the responsibility of the adviser itself. Or worse, that CCOs should opt for less comprehensive policies and procedures with fewer specified compliance duties and responsibilities to avoid liability when the government plays Monday morning quarterback.

Despite the fact that I represent folks in fights with securities regulators every day, I’m not against strong and fair regulatory enforcement. If there are bad guys out there, we should all want them off of the proverbial streets. Here, though, I think Commissioner Gallagher has it exactly right.

What I find troubling is the double-talk coming from the regulators. If you listen, they want CCOs to be their allies in working towards the goal of creating superior firm compliance. As Chairwoman White said yesterday, “You are on the front lines working to create, implement, and enforce a strong and comprehensive set of policies, procedures, and systems to govern and supervise firm employees.” They want CCOs to adopt a culture of compliance and focus on ensuring that the firm operates as it should.

If that’s the case, they must exercise discretion and only bring actions against a CCO for egregious conduct. As Commissioner Gallagher notes, regulators need CCOs to help them ensure regulatory compliance.   That means they want CCOs actively examining and involved in the firm’s operations.  But, the more a CCO digs, the more he/she risks being found to have participated in the misconduct. By bringing actions against these individuals, the regulators disincentivize the exact habits they wish to enforce.  Rather than CCOs trying to improve the firm’s supervisory system and commitment to regulatory compliance, CCOs must keep one eye on regulators to ensure they don’t get caught up in the same net.

Of course, this observation should not apply to CCOs that are directly complicit in the regulatory failings of a firm. If a CCO turns a willful blind eye to a supervisory violation or knowingly and actively participates in the alleged wrongful conduct, or worse, fraudulent conduct, it makes perfect sense to bring enforcement actions against those individuals. But absent that, it would be in the SEC’s and FINRA’s interest to be very very selective in bringing enforcement actions against CCOs. That would have the greatest investor protection benefit.

What’s the moral to this story?

Until the SEC and FINRA stop targeting CCOs in enforcement actions, CCOs should be very careful. The regulators are playing a game of “gotcha” and do not show any appreciable restraint when it comes to regulating the conduct of CCOs.  As long as regulators continue to bring enforcement actions against CCOs, the industry should assume comments like the ones coming from Chairwoman White or Commissioner Aguilar are merely hollow words offered to give individuals in an already highly regulated industry a false sense of security.

[1] The full text of her speech can be found by clicking here.