Guidance clarifies assessment of liability under Rule 3110, including designation as supervisor, application of reasonableness standard, and factors for and against charging compliance officials.
On March 17, 2022, the Financial Industry Regulatory Authority, Inc. (FINRA) published Regulatory Notice 22-10 (Reg. Notice 22-10), reminding broker-dealers of the scope of liability for chief compliance officers (CCOs) under FINRA’s Supervision Rule (Rule 3110). The role of compliance, and that of the CCO in particular, which is often characterized as “vital” in helping to prevent, detect, and remediate potential violations of internal policies and procedures and the securities laws, has been the subject of policy debate for some time. In Reg. Notice 22-10, FINRA outlines a blueprint to assess the potential liability of CCOs under Rule 3110.
Rule 3110 imposes various supervisory obligations on member firms, such as the obligation to “establish and maintain a system, including written procedures, to supervise the activities of each associated person that is reasonably designed to achieve compliance with applicable securities laws and regulations, and with applicable FINRA rules.” Firms are also required to designate registered principals as supervisors for these responsibilities. The express or implied designation of supervisory authority is the basis for individual liability under Rule 3110.
Assessing Supervisory Responsibility
FINRA clarifies a CCO will be subject to liability under Rule 3110 only when the firm designates the CCO as having supervisory responsibility. The starting point of the analysis is not the title but the designation of supervisory responsibility. The ultimate responsibility for a broker-dealer’s compliance rests with its chief executive officer and senior management, not compliance officials.
A CCO can be “designated” as having supervisory responsibility via express designation or, the firm’s CEO or other senior business manager can “expressly or impliedly designate the CCO as having specific supervisory responsibilities on an ad hoc basis.”
Per Reg. Notice 22-10, CCOs can be “designated” as having supervisory responsibility in the following ways:
- Written CCO Supervisory Designation to Establish, Maintain, and Update WSP: The broker-dealer’s written procedures might assign to the CCO the responsibility to establish, maintain, and update written supervisory procedures (WSPs), both generally and in specific areas (e.g., electronic communications).
- Written CCO Supervisory Designation to Enforce WSP: The broker-dealer’s written procedures might assign to the CCO the responsibility for enforcing the broker-dealer’s WSPs or other specific oversight duties usually reserved for line supervisors.
- Ad Hoc Express or Implied CCO Supervisory Designation: The broker-dealer’s president or other senior business manager might also expressly or impliedly designate the CCO as having specific supervisory responsibilities on an ad hoc basis.
- CCO Supervisory Designation as Exigencies Demand: The CCO may be asked to take on specific supervisory responsibilities as exigencies demand, such as the review of trading activity in customer accounts or oversight of associated persons.
FINRA clarifies in Reg. Notice 22-10: “Only in circumstances when a firm has expressly or impliedly designated its CCO as having supervisory responsibility will FINRA bring an enforcement action against a CCO for supervisory deficiencies.”
The Reasonableness Standard
CCOs are not subject to strict liability. Even when a CCO has been designated as having supervisory responsibilities, FINRA would seek to discipline a CCO under Rule 3110 if the CCO failed to discharge those designated supervisory responsibilities in a reasonable manner. The determination of reasonableness in a CCO’s performance of these supervisory responsibilities depends upon the facts and circumstances of each particular situation. FINRA will assess reasonableness in terms of whether the CCO’s conduct was tailored toward achieving compliance with the federal securities laws, regulations, or FINRA rules.
Factors for and Against Charging a CCO under Rule 3110
In assessing potential liability under Rule 3110, FINRA weighs the facts and circumstances of each case to determine whether the CCO’s conduct in performing designated supervisory responsibilities was reasonable in terms of achieving compliance with the federal securities laws, regulations, or FINRA rules.
Not every violation under Rule 3110 results in formal disciplinary charges. FINRA weighs various aggravating and mitigating factors to determine, based on the facts and circumstances of each particular case, whether to bring formal or informal disciplinary action (e.g., a Cautionary Action Letter).
Aggravating factors include awareness of multiple red flags or actual misconduct and failure to take steps to address them, as well as failure to establish, maintain, update, or enforce a firm’s WSPs. FINRA would also assess whether the CCO’s supervisory failure resulted in violative conduct, and whether that conduct caused or created a high likelihood of customer harm.
Mitigating factors include whether the CCO was given insufficient staffing, budget, and training; whether the CCO was unduly burdened in light of competing functions and responsibilities; whether the supervisory responsibilities were poorly defined or designated; whether the firm underwent structural changes; and whether the CCO attempted to escalate such red flags to firm leadership in a good-faith effort to reasonably discharge supervisory responsibilities.
The SEC Standard for CCO Liability
Under the Compliance Rule, an investment adviser subject to SEC jurisdiction must adopt and implement written policies and procedures reasonably designed to prevent violation of the Investment Advisers Act of 1940 (Advisers Act) by the investment adviser or any of its supervised persons. The CCO must be designated to administer these policies and procedures and should also have sufficient seniority and authority within the organization to compel others in the organization to adhere to the compliance policies and procedures.
Under Section 15(b)(6) of the Securities Exchange Act of 1934, the SEC may take action against an individual associated with a broker-dealer if someone under that person’s supervision violated the federal securities laws, the Commodity Exchange Act, the rules or regulations under those statutes, or the rules of the Municipal Securities Rulemaking Board; and the individual failed reasonably to supervise that person to prevent the particular violation.
The issue was central to In the Matter of Theodore W. Urban, an administrative proceeding decided on September 8, 2010. The order in the proceeding relied on an earlier proceeding decided in December 1992 (In the Matter of John H. Gutfreund, et. al.), which noted that, “[D]etermining if a particular person is a “supervisor” depends on whether, under the facts and circumstances of a particular case, that person has a requisite degree of responsibility, ability or authority to affect the conduct of the employee whose behavior is at issue.” (emphasis added).
On September 30, 2013, the SEC’s Division of Trading and Markets published a set of eight Frequently Asked Questions (FAQs) concerning supervisory liability for compliance and legal personnel at broker-dealers under Sections 15(b)(4) and 15(b)(6) of the Exchange Act. These FAQs stated that the Urban decision was considered “of no effect” (and therefore not adverse precedent). Liability under Section 15(b) continues to be a facts-and-circumstances determination regarding “the requisite degree of responsibility, ability or authority to affect the conduct of the employee whose behavior is at issue.” SEC staff clarify, in the FAQs, that certain facts on their own are not sufficient to turn legal or compliance personnel into supervisors. These facts include:
- Holding a compliance or legal position
- Providing advice or counsel concerning compliance or legal issues to business line personnel or even senior management
- Assisting in the remediation of an issue
- Participating in, providing advice to, or consulting with a management or other committee
For the SEC, the real question is not necessarily whether a CCO has been explicitly or implicitly designated a supervisor, but whether the person clearly has been given, or otherwise assumed, the requisite degree of responsibility, ability, or authority to affect the conduct of another employee.
In a November 4, 2015 speech, Andrew Ceresney, then-Director of the Division of Enforcement, further outlined the SEC’s “longstanding careful and measured approach” to liability for CCOs of investment advisers, but also to broker-dealers and dual registrants. He noted that “after a thorough analysis of the facts and circumstances and consideration of fairness and equity,” the SEC has charged CCOs primarily when the CCO directly participated in misconduct unrelated to compliance duties, such as fraud; obstructed or misled SEC Staff; or has exhibited wholesale failures in carrying out clearly assigned responsibilities, such as developing and implementing WSPs.
In one notable case that he described, a large money manager did not have any written policies and procedures regarding the outside business activities of its employees. Despite awareness of this gap and numerous red flags among employees, “the CCO failed to develop and implement written policies and procedures to assess and monitor the outside activities of the firm’s employees and to disclose related conflicts of interest to the funds’ boards and to advisory clients.” The CCO, however, was not charged with failure to disclose the conflicts of interest; he was charged with failure to adopt written policies regarding outside business activities.
While the SEC’s standard remains a fact-intensive inquiry, the SEC clearly does not consider a CCO’s provision of counsel to the business (whether effective or ineffective) as grounds for supervisory liability without further analysis of the CCO’s degree of responsibility, ability, or authority.
 See, e.g., Securities and Exchange Commission, Commissioner Luis A. Aguilar, The Role of Chief Compliance Officers Must be Supported (June 29, 2015), available at https://www.sec.gov/news/statement/supporting-role-of-chief-compliance-officers.html.
 According to FINRA, “The CCO’s role, in and of itself, is advisory, not supervisory.” Reg. Notice 22-10; Likewise, SEC staff has noted, “Compliance and legal personnel are not ‘supervisors’ of business line personnel for purposes of Exchange Act Sections 15(b)(4) and 15(b)(6) solely because they occupy compliance or legal positions.” Securities and Exchange Commission, Division of Trading and Markets, Frequently Asked Questions about Liability of Compliance and Legal Personnel at Broker-Dealers under Sections 15(b)(4) and 15(b)(6) of the Exchange Act, at question 1 (Sept. 30, 2013), available at https://www.sec.gov/divisions/marketreg/faq-cco-supervision-093013.htm; According to a statement by Jessica Hopper, FINRA Head of Enforcement, a CCO’s role within a firm does not “automatically make them supervisors” subject to the requirements under Rule 3110.
 Id. at Background and fn 4, citing to Sheldon v. SEC, 45 F.3d 1515, 1517 (11th Cir. 1995); FINRA Regulatory Notice 22-10 (“The responsibility to meet these obligations rests with a firm’s business management, not its compliance officials.”).