For Chief Compliance Officers (CCOs) and legal professionals at broker-dealer firms who are tasked with comprehending securities rules and regulations violations, rigorous scrutiny of CCOs from the regulators themselves is not uncommon.

However, recent SEC guidance helps clarify CCOs’ liability related to regulations, giving compliance professionals more information about their level of accountability in situations where their employer is found at fault for regulatory or legal infractions.

The guidance comes on the heels of a three-year case against Theodore Urban, the former general counsel of an investment bank. The SEC accused Urban of failing to supervise a rogue broker who became involved in a stock manipulation scheme. Urban noticed clues about the broker’s misconduct, and approached his firm’s compliance team and management with concerns. Urban ultimately recommended the broker be fired; however one of the firm’s key board members opposed his recommendation.

The three-year case against Urban was finally dismissed by the SEC, but has continued to worry compliance and legal professionals who believe it could redefine the SEC’s view of these roles as a ‘supervisor’—making them easier targets for SEC enforcement actions.

The new SEC guidance addresses many of the concerns broker-dealer CCOs have about their personal liability related to supervision and compliance failures or violations.

CCOs will probably be most reassured to find the SEC guidance says compliance and legal personnel ‘do not become supervisors solely by reason of their position, because they give advice to management, or participate in management committees.’

The FAQ notes that, in general, ‘supervisory responsibility’ is only determined when a compliance or legal officer has been:

• Given responsibility over a business activity.
• Identified as the responsible person in a firm’s policies and procedures.
• Given the power to hire, reward or punish employees for their conduct.
• In a position to have prevented a violation from occurring/happening again.

In other words, if a CCO has compliance monitoring, reporting and advising responsibility for a firm, but doesn’t have the authority to hire, fire, reward or punish (or otherwise prevent an activity) in relation to compliance rules and regulations violations, they do not have supervisory liability.

Firms are also urged to have procedures in place that clearly show who is responsible for supervision of staff actions and business functions. The guidance says compliance and advisory duties are separate from business line duties, so compliance staff should not have supervisory responsibility for business line units or employees.

Usually, supervisory authority and liability lies with business personnel (staff outside the compliance and legal departments). Ultimate responsibility and liability often falls to the CEO, COO, or other senior management who are in a position to supervise business actions and punish or otherwise affect regulatory or legal misconduct. One caveat: Liability is still dependent on the facts and circumstances of the scenario under review.

Overall, it’s the SEC’s goal to bring ‘failure to supervise’ actions against a firm’s compliance or legal personnel only when they have been delegated or assumed supervisory responsibility for specific business activities or situations—and have the level of responsibility, ability and authority required to take action and affect the conduct of the employee whose behavior is in question.