5 reasons to just say no to having a part-time CCO

The SEC has a message for your firm: When it comes to compliance, leave it to the pros.

The commission will bring enforcement actions against firms with inadequate compliance programs, even in the absence of other regulatory violations or client harm. This in the wake of investment firm employees or executives acting as chief compliance officers, on top of other responsibilities. In most cases, such two-hatted executives do not have the time or knowledge to ensure completion of required compliance activities.

In 2017, the SEC’s Office of Compliance Inspections and Examinations issued a Risk Alert naming weak compliance programs as one of the top five most frequently identified compliance deficiencies, resulting in another upsurge of enforcement actions against compliance programs and CCOs. The SEC often cites the dual-hat model as a prime reason for the alleged inadequate compliance program.

To steer clear of this snare, investment advisors must allocate proper resources to compliance and enforce a separation of powers between the compliance officer and other management. Through risk alerts, speeches and enforcement actions, the SEC has outlined guidelines for an adequate compliance program. They include: drafting policies and procedures conducting testing, training, reviewing marketing materials, consulting with management and reporting.

Double exposure

In the event of a compliance deficiency, a dual-hatted CCO faces personal liability and sanctions, including fines and potential bars from the industry. If that executive is also a firm principal, an enforcement action naming them personally often means the end of the business itself, especially where the SEC imposes an industry bar.

At one asset management firm, the CCO with limited compliance experience pleaded for more compliance resources, but his boss ignored him saying he would deal with any issues after an exam occurred. Ultimately, the SEC charged the firm with underfunding the compliance program.

In October 2016, the SEC fined and censured a registered investment advisor for failing to conduct required annual compliance reviews and for appointing a chief compliance officer without relevant experience who spent most of her time on administrative duties. Correlation isn’t causation, but the CCO’s divided responsibilities likely contributed to the oversight.

A dual-hatted CCO may also have potentially troubling ties to management and its financial interests. Having a compliance officer who also works as a senior executive risks conflicts of interest and inadequate supervision. A general counsel who also serves as CCO may have relevant experience and compliance knowledge, but part of a lawyer’s job is to advocate for the client, and that includes an absolute obligation to keep information confidential to preserve attorney-client privilege.

• Compliance
• Cryptocurrency
• Regtech
• Regulation Best Interest
• SEC
• SCOTUS

Voices: My predictions for 2019's regulatory agenda

From the SEC to the Supreme Court, here's what could be playing out this year.

By Todd Cipperman

1 Min Read

In one case, the SEC censured, fined and barred from practicing the general counsel/chief compliance officer of an investment advisor accused of making unauthorized investments and then misleading a client. The SEC maintains that the CCO is a regulatory officer whose job is to implement policies and procedures reasonably designed to prevent violations of the securities laws, and to report on the compliance program, not to be a zealous advocate for management.

The SEC will also challenge firm leaders who serve as CCO because of the inherent conflict of interest. In one such case, the SEC fined and censured an IA/BD for failing to supervise its CEO/CCO, who was ultimately convicted on criminal charges of stealing from clients. The SEC charged the firm for failing to implement reasonable policies and procedures to review the consolidated reports, which, according to the SEC, would have quickly uncovered the obvious scheme.

Firms must ensure that the CCO has significant independence from management and the revenue-producing function. If not, the dual-hat structure virtually guarantees a lack of proper supervision.

Solutions

First and foremost, investment advisors must allocate enough resources to the compliance function. Based on our experience and industry benchmarking, firms should spend no less than 5% of revenue or 7% of operating budget on compliance, with most SEC-regulated entities spending between 7% and 20% of total operating costs.

Of course, some firms may be able to justify a lesser amount if the business is relatively uncomplicated, while emerging firms might spend up to 20% or more as they put their compliance ducks in a row. Too little spent is a red flag to regulators that the firm does not take compliance seriously. Firms looking to avoid an SEC enforcement action and stabilize their compliance programs have one of two options: 1) hire an in-house compliance officer, or 2) hire an outsourced compliance officer.

Both in-house and outsourced CCOs help guarantee that the proper time will be dedicated to the program by an expert who understands regulatory policy and compliance. However, it is still essential that firm management provides adequate funding, as well as ensure CCO independence from the revenue-producing team.

The SEC will look underneath the hood of a compliance program to investigate whether a firm actually implements effective policies and procedures. Just having policies and procedures and identifying a CCO won’t satisfy compliance obligations anymore. Firms must retain a competent and dedicated CCO either by hiring a full-time employee or by retaining the services of an industry-recognized outsourcing firm. Nothing less than the reputation and success of the firm is at stake.