CCO Enforcement Actions the “Rare” Exception—Not the Rule: Additional Details From SEC’s Enforcement Division
What You Need to Know
Key takeaway #1
Gurbir S. Grewal, Director of the SEC’s Division of Enforcement, previewed the agency’s enforcement outlook against Chief Compliance Officers.
Key takeaway #2
Grewel describes the instances when enforcement actions against CCOs are usually brought, but emphasizes that these actions are, and will continue to be, rare.
Key takeaway #3
Grewel’s speech highlights that companies should continue to (1) maintain current, adequate compliance programs; (2) identify areas for improvement in compliance; and (3) maintain an audit trail of these efforts.
Client Alert | 3 min read | 10.30.23
On October 24, 2023, Gurbir S. Grewal, Director of the U.S. Securities and Exchange Commission’s (“SEC”) Division of Enforcement, provided a preview of the agency’s enforcement outlook against Chief Compliance Officers (“CCO”) in the upcoming year. His remarks highlight the continued importance of compliance programs (and continued focus on the part of regulators on those programs), but also make clear that SEC enforcement actions targeting behavior on the part of CCOs will continue to be rare.
Speaking at the New York City Bar Association’s Compliance Institute, Grewal said, “The short answer is that we do not second-guess good faith judgments of compliance personnel made after reasonable inquiry and analysis. That is why such actions are rare.” Grewal emphasized that, in the more than 1,000 enforcement cases initiated by the Commission since 2021, he “can probably count on one hand the number that involve compliance officers.”
Grewal provided the three instances when enforcement actions against compliance personnel—and, as experience shows, principally CCOs—will typically be brought. Those rare situations occur when they:
- Affirmatively participate in misconduct unrelated to the compliance function;
- Mislead regulators; and/or
- Wholly fail to carry out their compliance responsibilities and conduct basic inquiries and analysis.
For the first instance, Grewal explained that CCOs would not be treated any differently from other similarly situated individuals simply by virtue of their role, and “being a member of the compliance function is not a ‘get-out-of-jail’ card.” The Commission will hold a CCO accountable for securities violations unrelated to that officer’s responsibilities in the company.
In the second instance, Grewal noted that the Commission will pursue enforcement actions against CCOs when they deliberately thwart, obstruct, or mislead the Commission’s staff in exercising effective oversight and regulation.
Regarding the third instance, Grewal provided examples of “wholesale failure[s]” subject to SEC action. He referenced one example when the SEC charged a partner at a public accounting firm with failing to sufficient in the firm’s quality control system.[1] He noted another example when the SEC charged the CCO of a registered investment advisor based on his company’s failure to, among other things, adopt and implement “reasonably designed compliance policies and procedures” or “conduct annual reviews of its compliance program.”[2]
To avoid liability, Grewal encouraged compliance officers and their companies to create a culture of proactive compliance by enacting the 3 E’s: education, engagement, and execution.
- Education: Whenever a new Commission action, priority, or rule is relevant to the company, compliance officers should take the time to digest it, examine it, and understand how it may impact their company. Grewal cited the SEC’s Whistleblower Program as an example of a new policy that compliance officers should study to ensure their own policies align with SEC rules to protect whistleblowers.
- Engagement: Compliance officers should take the necessary steps to learn and understand the relevant issues across different business units within their organizations. Compliance officers should continuously remain alert of how their businesses, operations and risk areas, change over time, and how those intersect with the Commission’s stated enforcement priorities and new rulemaking.
- Execution: Compliance officers should advocate for active leadership, training, and constant oversight to ensure that policies are being implemented and carried out effectively within their companies. A company having compliance policies and procedures in place is not enough. Those policies and procedures must be coupled with effective implementation and enforcement.
Finally, should a company detect a securities law violation, Grewal urged those companies to self-report and cooperate. Although the Commission issued robust penalties to violators this year, it also “aggressively rewarded” those companies that self-reported and cooperated, imposing substantially reduced penalties, or no penalties at all.
Key Takeaways
Grewal’s remarks stand as a reminder to companies and their compliance professionals, including CCOs, to maintain an adequate compliance program as a way to mitigate prospective enforcement risk. His remarks also underscore the importance of compliance officers ensuring that their companies’ policies are current, sufficiently address known areas of SEC concern, and continuously examine potential areas for improvement. Companies and their compliance functions should maintain an audit trial of these efforts in the event of any downstream scrutiny. Moreover, companies should meaningfully cooperate with the SEC when necessary to reduce exposure.[3]
We would like to thank Ahnna Chu, Senior Law Clerk, for her contribution to this alert.
[1] Securities and Exchange Commission, “SEC Charges National Office Partner at Marcum for Causing Widespread Quality Control Deficiencies” (Sept. 12, 2023), available at www.sec.gov/news/press-release/2023-174.
[2] In the Matter of Two Point Capital Management, Inc., and John McGowan, Admin. Proc. File No. 3-21249 (Dec. 5, 2022), available at www.sec.gov/files/litigation/admin/2022/ia-6199.pdf.
[3] While the SEC has considered whether to update its Seaboard factors (2001) for evaluating cooperation and voluntary disclosure, to date, these factors have not changed. Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934 and Commission Statement on the Relationship of Cooperation to Agency Enforcement Decisions, Exchange Act Release No. 44969 (Oct. 23, 2001), available at https://www.sec.gov/litigation/investreport/34-44969.htm.
Insights
Client Alert | 3 min read | 12.10.24
Fast Lane to the Future: FCC Greenlights Smarter, Safer Cars
The Federal Communications Commission (FCC) has recently issued a second report and order to modernize vehicle communication technology by transitioning to Cellular-Vehicle-to-Everything (C-V2X) systems within the 5.9 GHz spectrum band. This initiative is part of a broader effort to advance Intelligent Transportation Systems (ITS) in the U.S., enhancing road safety and traffic efficiency. While we previously reported on the frustrations with the long time it took to finalize rules concerning C-V2X technology, this almost-final version of the rule has stirred excitement in the industry as companies can start to accelerate development, now that they know the rules they must comply with.
Client Alert | 6 min read | 12.09.24
Eleven States Sue Asset Managers Alleging ESG Conspiracy to Restrict Coal Production
Client Alert | 3 min read | 12.09.24
New York Department of Labor Issues Guidance Regarding Paid Prenatal Leave, Taking Effect January 1
Client Alert | 4 min read | 12.06.24