Two recent enforcement actions by the U.S. Securities and Exchange Commission (SEC) have drawn renewed attention to the personal liability risks faced by Chief Compliance Officers (CCOs). In both cases, the SEC charged individual CCOs with altering or fabricating compliance documents and then misrepresenting those records during regulatory examinations.
While the original SEC orders were issued in mid-July 2025, today’s reporting marks the first time these cases are being examined side by side. Legal commentators, including those at Proskauer Rose, are highlighting patterns emerging from these enforcement actions and discussing their implications for CCOs and governance professionals across the financial industry. These two cases, though distinct in detail, reinforce a consistent message: when compliance officers cross the line from oversight into deception, they may face serious personal consequences.
The first case, settled on July 15, involved Suzanne Ballek, the former CCO of a now-defunct registered investment adviser. During a routine SEC examination, staff requested pre-clearance trading forms tied to the firm’s Code of Ethics. According to the SEC, Ballek submitted roughly 170 forms that had been altered or fabricated after the fact. Many contained trader signatures added without consent and dates falsified to suggest the forms were created before trades took place. Ballek did not disclose to examiners that these records had been modified or created post-trade. The SEC cited violations of the Advisers Act, focusing on failures in recordkeeping and misleading conduct during an examination. Ballek agreed to a $40,000 civil penalty and accepted a three-year bar from serving in any compliance or supervisory capacity.
Just four days earlier, on July 11, the SEC settled with Colin Michael Moors, then the CCO of American Portfolios Advisors (APA). In this case, Moors backdated an annual compliance review report after the SEC examination had commenced. Although such documentation is not explicitly required by the Advisers Act, APA’s internal policies mandated it. Moors admitted in testimony that he created and signed the report post-exam commencement. His cooperation likely influenced the SEC’s decision not to impose an industry bar. Moors was fined $10,000. Separately, APA paid a $1.75 million penalty for broader supervisory, fee disclosure, and recordkeeping violations. APA’s president, Gary Bruce Gordon, also incurred a $20,000 personal penalty.
These cases matter because they represent more than isolated enforcement actions. Taken together, they offer insight into where the SEC is drawing the line on personal accountability within compliance functions, particularly regarding documentation integrity and examination transparency. While enforcement against CCOs has historically been rare and cautious, these actions show the Commission will hold individuals personally responsible when they fabricate or misrepresent records to regulators.
Importantly, the SEC does not pursue these cases to penalize routine errors or resource limitations. Instead, its focus is on deliberate acts that obstruct or deceive the examination process, especially through document manipulation.
This trend is not unprecedented. Earlier enforcement actions have similarly targeted compliance officers who submitted backdated documents or failed to address known policy violations, sometimes resulting in fines and bars from supervisory roles. Public endorsements of frameworks like the New York City Bar Association’s Guidance on CCO Liability signal a maturing regulatory approach toward defining responsibility and governance standards.
Key Takeaways
First, internal policies carry regulatory weight. Even if a procedure or document is not explicitly required by SEC rules, failure to follow firm policies, particularly when coupled with misrepresentation, can trigger enforcement. Second, intent and timing matter. Creating records retroactively is not inherently wrong, but misrepresenting when and how they were created is. Third, transparency is crucial. Attempts to “fix” past omissions by backdating or altering records risk severe penalties. Honest acknowledgement of deficiencies is generally the safer and more ethical path. Finally, the SEC targets misconduct, not honest mistakes.
