What Keeps Compliance Officers Up at Night?

Chief Compliance Officers (CCOs) are responsible for ensuring that their companies comply with all applicable laws and regulations, and maintain a culture of ethical behavior. However, in today's complex and constantly evolving business environment, compliance officers often face a multitude of challenges that keep them up at night. These challenges can range from regulatory compliance to data privacy and cybersecurity to fraud and corruption prevention. Below are some of the biggest challenges CCO's face.

1. Lack of knowledge and expertise: Compliance officers must have a thorough understanding of the laws, regulations, and industry standards that apply to their organization. Failure to understand or keep up with the latest regulations can lead to compliance failures.
2. Failure to act on compliance issues: Compliance officers are responsible for identifying and reporting any compliance issues to senior management. Failure to act on these issues can result in serious consequences for the organization and the compliance officer.
3. Lack of independence: Compliance officers must maintain an independent position within the organization to ensure that they can report compliance issues without fear of retaliation. Failure to maintain independence can lead to conflicts of interest and undermine the effectiveness of the compliance function.
4. Inadequate resources: Compliance officers need adequate resources, including staff, technology, and training, to carry out their responsibilities effectively. Failure to provide these resources can lead to compliance failures.
5. Poor communication: Compliance officers must communicate effectively with senior management, other departments, and external stakeholders to ensure that everyone understands their responsibilities and obligations. Failure to communicate effectively can lead to compliance failures and misunderstandings.
6. Failure to implement effective compliance programs: Compliance officers must develop and implement effective compliance programs that address the specific risks facing their organization. Failure to implement effective programs can lead to compliance failures and regulatory penalties.
7. Conflicts of interest: Compliance officers must avoid conflicts of interest that could compromise their objectivity or independence. Failure to avoid conflicts of interest can lead to compliance failures and reputational damage for the organization.
8. Inadequate documentation: Compliance officers must maintain accurate and complete documentation of their compliance activities, including risk assessments, policies and procedures, training programs, and audits. Failure to maintain adequate documentation can lead to compliance failures and regulatory penalties.

It is important to note that compliance officers have a critical role in ensuring that organizations comply with the laws, regulations, and industry standards that apply to them. To avoid getting into trouble, compliance officers must be knowledgeable, independent, and effective in their roles.

Four Things FINRA Wants You to Know about CCO Liability

For many firms, chief compliance officers (CCOs) are often looked at as the “first and last line of defense.” They help design and implement compliance programs, educate and train firm personnel, and work in tandem with senior business management and legal departments. These roles and responsibilities have never really been called into question. However, what has been a topic of controversy for the past decade or so is the potential liability CCOs face regarding breakdowns in a firm’s supervisory responsibilities.

Well, it appears FINRA has heard the industry’s cry for more clarity. Just recently, FINRA issued Regulatory Notice 22-10, which discusses the circumstances under which a firm’s CCO might be subject to personal liability for “failure to supervise” under its Rule 3110. FINRA starts off by acknowledging that the responsibility of FINRA Rule 3110 rests with a firm’s business management,?not?its compliance officials. In fact, FINRA goes on to say that “the CCO’s role, in and of itself, is advisory, not supervisory.”

What Does FINRA Rule 3110 Require?

Rule 3110 sets out a comprehensive set of supervisory obligations for member firms and requires firms to designate individual supervisors and identify their responsibilities. The rule requires each member firm to establish and maintain a system, including written procedures, to supervise the activities of each associated person that is reasonably designed to achieve compliance with applicable securities laws and regulations.

A firm’s supervisory obligations under Rule 3110 rest with the firm and its president (or equivalent officer or individual, e.g., CEO) and flow down by delegation to the firm’s designated supervisors. The firm’s president (or equivalent officer or individual), not its CCO, “bears ultimate responsibility for compliance with all applicable requirements unless and until he [or she] reasonably delegates particular functions to another person in that firm, and neither knows nor has reason to know that such person’s performance is deficient.

What is the Role of the CCO?

FINRA recognizes that compliance and supervision are separate, if related, functions. Compliance is responsible for setting forth the applicable rules and policies that must be adhered to and describe specific practices that are prohibited. By contrast, the firm’s written supervisory procedures document the supervisory system to ensure that compliance guidelines are being followed.

To fulfill the compliance function, FINRA requires firms to designate one or more appropriately registered principals as a CCO. As set forth in FINRA Rule 3130, “A [CCO] is a primary advisor to the member on its overall compliance scheme and the particularized rules, policies and procedures that the member adopts.”

Is a CCO Inherently Liable under FINRA Rule 3110?

Just by its sheer nature, a CCO is not subject to liability under Rule 3110 simply because of the CCO’s title or because the CCO has a compliance function at a member firm. A CCO will be subject to liability under Rule 3110 only when—either through the firm’s written supervisory procedures or otherwise—the firm designates the CCO as having supervisory responsibility. This designation can occur in several ways. For example, the member’s written procedures might assign to the CCO the responsibility to establish, maintain and update written supervisory procedures, both generally as well as in specific areas (e.g., electronic communications).

Even when a CCO has been designated as having supervisory responsibilities, FINRA will only bring an action under Rule 3110 against the CCO if the CCO has failed to discharge those responsibilities in a reasonable manner—as it would with any individual who has supervisory responsibility.

When Would a CCO be Found Liable?

FINRA’s Regulatory Notice says that it will bring enforcement actions against compliance personnel?only when: (1) They are expressly or impliedly delegated supervisory functions; and (2) They did not reasonably discharge those delegated duties; and (3) The balance of aggravating or mitigating factors favor a supervisory violation charge.

Once a “supervisory role” is established, aggravating factors include: (1) Actual awareness of red flags or violations without action to address them; (2) Failure to establish, maintain or enforce WSPs; (3) The failure resulted in the violation; and (4) The violative conduct, caused or created a high likelihood of customer harm.

Mitigating factors include: (1) Insufficient firm support or resources; (2) Having been unduly burdened by competing functions or responsibilities; (3) Supervisory delegation was poorly defined or shared in a confusing way; (4) New business changes without adequate time to adapt; or (5) A good-faith attempt to discharge the supervisory responsibilities, including escalation to management.

To read FINRA’s complete Regulatory Notice 22-10,?click here.

About Quest CE?

For over thirty years, Quest CE has been the premier provider of compliance training and tracking solutions to the financial services industry. In addition to offering on-demand insurance and designation continuing education, Quest CE provides a complete spectrum of proprietary technology solutions for managing compliance risk exposures.?

Serving more than 2,000 leading insurance carriers, broker-dealers, banks, and other financial institutions, Quest CE is committed to providing advanced custom solutions at cost-effective rates, while providing a level of service that greatly surpasses that of our competitors. Quest CE is the single source solution for?organizations’ training and compliance needs. For more information on Quest CE, visit?www.questce.com.?

#finra?#brokerdealers?#dataprivacy?#complianceofficers?#compliance?#audit?#compliance?