NSCP letter to SEC August 18, 2015 expresses concern about higher standards in enforcement proceedings against compliance officers.
National Society of Compliance Professionals, in their letter dated August 18, 2015, states “Compliance officers are already highly motivated … and do not need the threat of enforcement action to do their jobs well.”
The letter comes on the heels of three important Administrative Proceedings where compliance officers are alleged to have “caused” a primary violation committed by another. See Administrative Proceedings file numbers: 3-16591 (June 2015), 3-16501 (April 2015), and 3-15873 (March 2015). These proceedings portray a higher liability standard for compliance officers. Whereas prior decisions reflect (i) a primary securities law violation, (ii) knowing or extremely reckless conduct, and (iii) substantial assistance to the violator.
As the NSCP points out in their letter, SEC higher standard applies 20/20 hindsight, a valuable resource in learning how to improve procedures and policies; but compliance officers work in real-time. Reviewing someone’s decisions ex-post record and concluding they should have known better at the time, sets a dangerous tone to fundamental policy. The “perfect policy” perspective fails to recognize that real-time decisions are rarely “perfect”. Compliance officers navigate in a landscape where procedures are routinely re-examined and improved based upon lessons learned and new facts uncovered.
A question is, whether enforcement actions will further motivate compliance officers to greater vigilance, or risk demoralizing them into believing that even using their best judgment will not protect against risk of career ending enforcement action. NSCP is concerned that setting this stricter precedent may result in some of the best compliance officers exiting the industry rather than face new risks.
As an additional point, NSCP asserts that compliance officers do not generally operate the business for which they are hired. They are typically an advisory role. Compliance officers establish procedures or policies, but are rarely charged with administering them. Administration rests on the head of executives and line managers. Holding compliance officers accountable for failures linked to implementation fails to recognize the limited scope of power within which many compliance officers operate.
While the NSCP is all for effective enforcement, they base their argument on a matter of fairness. NSCP asks that the SEC place more recognition on the limitations of compliance officers and the difficult landscape in which they make decisions. As noted, even the American Institute of Certified Public Accountants recognizes that controls are limited in nature and may not prevent or detect and correct all errors and omissions, as stated in SSAE-16 statement of standards.
Does the SEC go too far in holding compliance officers accountable for violations committed by others?