Two recent complaints of serious misconduct against Chief Compliance Officers reminded me of a debate at one organization about whether Compliance Officers should suffer harsher consequences than others when they violate the compliance policies themselves.
To be clear, the complaints are serious. Steven Teixeira, then CCO at a global payments processing company, is alleged to have stolen material, nonpublic information that he accessed through his then-girlfriend’s work laptop, subsequently trading on the information and tipping others.[1] The second complaint by the debtors in possession of FTX Trading LTD alleges that David Friedberg, the former CCO at FTX was “indeed considered one of the key decisionmakers within the FTX group” and that Friedberg took actions including drafting, backdating and presenting to outside auditors allegedly fraudulent records to obscure the nature of funds transfers within the group. It further alleges that he bought the silence of whistleblowers and their attorneys. The complaint concludes that his roles as a gatekeeper meant he had a duty to “ensure appropriate internal controls, risk management and compliance” and yet knowingly failed to implement – and even obstructed the implementation – “of virtually any of the systems and internal controls that would be necessary”[2].