Every year, FINRA brings hundreds of cases, many alleging that firms have inadequate policies and procedures. In the overwhelming majority of those cases, the Chief Compliance Officer (CCO), who FINRA considers to be “a primary advisor to the member on its overall compliance scheme and the particularized rules, policies and procedures that the member adopts,” is not charged. With regard to Anti-Money Laundering (AML) cases, AML compliance officers (AMLCOs) are also infrequently charged. Questions that always follow such cases include the following: When are violations “firm issues” and when should the compliance officer get charged?
Despite the relatively small percentage of cases brought against compliance officers, they are (unsurprisingly) concerned about being in the cross hairs of regulators, and being subject to personal liability. Compliance officers are usually the firm’s central point of communications with regulators, responsible for responding to regulatory inquiries, producing documents, and answering questions. In many investigations, they must provide on-the-record testimony, even if the case does not directly involve their core functions.
Due to these concerns, on January 10, 2022, the National Society of Compliance Professionals (NSCP) proposed a “Firm and CCO Liability Framework” (NSCP Framework) to “provide guidance to regulators, chief compliance officers (CCOs), and firms regarding perceived or actual CCO liability.” The NSCP Framework developed nine questions to be “considered by regulators where a compliance failure may have occurred,” to evaluate CCO liability.