December 5, 2018 / 5:12 PM / 3 months ago

INSIGHT: Personal liability holds focus in U.S. regulatory enforcement; tips for self-protection

NEW YORK(Thomson Reuters Regulatory Intelligence) - More than 1,000 bankers went to jail as a result of the U.S. savings-and-loan crisis in the 1980’s. But the pendulum of personal accountability among senior executives in financial services swings over time, as shown after the financial crisis of 2008, where almost no one was jailed and only a small handful of individuals were fined. The pendulum is swinging back again to holding more individuals accountable.

Commuters walk in to London's financial district during the morning rush hour October 7, 2008.

After the financial crisis, although regulators and law enforcement levied massive fines against approximately 50 different firms totaling nearly $200 billion, prosecutions of individuals proved much more rare and difficult.

In President Barack Obama’s State of the Union address in January 2012 he called for Wall Street executives to be held accountable and pointed to new rules being put in place. The U.S. Attorney General at the time, Eric Holder, tasked the U.S. attorneys around the country with investigating the misdeeds leading up to, and related to the crisis.

At this point in 2012, the ordinary five-year statute of limitations for criminal fraud had essentially run out, making the task of holding individuals accountable even more difficult, if not impossible. However, a separate 10-year statute of limitations under banking laws allowed the government to pursue institutions rather than individuals, so the regulators and Department of Justice (DOJ) focused on the corporate penalties.

Holder faced significant criticism from lawmakers and advocacy groups for the department’s leniency on executives, and the desire for individual accountability grew as politicians and public sentiment shifted.

That started swinging the pendulum back again as the Justice Department, banking regulators, the U.S. Securities and Exchange Commission (SEC), the Financial Industry Regulatory Authority (FINRA), and the Commodity Futures Trading Commission (CFTC), all made individual accountability a top priority.

Under the direction of a new U.S. Attorney General, Loretta Lynch, who took over in 2015, an emphasis on personal liability strengthened. In a policy statement that year the department sent a much tougher message on individual accountability. The warning shot came from Deputy Attorney General Sally Q. Yates, who said, in her now famous "Yates Memo"{here} “One of the most effective ways to combat corporate misconduct is by seeking accountability from the individuals who perpetrated the wrongdoing.”

“Corporations can only commit crimes though flesh-and-blood people,” she said.

Against such a backdrop, individuals are concerned with their own careers and liability risks. Below, and in a series of global webinars slated for next week, Regulatory Intelligence reviews the current personal liability landscape, how we got here, and offer some suggestions for individuals to take in order to protect themselves.


The issue of personal liability was debated at the SEC in June 2015, when commissioners Daniel Gallagher{here} and Luis Aguilar{here} traded press releases about whether and how a crackdown on compliance professionals' accountability is actually occurring, and its appropriateness.

This occurred as compliance officers at firms as diverse as Swinton Insurance, Bank Leumi, Bank of Tokyo-Mitsubishi, Brown Brothers Harriman, Deutsche Bank, MoneyGram International, Private Capital Management Inc., BlackRock, Raymond James, and Aegis Capital were fined, had to resign or were banned from the profession.

Despite leadership changes at the major financial regulators since the 2016 presidential election, appointees by President Donald Trump have stayed the course in continuing to emphasize the necessity of personal or individual accountability. This is evidenced in cases announced as recently as last month by both the SEC and CFTC.

SEC Enforcement Directors, Steven Peikin and Stephanie Avakian addressed the importance of personal accountability in last month's Annual Enforcement Report for Fiscal Year 2018{here}. The agency cited individuality in a recitation of its "Core Principles," which also included a focus on the retail investor, keeping pace with technological change, imposing remedies that most effectively further enforcement goals, and assessing the allocation of resources.

A steady rise in notable cases where individuals were named and held liable for failures, as well as repeated warnings from regulators and lawmakers, give clear evidence that the pendulum has returned to an environment where compliance practitioners and senior managers must be conscious of their own personal liability risk.


The best advice for employees to avoid charges of personal liability is to create and maintain a personal file of evidence to demonstrate both firm-wide and individual compliance with all regulatory expectations.

This evidence of understanding of the rules, the firm’s business practices, and detailed accounts of regular inspections of activities, can demonstrate an active and vigilant compliance program and culture. A lack of documentation is often what leads to penalties against compliance personnel.

The use of attestations to establish a personal commitment to compliant behavior by supervisors is valuable evidence to present to regulators. The emphasis that chief compliance officers (CCOs) and other senior executives place on the compliance culture at the firm should be supported by records showing how the business is communicating its policies and compliance expectations.

The SEC in 2013 published answers{hhere} to frequently asked questions related to personal liability at broker-dealers. An important factor involving personal liability is the supervisory nature of one's job. The SEC provided a list of considerations to establish whether a person is a supervisor, including:

-Has the person clearly been given, or otherwise assumed, supervisory authority or responsibility for particular business activities or situations?

-Do the firm’s policies and procedures, or other documents identify the person as responsible for supervising, or for overseeing, one or more business persons or activities?

-Did the person have the power to affect another’s conduct?

-Did the person have the ability to hire, reward, or punish that person?

-Did the person otherwise have authority and responsibility such that he or she could have prevented the violation from continuing, even if he or she did not have the power to fire, demote, or reduce the pay of the person in question?

Senior management including compliance, legal, and human resources must coordinate to be sure that they have documented clear lines of supervision. They must also develop a clear job description and a clear mission statement particularly for the compliance group but also for every employee and the entire organization.

The CCO should not have supervisory responsibilities over business-line activities but should review compliance policies and procedures and designate the appropriate person to have supervisory responsibilities over the relevant business functions of the firm.

Compliance should periodically meet with designated supervisors to inquire whether they are conducting the proper reviews of the business they are responsible for.

CCOs should carefully document every step taken and persons consulted in investigating and remedying any possible illegal activities. Documentation is critical when showing regulators how compliance handled a situation and why.

CCOs must not delegate any certification or report being submitted to a state or federal governmental or regulatory authority by them on behalf of their organizations.

Although they should seek help in getting the information needed to make the attestation, CCOs should be reluctant to sign any document unless they have carefully reviewed and fully understand its contents and have taken the requisite steps to confirm its accuracy.

CCOs need to be anticipatory in carrying out the functions assigned to them in their firm’s compliance policies and procedures. The regulators will be wary of a compliance program that looks great on paper but is not being followed in practice. If the compliance team has a program in place, documented evidence must be supplied to show it is being followed, tested and updated regularly.

CCOs should demand an organizational structure that provides a direct line of communication with all top executive officers or board directors. CCOs should ensure they have sufficient skilled resources at their disposal to evidence their actual compliance with it.

A speech on CCO liability by the SEC's former enforcement director, Andrew Ceresney{here}, before he left the agency in 2016 serves as a commonsense guide that the agency's enforcement division seems to be continuing to follow.

Ceresney categorized enforcement actions brought against CCOs into three broad categories:

-Cases against CCOs who are affirmatively involved in misconduct that is unrelated to their compliance function.

-Cases against CCOs who engage in efforts to obstruct or mislead agency staff.

-Cases where the CCO has exhibited a wholesale failure to carry out responsibilities.

This third category, failure to carry out responsibilities – raised concerns in the industry and it has left many questioning whether it might be a slippery slope for CCOs.


In the highly regulated workplace, no one is immune to personal liability. Carelessness and failures to correct mistakes or report wrongdoing can jeopardize a career. Above all else, individuals must never forget this basic tenant to do what’s right. Much like the public service announcements surrounding terrorism, a policy of “if you see something, say something,” holds true for employees in the workplace.

If policies and procedures are not being followed or corners are being cut, an employee must document it and escalate it. After all, careers and potential personal liability is at stake.

Regulatory Intelligence will probe the issue of personal accountability deeper next week in the three global webinars.

1. 11th December 2018, Time2:00pm EST // 1:00pm CT // 11:00am PST:

2. 11th December 2018, Time10:00am GMT:

3. 12th December 2018, Time4:00 p.m. Sydney (AEDT) // 3:00 p.m. Brisbane (AEST) // 1:00 p.m. HKT/SGT:

(Todd Ehret is a Senior Regulatory Intelligence Expert for Thomson Reuters Regulatory Intelligence based in New York.)

This article was produced by Thomson Reuters Regulatory Intelligence and initially posted on Dec. 4. Regulatory Intelligence provides a single source for regulatory news, analysis, rules and developments, with global coverage of more than 400 regulators and exchanges. Follow Regulatory Intelligence compliance news on Twitter: @thomsonreuters

0 : 0
  • narrow-browser-and-phone
  • medium-browser-and-portrait-tablet
  • landscape-tablet
  • medium-wide-browser
  • wide-browser-and-larger
  • medium-browser-and-landscape-tablet
  • medium-wide-browser-and-larger
  • above-phone
  • portrait-tablet-and-above
  • above-portrait-tablet
  • landscape-tablet-and-above
  • landscape-tablet-and-medium-wide-browser
  • portrait-tablet-and-below
  • landscape-tablet-and-below