Presented by: Laura Crosby-Brown
CCO liability has become a hot topic both for broker-dealers and investment advisors as we have seen a number of high profile cases brought against CCOs over the past few years. Many CCO have read the statements from various SEC commissions on this topic as well as heard it discussed at conferences put on by both the regulators and industry organizations. I was fortunate enough to attend the NSCP conference recently and was pleased to hear Andrew Ceresney of the SEC speak on this topic as well as to attend a very informative panels on Compliance vs. Supervision and a Regulatory Roundtable where choosing a CCO was discussed. To follow are some notes from each that may help CCOs sleep better at night or at least help them understand their role and what the regulators are looking at.
Mr. Ceresney’s speech focused primarily on a number of recent cases and why the CCO was implicated to try to assure the CCOs in the room that the SEC is not targeting them. Many of these cases were not related to the CCO’s primary functions but involved circumstances where either the CCOs stepped into another role or they themselves engaged in misconduct. He also discussed how the SEC is trying to support CCO who are seeking to do their job by bringing enforcement actions against firms who do not support compliance or provide sufficient resources for an adequate compliance program.
The Regulatory Roundtable session also included a brief discussion regarding the hiring of an outsourced CCO across SEC, FINRA and NFA firms. This discussion revolved around the due diligence firms need to undertake to ensure the CCO understand not only the regulatory framework in which the firm operates but its business and that the CCO does not have too many other obligations so that they cannot appropriately discharge their duties to the Investment Advisor, Broker-Dealer or NFA member firm they are engaged by. This discussion also covered areas including ensuring the CCO has the ability to communicate with senior management and has the resources needed to ensure procedures are kept up-to-date and are tested as required. The panelist also stated that any roles that CCO will assume apart from their regulatory responsibilities need to be clearly outlined and they need to be given sufficient powers to discharge these duties.
The last panel covered the differences between the role of the CCO and the role of supervisor. This panel was especially interesting given the previous panels and the discussion regarding the perils a CCO can assume when stepping outside his or her role as such. So what is the role of the CCO?
A CCO is vested with specific responsibilities whether they are acting for a broker-dealer, investment advisor or NFA member. These include:
- Understand and interpret various rules and regulations related to the firm’s business
- Develop compliance and supervisory procedures to reasonably ensure compliance with the applicable rules;
- Provide guidance and support; and
- Test procedures.
So the next question then is what makes supervision different? If you look to some of the SEC cases you will see that a supervisor must have a requisite degree of responsibility, ability or authority to affect the conduct of employees or staff.
In assuming the role of a supervisor the person must be able to affect the conduct and therefore must be vested with the power to be able to take actions to do so such as taking disciplinary action or firing. A CCO in a traditional role would not have such and therefore would need to step into a different role where he or she can affect change. Some samples that panel discussed that show the difference in the roles included–
- A CCO would verify that email reviews were occurring and may spot check emails for compliance with communication procedures but would not bring any issues to the author directly but could provide guidance to the supervisor.
- A supervisor would review emails and bring issues uncovered during reviews to the author and take action to discipline the same if warranted.
- A CCO should be part of a hiring committee if applicable and should provide input on any issues that arise during the onboarding process including issues from background checks or questions related to the prospect’s business activities but would not have a vote on the hiring and would not sign any hiring documents, including a Form U4.
- The hiring committee or principal would approve or disapprove the onboarding of new representative and would be responsible for ensuring all required paperwork , as outline din the procedures, are obtained and the hiring principal would sign the Form U4.
Some best practice for a CCO include ensuring:
- Procedures clearly discuss the role of compliance;
- Lines of supervision are clearly identified and communicated;
- Policies and procedures are subject to ongoing review and updated as needed;
- Testing and verification of procedures is done as required;
- Issues identified in testing are escalated to the appropriate party, whether a supervisor or senior management when applicable and you follow-up;
- If asked to wear a supervisory hat, the role is clearly defined and you have the power to do the job and affect change where required;
- Issues are brought to the attention of regulators when required or when the senior management of the firm fails to act.
One panelist even suggested that a best practice for a CCO should be to resign if you do not have the full support from senior management to do your job or if they refuse to address concerns.
So the lessons learned in all three sessions are:
- Know what it means to be a CCO and be sure the senior management and other at the firm understand it as well;
- Be sure you have a firm grasp on regulatory requirements and the firm’s business;
- If you take on role apart from the 4 traditional duties of a CCO, be sure the role is identified and you have the resources and ability to discharge the duties of this role; and
Don’t inadvertently be put into a role where you have no power to affect change.