In a lively discussion triggered by an earlier blog post (Hogwash!), some skepticism was shown about the effectiveness of showing senior management that was reluctant to support good compliance practices the recent headlines about the CCOs of BlackRock and SFX Financial (in the former the CCO paid a $60,000 civil penalty and in the latter a $25,000 penalty). The thought was that these scare tactics would have little effect because the response would most likely be that these cases involved huge firms and professional CCOs. In other words, a world removed from the large majority of advisory firms. My response was that these trends always start off with the biggest firms, but always manage to trickle down over time. A perfect example of this is with cybersecurity. It started with the SEC examining the practices of fifty of the biggest firms, but the headline that grabbed the most attention was the $75,000 fine levied against a small (at least by SEC-registration standards) St. Louis advisory firm for violations of the Safeguards Rule. The point being is that it did not take long – only a matter of months, in fact – for the SEC to apply same standards to smaller firms as they are to the giant advisory firms. So there is little reason to believe that the SEC will not stick to the same pattern when it comes to the targeting of chief compliance officers.