On November 4, 2015, Andrew Ceresney, the head of the Security and Exchange Commission’s (“SEC”) enforcement division, delivered the keynote address to the National Society of Compliance Professionals’ annual meeting. The key takeaway from Mr. Ceresney’s remarks is that is the compliance function—and specifically the role of the Chief Compliance Officer (“CCO”)—is more important than ever in today’s highly regulated economy, and companies that short-change or ignore this function do so at their own peril.
In speaking to this gathering of compliance professionals, Mr. Ceresney explained that “the Commission is in your corner . . . and . . . you must be provided with the resources and support necessary to succeed.” Recent SEC enforcement actions support this position.
Compliance personnel may be held liable for security law violations, but this is a rare case. The SEC more often will charge business executives for compliance failures. Earlier this year, in Pekin Singer, the SEC suspended an advisory’s firm’s former president for 12 months after he consistently ignored pleas for help from the firm’s CCO. In 2013, in the Carl Johns enforcement action, the SEC filed its first-ever charge against an individual for misleading and obstructing a CCO. According to Mr. Ceresney, the SEC “will aggressively pursue business line personnel and firms who mislead or deceive [compliance officers], or obstruct the compliance function, or who fail to support [them] in a manner that causes compliance violations.”
The SEC understands that the poorer the state of a firm’s compliance function, the more likely they are to engage in misconduct and face sanctions. Mr. Ceresney believes that “you can predicate a lot about the likelihood of an enforcement action by asking a few simple questions about the role of the company’s compliance department in the firm.” Are compliance personnel included in critical business decisions? Are their views are sought and, more importantly, followed? How visible is the compliance function to the Board of Directors and does the CCO report directly to a company’s CEO? Does the company provide its compliance function with the resources and personnel necessary to get the job done correctly?
Mr. Ceresney’s remarks were geared toward financial services companies. His message, however, should be heard loud and clear by companies in all sectors, especially those subject to anti-money laundering regulations, the Foreign Corrupt Practices Act, and other complex laws challenging today’s compliance professionals. As far as the U.S. government is concerned, the compliance function is no longer a corporate backwater to be thought of only as a cost center. Compliance is now a C-suite function that must be supported by the entire organization.