Every year, FINRA brings hundreds of cases, many alleging that firms have inadequate policies and procedures. In the overwhelming majority of those cases, the Chief Compliance Officer (CCO), who FINRA considers to be “a primary advisor to the member on its overall compliance scheme and the particularized rules, policies and procedures that the member adopts,” is not charged.  With regard to Anti-Money Laundering (AML) cases, AML compliance officers (AMLCOs) are also infrequently charged. Questions that always follow such cases include the following: When are violations “firm issues” and when should the compliance officer get charged?

Despite the relatively small percentage of cases brought against compliance officers, they are (unsurprisingly) concerned about being in the cross hairs of regulators, and being subject to personal liability. Compliance officers are usually the firm’s central point of communications with regulators, responsible for responding to regulatory inquiries, producing documents, and answering questions. In many investigations, they must provide on-the-record testimony, even if the case does not directly involve their core functions.

Due to these concerns, on January 10, 2022, the National Society of Compliance Professionals (NSCP) proposed a “Firm and CCO Liability Framework” (NSCP Framework) to “provide guidance to regulators, chief compliance officers (CCOs), and firms regarding perceived or actual CCO liability.”  The NSCP Framework developed nine questions to be “considered by regulators where a compliance failure may have occurred,” to evaluate CCO liability.

Read more here.

Lessons Learned:

• SEC Rules that Investors Win in Battle over Inconsistent Documentation
• No Harm but Still Foul — SEC Nit Picks Backtested Performance
• SEC Takes Hard Stance on Hedge Clauses Used With Retail Clients

Worth Reading, Watching, and Hearing

• Federal Reserve Board Publishes CBDC Discussion Paper
• Statement on Proposed Amendments to Form PF to Require Current Reporting and Amend Reporting Requirements for Large Private Equity Advisors and Large Liquidity Fund Advisers
• Cybersecurity and Securities Laws

Read more here.

Mid-February Regulatory Updates from Cari Hopsfenperger at Foreside.

Topics include:

• Observations from Examinations of Private Fund Advisors
• Wisconsin Becomes Latest State to Adopt Continuing Ed Requirements for Investment Adviser Representatives
• Private Fund Managers Holding More Than $200 Million in Foreign Assets Face Form SHC Filing Obligation
• FINRA Extends Relief for Remote Inspections in 2022
• NFA Also Extends Relief for Remote Inspections in 2022

Read more here.

On February 9, 2022, the SEC proposed new rules that require investment advisers registered with or required to register with the SEC to adopt policies and procedures reasonably designed to address the cybersecurity risks they face as well as to conduct periodic assessments and annual reviews of their cybersecurity programs. The proposed rules would also require advisers to make and update public disclosures on Form ADV regarding cybersecurity risks and significant cybersecurity incidents and to make additional confidential disclosures to the SEC regarding cybersecurity incidents experienced by the firm or any funds they manage within 48 hours of a cybersecurity incident.

The rule proposal, if adopted, will invariably require advisers to devote significantly more time and resources to cybersecurity risk management.

Read more here.