Recently, the SEC has been having an internal debate regarding holding CCOs personally responsible for a firm’s misconduct. In June, former Commissioner Gallagher stated that the adviser, not the CCO, is ultimately responsible for implementation of the compliance program; whereas in July, former Commissioner Aguilar issued a statement in support of the SEC’s charges against CCOs. However, even when supporting charges against CCOs, he stated that “CCOs who take their jobs seriously and do their jobs competently, diligently, and in good faith to protect investors” have nothing to fear. The discussion now picks up again with some reassuring remarks by Andrew J. Donahue, the SEC’s recently appointed Chief of Staff.
Donahue said the Commission “is not targeting” compliance personnel, but will consider enforcement in those instances when CCOs have affirmatively participated in the misconduct, helped to mislead regulators, or had clear responsibility to implement compliance programs and policies and wholly failed to carry out that responsibility. These are three scenarios where the potential for liability is pretty apparent, but the application of the last one leaves a great deal of discretion to the regulators, as is shown by Donahue’s recommendations for CCOs.
Here’s what Donahue says the position requires:
“First-hand knowledge” of the various laws and regulations that apply to the firm and its activities, with a focus on conditions of exemptive orders.
“Deep understanding” of the firm, its structure and internal operations.
“Clear understanding” of conflicts of interest covering how they are identified, reviewed, disclosed and resolved.
“Detailed understanding” of clients and the products and services offered to them.
“Deep understanding” of technology platforms and their implications for a robust compliance program.
“Detailed knowledge” of policies and procedures and how they are applied and monitored.
An understanding of the various markets in which the firm operates.
An understanding of firm culture used to foster consideration of “should I do this?” as opposed to simply “can I do this?”
An appreciation for what the COO doesn’t know which includes recognizing when the COO will rely on the knowledge or expertise of others.
Broad as the above list is, it correctly states the skills needed by every CCO, regardless of the nature of the employing organization. The CCO fills a leadership position that requires knowledge combined with insight into both the business and managing interpersonal relationships.
Senior managers who do not serve as CCOs should not breathe a sigh of relief. More and more frequently, all senior managers are being held to a similar skill set.