There has been a lot written about CCOs fearing prosecution for compliance failures. Not to say there is no risk, but the truth lies really in the middle. From my perspective, there is too much fear-mongering around this issue.
Let’s look at one extreme – a CCO who engages in misconduct should be prosecuted. A good example of this case is the prosecution of Thomas Haider, former CCO of MoneyGram. Given Haider’s complete disregard, if not active promotion, of the Moneygram AML deficiencies, FinCEN was entirely justified in filing a civil case against Haider. If I were the head of FinCEN, I would have done the same thing.
Now, let’s look at the other end of the spectrum. SEC Enforcement Director Andrew Ceresney explained in a speech last year that CCOs would be prosecuted when they have “affirmatively participated in the misconduct, when they have helped mislead regulators, or when they have wholly failed to implement compliance programs or policies.”