On Sept. 30, the staff of the SEC’s Division of Trading and Markets published answers to eight Frequently Asked Questions (FAQs) concerning supervisory liability for compliance and legal personnel at broker-dealers. The FAQs follow a speech last year by Commissioner Daniel Gallagher concerning the Urban case, discussed below, in which he acknowledged the need for the SEC to offer guidance so that those overseeing compliance “won’t be afraid to be zealous because they’ll be tagged as a supervisor.”
The FAQs, in attempting to clarify when compliance and legal personnel function as supervisors and thereby become subject to potential liability for failure to supervise, reiterate the familiar refrain for determining supervisory status:
Whether, under the facts and circumstances of a particular case, that person has the requisite degree of responsibility, ability or authority to affect the conduct of the employee whose behavior is at issue.
The FAQs further clarify that five fact patterns, by themselves, do not create supervisor status. These fact situations are discussed in section II below.
BD firms may wish to review their compliance procedures in light of the suggestions in the FAQs and make sure that compliance and legal functions are clearly delineated from business line and management functions. Where compliance or legal personnel serve on management committees, BD firms may wish to provide that they serve ex officio or in a nonvoting capacity.
Sections 15(b)(4) and 15(b)(6) of the Securities Exchange Act of 1934, as amended (Exchange Act), authorize the SEC to take action against an individual at a broker-dealer for failure to supervise someone who has violated the federal securities laws, the Commodity Exchange Act, the rules or regulations under those statutes, or the rules of the Municipal Securities Rulemaking Board. The FAQs discuss the circumstances that can lead to finding compliance or legal personnel are acting in a supervisory role and, therefore, have the potential for supervisory liability.
The standard by which an individual is deemed to be a supervisor was articulated in 1992 in In re Gutfreund, Rel. No. 34-31554, 51 SEC 93 (Dec. 3, 1992). In that matter, the SEC brought three separate actions against the chairman and CEO of a broker-dealer firm, John Gutfreund; the president; and the vice chairman for failing to take action to prevent the misconduct of a trader who was known by the three men to have submitted false bids in a U.S. Treasury auction. The SEC sanctioned each executive for failure to supervise, stating that supervisory liability attaches where a person has a requisite degree of responsibility, ability or authority to affect the conduct of the employee.
In 2012, the SEC revisited its supervisory liability theory in a case against Theodore Urban, then-general counsel of a former brokerage and rel="noopener noreferrer" investment bank. In the initial decision, the ALJ found that the general counsel had none of the traditional authority associated with a person supervising brokers but was still a supervisor because as general counsel, his opinions on legal and compliance issues were considered authoritative and his recommendations were generally followed. Nonetheless, the ALJ ultimately found the general rel="noopener noreferrer" counsel acted reasonably, and the commission later dismissed the proceeding without an opinion.
Recently in the Johns case, rel="noopener noreferrer" the SEC sanctioned a trader for deceiving the compliance officer (click here for access to our description rel="noopener noreferrer" of the Johns case) but has not pursued an action against the compliance personnel in the SAC/Stephen Cohen case. The SEC published these FAQs in the context of these developments and to attempt to clarify some of the ambiguity surrounding the potential liability associated with the compliance and legal roles.
II. Certain Facts Alone Are Not Sufficient to Create Supervisor Status
Supervisor status in a particular case will always be a facts and circumstances test. Nevertheless, a key takeaway from the FAQs is that certain facts, standing alone, are not sufficient to turn legal or compliance personnel into supervisors. These facts include:
- Holding a compliance or legal position
- Providing advice or counsel to business line personnel concerning compliance or legal issues
- Assisting in the remediation of a business line issue
- Providing advice to, or consulting with, senior management
- Participating in, providing advice to or consulting with management or other committees
The SEC staff noted that all of these functions are important parts of the day-to-day responsibilities of legal and compliance personnel and help broker-dealers establish a compliance program that is reasonably designed to ensure compliance with applicable laws and regulations.
III. What Is the Requisite Degree of Responsibility, Ability or Authority to Affect Conduct?
As noted below, it is critical for firms to separate out the functions of compliance personnel from the functions of business line personnel in compliance manuals and written supervisory procedures. The SEC will, however, look beyond policies and procedures to the person’s actual responsibilities and authorities. The answer to FAQ No. 2 sets forth questions to be considered in determining whether a person is a “supervisor” for purposes of the Exchange Act:
- Has the person clearly been given, or otherwise assumed, supervisory authority or responsibility for particular business activities or situations?
- Did the person have the power to affect another’s conduct, such as the ability to hire, reward or punish that person?
- Did the person otherwise have authority and responsibility such that he or she could have prevented the violation from continuing, even if he or she did not have the power to fire, demote or reduce the pay of the person in question?
- Did the person know that he or she was responsible for the actions of another, and that he or she could have taken effective action to fulfill that responsibility?
- Should the person nonetheless reasonably have known in light of all the facts and circumstances that he or she had the authority or responsibility within the administrative structure to exercise control to prevent the underlying violation?
IV. Establishing an Effective Compliance System Without Creating Supervisory Liability
One of the most critical components of an effective compliance system is a clear delegation of supervisory responsibilities to business line supervisors. The compliance policies should specifically define the duties of compliance personnel and designate responsibility to business line personnel for supervision of functions and persons.
The SEC staff also suggested firms consider implementing (i) robust compliance monitoring systems, (ii) processes to escalate identified instances of noncompliance to business line personnel for remediation and (iii) a system to follow up in situations where misconduct may have taken place, to help ensure that the direct supervisor implements a proper response. Compliance and legal personnel may need to escalate situations to persons at a higher level of authority in the business if they determine that concerns have not been addressed.
V. Participation in Management and Other Committees
In light of the Gutfreund and Urban cases, many CCOs have wondered whether their membership on or attendance at meetings of management committees will result in supervisory responsibility and an increased liability profile. The SEC staff recommends that compliance and legal personnel participate in committees in an ex officio or nonvoting capacity because this type of role is more consistent with an advisory function.
VI. Unresolved Issues
Because of the intensely factual nature of the determination of supervisor status, there will be situations that present significant ambiguity. For example, where the CCO or internal legal counsel has more than one role in the firm, it may be hard to determine when actions are limited to a compliance or legal function. In this situation, it could be very important to have a protocol or other mechanism to clearly distinguish business from compliance and legal functions. Other areas that may present significant issues include decisions by management not to implement compliance or legal recommendations, or failure by management to make a timely decision on a recommendation. In addition, as the FAQs involve guidance provided by the SEC staff, it is not clear whether FINRA or other regulators will take a similar approach.