Bates Research  |  12-14-16

Personal Liability for Compliance Professionals III


By Geoff Winkler, Fraud and Forensics Practice Leader

This is the final installment in a three-part series discussing personal liability for compliance professionals. Part one looked at the growing trend of regulatory enforcement activity against compliance professionals and the perception within the compliance industry of increased personal risk. Last week we took a look at regulators’ perceptions of their enforcement activity and what this trend might mean for compliance professionals moving forward. This week we will take a look at the impact this is having on the industry and the steps some CCOs are taking to minimize their personal liability.


Impact on the Industry

As compliance officers are more frequently being held accountable for corporate misconduct, they are now beginning to focus more on managing their own personal risk. This increased focus on their own risk could take away from their focus on ensuring their organizations are in compliance and managing firm risks. 

As a result, many compliance professionals are moving away from the financial services industry and toward lower-risk and less-regulated industries. According to DLA Piper’s 2016 Compliance & Risk Report: CCOs Under Scrutiny, nearly two-thirds (65%) of respondents said that “recent developments would affect their decision to remain or accept positions as CCOs,” and only about one-third were confident that they had the resources necessary to do their job. 


(source: DLA Piper’s 2016 Compliance & Risk Report: CCOs Under Scrutiny)


The DLA Piper survey shows an increase of almost five percent over the Thomson Reuters 2015 Annual Cost of Compliance Survey. In the survey, over two-thirds of respondents reported that the focus on accountability will have an impact on the ability to recruit and retain skilled senior staff as they are forced to balance their earning potential versus the risk of going to prison.

In fact, the authors of the DLA Piper survey believe that “the tension between heightened personal liability and stunted resources could have multiple negative implications for the compliance industry. It could drain the industry’s talent pool, for instance, acting as a deterrent for early-to-mid career professionals” as they decide the risk is not worth the potential reward.

Administrative Law Judge Cameron Elliot (in an SEC administrative hearing against former CCO Judy Wolf) agreed, stating,

“Obviously, compliance professionals are subject to the securities laws like everyone else. But Wolf is correct to complain that in compliance, ‘the risk is much too high for the compensation.’ In my experience, firms tend to compensate compliance personnel relatively poorly, especially compared to other associated persons possessing the supervisory securities licenses compliance personnel typically have, likely because their work does not generate profits directly. But because of their responsibilities, compliance personnel receive a great deal of attention in investigations, and every time a violation is detected there is, quite naturally, a tendency for investigators to inquire into the reasons that compliance did not detect the violation first, or prevent it from happening at all. The temptation to look to compliance for the "low hanging fruit," however, should be resisted. There is a real risk that excessive focus on violations by compliance personnel will discourage competent persons from going into compliance, and thereby undermine the purpose of compliance programs in general.” 

These survey results are startling given the growing opportunities and relatively generous salaries available to compliance professionals. In fact, according to an October 2015 survey conducted by the Society of Corporate Compliance and Ethics, salaries for CCOs continue to rise steadily, with the average salary increasing from $139,582 in 2013 to $150,207 in 2015.


What are Some of the Ways CCOs and Companies are Limiting Personal Risk?

According to Linda Shirkey, President of The Advisor’s Resource, there are a number of steps that CCOs and companies are utilizing to help protect themselves when regulatory action is taken against them for corporate wrongdoing. They include:

  • Corporate indemnification, similar to that issued to a board of directors and other officers, in order to provide for the cost of defense;
  • D&O liability insurance coverage that explicitly covers compliance officers and extends to the scope of their duties; and/or
  • E&O liability insurance to cover errors and omissions made within the scope of covered activities.

While these two approaches will help in the event of a problem, the first line of defense, says Gary Liebowitz, Bates Group expert and former FINRA Senior Vice President and SEC enforcement attorney, would be to:

  • Help to set and ensure the proper “tone at the top” to ensure a strong compliance culture;
  • Create strong compliance programs backed by education and training;
  • Ensure policies and procedures are tailored, understandable, monitored and reviewed regularly;
  • Map policies and procedures to respective regulations and conduct rigorous gap analysis to ensure compliance;
  • Mitigate risk through documentation of all activities;
  • Implement clear job descriptions that limit the role of staff strictly to compliance-related duties;
  • Quickly respond to red flags with follow-up and escalation as needed; and
  • Remain current with all changes to rules and regulations.


Despite a number of assurances, recent actions by regulators have caused compliance professionals to be concerned about their personal liability for corporate wrongdoings. Regulators and compliance professionals perform many of the same duties and need to work together to find the right balance between punishing wrongdoers and scaring away the compliance professionals needed to prevent wrongdoing in the first place. With that said, perhaps the best way for compliance professionals to mitigate their own risk is by creating strong compliance programs to prevent or detect wrongdoing before regulatory intervention is necessary.


What do you think? Follow us on LinkedIn or Twitter to join the conversation!

This blog is provided for informational purposes only and not for the purpose of providing legal advice. You should contact an attorney to obtain advice with respect to any particular issue or problem.


Get Bates Group News and Alerts in your Inbox

Sign Up Now

Contact Bates Group

Bates Group is with you every step of the way. Contact us today for more information on how our End-to-End Solutions can help your firm.

Contact Bates Group