I am reluctant to wade into the issue of CCO liability because I gravitate toward a simplistic answer to a complex question – when does a CCO cross the line to warrant civil or even criminal prosecution?  My simplistic response is trite – “When they break the law or when the facts warrant prosecution.”

Based on my simplistic view, I have resisted dramatic warnings and reports about the expansion of CCO liability.  I am not aware of an actual case where a CCO was unfairly held accountable – yes, even a CCO can engage in criminal or other illegal acts. 

One caveat to my overall viewpoint – I am concerned about regulatory requirements that require a CCO to certify to a company’s compliance with regulatory requirements.  Such certifications, while positive in theory, may be a way to hold a CCO liable for situations that they were not aware of, even assuming they exercised their responsibilities properly. CCOs do not need additional incentives to do their job – they are already committed to a mission by virtue of their professional standing and job responsibilities.

With that background, I was interested in FINRA’s recent guidance on CCO liability.  FINRA issued this guidance in response to requests from attorneys who were concerned about FINRA’s position on CCO supervisory liability.

In an attempt to clarify its standard for bringing regulatory actions against CCOs for supervisory failures, FINRA clarified that it will only bring such actions against a CCO when two conditions are satisfied: (1) if the firm has specifically designated the CCO’s role to include supervisory responsibilities; and (2) the CCO fails to execute his/her responsibilities in a “reasonable manner.”

FINRA drew an important distinction between two critical responsibilities of CCOs at member firms.  A CCO can serve in an “advisory” role or he/she can act in a “supervisory” role.  This is an important distinction.  CCOs at FINRA-member firms can play an important role in facilitating compliance but that does not mean they have supervisory liabilities.  On the other hand, if the firm designates the CCO as playing a supervisory role, a CCO must act to execute those responsibilities.

FINRA cited its Rule 3110 as a critical foundation for applying supervisory liability for CCOs.  That rule requires a member firm to designate specific supervisors and responsibilities as a predicate for holding a CCO liable for failing to exercise his/her supervisory responsibilities. 

The second prong – reviewing the CCO’s performance under a “reasonableness” standard – will depend on the specific facts and circumstances. That does not provide much comfort to CCOs.  It is always easy to second guess CCOs after the fact. 

FINRA noted some important factors favoring prosecution of CCOs as: (1) the CCO was aware of multiple red flags or actual misconduct and failed to take steps to address them; (2) the CCO failed to establish, maintain, or enforce a firm’s written procedures as they related to the firm’s line of business; (3) the CCO’s supervisory failure resulted in violative conduct (e.g., a CCO who was designated with responsibility for conducting due diligence failed to do so reasonably on a private offering, resulting in the firm lacking a reasonable basis to recommend the offering to its customers); and (4) whether that violative conduct caused or created a high likelihood of customer harm.

On the other hand, FINRA noted several factors supporting non-prosecution of a CCO as: (1) the CCO was given insufficient support in terms of staffing, budget, training, or otherwise to reasonably fulfill his or her designated supervisory responsibilities; (2) the CCO was unduly burdened in light of competing functions and responsibilities; (3) the CCO’s supervisory responsibilities, once designated, were poorly defined, or shared by others in a confusing or overlapping way; (4) the firm joined with a new company, adopted a new business line, or made new hires, such that it would be appropriate to allow the CCO a reasonable time to update the firm’s systems and procedures; and (5) the CCO attempted in good faith to reasonably discharge his or her designated supervisory responsibilities by, among other things, escalating to firm leadership when any of (1)–(4) were occurring.

FINRA also stated that supervisors have an additional duty to investigate “red flags” that suggest potential misconduct and to act “reasonably” in response to the results of the investigation. FINRA noted that it will consider whether charging a senior executive, such as a firm president, for a supervisory violation before weighing charges against the CCO.