On October 23, 2020, the US Court of Appeals for the District of Columbia denied a petition of review from two SEC orders upholding FINRA determinations that the former CCO of two small firms had violated rules relating to disclosure and monitoring. The Commission also upheld fines and a suspension imposed by FINRA. Thaddeus J. North v. SEC, USCA Case no. 18-1341 (unpublished opinion).
Since the SEC’s Ted Urban case a decade ago, news that the Commission or an appellate court has issued a decision involving CCO liability has been enough to strike fear in the hearts of many Compliance professionals and the lawyers who defend them. As in most instances during the past 10 years, however, the DC Circuit case involved egregious facts and the decision did not require close analysis of whether a compliance officer had crossed the line and become a “supervisor.” The more pressing question is why Mr. North invested the time and money to try the cases before FINRA and pursue the appeals.
In one case, the Court upheld the Commission’s determination that the CCO had failed to report the firm’s relationship with a statutorily disqualified person, despite a series of red flags that placed the CCO on notice of the potential issue. The Court rejected the argument that FINRA reporting rules apply only to firms and not to individuals.
In both matters, the Court found that substantial evidence supported the Commission’s determination that the CCO had failed to develop written procedures for review of emails and had failed to ensure the review of such emails. Although the firm’s policies vested the CCO with responsibility for establishing email review protocols and the CCO had repeatedly admitted that he was responsible for reviewing emails, at the hearing he pointed the finger at the firm’s president, whom the CCO knew was not monitoring emails.
The SEC’s opinion recited well-established law with respect to CCO exposure. On the one hand, “absent unusual mitigating circumstances, when a CCO engages in wrongdoing, attempts to cover up wrongdoing, crosses a clearly established line, or fails meaningfully to implement compliance programs, policies and procedures for which he or she has direct responsibility, we would expect liability to attach.” (citations omitted). In contrast, “disciplinary action against individuals generally should not be based on an isolated circumstance where a COO [sic], using good faith judgment makes a decision, after reasonable inquiry, that with hindsight, proves to be problematic.” (citations omitted).
Thus, although this case upholds findings against a CCO, it does not expand potential liability or alter the legal playing field for Compliance professionals.