Addressing Personal Liability for Compliance Professionals

Chief compliance officers face immense challenges in addressing the evolving needs and demands of compliance management. Particularly in the financial sector, compliance professionals hold significant responsibility for overseeing policies and processes and maintaining their organization’s compliance posture in alignment with stakeholder expectations.

In recent years, the discussion around the personal liability of compliance professionals has become increasingly important, as these individuals are potentially exposed to great personal risk in the form of litigation when their organization faces a serious compliance issue. Regulatory bodies such as the Securities and Exchange Commission (SEC) and the Financial Industry Regulatory Authority (FINRA) have the ability to take legal action against CCOs when their conduct and performance have come into question.

However, there are questions regarding when and under what circumstances such legal actions are pertinent. The nature of compliance duties, which involves constantly identifying and addressing potential violations, often exposes CCOs to compromising circumstances.

CCO Liability: Proposed Framework for Financial Regulators

The New York City Bar Association has recently proposed a framework to policy makers aiming to address concerns over personal liability among compliance professionals. It presents several key factors regulators should consider when deciding to charge a compliance officer, highlighting potential drawbacks of increased individual liability.

First, the report acknowledges the CCO’s critical role and the growing perception of a hostile regulatory environment. The Association suggests that exposure to personal risk undermines the goals of compliance officers and regulators alike. The report cites an increase in litigation against individuals as creating apprehension among compliance professionals who are already subject to increased regulatory scrutiny. Generally, the compliance function faces significant challenges operationally. Compliance departments are often responsible for conduct at many organizational levels, find their resources stretched thin, and struggle to facilitate cross-functional communication and accessibility.

The proposal attempts to extenuate the personal liability of CCOs in certain circumstances and provides key areas to examine their performance. These factors provide a methodology for assessing liability and allowing regulatory authorities to appropriately exercise discretion.

CCO Liability Factors

The framework asks a series of questions categorized as either affirming or mitigating factors for evaluating CCO liability.

First, the Association suggests several affirming circumstances to support the case for a CCO conduct charge, including:

• Did the CCO not make a good faith effort to fulfill his or her responsibilities?
• Did the wholesale failure relate to a fundamental or central aspect of a well-run compliance program?

These factors, among others, account for circumstances of willful negligence or inappropriate and deficient conduct and should be the basis for determining if an individual should be held responsible.

Secondly, the report proposes several mitigating circumstances to consider, including:

• Did structural or resource challenges hinder the CCO’s performance?
• Were policies and procedures proposed, enacted or implemented in good faith?

Both of these questions pertain to the overall effectiveness of the compliance program and examine how resources were leveraged and what challenges the compliance officer may have faced. These areas should be considered when assessing CCO liability and the conduct and performance of the individual in question.

The New York City Bar Association posits that “instituting a [framework] of nonbinding factors will provide the compliance community with the guidance it needs balanced against regulators’ need for ultimate discretion” while also helping to “provide clear guidance to CCOs and enable them to confidently engage in their necessary work.”

By defining when an individual is responsible or when the problem is more systemic, the proposed framework could help appropriately diagnose, resolve, and prevent compliance violations.

More Compliance Topics for CCOs: