On March 17, the Financial Industry Regulatory Authority (FINRA) issued a notice, clarifying when chief compliance officers (CCOs) will face liability as supervisors under FINRA Rule 3110.[1] Under Rule 3110, member firms are required to designate individual supervisors and identify their responsibilities as a part of implementing an overall system to “achieve compliance with applicable securities laws and regulations, and with applicable FINRA rules.”[2] Ultimate responsibility for supervisory obligations in Rule 3110 lies with a member firm’s president, CEO, or equivalent officer or individual.
In contrast, a CCO and other individuals on a firm’s compliance team are not normally part of a firm’s supervisory structure required under Rule 3110.[3] FINRA’s notice characterizes compliance as an advisory function distinct from the supervisory responsibilities of individuals within a firm’s business units. CCOs set compliance guidelines and advise supervisors on how to carry out their obligations under Rule 3110, but “written supervisory procedures document the supervisory system to ensure that compliance guidelines are being followed.”[4] In cases where a CEO or similar individual also occupies the position of CCO, liability is easy to assess based on the non-CCO position.
When a CCO does not occupy another position, FINRA’s notice clarifies that a CCO is subject to liability under Rule 3110 only when the firm explicitly or impliedly designates the CCO as having supervisory responsibilities. “A CCO is not subject to liability under Rule 3110 because of the CCO’s title or because the CCO has a compliance function at a member firm.”[5] In addition to situations where firms designate CCOs as having supervisory obligations in their written submissions to FINRA, such as by assigning the CCO to maintain or enforce supervisory procedures, firms can designate the CCO as having supervisory responsibilities in several ways. A CEO or other business manager may designate supervisory responsibility on an ad hoc basis. Supervisory responsibility may be found implicitly where a CCO is tasked with undertaking a review of suspicious activity or exercising oversight over specific persons in response to an incident. FINRA will bring a Rule 3110 enforcement action “[o]nly in circumstances when a firm has expressly or impliedly designated its CCO as having supervisory responsibility.”[6]
If a CCO has supervisory responsibility, FINRA will bring an action under Rule 3110 “only if the CCO has failed to discharge those responsibilities in a reasonable manner.”[7] CCOs are not held to a higher or lower standard than any other individual with supervisory responsibility under Rule 3110. Reasonableness is a fact-sensitive inquiry. Similarly, even where a CCO has supervisory responsibilities and fails to reasonably discharge them, FINRA has discretion to make charging decisions based on “the same factors that could apply to any individual who has supervisory responsibility under Rule 3110.”[8] However, FINRA noted factors that could weigh against charging a CCO may include “insufficient support” from management or poorly defined supervisory responsibilities.[9] FINRA will also examine “whether it is more appropriate to charge the firm or its president” or an individual, such as a business line manager, who had “more direct responsibility for the supervisory task at issue.”[10]
This guidance comes after industry groups and bar associations asked FINRA and the SEC for more clarity regarding CCO responsibility, citing increasing apprehension among CCOs at the prospect of enforcement actions directed at them. FINRA’s guidance makes it clear that CCOs are not the personal guarantors of a firm’s compliance with applicable regulations; CCOs are only responsible for failures to discharge their own designated supervisory authority. It also reinforces FINRA’s position that supervisory responsibility should occur primarily on the business side, and absent specific delegation, a firm’s compliance department does not directly supervise business units.
The SEC has not issued comparable guidance, but FINRA’s notice should provide CCOs and other compliance personnel reassurance as to the scope of their liability and their obligations to supervise other employees in the firm. The notice also provides that CEOs and other managers cannot escape their supervisory responsibilities just because of the presence of a CCO or compliance team. Absent a specific designation of supervisory responsibilities to a CCO, ultimate responsibility for ensuring compliance with securities laws and regulations — at least in member firms — remains with direct supervisors and ultimately firm leadership. It is important for CCOs to make sure that their roles are properly defined to limit exposure under FINRA’s rules.
[1] FINRA Reminds Member Firms of the Scope of FINRA Rule 3110 as it Pertains to the Potential Liability of Chief Compliance Officers for Failure to Discharge Designated Supervisory Responsibilities, Regulatory Notice 22-10 (Mar. 17, 2022).
[2] Id. at 2.
[3] Id.
[4] Id. at 3.
[5] Id.
[6] Id.
[7] Id. at 4.
[8] Id.
[9] Id. at 5.
[10] Id.
