“The Big Chill”: Personal Liability and the Targeting of Financial Sector Compliance Officers

by Court E. Golumbic

Introduction   

Prominent law enforcement and regulatory officials have referred to financial sector compliance officers, as “essential partners”[1] in ensuring compliance with relevant laws and regulations, whose “difficult job[s]” merit “appreciat[ion] and respect.”[2] Officials have noted the critical role these professionals play in shaping the culture of financial institutions, as well as the industry more generally.[3] However, a series of recent enforcement actions in which financial sector compliance officers have been personally sanctioned[4] has strained this partnership, fueling concerns among financial sector compliance officers that they are being unfairly targeted.[5]

Law enforcement and regulatory officials have responded to these concerns with assurances that both the ethos of a partnership and their even-handed enforcement approach remain intact.[6] Officials have stressed that in the rare instances in which financial sector compliance officers have been held personally accountable, the majority had engaged in affirmative misconduct.[7] Rarer still, they contend, are cases where compliance officers were found to have exhibited “wholesale” or “broad-based” failures in carrying out responsibilities assigned to them.[8] In these particular cases, officials have stressed that the enforcement actions proceed only when, after carefully weighing the evidence, the facts indicate that the compliance officers “crossed a clear line.”[9]

The Perception of Compliance Officer Targeting 

Efforts to allay compliance officers’ fears and justify regulators’ charging practices appear to have been ineffective, however, for the perception of targeting endures. Indeed, the perception has coincided with increased attrition within the ranks of senior compliance officers in the industry.[10] In February 2016, The Wall Street Journal reported that the number of senior bank compliance executives who had left their jobs in 2015 was three times greater than in 2014.[11] Evidence also suggests that the specter of personal liability is causing potential leaders in financial sector compliance to reconsider their career paths.[12] In a recent survey of Chief Compliance Officers (“CCOs”) of public companies, sixty percent said they would think more carefully about future roles they might consider given the risk of personal liability.[13]

Regulators are thus confronted with a fundamental policy question: whether the benefits of current charging practices, such as the potential for increased vigilance, justify the continued exodus of senior compliance professionals from the industry.

There is little reason to question the validity of law enforcement and regulatory officials’ expressions of support for the financial sector compliance function. Nor is there reason to doubt their representations that enforcement actions against individual compliance officers are the product of careful consideration, and are undertaken only when supported by evidence indicating that a clear line was crossed.  Given that efforts to quell the sense of anxiety among compliance officers appear to have had little effect, however, we must consider other possible causes of the perception of compliance officer targeting.

Possible Explanations for the Enduring Perception

1. The Aggregate Impact of Recent Enforcement Actions

One explanation is the aggregate impact of recent enforcement actions. Senior SEC officials have proffered compelling statistics to demonstrate that the number of cases brought by the Commission against compliance officers, in the absence of allegations of willful misconduct or obstruction, is an extremely small fraction of the whole.[14] This also appears to be the case with FinCEN and FINRA, the other agencies that have brought recent cases against financial sector compliance officers personally.[15]

Perhaps it is the totality of these actions that catches the attention of the average compliance officer, rather than the merits of any individual case. This seems especially plausible given that the recent enforcement actions have been brought by multiple agencies in a relatively close time frame. The fact that it has been historically rare for these agencies to bring personal charges against financial sector compliance officers may therefore offer scarce comfort when they appear to be doing so presently, and in relatively close proximity to one another.

2. The “Isolation Factor”

The second possible explanation for the perception of targeting can be termed the “isolation factor.” One common feature linking recent enforcement actions against financial sector compliance officers (Brown Brothers, Haider, Raymond James, Aegis, BlackRock, SFX, etc.) is the fact that, in each case, the compliance officer was the only individual charged. Indeed, a substantial number of the enforcement cases brought against individual compliance officers in the past several years have not included charges against other senior business or control-side personnel.[16]

The success of a financial institution’s compliance program depends on the efforts of multiple stakeholders.  While compliance figures prominently in this equation, so too do legal, operations and the business.   Indeed, regulators view the business as the “first line of defense” with primary responsibility for implementing internal controls.[17] Compliance and other control functions are considered the “second line,” responsible for unearthing issues that are not captured by the first line.[18]

Imposing personal liability on compliance officers for the frailties of their firms’ compliance programs only addresses one part of the equation. Each line of defense should operate in a robust and effective fashion toward the shared goal of strengthening a financial firm’s overall control environment. Enforcement actions that fail to reflect this sense of shared responsibility, and instead focus exclusively on the role of the compliance officer, may not be ensuring the appropriate level of engagement by all senior managers with the ability to influence a firm’s compliance culture. In addition, these actions risk being viewed by the compliance community as unfairly placing the totality of responsibility for the effectiveness of a firm’s program on the compliance officers’ shoulders.[19]

3. Recent Trends in Law Enforcement and Regulatory Policy

Finally, the perception among financial sector compliance officers that they are being targeted may also be attributed to recent trends in law enforcement and regulatory policy. At the same time that they have witnessed an uptick in noteworthy enforcement actions against their peers, compliance officers have also observed an increased focus on individuals in cases of corporate misconduct.[20]  Former Deputy Attorney General Yates’ issuance of new DOJ guidance in September 2015, which compels federal prosecutors to examine individual culpability as a condition of resolving cases against corporations, is the most significant illustration of this shift.[21] Another is the tonal shift among prominent law enforcement and regulatory officials emphasizing individual accountability.[22] Accompanying this enhanced focus on individuals is a greater emphasis on the role of compliance more generally, as evidenced by the appointment in 2016 of the first-ever Compliance Counsel to the DOJ and the corresponding compliance guidelines.[23]

While these initiatives have signaled a new era of individual scrutiny, a proposed regulation introduced by the New York State Department of Financial Services (“DFS”) in December 2015 threatened to take this notion to a potentially troubling extreme.[24] The proposed rule required CCOs or their functional equivalents to annually certify as to the compliance of their financial institutions’ AML and sanctions screening controls with applicable regulations, facing potential criminal penalties for false or incorrect certifications.

The criminal sanctions were ultimately dropped from the final version of the DFS rule. However, when viewed in the context of the new DOJ guidance, the appointment of Compliance Counsel and other policy developments, the inclusion of criminal penalties in the earlier iteration may have been sufficient to heighten the anxiety of financial sector compliance officers and fuel the impression that they are receiving a disproportionate amount of attention.[25]

The “Big Chill” and its Attendant Consequences     

Regardless of the cause, the potential “chilling effect” of the recent enforcement actions against financial sector compliance officers is deeply concerning. If the “demoralizing belief” persists among compliance officers that the system is potentially undermining them, and that “even exercising their best judgment will not protect them from the risk of a career-ending enforcement action,” many more will leave, or forego the profession entirely, rather than endure the risks.[26] The level of ensuing “brain drain” could diminish significantly the efficacy of financial sector compliance programs, and the integrity of the industry more generally.[27]

One proposal for countering the perception of compliance officer targeting is the adoption in U.S. of an accountability regime similar to the Senior Manager Regime (“SMR”) in the U.K., which compels financial institutions to allocate certain conduct rules and other responsibilities to designated “Senior Management Functions.” [28]  Because these Senior Management Functions include not only senior compliance functions, but a range of other senior business and control-side roles,[29] this shared responsibility would provide greater assurance to compliance officers that their conduct will be assessed not in isolation, but within the context of a broader managerial effort.

Whether by adopting a U.S. analogue to the SMR or through some other measure, the perception of compliance officer targeting must be reversed before the “big chill” sets in, and the industry finds that this critical function has been robbed of its best and brightest.

Footnotes

[1] Id.

[2] See, e.g., Andrew Ceresney, Dir., Div. of Enf’t, U.S. Sec. & Exch. Comm’n, Keynote Address at the 2015 National Society of Compliance Professionals, National Conference (Nov. 4, 2015).

[3] See, e.g., Preet Bharara, U.S. Attorney for S. Dist. of N.Y., SIFMA’s Compliance and Legal Society Annual Seminar Prepared Remarks of U.S. Attorney Preet Bharara (Mar. 31, 2014).

[4] See Letter from Raymond James & Assoc., Inc., et al., to Dep’t of Enf’t, Fin. Indus. Regulatory Auth., Financial Industry Regulatory Authority Letter of Acceptance, Waiver & Consent No. 2014043592001 (May 18, 2016); see also U.S. Dep’t of the Treasury v. Haider, No. 15-1518 (D. Minn. Jan. 8, 2016) (order denying motion to dismiss); Dep’t of Enf’t v. Aegis Capital Corp., No. 2011026386001 (Aug. 3, 2015) (order accepting order of settlement); In the Matter of SFX Fin. Advisory Mgmt. Enterprises, Inc., SEC; Investment Advisers Act Release No. 4116, Administrative Proceeding No. 3-16591 (June 15, 2015); In the Matter of Blackrock Advisors, LLC, SEC; Investment Advisers Act Release No. 4065, Investment Company Act Release No. 31558, Administrative Proceeding No. 3-16501 (Apr. 20, 2015); Brown Bros. Harriman & Co., Letter of Acceptance, Waiver and Consent No. 2013035821401 (Feb. 4, 2014).

[5] See, e.g., Emily Glazer, The Most Thankless Job on Wall Street Gets a New Worry, Wall St. J. (Feb. 11, 2016, 4:39 PM); Dawn Causey, Who Should Have Personal Liability for Compliance Failures?, A.B.A. Banking J. (Aug. 17, 2015).

[6] See, e.g., Ceresney, supra note 1 (“I am hopeful that, after you hear my remarks, you will understand that [recent SEC actions against compliance officers] . . . are consistent with the partnership we have developed to foster compliance with the laws.”); see also Mary Jo White, Chair, Sec. & Exch. Comm’n, Opening Remarks at the Compliance Outreach Program for Broker-Dealers (July 15, 2015) (“To be clear, it is not our intention to use our enforcement program to target compliance professionals.”).

[7] See Ceresney, supra note 1 (explaining that in the vast majority of cases the SEC brings against CCOs the compliance officers “are affirmatively involved in misconduct that is unrelated to their compliance function” or have engaged “in efforts to obstruct or mislead.”).

[8] See id. (“The third category of cases where we have charged CCOs are where the CCO has exhibited a wholesale failure to carry out his or her responsibilities. . . . This category is considerably smaller . . . but has drawn significantly more attention.”).

[9] See id. (“[W]e in Enforcement and the Commission take the question of whether to charge a CCO very seriously and consider it carefully. We think very hard about when to bring these cases. When we do, it is because the facts demonstrate that the CCO’s conduct crossed a clear line.”); see also Jennifer Shasky Calvery, Dir., Fin. Crimes Enf’t Network, Securities Industry and Financial Markets Association Anti-Money Laundering and Financial Crimes Conference (Jan. 30, 2014), (“I think if you look at our past enforcement actions, and review the facts, you can see clearly why FinCEN took action in these cases.”).

[10] See Glazer, supra note 5; DLA Piper, DLA Piper’s 2016 Compliance And Risk Report: CCO’s Under Scrutiny 3 (2016) (PDF: 2.5 MB).

[11] See Glazer, supra note 5.

[12] See DLA Piper, supra note 10.

[13] See id. at 9.

[14] See supra notes 7–9.

[15] See FinCEN Seeks Civil Money Penalty and Injunction Against Former Chief Compliance Officer of MoneyGram, SIDLEY (Jan. 2, 2015), (“The Complaint [against Thomas Haider] is significant because it is highly uncommon, and possibly unprecedented, for FinCEN to hold a compliance officer personally responsible for the AML failures of an employer.”).

[16] See supra note 4.

[17] Geoffrey P. Miller, The Law of Governance, Risk Management, And Compliance 4 (2d ed. 2017).

[18] Id.

[19] See Glazer, supra note 5 (quoting one compliance officer who had worked for large U.S. and foreign banks as saying, “It’s easier for firms to give up their compliance officer, because what are they going to do, give up the CEO?”); Chris Kentouris, Compliance Officers: Taking the Regulatory Heat, Personally, FinOps Rep. (Apr. 1, 2014), (“We’re caught between a rock and a hard place,” one compliance officer at a New York brokerage tells FinOps. “We can provide the best advice possible, but if it falls on deaf ears, we’re the ones paying the price.”).

[20] See Jeremiah Buckley, The Compliance Officer Bill of Rights, Am. Banker (Feb. 22, 2016), (“Regulators and prosecutors are under increasing pressure to bring charges not only against companies, but also against individual corporate officers.”).

[21] Memorandum from Sally Quillan Yates, Dep. Att’y Gen., Individual Accountability for Corporate Wrongdoing, U.S. Dep’t of Justice (Sept. 9, 2015).

[22] See, e.g., J. Bradley Bennett, Exec.Vice President & Dir. Of Enf’t, Fin. Indus. Regulatory Auth., Remarks from the SIFMA Anti-Money Laundering and Financial Crimes Conference (Apr. 5, 2016), (“When we look at cases and charging decisions, we look at potential liability for individuals in every case.”); Sally Quillan Yates, Dep. Attorney Gen., Remarks at New York University School of Law Announcing New Policy on Individual Liability in Matters of Corporate Wrongdoing (Sept. 10, 2015), (“[N]othing discourages corporate criminal activity like the prospect of people going to prison.”); Benjamin M. Lawsky, Superintendent, N.Y State Dep’t of Fin. Serv., Remarks on Financial Institution Regulation in New York City at Columbia Law School (Feb. 25, 2015), (“In my opinion, if in any particular instance [of corporate wrongdoing] we cannot find someone, some person, to hold accountable, that just means we have stopped looking. Moreover, even if there are certain circumstances where misconduct does not rise to the level of criminal fraud, civil financial regulators can also play a role in imposing individual accountability.”); Andrew Ceresney, Dir., U.S. Sec. & Exch. Comm’n Div. of Enf’t, American Conference Institute’s 32nd FCPA Conference Keynote Address (Nov. 17, 2015), (“Holding individuals accountable for their wrongdoing is critical to effective deterrence and, therefore, the [Enforcement] Division considers individual liability in every case.”).

[23] New Compliance Counsel Expert Retained by the DOJ Fraud Section, U.S. Dep’t of Justice (Nov. 3, 2015) (PDF: 30 KB); Evaluation of Corporate Compliance Programs, U.S. Dep’t of Justice (Feb. 8, 2017) (PDF: 202 KB).

[24] Regulating Transaction Monitoring and Filtering Systems Maintained by Banks, Check Cashers and Money Transmitters, 37 N.Y. Reg. 9, 11 (proposed Dec. 16, 2015).

[25] See DLA Piper, supra note 10 (“Coupled with the appointment of Hui Chen as the Justice Department’s first-ever compliance counsel and accompanied by a steady drumbeat of guidance from Andrew Ceresney, Securities and Exchange Commission director of enforcement, the [Yates] memo seemed to signal a new era of scrutiny and personal liability for senior executives and compliance officers.”); see also Personal Liability or Talent Drain?, ACAMSToday (May 9, 2016), (“Ultimately, regulators were put under severe criticism for not having been able to hold responsible key executives for all failings of the financial crisis. The lack of meaningful enforcement actions against senior individuals shifted the nature of supervisory responsibilities to personal liability. That said, compliance officers gradually became the target of ‘witch hunts,’ in which some ended up being ‘burned alive’ at the stake for all noncompliant obligations and wrongdoings.”).

[26] See Letter from Lisa D. Crossley, Exec. Dir., Nat’l Soc’y of Compliance Prof’ls to Andrew Ceresney, Dir., U.S. Sec. & Exch. Comm’n Div. of Enf’t (Aug. 18, 2015) (suggesting that enforcement actions against compliance officers will engender “a demoralizing belief that even exercising their best judgment will not protect them from the risk of a career ending enforcement action, with the result that many of the best compliance officers will choose to leave the profession rather than face the risks.”).

[27] See e.g., Luis Aguilar, Comm’r, U.S. Sec. & Exch. Comm’n, Public Statement, The Role of Chief Compliance Officers Must Be Supported (June 29, 2015), (“[I] am concerned that the recent public dialogue may have unnecessarily created an environment of unwarranted fear in the CCO community. Such an environment is unhelpful, sends the wrong message, and can discourage honest and competent CCOs from doing their work.”).

[28] Senior Managers and Certification Regime, Fin. Conduct Authority (Sept. 9, 2016),. The SMR, which was conceived in response to the financial crisis of 2007–2008 and LIBOR rate-fixing scandals, is designed to “embed personal accountability into the culture” of the UK financial services industry. FCA Publishes Final Rules to Make Those in the Banking Sector More Accountable, Financial Conduct Authority (July 7, 2015), (quoting Martin Wheatley, Chief Exec., Fin. Conduct Auth.).  The SMR contemplates enforcement actions against individuals serving in Senior Management Functions who have “contravened the statements of principle that apply to them,” or if the manager is “knowingly concerned in a breach of regulatory requirements by the firm.” Id.

[29] Senior Managers and Certification Regime, supra note 28.

This blog post is based on an article of the same name, to be published in the Hastings Law Journal, Volume 69, Issue 1.  

Court E. Golumbic is a Partner and the global head of Financial Crime Compliance for the Goldman Sachs Group, Inc. (“Goldman Sachs”).  He is also a former Assistant United States Attorney with the United States Attorney’s Office for the Southern District of New York, and a former Senior Adviser to the Under Secretary for Enforcement at the United States Treasury Department. He is currently an adjunct professor at the New York University School of Law and has formerly been an adjunct professor at the University of Pennsylvania School of Law. The author would like to thank Jason Driscoll for his assistance in writing this post.

Disclaimer

The views, opinions and positions expressed within all posts are those of the author alone and do not represent those of the Program on Corporate Compliance and Enforcement (PCCE) or of New York University School of Law.  PCCE makes no representations as to the accuracy, completeness and validity of any statements made on this site and will not be liable for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with the author.