The Securities and Exchange Commission (“SEC” or “Commission”) requires investment advisers registered with the SEC to designate a chief compliance officer (“CCO”) to administer the adviser’s compliance policies and procedures.[1] While the SEC has repeatedly emphasized a renewed focused on bread-and-butter, fraud-based enforcement and away from rules-based violations without accompanying investor harm, the SEC has instituted several actions against investment adviser CCOs in 2025.[2] These CCO actions highlight the critical role CCOs play in an adviser’s legal compliance function. They also serve as a useful illustration about the importance of keeping true, accurate, and current books and records, adopting and implementing policies and procedures that take into consideration the nature of a particular adviser’s operations, communicating truthfully with SEC staff (the “Staff”), and adequately supervising the adviser’s personnel. Below we discuss lessons learned from these actions and suggestions to help improve the efficacy of investment adviser CCOs.
Background
SEC-registered investment advisers are required to adopt and implement written policies and procedures reasonably designed to prevent the adviser and its supervised person from violating the Investment Advisers Act of 1940 (“Advisers Act”) and the rules adopted thereunder.[3] Among other things, advisers’ policies and procedures should address conflicts of interests, portfolio management processes, trading practices, the accuracy of disclosures, custody, recordkeeping, marketing, valuation, and business continuity.[4] Advisers must also establish, maintain, and enforce a code of ethics regarding the personal securities transactions of “access persons.”[5] Advisers are also required to make and keep true, accurate and current books and records, including a copy of the adviser’s policies and procedures and any records documenting the adviser’s annual compliance review.[6] These records are subject to examination by the SEC.[7] An adviser may face liability for violating these requirements directly or for failing to supervise any person acting on the adviser’s behalf.[8]
SEC-registered investment advisers also must designate a CCO responsible for administering the adviser’s policies and procedures and must review the adequacy of such policies and procedures and the effectiveness of their implementation at least annually.[9] The SEC emphasized that a CCO should be “competent and knowledgeable” about the Advisers Act, be “empowered with full responsibility and authority to develop and enforce” the policies and procedures, and be in a position of seniority and authority sufficient enough to compel others to follow the policies and procedures.[10] A CCO also may have liability for their own violation, for aiding, abetting or causing the adviser’s violation, or for failing to supervise another person.
Recent Enforcement Actions
Backdated Documents
The two most recent settled CCO actions involved allegations that the CCOs of formerly registered investment advisers willfully aided and abetted and caused the advisers’ violation of the Advisers Act by providing backdated documents to the Staff in connection with examinations.
In the first action, the Staff requested information from an SEC-registered adviser during an examination, including any records documenting the adviser’s most recent annual compliance review performed pursuant to the Compliance Rule and any records documenting compliance testing.[11] The adviser did not have any records responsive to the Staff’s request. But after receiving the Staff’s request, the CCO created, signed, and backdated documents that purported to memorialize contemporaneous annual compliance reviews for three years and provided the backdated documents to the Staff. The SEC found that the CCO willfully aided and abetted and caused the adviser’s violation of the Recordkeeping Rule and the Compliance Rule.[12]
In the first action, the SEC noted that “documentation of an adviser’s annual compliance review is not required under Rule 206(4)-7 under the Advisers Act.”[13] However, in a 2020 risk alert, the Staff noted as examples of deficiencies or weaknesses related to the Compliance Rule, that “staff observed advisers that were unable to demonstrate that they performed an annual review […] Advisers that claimed to engage in ongoing or annual compliance reviews of their policies and procedures to determine their adequacy and effectiveness of their implementation, but could not provide evidence that one occurred.”[14] This first action illustrates the importance of being able to demonstrate the annual review of the adviser’s policies and procedures and not manufacturing falsified documentation during an examination.
In the second action, the adviser’s code of ethics required that access persons report their securities transactions and holdings consistent with the Code of Ethics Rule requirements and obtain the CCO’s approval before purchasing or selling securities in their personal accounts.[15] The CCO created a form to implement and memorialize compliance with the adviser’s policies and procedures. While not required by the adviser’s policies and procedures, the form was designed such that an access person would complete and sign the form to document their pre-trading requests, and the CCO would countersign the form to indicate approval of the trades. The adviser’s policies and procedures also provided that the adviser keep true, accurate, and current records of any decisions to approve securities transactions by access persons for six years. The SEC order alleged that the forms were often not completed until after the transactions were completed, and during an SEC examination the CCO modified approximately 170 previously completed forms, created forms for prior transactions where no form existed, and signed forms on the portfolio manager’s behalf without their knowledge. The CCO told the Staff that the portfolio manager had filled out the forms incorrectly and that the forms were changed when they were submitted.
The SEC found that in engaging in this conduct, the CCO willfully aided and abetted and caused the adviser’s violations of the Compliance Rule and the Recordkeeping Rule by failing to keep true and accurate records required by the adviser’s written policies and procedures, and failing to provide the Staff with true and accurate records in response to the SEC’s examination. This second action illustrates the importance of following the adviser’s policies and procedures and keeping true and accurate records as part of the compliance program.
Other Enforcement Actions
In two other settled actions from earlier in 2025, the SEC found that respondents who served as the CCO and in other capacities at an adviser violated the Advisers Act. One of the respondents in one of the actions was a partner of a private fund adviser and previously served as managing partner and CCO.[16] The SEC alleged that the adviser’s chief operating officer (“COO”) misappropriated funds by misusing the debit card of the private fund’s portfolio company to pay personal expenses and causing herself to be paid compensation exceeding her authorized salary. The SEC noted that the adviser did not have policies to address the operation of the fund or the portfolio companies, including policies regarding charging business expenses or reviewing portfolio company expenses. The SEC also noted that the CCO was aware of facts that should have been red flags (e.g., a significant increase in portfolio company expenses), but he failed to investigate or otherwise take appropriate action. The SEC also noted that he was responsible for overseeing the COO as her direct supervisor and was responsible for monitoring and testing compliance with the adviser’s policies and procedures as the adviser’s CCO, and the SEC found that he failed to reasonably supervise the COO (among other findings).[17]
One of the respondents in the other action was the CCO, as well as the CEO, Founder, and sole owner of a private fund adviser and its relying adviser.[18] The advisers served as managers to two private funds. The advisers allegedly charged the funds for expenses that were not permitted under the funds’ governing documents, failed to disclose the resulting conflicts of interest, submitted invoices to the funds without taking reasonable steps to confirm that the funds should have paid the invoices, and failed to adopt and implement reasonably designed policies and procedures. For example, the funds paid for various services that benefitted the advisers and CCO and the advisers submitted expenses to the funds with generic descriptions and limited support. Additionally, the advisers did not generate or keep records that were sufficient to determine whether the expenses should be charged to the funds and did not adopt and implement policies and procedures reasonably designed to prevent the misallocation of expenses to the funds or policies and procedures for identifying and disclosing conflicts of interest.
The SEC found that the respondents breached their fiduciary duties to the funds.[19] Additionally, the SEC found that the advisers violated the Compliance Rule, and the CCO caused such violations, as a result of their failure to adopt and implement reasonably designed policies and procedures. The SEC stated that “[a]s the CEO, CCO, founder, and sole owner of the [advisers], [he] was responsible for adopting and implementing compliance policies and procedures and caused these violations” and “should have known that his conduct would contribute to the [advisers’] violation of Advisers Act Rule 206(4)-7.”
Key Takeaways
The Commission does not typically bring an enforcement action against a CCO unless the CCO has crossed a clear line.[20] The Staff have discussed situations where the Commission has typically charged a compliance officer,[21] including where a compliance officer obstructs or misleads the Staff or provides false information to regulators, as such cases “involve deliberate conduct by the CCO intended to thwart the SEC’s ability to exercise effective oversight of the compliance function.” The first two actions discussed above involve similar allegations and serve as a useful reminder regarding CCO liability under the Advisers Act. CCOs should ensure that their firms maintain true and accurate records and communicate truthfully with the Staff in connection with an examination.
All of the actions above also serve as a useful reminder regarding the application of the Compliance Rule. An adviser’s policies and procedures should be tailored to address the conflicts of interest and other compliance factors creating risk exposure for the firm and its clients in light of the firm’s particular operations.[22] In the last two actions, the SEC specifically noted the absence of specific policies and procedures in light of each adviser’s operations.[23]
Advisers should also ensure that their policies and procedures are actually implemented and that the related records are kept true, accurate, and current.[24] As the individuals responsible for administering the adviser’s policies and procedures and reviewing their adequacy and effectiveness, CCOs play a critical role in the advisers’ compliance with these requirements.
Finally, advisers should be aware of their duty to adequately supervise personnel acting on behalf of the adviser. In the case of a red flag of potential wrongdoing by such personnel, the adviser should respond promptly and appropriately.
Click here to download this article.
[1] Advisers Act Rule 206(4)-7 (“Compliance Rule”); Compliance Programs of Investment Companies and Investment Advisers, Advisers Act Rel. No. 2204 (Dec. 17, 2003) (“Compliance Rule Adopting Release”).
[2] See Willkie’s Client Alert (SEC Enforcement – New Administration Update – First Half of 2025 (Jul. 7, 2025)), available here.
[3] Compliance Rule.
[4] Compliance Rule Adopting Release.
[5] Advisers Act Rule 204A-1 (“Code of Ethics Rule”).
[6] Section 204 of the Advisers Act; Advisers Act Rule 204-2(a)(17) (together, “Recordkeeping Rule”).
[7] Section 204(a) of the Advisers Act.
[8] Section 203(e)(6) of the Advisers Act (“The Commission, by order, shall censure, place limitations on the activities, functions, or operations of, suspend for a period not exceeding twelve months, or revoke the registration of any investment adviser if it finds [an investment adviser] has failed reasonably to supervise, with a view to preventing violations of the provisions of such statutes, rules and regulations, another person who commits such a violation, if such other person is subject to his supervision.”).
[9] Compliance Rule.
[10] Compliance Rule Adopting Release.
[11] In re Colin Michael Moors, Advisers Act Rel. No. 6894 (Jul. 11, 2025) (settled order) (“Moors”), available here.
[12] Specifically, the SEC found violations of Advisers Act Section 204 and Rule 206(4)-7(a)(17)(ii).
[13] Moors.
[14] OCIE Observations: Investment Adviser Compliance Programs (Nov. 19, 2020) (“2020 Risk Alert”), available here.
[15] In re Suzzane Ballek, Advisers Act Rel. No. 6896 (Jul. 15, 2025) (settled order) (“Ballek”), available here.
[16] In re Momentum Advisors, LLC and Allan J. Boomer, Adviser Act Rel. No. 6860 (Mar. 7, 2025) (settled order) (“Momentum”), available here.
[17] Advisers Act Section 203(e)(6). The SEC also described other conduct and violations unrelated to the respondent’s role as CCO. The SEC found that he willfully violated Sections 206(2) and 206(4) of the Advisers Act and Rule 206(4)-8 thereunder, and Boomer failed reasonably to supervise within the meaning of Section 203(e)(6) of the Advisers Act.
[18] In re One Thousand & One Voices Management, LLC; Family Legacy Capital Credit Management, LLC; and Hendrik F. Jordaan, Adviser Act Rel. No. 6811 (Jan. 10, 2025) (settled order) (“One Thousand & One Voices Management”), available here.
[19] Advisers Act Section 206(2). The SEC also found violations of Section 206(4) of the Advisers Act and Rule 206(4)-8 thereunder.
[20] See, e.g., Commissioner Hester M. Peirce, Chief Compliance Officer Liability: Statement on In the Matter of Hamilton Investment Counsel LLC and Jeffrey Kirkpatrick (July 1, 2022), available here. See also Andrew Ceresney, 2015 National Society of Compliance Professionals, National Conference: Keynote Address (Nov. 4. 2015) (“Ceresney Speech”), available here.
[21] Gurbir S. Grewal, Remarks at New York City Bar Association Compliance Institute (Oct. 24, 2023) available here. In his 2023 speech, then-Director Grewal also stated that Enforcement may recommend charges against a compliance officer “where the compliance personnel affirmatively participated in misconduct unrelated to the compliance function” or “where there was a wholesale failure by them to carry out their compliance responsibilities.” See also Ceresney Speech.
[22] See, e.g., Compliance Rule Adopting Release and the 2020 Risk Alert.
[23] In One Thousand & One Voices Management, policies or procedures reasonably designed to prevent the misallocation of expenses to the funds or policies and procedures for identifying and disclosing conflicts of interest, and in Momentum, policies to address the operation of the fund or the portfolio companies, including policies regarding travel and other business expenses or the review of expenses charged to the portfolio companies.
[24] In the 2025 Examination Priorities, the SEC Division of Examinations noted that “assessment of the effectiveness of advisers’ compliance programs is a fundamental part of the examination process.” Fiscal Year 2025 Division of Examinations Examination Priorities, available here. See also SEC Division of Examinations, Observations from Examinations of Newly-Registered Advisers (Mar. 27, 2023), available here.
