Why Compliance Officers Have Even More to Worry About

Commentary July 17, 2020 at 09:47 AM
Share & Print

businessman pointing at word compliance (Image: Shutterstock)

In its Thaddeus J. North v. SEC brief to the DC Circuit Court of Appeals, the Securities and Exchange Commission argues that a disciplinary decision from the Financial Industry Regulatory Authority against a chief compliance officer should be affirmed, which may portend bad news for compliance officers.

The issues presented by the case are troubling because if the court sustains the disciplinary action, it could lead to 1) dozens of CCOs being charged every year for their firms' deficient procedures, even if they acted in good faith; and 2) a strict liability standard applying to "should have known" liability.

Case Against North

In July 2013, FINRA initiated an enforcement action against a registered representative of a broker-dealer, the firm's CEO, and North, the CCO. The RR allegedly enabled a statutorily disqualified person (SDP) to operate as an unregistered person, and the CEO allegedly failed to supervise the RR's relationship with the SDP.

FINRA charged North for failing to establish appropriate procedures to review electronic correspondence and for failing to report to FINRA the RR's relationship with the SDP, despite the fact that he allegedly "should have known" about the relationship.

'Liability for Inadequate Procedures'

FINRA charged North with failing to establish and maintain a reasonable supervisory system.

Why North, when other CCOs are rarely charged for similar conduct? The SEC determined that it's appropriate to charge a CCO who "engages in wrongdoing, attempts to cover up wrongdoing, crosses a clearly established line, or fails meaningfully to implement compliance programs, policies, and procedures." This standard is potentially problematic.

Here, there were no allegations of "cover up" by North. With respect to whether North "engage[d] in wrongdoing," arguably every time a firm is charged, a person engaged in wrongdoing — procedures don't simply write themselves.

By definition in all enforcement proceedings, there is a significant issue, not just a foot fault. But in the overwhelming majority of similar cases, CCOs are not charged. Which is as it should be. North, however, was singled out for discipline. 

As the SEC could not answer for FINRA's prosecutorial discretion regarding who gets named as a respondent, it appears the standard is, "we know it when we see it."

FINRA's failure to use prosecutorial discretion here is troubling. First, often, when FINRA finds procedures to be deficient, they are easily fixable by adding a few words or sentences. Here, FINRA did not allow that.

Second, here, the CCO did not simply sit on bad procedures, doing nothing. Instead, North took affirmative steps to make things better.

Even the NAC confirmed his improvements, noting that the new procedures contained more detail, for example, the firm would employ a "risk-based approach" and the CCO would "[u]tilize [an archival and review platform] to review random samples of emails." Thus, if the policy were to charge CCOs only if they made things worse, then North should not have been charged.

Finally, North should not be sanctioned for a typo-type mistake. One of North's arguments is that he  made "a single scrivener's error" because he used a template that did not contain a percentage or sample size number.

'Should Have Known' Liability

The court should find that FINRA did not prove its case. While the SEC's brief articulated the correct "should have known" precedent, it did not apply that standard.

  • "Whatever knowledge inquiry would have produced"

The SEC stated that "should have known" liability "requires inquiry" and that "the law treats a person as possessing whatever knowledge inquiry would have produced."

In other words, red flags require follow-up, and people are assumed to have the knowledge they would have gained if they followed up. Thus, if that follow up would have yielded evidence of wrongdoing, then that knowledge is imputed.

Unfortunately, the SEC's brief didn't apply that standard. Instead it applied strict liability and concluded with no evidence that North's "failing to even question [the RR] about the agreement or the invoices," meant that he "failed to fulfill his [FINRA rule] obligation."  The SEC's conclusion is misplaced.

First, the SEC ignored the basic question: if North followed up, what would he have learned?  Instead, the SEC assumed that North would have learned that an SDP was associated with the firm. Without analyzing that question, the SEC used a strict liability approach, which is inconsistent with "should have known" liability.

Second, there is no evidence that North would have learned facts to allow him to notify FINRA about the issue. The Hearing Panel found that if North had investigated, he "likely would have learned" about the relationship. That falls short of the DC Circuit precedent cited by the SEC in its brief, which requires analyzing what "knowledge [the] inquiry would have produced."

The Hearing Panel applied the wrong standard and its findings are not supportable. North could have asked the RR about the agreement, but if he did, the RR likely would have continued to keep the relationship a secret. FINRA, in fact, charged the RR for her deception.

The RR benefited from keeping the arrangement a secret, earning substantial commissions from her relationship with the SDP. Given these facts, it was not reasonable to conclude that North "likely would have" learned about the relationship by questioning the RR.

In certain circumstances, if someone follows up on red flags, such as reading a flagged email, then that inquiry will lead to knowledge. But FINRA established only that North could possibly have learned about the relationship, and such a finding is insufficient to support a "should have known" charge.

In its brief, the SEC ignored these evidentiary gaps. The SEC asserted that if North had followed up, then he would have learned about the SDP, but the SEC did not explain how or present evidence to support its argument. Instead, the SEC concluded that North is strictly liable because he didn't follow up.

  • "Do not intentionally avoid becoming aware"

The SEC also failed to consider the relevant standard of care. During the rulemaking process, someone asked whether the "should have known standard" was "too demanding." In response, the SEC stated, "[t]he purpose of the 'should have known' standard is to ensure that members do not intentionally avoid becoming aware of a reportable event."

Despite this standard, FINRA failed to present evidence that North "intentionally avoid[ed] becoming aware" of the relationship. To the contrary, the evidence shows that North did not act with bad intent. He reviewed the relevant documents, and did not see anything "illegal or immoral."

There is also no evidence that he received kickbacks from the RR or the SDP, or that he would have suffered repercussions if he had become aware of the relationship. Thus, under the proper standard of care, the DC Circuit should not find North liable.

FINRA brought, and the SEC sustained, troublesome charges against North. Considering the repercussions of enforcement actions against compliance officers, regulators must exercise great care and discretion before bringing such cases.

Here, the DC Circuit should articulate a clear standard for when a CCO is liable for procedural failures of her firm. In addition, it should reject a strict liability standard for "should have known" charges.  If the court denies North's petition, then compliance officers will be unable to do their jobs without fearing unintended consequences.


Brian Rubin is a partner with Eversheds Sutherland (US) LLP. Michelle McIntyre is an associate with the firm.

NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Related Stories

Resource Center