Chief Compliance Officer liability framework: Proposal for financial services

CCO liability framework specifically directed to the SEC and compliance with federal securities laws

Amy S. Matsuo

Amy S. Matsuo

Principal and National Leader, Regulatory Insights, KPMG US

+1 919-244-0266

Although the proposed CCO liability framework put forth by the NYC Bar in conjunction with other industry groups is specifically directed to the SEC and compliance with federal securities laws, it highlights issues and practices that may be considered part of the overall compliance program management and, as such, may be of interest to a broader group of risk and compliance professionals. Notably, the proposal responds to an informal request from the SEC for factors deemed relevant to a decision to charge a compliance officer for compliance failures. Under the Biden administration, financial institutions have already begun to experience increases in supervisory and potential enforcement activity, raising the attention and expectations to the compliance program and senior management accountability.

Key Points

  • The NYC Bar in partnership with other industry groups has proffered a framework of considerations, or factors, for use by the SEC when determining whether to bring conduct-related charges against compliance officers.
  • The authors suggest that an increase in enforcement actions holding compliance officers personally liable is discouraging individuals from becoming or remaining compliance officers and that clarity is needed regarding the boundaries of “culpable and permissible conduct” so that compliance officers may “confidently engage in their necessary work.” (Note: the relevant enforcement actions are limited to the financial services industry, and investment advisers in particular.)
  • Though directed to the SEC, the proposed framework sets out factors that are broadly applicable to the responsibilities of CCOs across industries.

Proposed framework for CCO Conduct Charges

The New York City Bar Association (NYC Bar), in partnership with the Securities Industry and Financial Markets Association (SIFMA), the American Investment Council, and the Association for Corporate Growth (collectively, NYC Bar) recently proposed a “formalized regulatory framework” for use by the Securities and Exchange Commission (SEC or Commission) when determining whether to bring charges against a chief compliance officer (CCO) for conduct related to the CCO’s compliance-related duties under the federal securities laws (CCO Conduct Charge).1 The NYC Bar states that the proposal responds, in part, to comments made by the SEC in October 2020 soliciting industry input on such a framework:

A framework detailing which circumstances will cause the Commission to seek personal liability and which circumstances will militate against seeking personal liability would help the compliance community by eliminating uncertainty and inspiring good practices. Such a framework also would prove useful for me and my colleagues at the SEC to use in deciding whether to charge CCOs. To further this approach, I am considering developing a draft framework to share with my colleagues. I welcome your input [i.e., directed to the National Society of Compliance Professionals] on what factors you believe are relevant to the decision about whether to charge compliance personnel.

As proposed, the framework consists of “Affirmative Factors” that should be present in order to bring a charge and “Mitigating Factors” that, if present, should be weighed against a charge.

  • Affirmative Factors consist of twelve questions divided into four categories based on the type of charge being considered:
  • General Factor – one question that would be applicable in all cases.
  • Does the CCO Conduct Charge help fulfill the SEC’s regulatory goals?
  • Wholesale Failure Factors – six questions that should be considered in cases where the CCO is thought to have exhibited a wholesale failure to carry out direct responsibilities and that must be present before charging the CCO with a related failure.
  • Did the CCO not make a good faith effort to fulfill his or her responsibilities?
  • Did the Wholesale Failure relate to a fundamental or central aspect of a well-run compliance program at the registrant?
  • Did the Wholesale Failure persist over time and/or did the CCO have multiple opportunities to cure the lapse?
  • Did the Wholesale Failure relate to a discrete, specified obligation under the securities laws or the compliance program at the registrant?
  • Did the SEC issue rules or guidance on point to the substantive area of compliance to which the Wholesale Failure relates?
  • Did an aggravating factor add to the seriousness of the CCO’s conduct?
  • Active Participation in Fraud – one question that should be considered in situations where a CCO Conduct Charge is being contemplated in relation to a fraud.
  • Did the CCO’s conduct add value to a fraud committed by the firm or by other individuals involved (e.g., aided the primary violators in avoiding detection, increased the harm to investors, or otherwise exacerbated the fraud)?
  • Obstruction Factors – four questions that should be considered where at least one is supported with evidence prior to charging the CCO with a related failure.
  • Were the acts of obstruction or false statements repeated?
  • Was the obstruction denied when confronted, or did the CCO not immediately reverse course and cooperate?
  • Did the obstruction relate to a necessary or highly relevant part of the examination or investigation?
  • Did evidence show other indicia of intent to deceive or disregard for cooperation with the SEC’s regulatory mission?
  • Mitigating Factors consist of three circumstances the presence of which should be considered in any situation where a CCO Conduct Charge is being considered. They are intended to lessen the potential for bringing a CCO Conduct Charge and offer a potential path for CCOs to “protect themselves” in their unique roles.
  • Structural or resource constraints that hinder the CCO’s performance (e.g., stature and authority of CCO position, access to senior management, input into strategy and operating decisions)
  • Voluntary disclosure of compliance failures and active cooperation in remediation efforts
  • Good faith efforts to propose, enact, and/or implement policies and procedures.

In addition, the NYC Bar suggests the SEC:

  • Provide more detailed information in CCO Conduct Charges, when possible
  • Create a formal ongoing method of dialogue between the compliance industry and regulators, such as an advisory committee.

The NYC Bar notes that other regulatory agencies, such as the U.S. Department of Justice, have compliance frameworks, noting that “existing guidance largely outlines substantive areas of focus for a compliance department rather than the potential liability of an individual CCO.” (see KPMG Regulatory Alert on the U.S. Department of Justice Criminal Division’s Evaluation of Corporate Compliance Programs here).

The SEC has not released public comment on the NYC Bar’s proposed framework.


  1. Framework for Chief Compliance Officer Liability in the Financial Sector, New York City Bar Association Compliance Committee, June 2, 2021 (available at Framework for Chief Compliance Officer Liability in the Financial Sector | Member & Career Services | NYC Bar). The NYC Bar also references an earlier paper, Chief Compliance Officer Liability in Financial Services, New York City Bar Association, February 4, 2020 (available at Chief Compliance Officer Liability in the Financial Sector | Member & Career Services | NYC Bar) that it prepared in partnership with the same industry groups. This paper contained recommendations to increase the dialogue between financial regulators and compliance officers and served as the basis for the June 2021 proposed framework.

Get the latest thinking from KPMG’s Regulatory Insights