United States: SEC Guidance On Liability Of Compliance Officers: Lessons From Recent Cases

In a May 20, 2014, speech, U.S. Securities and Exchange Commission (SEC) Director of Enforcement Andrew Ceresney outlined the circumstances in which the SEC will seek sanctions against compliance personnel. Two recent SEC proceedings illustrate the points made by Ceresney and the continued focus of enforcement on the duties and potential liability of compliance officers.

Ceresney Speech

SEC Director of Enforcement Andrew Ceresney delivered the keynote address at Compliance Week 2014. Ceresney's speech contained a detailed discussion of the SEC's position on the duties of compliance personnel, as well as the types of situations where the SEC will seek to penalize compliance officers.

Ceresney noted that, at that point, the SEC had brought 10 actions as part of the Compliance Program Initiative, including charges against compliance personnel when they were clearly responsible for the failure to adopt or implement adequate compliance programs. Consistent with those cases, Ceresney emphasized that the SEC will take action against compliance officers if:

  • they actively participated in misconduct,
  • they helped mislead regulators, or
  • they have clear responsibility to implement compliance programs or policies and wholly failed to carry out that responsibility.

Ceresney pointed to the Penson case discussed below as implicating all of these areas. The Meade case, also discussed below, is a more recent example of this type of situation.


On May 19, the SEC filed an administrative proceeding against Thomas Delaney II and Charles Yancey for violations related to Rule 204T/204 of Regulation SHO. Delaney is the former chief compliance officer (CCO) and Yancey is the former president/chief executive officer (CEO) of Penson Financial Services, Inc., which, before declaring bankruptcy in January 2013, was one of the largest independent clearing firms in the U.S. Delaney and Yancey are contesting the charges.

Rule 204T/204 requires participants of a registered clearing agency to deliver equity securities to a registered clearing agency by a settlement date. If the participant does not deliver the shares to the clearing agency in a timely manner, referred to as failure to deliver, it must take affirmative action to close out the failure-to-deliver position by purchasing or borrowing securities within a specified period.

According to the SEC, when Penson's customers caused a failure to deliver, the buy-ins department purchased or borrowed shares to fulfill its close-out obligations and passed along the costs of those transactions to its customers. In contrast, on thousands of occasions between October 2008 and November 2011, Penson caused failures to deliver by lending securities from customers' margin accounts, which securities the customers subsequently sold. In those instances, unable to pass along the cost of compliance to customers, senior officers in the stock loan department ignored the requirements of Rule 204T/204 and failed to deliver the subject securities.

Penson - CCO Issues

According to the SEC, Delaney aided and abetted and caused Penson's violations of Rule 240T(a)/204(a). The SEC alleges that Delaney knew the stock loan department was not complying with Rule 204T and had intentionally noncompliant Rule 204(a) procedures, yet did not take any action to change the procedures or report them to senior management. Delaney also is accused of establishing and maintaining a supervisory system that he knew allowed others to effectively remain unsupervised, and concealing the violations from Penson's CEO and from regulators.

Among other things, the SEC alleges that:

  • An internal compliance audit showed a 99 percent fail rate on close-out procedures, which are directly related to the procedures for long sales of loaned securities.
  • Delaney agreed with other Penson employees that Penson would not comply with the applicable Regulation SHO requirements in large part because of the expected costs.
  • Penson's written compliance procedures failed to contain compliant provisions and did not describe the procedures actually in use. Despite knowing about the violations for nearly two and a half years, Delaney took no steps to ensure that the procedures were changed to comply with the rules and in fact adopted written procedures that were designed to conceal the firm's actual procedures.
  • Delaney permitted and/or caused the firm to mislead the SEC concerning these issues.
  • Delaney failed to bring these issues to the firm's CEO.

Penson - CEO Issues

Penson's CEO, Yancey, is charged with failing to reasonably supervise both Delaney and Penson's senior vice president of stock loan, who directly oversaw the firm's securities lending business. Penson's written supervisory procedures designated Yancey as the direct supervisor of both the senior vice president of stock loan and Delaney. According to the SEC, Yancey expressed to Delaney that he did not trust the senior vice president of stock loan, and complained of insufficient control over his actions. However, Yancey took no steps to rectify these issues. The SEC also alleges that Yancey deliberately ignored "significant red flags" contained in a 2009 audit by Penson, which should have informed him that the firm's CCO bore responsibility for Rule 204 deficiencies.

Related Penson Actions

Additionally, the SEC instituted settled administrative proceedings against Lindsey Wetzig and Michael Johnson, former employees of the securities lending department of Penson's parent company, Penson Worldwide, Inc. According to the SEC, Wetzig caused Penson's violations of Rules 204T(a) and 204(a), and Johnson aided and abetted Penson's violations of Rules 204(a) and 204(b), and failed to supervise two vice presidents in the securities lending department. Without admitting or denying the SEC's findings, Wetzig and Johnson agreed to cease and desist from future violations. Wetzig agreed to cooperate with the SEC, and Johnson agreed to be barred for five years and to pay a civil penalty of $125,000.

Significance of the Penson Case

In his May 20, 2014, speech, Ceresney indicated that the SEC would take action against CCOs where they actively participate in misconduct or wholly fail to carry out their responsibilities. Ceresney pointed to the Penson case as illustrating these situations and stated:

[T]he Division alleged that the firm violated Reg SHO for more than three years and that the CCO not only knew about the firm's decision to violate the rules, but also affirmatively participated in the violations by, among other things, failing to implement procedures that he was responsible for implementing and that would have brought the firm into compliance, and then concealing those violations from regulators.

Here, if the facts alleged against Penson's CCO are proven, the SEC would show that the firm's CCO knowingly permitted a regular business practice that was in violation of applicable law, wrote compliance procedures that concealed the actual noncompliant procedures and misled regulators about the issue.

The SEC's allegations as to Penson's CEO raise the question of when is there sufficient evidence of a problem to require action on the part of a supervisor. The allegations also appear to raise the issue of whether supervisory liability is present if others in the entity actively try to hide the problem from the supervisor. In this case, the alleged facts would demonstrate that the CEO failed to supervise the firm's CCO, ignored the CCO's concealment of violations from regulators, and wholly failed to supervise the firm's senior vice president, who oversaw and directly engaged in the conduct giving rise to the rule violations, despite the CEO being designated as his direct supervisor.


On June 11, 2014, the SEC instituted a settled administrative proceeding against Thomas E. Meade, former CEO and COO of Private Capital Management Inc. (PCM), in connection with his role in PCM's failure to prevent, detect or respond to insider trading by a former PCM vice president, Drew Peterson, in 2010.

PCM, with a staff of four to five people, provided investment advisory services focused on no-load mutual funds to more than 300 accounts and managed more than $150 million in assets. PCM ceased advisory operations on July 31, 2012, and filed its Form ADV-W with the SEC on January 22, 2013, terminating its registration as an investment adviser.

In April 2010, Peterson received a tip from his father regarding the pending acquisition of a public company. At the time, Peterson's father served on the board of directors of the public company and as the chairman of its audit committee. On the basis of that information, Peterson traded securities of the public company for his own account, his family members, his investment club and investment clients, and passed the inside information on to certain friends, including a hedge fund manager.

In August 2011, the SEC filed a civil complaint alleging Peterson and his father engaged in insider trading. In the following months, the SEC amended the complaint to include the hedge fund manager, which then was followed by a criminal complaint against all three defendants. All three defendants pled guilty in the criminal action and settled the SEC action.

In August 2010, the SEC's Office of Compliance Inspections and Examinations (OCIE) conducted a cause examination of PCM out of concern that Peterson's trading and dissemination of material, nonpublic information had gone undetected. The findings of that exam resulted in a referral to the SEC's Division of Enforcement, which in turn led to Meade's settlement with the SEC.

The SEC's administrative order found that Meade, the president and chief compliance officer of PCM during the relevant period, was aware of the unique risks for misuse of material, nonpublic information by Peterson due to Meade's personal relationship with Peterson's father, but that Meade failed to design PCM's written compliance policies and procedures in light of these insider trading risks associated with PCM's particular operations.

The SEC also found that Meade failed to adequately collect and review records of personal trading by PCM employees during the relevant period and failed to maintain restricted or watch lists of stocks in each case as required under the firm's policies and procedures. Further, even after learning of Peterson's insider trading, Meade failed to conduct any investigation of the trading as required by the firm's policies and procedures and failed to document violations of the firm's code of ethics.

Finally, the SEC found that, as CCO, Meade was responsible for administering PCM's policies and procedures, yet he relied too much on employees to self-report violations and failed to annually assess the adequacy or effectiveness of PCM's policies and procedures that were in place.

Violations and Penalties in Meade

As a result of the conduct described above, the SEC found that PCM willfully violated, and Meade willfully aided and abetted and caused PCM's violations of:

  • Section 204A of the Advisers Act and Rule 204A-1 thereunder, which require that a registered investment adviser establish, maintain and enforce a written code of ethics;
  • Section 204(a) of the Advisers Act and Rules 204-2(a)(12-13) thereunder, which require that investment advisers registered with the SEC maintain and preserve certain books and records; and
  • Section 206(4) of the Advisers Act and Rule 206(4)-7 thereunder, which, among other things, require that a registered investment adviser adopt and implement written policies and procedures reasonably designed to prevent violations of the Advisers Act and its rules.

The SEC's order further found that Meade failed to reasonably supervise Peterson within the meaning of Section 203(e)(6) of the Advisers Act, with a view to preventing violations of the Advisers Act and rules thereunder.

Without admitting or denying the findings, Meade was censured and agreed to cease and desist from future violations, pay a $100,000 civil penalty and be effectively barred from the securities industry. Specifically, Meade was:

  • barred from associating in a compliance capacity and supervisory capacity with any broker, dealer, investment adviser, municipal securities dealer, municipal advisor, transfer agent or nationally recognized statistical rating organization; and
  • prohibited from serving or acting as an employee, officer, director, member of an advisory board, investment adviser or depositor of, or principal underwriter for, a registered investment company or affiliated person of such investment adviser, depositor, or principal underwriter.

Significance of the Meade Case

The SEC found that Meade did not adequately carry out his duties as a CCO and president by: failing to maintain and enforce a written code of ethics, failing to maintain required books and records, and failing to adopt and implement compliance policies and procedures tailored to address the specific risks inherent in his firm's operations.

As in Penson, there is also a supervision component, in that according to the SEC, Meade did not adequately supervise Peterson.

Section 203(e)(6) of the Advisers Act provides a safe harbor for failure-to-supervise claims where there are procedures in place that would be expected to prevent and detect violations and the supervisor discharges his duties and obligations without reasonable cause to believe that these procedures are not being followed. The SEC found that this safe harbor was not available because the compliance failures were so pervasive that Meade, as CCO, could not have had reasonable cause to believe that PCM was in a position to prevent and detect the insider trading that occurred.


The Ceresney speech provides a framework for analyzing the types of situations that could result in SEC enforcement actions against compliance personnel.

The speech, together with the SEC's allegations and actions in the Penson and Meade proceedings, indicate the importance for compliance personnel to be proactive in their approach to fulfilling their obligations and duties as compliance officers. In summary, CCOs and other compliance personnel should consider the following takeaways from the speech and enforcement actions:

  • CCOs need to be proactive in carrying out their duties and responsibilities under applicable securities laws and regulations.
  • CCOs need to be proactive in carrying out the functions assigned to them in their firm's compliance policies and procedures.
  • CCOs who have knowledge of possible or actual securities law violations at their firms must be proactive in investigating and reporting the potential or actual violations to members of their firms' senior management.

These cases also underscore the continuing risk of claims by the SEC of inadequate supervision. In the Penson case, the CEO is alleged to have failed to supervise both the CCO and a senior employee who caused the securities law violations and to have ignored "red flags" concerning those violations. In Meade, the CEO and CCO allegedly did not supervise a corporate officer who engaged in insider trading, and ignored red flags concerning a vice president's access to material, nonpublic information. These cases provide stark reminders that supervisory personnel must:

  • take seriously their supervisory roles and proactively carry out the duties outlined in their firms' compliance policies and procedures; and
  • proactively follow up on red flags that may indicate underlying securities issues.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

In association with
Related Video
Up-coming Events Search
Font Size:
Mondaq on Twitter
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
Email Address
Company Name
Confirm Password
Mondaq Topics -- Select your Interests
 Law Performance
 Law Practice
 Media & IT
 Real Estate
 Wealth Mgt
Asia Pacific
European Union
Latin America
Middle East
United States
Worldwide Updates
Check to state you have read and
agree to our Terms and Conditions

Terms & Conditions and Privacy Statement

Mondaq.com (the Website) is owned and managed by Mondaq Ltd and as a user you are granted a non-exclusive, revocable license to access the Website under its terms and conditions of use. Your use of the Website constitutes your agreement to the following terms and conditions of use. Mondaq Ltd may terminate your use of the Website if you are in breach of these terms and conditions or if Mondaq Ltd decides to terminate your license of use for whatever reason.

Use of www.mondaq.com

You may use the Website but are required to register as a user if you wish to read the full text of the content and articles available (the Content). You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these terms & conditions or with the prior written consent of Mondaq Ltd. You may not use electronic or other means to extract details or information about Mondaq.com’s content, users or contributors in order to offer them any services or products which compete directly or indirectly with Mondaq Ltd’s services and products.


Mondaq Ltd and/or its respective suppliers make no representations about the suitability of the information contained in the documents and related graphics published on this server for any purpose. All such documents and related graphics are provided "as is" without warranty of any kind. Mondaq Ltd and/or its respective suppliers hereby disclaim all warranties and conditions with regard to this information, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Mondaq Ltd and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use or performance of information available from this server.

The documents and related graphics published on this server could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Mondaq Ltd and/or its respective suppliers may make improvements and/or changes in the product(s) and/or the program(s) described herein at any time.


Mondaq Ltd requires you to register and provide information that personally identifies you, including what sort of information you are interested in, for three primary purposes:

  • To allow you to personalize the Mondaq websites you are visiting.
  • To enable features such as password reminder, newsletter alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our information providers who provide information free for your use.

Mondaq (and its affiliate sites) do not sell or provide your details to third parties other than information providers. The reason we provide our information providers with this information is so that they can measure the response their articles are receiving and provide you with information about their products and services.

If you do not want us to provide your name and email address you may opt out by clicking here .

If you do not wish to receive any future announcements of products and services offered by Mondaq by clicking here .

Information Collection and Use

We require site users to register with Mondaq (and its affiliate sites) to view the free information on the site. We also collect information from our users at several different points on the websites: this is so that we can customise the sites according to individual usage, provide 'session-aware' functionality, and ensure that content is acquired and developed appropriately. This gives us an overall picture of our user profiles, which in turn shows to our Editorial Contributors the type of person they are reaching by posting articles on Mondaq (and its affiliate sites) – meaning more free content for registered users.

We are only able to provide the material on the Mondaq (and its affiliate sites) site free to site visitors because we can pass on information about the pages that users are viewing and the personal information users provide to us (e.g. email addresses) to reputable contributing firms such as law firms who author those pages. We do not sell or rent information to anyone else other than the authors of those pages, who may change from time to time. Should you wish us not to disclose your details to any of these parties, please tick the box above or tick the box marked "Opt out of Registration Information Disclosure" on the Your Profile page. We and our author organisations may only contact you via email or other means if you allow us to do so. Users can opt out of contact when they register on the site, or send an email to unsubscribe@mondaq.com with “no disclosure” in the subject heading

Mondaq News Alerts

In order to receive Mondaq News Alerts, users have to complete a separate registration form. This is a personalised service where users choose regions and topics of interest and we send it only to those users who have requested it. Users can stop receiving these Alerts by going to the Mondaq News Alerts page and deselecting all interest areas. In the same way users can amend their personal preferences to add or remove subject areas.


A cookie is a small text file written to a user’s hard drive that contains an identifying user number. The cookies do not contain any personal information about users. We use the cookie so users do not have to log in every time they use the service and the cookie will automatically expire if you do not visit the Mondaq website (or its affiliate sites) for 12 months. We also use the cookie to personalise a user's experience of the site (for example to show information specific to a user's region). As the Mondaq sites are fully personalised and cookies are essential to its core technology the site will function unpredictably with browsers that do not support cookies - or where cookies are disabled (in these circumstances we advise you to attempt to locate the information you require elsewhere on the web). However if you are concerned about the presence of a Mondaq cookie on your machine you can also choose to expire the cookie immediately (remove it) by selecting the 'Log Off' menu option as the last thing you do when you use the site.

Some of our business partners may use cookies on our site (for example, advertisers). However, we have no access to or control over these cookies and we are not aware of any at present that do so.

Log Files

We use IP addresses to analyse trends, administer the site, track movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.


This web site contains links to other sites. Please be aware that Mondaq (or its affiliate sites) are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of these third party sites. This privacy statement applies solely to information collected by this Web site.

Surveys & Contests

From time-to-time our site requests information from users via surveys or contests. Participation in these surveys or contests is completely voluntary and the user therefore has a choice whether or not to disclose any information requested. Information requested may include contact information (such as name and delivery address), and demographic information (such as postcode, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the functionality of the site.


If a user elects to use our referral service for informing a friend about our site, we ask them for the friend’s name and email address. Mondaq stores this information and may contact the friend to invite them to register with Mondaq, but they will not be contacted more than once. The friend may contact Mondaq to request the removal of this information from our database.


From time to time Mondaq may send you emails promoting Mondaq services including new services. You may opt out of receiving such emails by clicking below.

*** If you do not wish to receive any future announcements of services offered by Mondaq you may opt out by clicking here .


This website takes every reasonable precaution to protect our users’ information. When users submit sensitive information via the website, your information is protected using firewalls and other security technology. If you have any questions about the security at our website, you can send an email to webmaster@mondaq.com.

Correcting/Updating Personal Information

If a user’s personally identifiable information changes (such as postcode), or if a user no longer desires our service, we will endeavour to provide a way to correct, update or remove that user’s personal data provided to us. This can usually be done at the “Your Profile” page or by sending an email to EditorialAdvisor@mondaq.com.

Notification of Changes

If we decide to change our Terms & Conditions or Privacy Policy, we will post those changes on our site so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.

How to contact Mondaq

You can contact us with comments or queries at enquiries@mondaq.com.

If for some reason you believe Mondaq Ltd. has not adhered to these principles, please notify us by e-mail at problems@mondaq.com and we will use commercially reasonable efforts to determine and correct the problem promptly.