For many chief compliance officers (CCOs), the greatest fear isn’t just a regulatory fine against their firm, it’s finding themselves in the regulator’s crosshairs. In recent years, the SEC has shown a willingness to pursue CCOs personally, holding them accountable not only for their own misconduct but for the firm’s operational failures, ignored warning signs, and even poorly implemented policies. Recent cases reveal a stark reality: when the adviser falters, the CCO can become both witness and target.
The expanding liability risk for CCOs
Under the Investment Advisers Act 1940, every SEC-registered adviser must appoint a CCO to design, implement, and enforce compliance programmes. These aren’t box-ticking exercises for the sake of regulatory formality. Policies must actively address conflicts of interest, portfolio management, trading practices, disclosures, custody, marketing, valuation, and more. Records must be true, accurate, and current, because when the SEC examines a firm, those records are the first line of evidence.
The CCO’s role goes beyond policy drafting: they must have the authority and seniority to compel compliance across the firm. That means they can’t be sidelined, ignored, or treated as a ceremonial appointment.
And while the SEC insists it doesn’t target CCOs lightly, history shows that when it believes a compliance officer has crossed a “clear line,” the consequences are severe.
The regulator can:
- Name the CCO personally in an enforcement action.
- Seek civil penalties, industry bars, or suspensions.
- Accuse the CCO of aiding and abetting the firm’s misconduct.
- Charge the CCO with a failure to supervise, a finding that can permanently damage professional credibility.
In extreme cases, the SEC has sought to ban individuals from serving in compliance or supervisory roles altogether. These four cases make one thing clear: misleading regulators, ignoring red flags, or failing to implement adequate controls can turn the CCO from the firm’s shield into the SEC’s primary target.
Moors: Fabricating the past
What Happened:
During an SEC examination, the regulator asked an adviser for records of its most recent annual compliance reviews. None existed. Instead of admitting this, the CCO created, signed, and backdated three years’ worth of “reviews” and provided them to the SEC.
Where They Went Wrong:
While the law doesn’t actually require advisers to document annual reviews, creating falsified documents in response to a regulator’s request crossed into willful misconduct. This turned a compliance gap into a serious enforcement case because the deception undermined the SEC’s ability to trust the firm’s records.
How to Avoid It:
If documentation is missing, own it. Regulators will often accept an honest admission combined with a plan to fix the process. Fabricating history to “fill in the gaps” is guaranteed to escalate the matter into an enforcement action.
Ballek: Rewriting the rules
What Happened:
The adviser’s code of ethics required pre-approval of personal securities trades. The CCO designed a form for this purpose, requiring access persons to complete and sign it before trades, with the CCO countersigning to approve. In practice, the process broke down. Forms were often completed after trades had already taken place, or not at all.
When the SEC examined the firm, the CCO went further: she altered about 170 previously completed forms, created new ones for trades that had no documentation, and even signed a portfolio manager’s name without their knowledge. She then told SEC staff the manager had simply filled out the forms incorrectly.
Where They Went Wrong:
This wasn’t just sloppy recordkeeping, it was active falsification. By altering records and forging signatures, the CCO moved from oversight failure into direct participation in misconduct, willfully aiding and abetting violations.
How to Avoid It:
Don’t “fix” non-compliant processes retroactively. If forms are missing or incomplete, acknowledge the gaps and document the reasons. Then implement real-time controls to prevent recurrence. Attempting to rewrite history will only amplify liability.
Momentum Advisors: Ignoring Red Flags
What Happened:
The CCO, also a partner at the firm, supervised the chief operating officer of a portfolio company. The COO misused the company’s debit card for personal expenses and paid herself more than her authorised salary. There were obvious warning signs, such as a sharp increase in expenses, but the CCO failed to investigate or act.
The firm also lacked any policies to govern portfolio company operations, expense approvals, or expense reviews.
Where They Went Wrong:
The CCO had a dual failure: as the COO’s direct supervisor, he ignored clear red flags; and as CCO, he failed to ensure the firm had policies that could have prevented the misconduct in the first place.
How to Avoid It:
Never dismiss anomalies. Unexplained spikes in spending or other operational irregularities should trigger immediate investigation. CCOs must also ensure policies exist for high-risk areas, even if those areas sit within a portfolio company rather than the adviser itself.
One Thousand & One Voices Management: Conflicts and Self-Dealing
What Happened:
In this case, the CCO was also CEO, founder, and sole owner of the adviser. The firm charged private funds for expenses that benefitted the adviser and the CCO personally, without disclosure or supporting documentation. Invoices were vague, and no controls existed to prevent misallocation of expenses or to manage conflicts of interest.
Where They Went Wrong:
The CCO wore multiple hats, but the compliance responsibilities were not suspended by his executive role. He failed to adopt and implement tailored policies to prevent improper expense allocations, neglected conflict disclosures, and authorised charges without proper verification.
How to Avoid It:
If you hold both compliance and executive responsibilities, you must apply heightened scrutiny to transactions that could benefit you personally. Establish independent oversight for potential conflicts and ensure expense allocations are documented, justified, and permitted under governing documents.
CCO survival checklist
These recent cases against compliance officers are more than cautionary tales, they are roadmaps of exactly how things can go wrong. From falsifying records to ignoring glaring red flags, each case showed how quickly a compliance lapse can become a personal liability. For CCOs, the stakes aren’t limited to the firm’s reputation; your own career, credibility, and ability to work in the industry may be on the line. Take this checklist to turn the hard lessons from those cases into practical steps you can take to avoid the same fate.
Protect the Record – Never Fabricate
- Be transparent about gaps: missing documentation is fixable, falsified records are not.
- Never backdate, alter, or create documents after the fact to satisfy an exam request.
- If an error or omission is found, document the reason and corrective steps.
Implement Real-Time Controls
- Approval processes (e.g., personal trades, expenses) must be in place and followed in real time.
- Avoid retroactive sign-offs: design systems to prevent action until compliance checks are complete.
- Regularly audit key processes to confirm adherence.
Investigate Red Flags Immediately
- Treat unusual transactions, expense spikes, or operational anomalies as urgent matters.
- Keep a documented trail of all investigations, even if the issue turns out benign.
- Remember: failure to act can be as damaging as active misconduct.
Tailor Policies to Your Actual Risks
- Generic policies won’t withstand scrutiny. Address specific risks in your firm’s operations.
- Include coverage for high-risk areas like expense allocation, portfolio company oversight, and conflicts of interest.
- Review and update policies annually and after any major operational change.
Manage Conflicts — Especially Your Own
- If you hold both executive and compliance roles, implement independent oversight for anything that could benefit you personally.
- Disclose and document all potential conflicts to relevant stakeholders and clients.
- Keep clear, detailed records for all expense allocations.
Engage with Regulators Honestly
- Always give truthful, complete answers during examinations or inquiries.
- If you don’t know an answer, say so, then commit to providing it promptly.
- Maintain professional, cooperative communication at all times.
