FINRA Reminds Member Firms of the Scope of FINRA Rule 3110 as it Pertains to the Potential Liability of Chief Compliance Officers for Failure to Discharge Designated Supervisory Responsibilities
Chief Compliance Officers (CCOs) at member firms play a vital role. For example, CCOs and their compliance teams help design and implement compliance programs, help educate and train firm personnel, and work in tandem with senior business management and legal departments to foster compliance with regulatory requirements. In this way, CCOs help promote strong compliance practices that protect investors and market integrity, as well as the member firm itself.1
Rule 3110 (Supervision) imposes specific supervisory obligations on member firms.2 The responsibility to meet these obligations rests with a firm’s business management, not its compliance officials. The CCO’s role, in and of itself, is advisory, not supervisory. Accordingly, FINRA will look first to a member firm’s senior business management and supervisors to determine responsibility for a failure to reasonably supervise. FINRA will not bring an action against a CCO under Rule 3110 for failure to supervise except when the firm conferred upon the CCO supervisory responsibilities and the CCO then failed to discharge those responsibilities in a reasonable manner.3 As a result, charges against CCOs for supervisory failures represent a small fraction of the enforcement actions involving supervision that FINRA brings each year.4
Questions regarding this Notice should be directed to:
- Christopher Perrin, Counsel to the Head of Enforcement, Enforcement, at (415) 217-1121 or by email; and
- Philip Shaikun, Vice President and Associate General Counsel, Office of General Counsel, at (202) 728-8451 or by email.
Background and Discussion
I. THE SCOPE OF RULE 3110 REGARDING INDIVIDUAL LIABILITY
Rule 3110 sets out a comprehensive set of supervisory obligations for member firms and requires firms to designate individual supervisors and identify their responsibilities. The rule requires each member firm to establish and maintain a system, including written procedures, to supervise the activities of each associated person that is reasonably designed to achieve compliance with applicable securities laws and regulations, and with applicable FINRA rules.5 The rule also requires each member firm to designate an appropriately registered principal or principals with authority to carry out the supervisory responsibilities of the member for each type of broker-dealer business in which it engages, to designate one or more appropriately registered principals in branch offices with authority to carry out the supervisory responsibilities assigned to that office, and to assign each registered representative to an appropriately registered person who is responsible for supervising that representative’s activities.6 Individual liability under Rule 3110 is predicated upon the firm’s express or implied designation of supervisory personnel and the delegation of supervisory responsibility to the designated individuals.7 Individual supervisors have an additional duty under Rule 3110 to investigate “red flags” that suggest misconduct at the firm may be occurring and to act reasonably upon the results of the investigation.8 FINRA can bring enforcement actions under Rule 3110 against individual supervisors when they fail to discharge reasonably their supervisory responsibilities.9
A firm’s supervisory obligations under Rule 3110 rest with the firm and its president (or equivalent officer or individual, e.g., CEO) and flow down by delegation to the firm’s designated supervisors.10 The firm’s president (or equivalent officer or individual), not its CCO, “bears ultimate responsibility for compliance with all applicable requirements unless and until he [or she] reasonably delegates particular functions to another person in that firm, and neither knows nor has reason to know that such person’s performance is deficient.”11 Accordingly, the president (or equivalent officer or individual) and designated principals are responsible for fulfilling the firm’s supervisory obligations under Rule 3110.
II. THE ROLE OF A CCO WITHIN A MEMBER FIRM
A CCO’s role at a member firm, by contrast, is advisory, not supervisory. FINRA recognizes that compliance and supervision are separate, if related, functions. In Notice to Members 99-45, FINRA stated that “[i]t is important [to] recognize the distinction between written compliance guidelines and written supervisory procedures.”12 A CCO and the compliance team is, in the normal course, responsible for the former, not the latter. “Compliance guidelines generally set forth the applicable rules and policies that must be adhered to and describe specific practices that are prohibited.”13 By contrast, written supervisory procedures document the supervisory system to ensure that compliance guidelines are being followed.
To fulfill the compliance function, FINRA requires firms to designate one or more appropriately registered principals as a CCO.14 As set forth in FINRA Rule 3130, Supplementary Material .05, “A [CCO] is a primary advisor to the member on its overall compliance scheme and the particularized rules, policies and procedures that the member adopts.”15 Neither Rule 3110 nor Rule 3130, by themselves, attach supervisory responsibilities to a CCO.16
A CCO can and often does occupy another position at a firm, such as CEO.17 In such circumstances, CCOs likely would fall within the scope of Rule 3110 because of the supervisory authority designated to them based on another non-CCO position they hold within a firm’s business management. When an individual’s sole position at a firm is that of CCO, a more extensive assessment of liability under Rule 3110 may be needed, as outlined in the following section.
III. ASSESSING LIABILITY UNDER RULE 3110 AGAINST A CCO
Designation of Supervisory Responsibility
A CCO is not subject to liability under Rule 3110 because of the CCO’s title or because the CCO has a compliance function at a member firm. A CCO will be subject to liability under Rule 3110 only when—either through the firm’s written supervisory procedures or otherwise—the firm designates the CCO as having supervisory responsibility. This designation can occur in several ways. First, the member’s written procedures might assign to the CCO the responsibility to establish, maintain and update written supervisory procedures, both generally as well as in specific areas (e.g., electronic communications). Second, the written procedures might assign to the CCO responsibility for enforcing the member’s written supervisory procedures or other specific oversight duties usually reserved for line supervisors. Third, apart from the written procedures, a member firm, through its president or some other senior business manager, might also expressly or impliedly designate the CCO as having specific supervisory responsibilities on an ad hoc basis. Or the CCO may be asked to take on specific supervisory responsibilities as exigencies demand, such as the review of trading activity in customer accounts or oversight of associated persons. Only in circumstances when a firm has expressly or impliedly designated its CCO as having supervisory responsibility will FINRA bring an enforcement action against a CCO for supervisory deficiencies.
Applying the Reasonableness Standard
Even when a CCO has been designated as having supervisory responsibilities, FINRA will bring an action under Rule 3110 against the CCO only if the CCO has failed to discharge those responsibilities in a reasonable manner—as it would with any individual who has supervisory responsibility. Accordingly, once FINRA has found that the CCO has been designated by the firm as having supervisory responsibilities—including responsibility for establishing, maintaining and enforcing the firm’s written supervisory procedures that are reasonably designed to achieve compliance with applicable securities laws and regulations, and with applicable FINRA rules—the next question is whether the CCO reasonably discharged his or her designated supervisory responsibilities.
For example, if the CCO is responsible for establishing, maintaining and enforcing the firm’s written supervisory procedures, FINRA will ask whether the procedures were reasonably tailored to the firm’s business and whether they addressed the specific activities of the firm’s personnel. Whether a CCO’s performance of these responsibilities was reasonable depends upon the facts and circumstances of a particular situation. When assessing potential liability under Rule 3110, FINRA will evaluate whether the CCO’s conduct in performing designated supervisory responsibilities was reasonable in terms of achieving compliance with the federal securities laws, regulations, or FINRA rules.
Factors For and Against Charging a CCO under Rule 3110
Not every violation of a FINRA rule results in a formal disciplinary action, so even when FINRA finds that a CCO failed to reasonably perform a designated supervisory responsibility, FINRA will consider whether charging the CCO under Rule 3110 in a formal disciplinary action is the appropriate regulatory response to address the violation. Factors that might weigh in favor of charging a CCO are the same factors that could apply to any individual who has supervisory responsibility under Rule 3110 and include, but are not limited to, the following: (1) the CCO was aware of multiple red flags or actual misconduct and failed to take steps to address them;18 (2) the CCO failed to establish, maintain, or enforce a firm’s written procedures as they related to the firm’s line of business;19 (3) the CCO’s supervisory failure resulted in violative conduct (e.g., a CCO who was designated with responsibility for conducting due diligence failed to do so reasonably on a private offering, resulting in the firm lacking a reasonable basis to recommend the offering to its customers);20 and (4) whether that violative conduct caused or created a high likelihood of customer harm.21
Factors that might weigh against charging the CCO include, but are not limited to, the following: (1) the CCO was given insufficient support in terms of staffing, budget, training, or otherwise to reasonably fulfill his or her designated supervisory responsibilities;22 (2) the CCO was unduly burdened in light of competing functions and responsibilities;23 (3) the CCO’s supervisory responsibilities, once designated, were poorly defined, or shared by others in a confusing or overlapping way;24 (4) the firm joined with a new company, adopted a new business line, or made new hires, such that it would be appropriate to allow the CCO a reasonable time to update the firm’s systems and procedures; and (5) the CCO attempted in good faith to reasonably discharge his or her designated supervisory responsibilities by, among other things, escalating to firm leadership when any of (1)–(4) were occurring.25
In addition to the above factors, FINRA also will consider whether it is more appropriate to charge the firm or its president with failure to reasonably supervise rather than the CCO. Likewise, FINRA will consider whether it is more appropriate to charge another individual at the firm, such as an executive manager or a business line supervisor, who had more direct responsibility for the supervisory task at issue, or who was more directly involved in the supervisory deficiency. Finally, FINRA also will consider whether, based on the facts and circumstances of a particular case, it is more appropriate to bring informal, as opposed to formal, action against the CCO for failure to supervise. In some cases, it may be more appropriate to issue a Cautionary Action Letter, particularly in cases involving a CCO’s first-time violation of Rule 3110.
1 See also FINRA Rule 3130, Supplementary Material .05 (Role of the Chief Compliance Officer).
2 This Notice is limited to FINRA Rule 3110. It does not address other supervisory requirements under federal securities laws. Cf. SEC, Division of Trading and Markets, Frequently Asked Questions about Liability of Compliance and Legal Personnel at Broker-Dealers under Sections 15(b)(4) and 15(b)(6) of the Exchange Act, Sept. 30, 2013; Compliance Programs of Investment Companies and Investment Advisers, Release Nos. IA-2204, IC-26299, 2003 SEC LEXIS 2980, at n.73 (Dec. 17, 2003) (discussing when a CCO might be subject to Section 203(e)(6) of the Investment Advisers Act of 1940).
3 This Notice focuses on CCOs and does not encompass anti-money laundering compliance personnel. See FINRA Rule 3310(d); Rule 3310, Supplementary Material .02 (Review of Anti-Money Laundering Compliance Person Information). It also does not address enforcement actions against CCOs for misconduct unrelated to designated supervisory responsibilities, such as providing false documents to FINRA or failing to timely update their Uniform Application for Securities Industry Registration or Transfer (Form U4). See, e.g., Merrimac Corporate Securities, Inc., Exchange Act Release No. 86404, 2019 SEC LEXIS 1771, at *9 (July 17, 2019); Allen Holeman, Exchange Act Release No. 86523, 2019 SEC LEXIS 1903, at *16-17 (July 31, 2019).
4 For example, from 2018–2021, of the nearly 440 FINRA enforcement actions involving violations of Rule 3110 for supervisory failures, CCOs were charged in only 28 instances. And in only 10 of these matters did FINRA charge a CCO who was not also the chief executive officer (CEO) or president of the firm. For each of these 10 matters, FINRA found that the firm had conferred upon the CCO specific supervisory responsibilities which the CCO failed reasonably to perform, in violation of Rule 3110.
5 See Rules 3110(a) and (b). Rule 3110 applies to persons associated with a member firm as much as it applies to a member firm. See FINRA Rule 0140(a) (“Persons associated with a member shall have the same duties and obligations as a member under the Rules.”). Thus, FINRA may bring an action against an associated person, including a CCO, when FINRA finds the individual has violated Rule 3110.
6 See Rules 3110(a)(2), (4) and (5). Rule 3110(b)(6)(A) requires a firm’s written supervisory procedures to include “the titles, registration status, and locations of the required supervisory personnel and the responsibilities of each supervisory person.”
7 Importantly, to bring a case under Rule 3110, FINRA does not have to establish an underlying violation of the federal securities laws or other FINRA rules. Dep’t of Enforcement v. Lek Securities Corp., No. 2009020941801, 2016 FINRA Discip. LEXIS 63, at *35-36 (NAC Oct. 11, 2016).
8 Ronald Pelligrino, Exchange Act Release No. 59125, 2008 SEC LEXIS 2843, at *33 (Dec. 19, 2008) (“‘Once indications of irregularities arise, supervisors must respond appropriately.’”) (quoting La Jolla Capital Corp., 54 S.E.C. 275, 285 (1999)). See also Regulatory Notice 18-15 (April 2018) (“Member firms should be reviewing and updating their supervisory systems and procedures for hiring practices, monitoring brokers and investigating red flags suggestive of misconduct.”)
9 See, e.g., Dep’t of Enforcement v. Clements, No. 2015044960501, 2018 FINRA Discip. LEXIS 11, at *50 (NAC May 17, 2018) (supervisor should have “discharged [his] responsibilities reasonably”).
10 See Wedbush Securities, Inc., Exchange Act Release No. 78568, 2016 SEC LEXIS 2794, at *34 (Aug. 12, 2016).
11 Id. at *29 (quotation marks omitted). See also John B. Busacca, III, Exchange Act Release No. 63312, 2010 SEC LEXIS 3787, at *37-38 (Nov. 12, 2010) (finding that the president’s supervision was deficient during the period that he assumed overall responsibility for the firm’s operations and did not delegate this responsibility).
12 Notice to Members 99-45 (June 1999).
14 See also FINRA Rule 1220(a)(3) (Compliance Officer).
15 Rule 3130, Supplementary Material .05.
16 See Notice to Members 01-51 (August 2001) (“The chief compliance officer registration requirement does not create the presumption that a chief compliance officer has supervisory responsibilities or is otherwise a control person. As in the past, NASD Regulation will hold a chief compliance officer responsible for supervision only where supervision is his or her responsibility. Many chief compliance officers are already registered as principals. NASD Regulation does not presume that these individuals have supervisory responsibility by virtue of their title. NASD Regulation will continue to determine whether a chief compliance officer is acting in a supervisory capacity based on the actual responsibilities and functions that the chief compliance officer performs for the firm.”). See also Rule 3130, Supplementary Material .07 (Certification of Business Line Responsibility) (“The FINRA Board of Governors recognizes that supervisors with business line responsibility are accountable for the discharge of a member's compliance policies and written supervisory procedures. The signatory to the certification is certifying only as to having processes in place to establish, maintain, review, test and modify the member's written compliance and supervisory policies and procedures and the execution of this certification and any consultation rendered in connection with such certification does not by itself establish business line responsibility.”).
17 See Rule 3130, Supplementary Material .08 (Ability of Chief Compliance Officer to Hold Other Positions). See also note 4.
18 Dep’t of Enforcement v. Cantone Research, Inc., No. 2013035130101, 2019 FINRA Discip. LEXIS 5, at *99-100 (NAC Jan. 16, 2019) (finding that firm designated its CCO, who also had the title of Vice President, as a supervisor of registered representatives and that the CCO was “aware of numerous red flags,” failed to address the red flags, and therefore failed to discharge supervisory obligations); Dep’t of Enforcement v. Fox Financial Management Corp., No. 2012030724101, 2017 FINRA Discip. LEXIS 3, at *17-18 (NAC Jan. 6, 2017).
19 See Merrimac, 2019 SEC LEXIS 1771 at *80‑84 (finding a CCO liable for his failure “in any meaningful way to develop the procedures that FINRA's rules required” for a line of business at the firm); see also Ryan Carlson et al., Letter of Acceptance, Waiver, and Consent (FINRA Case No. 2018060267902) (Mar. 29, 2021).
20 Matthew Bahrenburg, Letter of Acceptance, Waiver, and Consent (FINRA Case No. 2018057457101) (Aug. 24, 2020).
22 Thaddeus North, Exchange Act Release No. 84500, 2018 SEC LEXIS 3001, at *34-35 (Oct. 29, 2018), aff’d, 828 F. App’x 729 (D.C. Cir. 2020).
23 Id. at *28-29 (“[The Commission] found a compliance director's failure to respond to NASD's requests for information mitigated by the ‘extraordinary demands on the compliance group’ during the relevant time.”).
24 Id. at *28 (“[The Commission has] dismissed proceedings against an individual with compliance responsibilities that alleged liability for causing his firm's violations of the securities laws where another official at the firm had responsibility for overseeing the relevant activities and the respondent was never asked to evaluate the relevant regulatory issues.”).
25 Id. (“[The Commission has] dismissed proceedings alleging supervisory failures where the respondent conducted his own independent investigation in response to indications of wrongdoing and recommended responsive action.”); Merrimac, 2019 SEC LEXIS 1771, at *73 (liability should not attach “where a CCO made a reasonable inquiry and determined erroneously that no further action needed to be taken in light of that inquiry”).