For Chief Compliance Officers (CCOs) who worry that they face personal liability for their mistakes, a recent enforcement action should provide some degree of comfort. After the CCO for a Georgia-based Registered Investment Adviser (RIA) was found personally liable by the SEC in an action settled on June 30, 2022, Commissioner Hester M. Peirce issued a statement explaining why liability was warranted in this case but not in most instances.

From October 2016 through September 2021, the CCO for the Georgia RIA was responsible for administering the firm’s compliance program and implementing its policies and procedures. Pursuant to the RIA’s compliance program, Investment Adviser Representatives (IARs) were required to disclose outside business activity (OBA) and to comply with the compliance policies of the firm’s broker-dealer.

The SEC found that from at least December 2019, the CCO knew or should have known that the RIA’s compliance program was inadequately implemented. Despite this knowledge, the CCO did not make sufficient changes to the design and implementation of the RIA’s compliance program. From at least February 2020, the CCO received communications regarding the OBA of an IAR but failed to make the proper disclosures. The CCO even became aware that the same IAR had been using the RIA’s office address for another OBA.

The enforcement action can be found at

SEC commissioner’s views on the enforcement action

On July 1, 2022, Commissioner Peirce issued a statement in support of the settled administrative proceedings against the RIA and its principal who was the firm’s CCO. In her statement, Peirce explained why she believed liability was properly imposed on this CCO.

Peirce has spoken in the past about the importance of regulators thinking carefully before imposing liability on a CCO. She previously stated that the compliance obligation belongs to the firm, not the CCO. Peirce believes that this approach reminds firms that compliance is their responsibility. Furthermore, this approach helps to ensure that firms will devote adequate resources to their compliance departments and appropriately defer to their judgment.

Peirce reiterated that SEC determinations about whether to charge a compliance officer are consequential for the individual and the profession. According to Peirce, “CCOs play a vital role in ensuring that investment advisers, broker-dealers, and other registered entities comply with the securities laws. A good CCO expertly weaves compliance into all of a firm’s activities.” She warned that well-qualified people will not become CCOs if they fear they will be held liable for someone else’s missteps.

In her statement, Peirce demonstrated how a CCO liability framework might work in practice. She applied the Compliance Committee of the New York City Bar Association’s Framework (NYC Bar Framework), even though it has not been adopted by the SEC. A key question arising from that framework is determining whether charging a CCO in a particular case would help achieve the SEC’s regulatory goals.

According to Peirce, the CCO identified weaknesses in the firm’s compliance program and was in a position to address them, but failed to do so.  The CCO clearly had authority to exercise substantial control over his firm’s compliance program.

A decision to charge a CCO who is complicit in a fraud is easy. The NYC Bar Framework, however, focuses on distinguishing conduct that is only “debatably inappropriate” from conduct that is “wildly inappropriate” or is “a wholesale failure” to carry out the CCO’s compliance responsibilities.

How Commissioner Peirce applied the NYC Bar Framework to determine CCO liability:

In her statement, Peirce used questions from the NYC Bar Framework to determine whether the SEC properly imposed personal liability on the CCO. The following are the questions she analyzed.

Did the CCO not make a good faith effort to fulfill his or her responsibilities?

In this case, the CCO knew or should have known that the firm’s compliance program was inadequate. As a principal of the firm, he had sufficient authority to address the compliance inadequacies.

Did the wholesale failure relate to a fundamental or central aspect of a well-run compliance program at the RIA?

The failures in this case related to the OBA of an IAR, which created conflicts of interest and harmed investors. Furthermore, this was not an area of uncertainty for the firm, because its own compliance program required disclosure of OBA and those parameters were well understood.

Did the wholesale failure persist over time and/or did the CCO have multiple opportunities to cure the lapse?

The failure in this case stemmed from the CCO not addressing known weaknesses in its compliance program, as well as its failing to ensure specific disclosure of OBA. The CCO had multiple opportunities to correct the compliance failures. The IAR’s OBA came to the CCO’s attention in different ways on multiple occasions over a substantial period of time. Although the CCO ultimately raised the issue with the broker-dealer with whom the IAR was associated, he did so almost a year after becoming aware that clients’ assets were transferred to the representative’ s OBA.

Did the wholesale failure relate to a discrete specified obligation under the securities law or the compliance program at the registrant?

This enforcement action was not based upon technical non-compliance with a rule. It was brought because of a fundamental failure to deploy the compliance program effectively in order to protect the firm’s clients.

Did the SEC issue rules or guidance on point to the substantive area of compliance to which the wholesale failure relates?

The CCO’s lapses did not stem from an absence of SEC guidance. The legal principles involved in the enforcement action were well-established.

Did an aggravating factor add to the seriousness of the CCO’s conduct?

In this case, the aggravating factor was that the broker-dealer with which the IAR was associated flagged certain transactions. Those transactions involved the transfer of clients’ assets to the IAR’s OBA.


The good news for CCOs is that legal liability will not be imposed because of a technicality. The compliance violation must be flagrant for a CCO to get in serious trouble.

Although she supported the course of action taken in this case, Peirce remains concerned about unjustified liability for CCOs based on the RIA’s failings or the failings of others at the firm. She recognizes that a CCO’s job is expansive and grows along with the SEC’s rulebook. The lesson learned is that when a CCO has the opportunity to improve the firm’s compliance program and fails to do so despite frequent reminders, liability may properly be imposed. In this case, Peirce concluded that the enforcement order set forth a sound basis for deciding that the CCO’s conduct fell materially short.

Peirce’s statement can be reviewed at


About RIA Compliance Group: RIA Compliance Group is an investment adviser compliance consulting firm based in Delray Beach, Florida. The firm’s mission is to provide affordable, timely, practical, and cost-effective compliance advice. We help investment advisers to comply with the myriad of state and SEC regulations and compliance obligations facing their firms. RIA Compliance Group takes pride in giving personal service and real world compliance advice, not theoretical concepts and legalese. The firm interacts on a daily basis with SEC and state securities regulators.

RIA Compliance Group, LLC – 701 SE 6th Ave, Suite 201, Delray Beach, FL 33483 – Tel: 561-600-0564 –