Elaboración del primer manual de identidad

Following the statutory text of section 4s(k)(2)(E) of the CEA, proposed

§ 3.3(d)(3) required the CCO to review and “ensure compliance” by the registrant with the registrant’s compliance policies and all applicable laws and regulations.

FIA and SIFMA argued that the term “ensure compliance” needs to be clarified, because the common usage of the word (i.e., to guarantee) goes well beyond any existing compliance model and creates a standard that is impossible to satisfy. FIA and SIFMA further argued that the requirement to remediate non-compliance issues, and the

discussion of management’s response to remediation, acknowledges that instances of noncompliance are not wholly preventable by any person, and that it is management’s responsibility for implementing compliance policies. Instead, FIA and SIFMA

recommended that the phrase should mean taking reasonable steps to adopt, review, test, and modify compliance policies, and pointed to the Commission’s RFED rule, which requires each RFED to designate a CCO that must certify that the RFED has in place policies and procedures “reasonably designed to achieve compliance with the Act, rules, regulations and orders thereunder.” FIA and SIFMA also recommended that the

Commission add a provision in the definition of compliance policies and procedures to include “procedures for escalating inadequate management responses to apparent material violations of compliance policies and procedures to the appropriate level of senior management . . . depending on the facts and circumstances of the issues being addressed.”

as well as the appropriate escalation and reporting with respect to any issues related to the proposed resolution of potential or actual conflicts of interest, rather than decisions relating to the ultimate final resolution of such conflicts”).

The Working Group argued that the requirement to “ensure compliance” should not be adopted literally from the statute, because it is an impossible task. The Working Group recommended that the rules be revised to avoid suggestions that an incident of noncompliance by a firm might constitute or evidence a failure by a CCO to meet its statutory or regulatory responsibilities.

NSCP argued that “ensure compliance” imposes a level of responsibility on a CCO that cannot be discharged and is inconsistent with the customary role of a

compliance officer. Instead, NSCP recommended that the CCO “administer the system of compliance that is designed to ensure compliance with compliance policies and applicable law.” NSCP concedes that although the statutory language may be viewed as constraining, it offers section 501 of the Gramm-Leach-Bliley Act as an example of constraining language modified by regulation. NSCP stated that section 501 of that act required financial institutions to adopt safeguards to “ensure the security and

confidentiality of personal information,” but that banking regulators modified the standard to require adoption of safeguards “designed to ensure the security and confidentiality of personal information.” NSCP further argued that the business units within registrants either obey the law or violate it, and a CCO is limited to providing guidance, monitoring for compliance, and reporting on the business activities.

NFA commented that it should not be the duty of the CCO to ensure compliance by the FCM, SD, or MSP because it is an impracticable standard and imposes a duty to supervise a firm’s business activities. NFA argued that the rules improperly redefine a CCO’s duties, and registrants will have difficulty retaining CCOs who are willing to

perform these duties. NFA believes that FINRA’s Rule 3130 sets forth the appropriate role of a CCO.

Participants in the May Meeting with Commission staff stated that the CCO’s responsibility to escalate (repeatedly if necessary) a problem that has not been resolved could serve as a possible meaning of the term “ensure compliance” when applied to the CCO position.

EEI believes that a basic tenet of modern compliance is that compliance

departments advise, monitor, assist, and escalate to a governing body if necessary. EEI argued that the act of complying must be borne and executed by the business, and imposing responsibility on the CCO could abrogate responsibility of senior management and other employees.

Newedge believes that the CCO should be required only to review whether a registrant has established policies designed to achieve compliance and that the

responsibility to enforce compliance should lie with the business line. Newedge believes the enormity of the obligations assigned to the CCO would result in inadequate means of ensuring compliance, defeating the plain purpose of the statute.

In response to the comments received regarding the role of the CCO in ensuring compliance, the Commission is modifying the proposed rule to provide that the CCO must take “reasonable steps to ensure compliance.” The Commission believes that this approach is responsive to commenters’ concerns, is consistent with the final rules for

SDRs⁴³ and DCOs⁴⁴, and is broadly consistent with the SEC’s proposal for the duties of a CCO of a security-based swap dealer or a major security-based swap participant.⁴⁵

In response to comments advocating a purely advisory role for the CCO, the Commission observes that the role of the CCO required under the CEA, as amended by the Dodd-Frank Act, goes beyond what has been represented by commenters as the customary and traditional role of a compliance officer. While the Commission does not believe, as some commenters have suggested, that the CCO’s duties under the CEA or

§ 3.3 requires that the CCO be granted ultimate supervisory authority by a registrant, it is the Commission’s expectation that the CCO will, at a minimum, be afforded supervisory authority over all staff acting at the direction of the CCO. Recent events have

demonstrated the importance of the active compliance monitoring duties required of the CCO under the Dodd-Frank Act, as implemented through these regulations.