Bethany Hipp: How can compliance officers protect themselves from harm?
Monday, August 28, 2017 at 7:28AM
Bethany Hipp in Enforcement Policy, Red Flags

Recent enforcement actions suggest that regulators, both in the United States and the UK, are targeting compliance officers.  

Some of these cases involve allegations that compliance officers took part in the misconduct, such as collusion between a compliance officer of a registered broker-dealer and his relatives to defraud investors and embezzle their money.

More worrying are the cases that involve charges against compliance personnel for failing to prevent their organizations from committing financial crimes or for failing to submit suspicious activity reports or other required regulatory disclosures or certifications.

Most of these recent cases in the news involve AML-related reporting violations or breach of investment adviser/broker-dealer compliance requirements.

The DOJ and SEC have also highlighted failures by compliance and law department personnel in recent FCPA cases for failing to investigate issues, overlooking red flags, and failing to stop payments to intermediaries even after they became aware that FCPA due diligence requirements were not met.

Those enforcement actions have typically been resolved through “negotiated settlements” and therefore may reflect a sanitized version of the facts underlying the charges. But do they nonetheless send a message that compliance personnel are responsible for the conduct of more senior decision makers in organizations? That compliance personnel bear an outsized burden for their organization’s misconduct without the upside of authority and compensation?

Compliance personnel may, as a result, find themselves in a no-win situation when faced with difficult decisions to approve or reject transactions or business partners in the higher risk “grey zone.”

If they approve something that later goes wrong, they may be blamed and could be held personally liable. If they reject a transaction or business partner (and are not overruled), they may be accused of hindering business, confront hostility and lose support in the organization.

In light of these risks, what are some common-sense steps compliance personnel can take to protect themselves from becoming the target of enforcement? 

In addition to protecting compliance personnel from unwanted allegations, these steps also promote the organization’s internal control framework and can shield it from compliance failures that could put it at risk for enforcement and reputational harm.


Bethany Hipp is Counsel in Allen & Overy’s Global Investigations Group focusing on internal investigations as well as anti-corruption and trade compliance. She's based in Singapore. She previously worked for a multinational mining company and the U.S. Department of Justice. She can be reached here.

The views expressed in this post are the author's own and do not necessarily represent the views of her employer.

Article originally appeared on The FCPA Blog (
See website for complete article licensing information.