CCO Liability Becomes Hot Topic in Compliance Circles

Speaking at a New York City Bar Association event last month, the director of the Securities and Exchange Commission Division of Enforcement opened his remarks with a warning about the eroding levels of public trust in institutions across the board.

“From Congress to law enforcement to the courts, these levels are at, or below, historic lows,” Gurbir S. Grewal told the audience. “Studies also show that only a small percentage of Americans have any significant level of confidence in banks, technology companies, or big business.”

Grewal went on to outline the SEC’s evolving orientation towards enforcement actions against compliance professionals. Despite the rarity of such actions, signs are pointing to growing interest in beefing up liability for chief compliance officers.

Note that a year ago, for example, the Department of Justice introduced a new policy calling for CCOs to sign off on some enforcement resolutions with companies. The mining company Glencore reached a settlement with the DOJ in May 2022 that required CCO certification, the first action of its kind. Meanwhile, the SEC alleged earlier this year that the CCO of LianLian, the U.S. arm of a Chinese fintech company, committed insider trading using nonpublic information about planned business acquisitions.

Concerns about CCO liability may sound new, but they are not. Professional associations, such as the one Grewal addressed in October, have long pressed for clearer standards for compliance officers. Their goal has been for regulators to lay out a sort of rubric to determine penalties against compliance officers. Additionally, stakeholders have proposed that authorities consider mitigating factors before holding CCOs liable for missteps at their companies.

Meanwhile, the SEC is facing some internal criticism about its CCO liability policies. Republican-appointed commissioner Hester Peirce, an outspoken antagonist of the agency’s direction under chair Gary Gensler, took the SEC to task last year over its decision to initiate an administrative proceeding against the CCO of Hamilton Investment Counsel LLC. According to Peirce, “fears of facing liability for someone else’s missteps can dissuade excellent candidates from seeking compliance jobs.” Commissioner Mark T. Uyeda expressed similar concerns last month at the annual conference of the National Society of Compliance Professionals.

But the relative novelty of CCO liability may be leading to critics to overestimate how often it will come into play going forward. For his part, Grewal downplayed the likelihood that it would be a prominent arrow in the SEC’s enforcement quiver. He tried to reassure his audience of as much last month, maintaining that companies with proactive compliance programs won’t be at risk: “As I have said, we have no interest in pursuing enforcement actions against compliance personnel who undertake their responsibilities in good faith and based on reasonable inquiry and analysis.”