Lost at Sea: Why FINRA’s Lack of Formal Guidance to CCOs Could Leave Them Adrift in Dangerous Regulatory Waters

From Ulmer’s Broker-Dealer Law Corner Blog
By Blaine F. Doyle

In Homer’s epic poem the Odyssey, Odysseus and the crew of his ship are faced with the impossible choice of either sailing closer to Charybdis, a whirlpool capable of sinking their entire ship, or, alternatively, to Scylla, a sea monster just as deadly.  Odysseus’ dilemma sprang to mind as I listened to a presentation last week from a panel that included a FINRA attorney meant to provide guidance on situations where FINRA will target an individual employee in addition to or instead of the offending broker-dealer.  Although this blog has covered the topic in the past, I thought it might be instructive to share what the FINRA representative had to say, especially given that FINRA has not published any official guidance on the subject.

The presentation indicated that while there has been no substantive change in FINRA’s decision-making processes, the regulator views itself as responding to a public mandate, borne out of the 2008 financial crisis, to hold individuals, and not just firms, responsible for alleged misconduct at financial firms. Implicitly then, even if the mechanics of the decisions are the same, the people making the decisions are coming at it from a different, perhaps more aggressive, perspective.  The panel discussed considerations in naming individuals and, in addition to some of the more obvious examples, like the pervasiveness of the conduct or the notice to individuals of the wrongdoing and the nature of it (e.g., failure to disclose outside business activities), they mentioned three considerations that are not quite as obvious.  They are:

  1. Adequacy of resources – if there is one compliance person working 80 hour weeks, FINRA might take a more sympathetic view of the individual and be less likely to charge him.
  2. Dissolution of the firm – the FINRA panelist indicated a slight change in that dissolution of the firm will not necessarily absolve individuals now, as it sometimes has in the past.
  3. Author of the WSPs – Obviously, poorly written or inadequate WSPs are a sure ticket to sanctions against the firm; but the FINRA panelist indicated they will look at who wrote the policies and procedure in question when considering charges against the individual.

The talk then turned to the culpability of the Chief Compliance Officer (“CCO”). A current CCO, sitting on the panel, made two astute observations on the policy of charging CCOs.  The first, and more obvious of the two, is that it serves as an attack on the person in the company who is, at least in theory, FINRA’s best ally.  The CCO is, after all, a sort of in-house regulator who should be able to work with FINRA to ensure compliance.  The second, less obvious point, is that the career of a CCO is over once he is charged, even if said charges are eventually found to be baseless.  No firm will ever hire that CCO, as it will raise red flags and bring enhanced scrutiny on the new firm.  At a time when knowledgeable CCOs are needed more than ever, FINRA’s actions might only serve to shrink the pool of qualified individuals.

Next on the agenda was discussion of a recent case where a CCO was charged with failing to adequately review firm emails. Here is the thing: the WSPs specifically delegated that responsibility to the President of the firm, and the CCO, when interviewing, was assured he would not have to review emails.  After the President failed to review the emails, however, the CCO stepped into the void and assumed that responsibility, only to be charged by FINRA.  It is in this situation that, like Odysseus, a CCO faces a choice between two unpleasant fates.  He can do nothing and hope the firm is not charged, or he can assume responsibility and open himself to individual charges.  The CCO in this case was pro-active and took the latter tack, yet FINRA still came after him.  This case was important because it encourages a CCO NOT to assume responsibility and instead to do nothing.  Another interesting wrinkle to this case is that in this particular case, the firm’s WSPs called for review of emails on a daily basis.  That standard is above and beyond anything that is required in the industry; yet FINRA charged the CCO with failing to meet it, just because it was in the WSPs.  In this matter, the CCO was fined $5,000; a mere slap on the wrist, but for reasons mentioned earlier, his career has in all likelihood been irreparably harmed.

Does this encourage firms to set their standards at the lowest possible threshold because if they hold themselves to a more stringent standard and fail to meet it, they are opening themselves to punishment? Seems like a reasonable takeaway to me.

While FINRA continues to provide no formal guidance on the subject, recent cases indicate that its enforcement standard with regard to CCOs is much harsher than the SECs. In its zeal to hold individuals responsible, FINRA seems to be acting in a counter-productive manner that incentivizes lower standards at firms and discourages CCOs from filling supervisory gaps that may arise at the firm.  None of this advances investor protection.  Until FINRA provides better guidance, CCOs will have to do their best to chart a course between the two unpleasant fates; hopefully with fewer casualties than Odysseus and his crew.