ARTICLE
15 August 2025

SEC Intensifies Scrutiny Of Chief Compliance Officers

FL
Foley & Lardner

Contributor

Foley & Lardner logo
Foley & Lardner LLP looks beyond the law to focus on the constantly evolving demands facing our clients and their industries. With over 1,100 lawyers in 24 offices across the United States, Mexico, Europe and Asia, Foley approaches client service by first understanding our clients’ priorities, objectives and challenges. We work hard to understand our clients’ issues and forge long-term relationships with them to help achieve successful outcomes and solve their legal issues through practical business advice and cutting-edge legal insight. Our clients view us as trusted business advisors because we understand that great legal service is only valuable if it is relevant, practical and beneficial to their businesses.
Explore Firm Details
Two recent SEC enforcement actions serve as a sharp reminder that Chief Compliance Officers (CCOs) can face personal liability for what they do – or fail to do – in the course of regulatory examinations for registered investment advisers (RIAs).
United States Corporate/Commercial Law
Stephen M. Meli,Kevin C. McNiff, and Sydney Brault
Your Author LinkedIn Connections

Two recent SEC enforcement actions serve as a sharp reminder that Chief Compliance Officers (CCOs) can face personal liability for what they do – or fail to do – in the course of regulatory examinations for registered investment advisers (RIAs). In each case, the Commission focused not on systemic firm-wide compliance failures, but rather on individual acts by the CCO of two separate RIAs to cover up prior administrative errors and omissions when producing documents to SEC examination staff.

These actions make clear that the SEC is treating altering, creating, or backdating records during an exam as a standalone basis for charging CCOs in their personal capacity, even where the documents themselves are only required to be maintained under the RIA's own internal policies rather than under federal regulations.

July 2025 Enforcement Actions

In two separate matters in July 2025, the SEC sanctioned CCOs for producing altered or newly-created compliance records in response to examination requests.

  • In one case, the CCO of a former RIA submitted approximately 170 pre-clearance trading forms in response to a routine SEC request that were altered – often using whiteout – to fill in missing information and modify dates to make them appear properly completed as at the time of trading as required by the RIA's Code of Ethics. This also included creating new forms and adding traders' signatures to them without the traders' knowledge or approval before sending them to the SEC exam staff. The exam staff did not receive disclosure of these adjustments during inquiries, even when questioning the CCO about "apparent alternations" to the forms.1
    Result: US$40,000 penalty and a three-year bar from compliance or supervisory roles.
  • In another case, a CCO responded to an exam by drafting, backdating and signing three years of annual compliance review calendars before presenting them as if they had been created in that period. Both the CCO and the firm's president signed these documents. The CCO later "voluntarily admitted" these actions in testimony to SEC staff.2
    Result: US$10,000 penalty; no bar.

Though factually different, both actions rest on the same core issue: the CCO knowingly misled the SEC by manipulating documents in response to an exam. The SEC found in both cases that the CCO's actions violated recordkeeping requirements under Section 204(a) of the Advisers Act (as well as Section 206(4) and Rule 206(4)-7 with respect to the first action).

Personal Liability in Previous SEC Actions Against CCOs

The SEC has brought similar actions before, most notably in 2020 when it charged a CCO who had backdated a compliance memo related to a sensitive investment and withheld contradictory versions of the memo from exam staff. This led to a US$25,000 civil penalty, a three-year prohibition on acting in a compliance capacity and a one-year ban from appearing before the Commission as an attorney.3

In addition, the SEC has previously brought charges against CCOs in their personal capacities for more pervasive and extensive compliance failures, such as the following cases:

  • 2022 Case: The SEC took action against an investment firm due to inadequate compliance policies regarding outside business activities (OBAs). The firm's CCO failed to enforce proper reporting, leading to violations under Section 206(4) of the Advisers Act.4

Result: US$15,000 civil penalty for the CCO and restrictions on future supervisory roles; US$150,000 penalty for the firm.

  • 2011 Case: A firm faced charges for overcharging clients and failing to properly disclose principal trades, violating multiple provisions of the Advisers Act. The compliance officer and executive management were deemed to have aided and abetted these violations.5 Result: US$50,000 civil fine and requirements for comprehensive compliance reviews by independent consultants.

In contrast to these precedent enforcement actions, the 2025 cases demonstrate the SEC's willingness to pursue personal charges against CCOs solely on the basis of misleading regulators for relatively routine matters, rather than participating in more serious underlying misconduct. In the recent actions, the CCOs' conduct involved completing standard documents like pre-clearance trading forms and annual compliance calendars: documents that might not raise flags for potential enforcement given the absence of alleged harm to the RIA's investors. However, intentional and misleading mischaracterizations of records to the SEC can result in personal liability for CCOs.

Strategic Considerations for CCOs and Firms

CCOs and their teams should now prioritize the following:

  • Align Practices with Policies: Perform regular internal audits to confirm that operational practices are consistent with your firm's documented policies. Implement documentation standards that are practical and uniformly enforceable, accurately reflecting daily operations and supporting effective compliance enforcement.
  • Develop Robust Exam Protocols: During regulatory examinations, it is vital to maintain the accuracy of information presented to regulators. While addressing incomplete details is important, it should never lead to the misrepresentation of the firm's practices, which can invite regulatory consequences.
  • Promote Integrity in Documentation: Emphasize in training that honesty and accuracy in record-keeping are critical, even when records are not perfect. Compliance teams should be aware of the importance of document integrity and recognize that improper handling of records during an examination can result in enforcement actions.

The SEC generally aims to encourage qualified individuals to assume the role of Chief Compliance Officer, and it is rare for CCOs to face personal charges for compliance failures. However, the SEC has made its current position clear: CCOs are not immune from personal liability when they mislead exam staff. Efforts to bring documentation into compliance, if not handled transparently, can result in fines, industry bars, and long-term career impact.

Footnotes

1. https://www.sec.gov/files/litigation/admin/2025/ia-6896.pdf

2. https://www.sec.gov/files/litigation/admin/2025/34-103437.pdf

3. https://www.sec.gov/files/litigation/admin/2020/34-90061.pdf

4. https://www.sec.gov/files/litigation/admin/2022/34-95189.pdf

5. https://www.sec.gov/files/litigation/admin/2011/34-64558.pdf

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Stephen M. Meli
Stephen M. Meli
Photo of Kevin C. McNiff
Kevin C. McNiff
Photo of Sydney Brault
Sydney Brault
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More