Chief Compliance Officer
Chief Compliance Officers (CCOs) at member firms play a vital role. For example, CCOs and their compliance teams help design and implement compliance programs, help educate and train firm personnel, and work in tandem with senior business management and legal departments to foster compliance with regulatory requirements. In this way, CCOs help promote strong compliance practices that protect investors and market integrity, as well as the member firm itself.
Duties and Functions of Chief Compliance Officer
The CCO is not an industry-specific role. Rather, CCOs are a common and highly visible link between the firm’s compliance function and its business and legal functions. The CCO works closely with those groups to ensure that the firm’s policies and procedures are effective, efficient, and in line with regulatory requirements. CCOs also represent the interests of their firm before regulatory authorities and regulators. As such, they are a key contact for the firm’s investors and other stakeholders. CCOs typically report directly to the firm’s managing partners, general counsel, or chief compliance officer.
Rule 3110 and the CCO
Rule 3110 (Supervision) imposes specific supervisory obligations on member firms. The responsibility to meet these obligations rests with a firm’s business management, not its compliance officials. The CCO’s role, in and of itself, is advisory, not supervisory. Accordingly, FINRA will look first to a member firm’s senior business management and supervisors to determine responsibility for a failure to reasonably supervise. FINRA will not bring an action against a CCO under Rule 3110 for failure to supervise except when the firm conferred upon the CCO supervisory responsibilities and the CCO then failed to discharge those responsibilities in a reasonable manner.3 As a result, charges against CCOs for supervisory failures represent a small fraction of the enforcement actions involving supervision that FINRA brings each year.
Regulatory Notice 22-10
However, FINRA has released Regulatory Notice 22-10 – Reminding Member firms of the scope of Rule 3110 (Supervision) as it pertains to the potential liability of Chief Compliance Officers.
The Role of a Chief Compliance Officer
In Notice to Members 99-45, FINRA stated that it is “important to recognize the distinction between written compliance guidelines and written supervisory procedures.” A CCO and the compliance team is generally responsible for compliance guidelines, not written supervisory procedures. “Compliance guidelines generally set forth the applicable rules and policies that must be adhered to and describe specific practices that are prohibited.”
“Written supervisory procedures document the supervisory system to ensure that compliance guidelines are being followed.” By contrast, written supervisory procedures do not set forth the supervisory system, but document what the supervisory system should be
To fulfill the compliance function, FINRA requires firms to designate one or more appropriately registered principals as a CCO.1 As set forth in FINRA Rule 3130, Supplementary Material .05, “A [CCO] is a primary advisor to the member on its overall compliance scheme and the particularized rules, policies and procedures that the member adopts.” Neither Rule 3110 nor Rule 3130, by themselves, attach supervisory responsibilities to a CCO.
Chief Compliance Officer as a Supervisor
While a CCO does not have supervisory responsibility, a CCO can, and often does occupy another position at a firm, such as CEO. In such circumstances, CCOs likely would fall within the scope of Rule 3110 because of the supervisory authority designated to them based on another non-CCO position they hold within a firm’s business management.
When an individual’s sole position at a firm is that of CCO, a more extensive assessment of liability under Rule 3110 may be needed, as outlined in the FINRA Notice.
Factors that might weigh in favor of charging a CCO are the same factors that could apply to any individual who has supervisory responsibility under Rule 3110 and include, but are not limited to, the following:
- the CCO was aware of multiple red flags or actual misconduct and failed to take steps to address them;
- the CCO failed to establish, maintain, or enforce a firm’s written procedures as they related to the firm’s line of business;
- the CCO’s supervisory failure resulted in violative conduct (e.g., a CCO who was designated with responsibility for conducting due diligence failed to do so reasonably on a private offering, resulting in the firm lacking a reasonable basis to recommend the offering to its customers); and
- whether that violative conduct caused or created a high likelihood of customer harm.