There are really three situations where the Commission typically brings enforcement actions against compliance personnel:
- where compliance personnel affirmatively participated in misconduct unrelated to the compliance function;
- where they misled regulators; and
- where there was a wholesale failure by them to carry out their compliance responsibilities.
The first category is easy: being a member of the compliance function is not a “get-out-of-jail” card, so when compliance officers violate the securities laws in ways that have nothing to do with exercising their compliance responsibilities, they are held accountable just like anyone else.
Source: Gurbir Grewal’s Remarks at New York City Bar Association Compliance Institute
