In a recent review of a disciplinary action charging a chief compliance officer (CCO) with committing "should have known" liability, the DC Circuit Court of Appeals, in a per curium opinion, ignored the FINRA rule that the CCO allegedly violated.
In this case, Thaddeus North had been found liable by FINRA for failing to comply with a FINRA rule that requires reporting to FINRA certain conduct within a specified number of days after the firm "knows or should have known" about the conduct.
The SEC affirmed FINRA's decision, albeit applying different standards.
The DC Circuit ruled that the SEC's decision was "supported by substantial evidence." However, the Court failed to analyze what the FINRA rule meant when it used the phrase, "should have known."
Instead, the DC Circuit simply noted that the "Commission found a series of 'clear red flags' that 'should have led North to inquire' about such a relationship, but he failed to do so."
Unfortunately for firms and CCOs, inquiring about red flags is only part of the analysis to determine whether a firm or individual "should have known" about certain facts. In effect, the DC Circuit established a strict liability standard for failing to investigate red flags.
Case Against Thaddeus North
In July 2013, FINRA brought an enforcement action against a registered representative of a broker-dealer, the firm's chief executive officer (the CEO), and North, who was the CCO.
The registered rep was charged with enabling a statutorily disqualified person (SDP) to operate as an unregistered person, and the CEO was charged with failing to supervise the registered rep's relationship with the SDP.
FINRA charged North with, among other things, failing to report to FINRA the rep's relationship with the SDP because North allegedly "should have known" about the relationship. After a hearing, FINRA found him liable and the SEC sustained FINRA's finding.
'Should Have Known Liability'
The DC Circuit ignored the language of the rule and the legal standards to be applied, possibly because the SEC also ignored the standard of care.
While the court affirmed the SEC's decision that the red flags "should have led North to inquire," it did not review (nor did the SEC) what North would have known had he inquired.
They apparently assumed that if North had followed up on the red flags and inquired about the relationship, he would have learned that an SDP was associated with the firm. But that is effectively a strict liability standard and contradictory to precedent.