Confronting the CCO Liability Trend and Mitigating the Risk

Confronting the CCO Liability Trend and Mitigating the Risk

For the past several years we have seen an increase in the amount of SEC enforcement actions against CCOs. During SEC Chairwoman Mary Jo White’s tenure two high profile cases sparked a conversation centering on CCO liability. The risk of personal liability continues to be a concern for CCOs under Chairman Clayton’s administration. Both SEC administrations have placed an importance on the protection of investors, the deterrence of violations, and increasing transparency. These priorities have led to rules, regulations and enforcement actions that have resulted in increased responsibilities for advisory firms and their CCOs. Here we take a look at several landmark cases involving CCO liability and explore the factors that lead to personal culpability for CCOs.

In the Matter of BlackRock Advisors, LLC (April 20, 2015), the firm was charged with failing to disclose information about outside business activities as well as failing to adopt policies and procedures to address the outside activities. The SEC also separately charged the CCO with failing to ensure the adaptation of such policies and procedures. The firm was fined $12 million and the CCO was personally fined $60,000.

In the Matter of SFX Financial Advisory Management Enterprises, Inc. (June 15, 2015), the president was charged with stealing a total of $670,000 from various clients over a period of five years.  The CCO was found responsible for failing to conduct annual reviews required by the firm’s compliance manual and as required by the SEC. The SEC charged the company and the CCO personally with failing to supervise the president, failing to conduct annual compliance reviews, and for making false statements on Form ADV. The CCO paid $25,000 to settle the charges – not a small sum for a CCO.

Chairman White’s enforcement philosophy was inspired by “broken windows” theory. Chairman White believed that small violations lead to larger ones, and ultimately harm investors. To deter the frequency at which violations occur, all violations were treated with severity. Chairwoman White also sought to make certain CCOs were diligent in their roles and were implementing appropriate policies and procedures designed to ensure compliance with SEC rules and regulations.

Under Chairman Clayton the concerns around CCO liability continue to persist. Clayton believes that individual accountability will keep people from committing violations and the threat of individual enforcement will continue to protect main stream investors. Clayton’s continued commitment to CCO liability is underscored by the outcome of the 2017 Osunkwo case which has only added to the increasing controversy regarding CCO liability. In the Matter of David I. Osunkwo (August 15, 2017), David Osunkwo was a principal with SC Consulting, a compliance consulting firm. SC contracted for Osunkwo to be the outsourced CCO for both Aegis Capital and Circle One Wealth Management that were in the process of merging. The CCO was tasked with filling a year-end Form ADV for Circle One that would reflect the merger under the parent company, Capital L Group LLC. The CCO received approximate AUM figures from the CIO and recorded them on the Form ADV without further verification. The numbers provided were later found to be inaccurate. The CCO was charged with submitting inaccurate information to the SEC, fined $30,000 and suspended from the industry for a year. It is clear that Osunkwo failed to follow through on his responsibilities as CCO, but the severity of the penalty is quite concerning.

The penalties for CCOs involved in these three cases were severe and created angst amongst other compliance professionals who believed that the CCOs should not be held accountable for the mistakes or actions of other employees. The hefty penalties for CCO missteps have also caused individuals to shy away from taking on the CCO role, particularly in small firms where the CCO typically is less experienced and wears more than one hat.

In June 2015, SEC member Daniel Gallagher issued a statement dissenting from SEC settlements in the Blackrock Advisors and SFX Financial Advisory Management Enterprises cases. In the statement he said the SEC “unfairly targeted chief compliance officers in recent enforcement actions and is leaving them unsure of the extent of their responsibility for firm behavior.” Several days later, Commissioner Luis Aguilar issued a Public Statement attempting to quiet concerns related to CCO liability by explaining that many of the cases brought against CCOs, “involved CCOs who wore more than one hat and many of their activities went outside the traditional work of CCOs, such as CCOs that were also founders, sole owners, chief executive officers, chief financial officers, general counsels, chief investment officers, company presidents, partners, directors, majority owners, minority owners, and portfolio managers”, and that many of the cases involving CCO liability involved one of the 3 factors: they participated in the misconduct; misled regulators; or failed to carry out their compliance responsibilities. He concluded that “at the end of the day, though, legal and compliance officers who perform their responsibilities diligently, in good faith, and in compliance with the law are our partners and need not fear enforcement action.”

Said Andrew Ceresney, the former director of the SEC Division of Enforcement, in a 2016 Public Statement, “I am concerned that the recent public dialogue may have unnecessarily created an environment of unwarranted fear in the CCO community.” He then went on to reiterate the three factors that the SEC considers when deciding whether to act against a CCO: 1) Was there participation by the CCO in the misconduct? 2) Has the CCO mislead regulators or otherwise hampered the investigation? 3) Was there a failure to carry out responsibilities assigned to the CCO?

In the Osunkwo, BlackRock and SFX cases, the CCOs failed to completely carry out their assigned responsibilities. Osunkwo failed to verify information which led to reporting false information. The CCOs in the Black Rock and SFX cases failed to properly supervise employees and conduct reviews necessary to ensure compliance.

The first two factors are relatively straight forward – the CCO will be charged if he/she participates in misconduct or hinders the investigation of regulators. However, the third factor – failure to completely carry out responsibilities assigned to the CCO – seems to carry the most personal liability for CCOs. Such failures are more likely to occur when the CCO does not have a sufficient degree of skill and experience to effectively carry out the CCO duties. Failures can also occur when a CCO wears multiple hats such that they do not have sufficient time to focus on their compliance responsibilities.

CCO liability will always be a concern and the risk only increases when a CCO is not properly equipped to handle the role. To mitigate the CCO liability risk, CCOs must be fully aware of their responsibilities and have both the skills and experience and the time to carry them out. If not, CCOs should be empowered to speak up about their concerns and seek to retain a qualified compliance consultant to help.  Also, many insurers are now offering CCO liability coverage. It would be prudent to add such coverage to your firm’s policy.

For help with compliance-related matters, contact ICSGroup. Our compliance team has over 100 years of combined legal and compliance experience supporting registered and unregistered investment advisors and meeting investor and regulator expectations.