Thaddeus North and CCO Liability

At a recent event, an official with the Securities and Exchange Commission tried to give some comfort to a room full of compliance officers that the SEC was not trying to saddle compliance officers with potential liability. He pointed us to the opinion in the matter of Thaddeus North.

The case was the Commission’s review of a FINRA disciplinary action. Mr. North was the Chief Compliance Officer of Southridge Investment Group. FINRA found Mr. North had been (1) failing to establish a reasonable supervisory system for the review of electronic correspondence, (2) failing to reasonably review electronic correspondence, and (3) failing to report a relationship with a statutorily disqualified person.

In Thaddeus North opinion, the SEC cites several cases of CCO liability. The Commission used those decisions to delineate that:

[I]n general, good faith judgments of CCOs made after reasonable inquiry and analysis should not be second guessed. In addition, indicia of good faith or lack of good faith are important factors in assessing reasonableness, fairness and equity in the application of CCO liability.

The North opinion cites four areas where a CCO could have liability:

  1. CCO engages in wrongdoing
  2. CCO attempts to cover up the fraud
  3. CCO crosses a clearly established line
  4. CCO fails meaningfully to implement compliance programs, policies, and procedures for which he or she has direct responsibility,

The third one is a new iteration. Frankly, I don’t know what it means. It’s not mentioned otherwise in the opinion.

In contrast to those four areas of liability the Commission opines that “disciplinary action against individuals generally should not be based on an isolated circumstance where a CCO, using good faith judgment makes a decision, after reasonable inquiry, that with hindsight, proves to be problematic “

Apparently, everything in between is a matter-specific analysis that should involve informed judgment by the Commission.

The SEC found North in the middle ground and found him liable. The opinion states that “North failed to make reasonable efforts to fulfill the responsibilities of his position.” That is a not one of the four listed areas of CCO liability. The Commission adds in that North’s actions were egregious and he repeatedly failed to perform some compliance functions.

I find the opinion frustrating if it’s trying to allay concerns about CCO liability. The SEC states the four areas, then says that North did something that was not in one of those four areas. The Commission uses the “failed to make reasonable efforts” standard on liability for North, instead of the fourth area’s “fails meaningfully to implement.”

Would it have been too hard for the Commission to use the same standard just set forth in the prior paragraph? That would have made me feel better about CCO liability instead of creating a broader standard for CCO liability.

Sources: