In the wake of new C-suite accountability charges sweeping the United States and EMEA, we gathered experts from across the globe to share their insights on what compliance professionals need to understand about personal liability. In this blog post, we’ll break down the key highlights from our recent webcast, including lessons learned from recent liability charges and how compliance professionals can protect themselves from being held personally liable for failures within their organization.
Takeaways from recent charges brought against Chief Compliance Officers
As we mentioned in a recent blog post, 2022 marked a significant year for Chief Compliance Officers (CCOs) around the world, and especially in the United States, as regulators put more emphasis on holding individuals accountable for non-compliance.
When discussing the common themes around these charges, Kristy-Grant Hart, CEO, Spark Compliance Consulting, mentioned that in many of these cases there is a pattern: the convicted individuals wear many hats in their organization, including holding compliance officer roles as well as executive roles. Kristy also emphasized that in many of the cases, the charges against CCOs were for egregious conduct and knowingly paying no attention to their compliance duties.
"We need to temper that fear with the realization that if you’re doing your job, you’ll probably be okay." - Kristy-Grant Hart, CEO, Spark Compliance Consulting.
Zeke Ward, Founder, North Star Compliance, shared that CCOs need to be very careful about managing the risk disclosures in their financial statements. In the case of Activision Blizzard, the organization settled charges with the Securities Exchange Commission (SEC) as a result of failing to maintain controls to collect and assess workplace complaints with regard to disclosure requirements, and violating a federal whistleblower protection rule. The former Chief Compliance Officer, Frances Townsend, resigned shortly after tweeting and sending emails stating the whistleblower claims were false, which later were found to be true.
So, what can CCOs do to prevent these personal liability cases from occurring?
Zeke mentioned it starts with being aware of the personal liability landscape to learn from previous transgressions and ensure your organization doesn’t make the same mistakes. Then, it’s about making sure you’re maintaining that peer-to-peer contact. For example, individuals need to feel empowered to speak up and have candid discussions with their colleagues to ensure they’re keeping up with best practices. As Zeke shared, "It’s hard when you’re the only Chief Compliance Officer in a firm." Lastly, it’s about voicing any concerns you have about developments in the regulatory space.
When asked what channels compliance professionals can leverage to speak up when they witness compliance violations, Zeke suggested CCOs can go to their local bar association or local professional body as they are great forums to discuss compliance matters.
Don’t forget to document, document, document
Kristy proclaimed that CCOs should protect themselves by clearly documenting any infractions they experience in their role. She elaborated that CCOs should note any time an executive explicitly told them no to an important request or an ask for additional resources, and they should also document any scenario in which they were overruled over a decision they felt strongly about.
"The existential fear comes from the idea that we don’t always have control or frequently don’t have control at all over what the business is doing. We’re advising more than anything." - Kristy-Grant Hart, CEO, Spark Compliance Consulting
This year, what compliance violations do you see CCOS being held accountable for?
Tom Fox, Founder and Creator, Compliance Podcast Network, mentioned that over the past several months we’re starting to see an uptick in liability charges against non-regulated industries. This trend started last year after the DOJ released a new compliance certification requirement for Chief Compliance Officers. The new policy requires CCOs to certify that their organization’s compliance program is reasonably designed and implemented to help detect and prevent violations.
In January 2023, a decision from the Delaware Court of Chancery stated that now corporate executives, including CCOs, owe a fiduciary duty of oversight. This means that CCOs can be held personally liable in shareholder actions for failure of oversight, including ignoring red flags. For example, in the case of Activision, the former Chief Compliance Officer, Frances Townsend, could now be held liable for ignoring red flags from a whistleblower. And just recently, McDonald’s was in the hot seat after claims were brought against their directors relating to their failure to address sexual harassment issues within the company.
Across the pond, it seems that developments in the UK and Europe have only had a slight impact on personal liability - for now. James Fairclough, Executive Director, and UK Compliance Officer, LHCM, mentioned there are mixed views on whether the FCA’s Senior Managers and Certification Regime (SMCR) has had an impact on personal accountability.
"Some would say there is success in changing culture within organizations. Others would say the sort of cases being raised against individuals aren’t that significant in quantity or success." - James Fairclough, Executive Director, and UK Compliance Officer, LHCM
According to Zeke, when it comes to industrials, while there is a lot of chatter about establishing greater accountability on corporates and senior executives, it’s a very slow process because the UK does not have any extra-judicial enforcements that the United States has seen in the past few years.
Despite the slow progression, Zeke mentioned there is a willingness to expand the concept of personal liability much further into anti-money laundering and financial integrity.
As 2023 progresses, along with a looming recession, compliance professionals should pay attention to the regulatory landscape to ensure they achieve a state of continuous compliance awareness.
To learn more about CCO liability and how organizations can take the appropriate measures to prevent mistakes and breaches from taking place within their company, check out our recent webcast.