From 2018–2021, of the nearly 440 FINRA enforcement actions involving violations of Rule 3110 for supervisory failures, CCOs were charged in only 28 instances. And in only 10 of these matters did FINRA charge a CCO who was not also the chief executive officer ("CEO") or president of the firm. For each of these 10 matters, FINRA found that the firm had conferred upon the CCO specific supervisory responsibilities which the CCO failed reasonably to perform, in violation of Rule 3110.
The Financial Industry Regulatory Authority, Inc. ("FINRA") released Regulatory Notice 22-10 (“Notice”) on March 17, 2022, reminding member firms of the scope of FINRA Rule 3110 regarding individual liability and the role of the Compliance Officer ("CCO") within a member firm. The Notice centers on CCOs and does not encompass anti-money laundering compliance personnel. Importantly, the chief compliance officer registration requirement does not create the presumption that a chief compliance officer has supervisory responsibilities or is otherwise a control person. As in the past, NASD Regulation will hold a chief compliance officer responsible for supervision only where supervision is his or her responsibility. Many chief compliance officers are already registered as principals. NASD Regulation does not presume that these individuals have supervisory responsibility by virtue of their title. NASD Regulation will continue to determine whether a chief compliance officer is acting in a supervisory capacity based on the actual responsibilities and functions that the chief compliance officer performs for the firm.”).
RegComp notes FINRA has set longstanding prerequisites under FINRA Rule 3110 for member firms. Chief Compliance Officers ("CCO") should be aware of their responsibilities under Rule 3110, which clarifies supervisory accountability. As a refresher, the Rule requires member firms to create and keep a supervisory system that maintains oversight and supervision of related persons and guarantees compliance to the applicable securities regulations. The supervisory system should "ascertain, sustain, and implement written processes" to manage the member firm and its accompanying associated persons/registered representatives.
Regulatory Notice 22-10 (“Notice”), released in March 2022, restates one of its usually unnoticed principles. The president of the member firm is ultimately accountable for fulfilling all the valid duties. Specifically, the Notice states: “…the responsibility to meet these obligations rests with a firm’s business management, not its compliance officials.” Consequently, “FINRA will look first to a member firm’s senior business management and supervisors to determine responsibility for a failure to reasonably supervise. FINRA will not bring an action against a CCO under Rule 3110 for failure to supervise except when the firm conferred upon the CCO supervisory responsibilities and the CCO then failed to discharge those responsibilities in a reasonable manner.”
Furthermore, as it relates to multiple roles, a CCO may occupy another role at a member firm, such as CEO. In these instances, CCOs likely would fall within the capacity of Rule 3110 because of the supervisory authority designated to them based on another non-CCO position they hold within a firm’s business management. When an individual’s sole position at a firm is that of CCO, a more extensive assessment of liability under Rule 3110may be needed, FINRA reiterated within the Notice. Toward, this end, RegComp Financial reminds member firms that the supervisory structure must begin with the company's management, and in most cases, for smaller firms its President/Owner (or equivalent officer or individual, e.g., CEO). The responsibility flows down to the firm’s designated supervisors. Importantly, FINRA reiterated in the Notice the CCO has an advisory role rather than supervisory. FINRA stated it recognizes “that compliance and supervision are separate, if related, functions.” So, the supervision liability for CCO can't be held, except if she/he is directly or indirectly designated the authority.
The Notice highlights that CCO designation can occur in several ways. First, the member’s written procedures might assign to the CCO the responsibility to establish, maintain and update written supervisory procedures, both generally as well as in specific areas (e.g., electronic communications) Second, the written procedures might assign to the CCO responsibility for enforcing the member’s written supervisory procedures or other specific oversight duties usually reserved for line supervisors. Third, apart from the written procedures, a member firm, through its president or some other senior business manager, might also expressly or impliedly designate the CCO as having specific supervisory responsibilities on an ad hoc basis. Or the CCO may be asked to take on specific supervisory responsibilities as exigencies demand, such as the review of trading activity in customer accounts or oversight of associated persons. Only in circumstances when a firm has expressly or impliedly designated its CCO as having supervisory responsibility will FINRA bring an enforcement action against a CCO for supervisory deficiencies.
FINRA Rule 3110 also distinguishes the responsibility of the CCO, and the person having supervisory responsibility and documents the differences between written compliance principles and written supervisory processes. Normally, the compliance principles are the guidelines and standards by which member firms are required to abide by. But the written supervisory processes document the supervisory system that should be carried out by member firms and direct the supervisors to ensure compliance to the rules through written procedures. Therefore, supervisory liability for CCO will be held only if the company designates supervisory authority to the CCO through its supervisory procedures. When a CCO has been given the supervisory right, FINRA will investigate if the CCO has sensibly implemented his supervisory task. The inquiry will be very much about the facts and circumstances. FINRA will identify distinct factors to determine if a CCO was well-organized. These factors have been enunciated in many execution reports, including failure to supervise. Factors are summarized below:
The regulation highlights CCO liability however also includes certain alleviating factors:
Generally, a CCO's duty is advisory, not supervisory. It would be prudent for member firms to clearly define the advisory and compliance responsibilities and differentiate them from supervisory duties. In instances where the firm has assigned supervisory responsibilities to the CCO, only, in this case, supervisory liability for the CCO can be held. Importantly, she or he must sensibly perform those duties and be mindful of the facts and circumstances detailed in many enforcement actions/finding reports by the staff of both FINRA and the Securities and Exchange Commission (“SEC”).