If anyone had forgotten, the SEC is still looking to prosecute compliance officers and legal counsel, who are considered gatekeepers, in aggressive enforcement actions. Although the SEC was unable to effectively delineate the risks associated for counsel and compliance personnel as a result of the non-decision in the Urban case, SEC enforcement officials have indicated that this will not stop them from proceeding against others in the future.
Alas, when will the madness end? Attacking lawyers and compliance officers is not an effective way to regulate. Looking at the conduct of those who commit the bad acts is by far more of an appropriate message to be sending to the industry as opposed to attacking people in supervisory roles. This is not to excuse supervisory personnel who sometimes fail to follow appropriate supervisory practices, and those persons should undoubtedly be held accountable.
However, in the vast majority of cases, it is not the supervisor that is wrong, but those who commit the bad acts. Further, although the systems or control procedures may create an issue (see the recent problems at Knight), certain systems or procedures may have failed to detect a certain item because the bad actor may have made it frankly undetectable. The SEC should be well aware of such a situation in that the SEC failed to detect the Madoff or the Stanford schemes before investors lost money.
In short, counsel and supervisors must be concerned with these SEC actions, and prepare senior compliance and legal personnel for the inevitable.