Although many investment adviser firms desire to outsource the chief compliance officer role to an unaffiliated third-party independent contractor (“Outsourced CCO”), such an arrangement will be scrutinized and could be challenged by the securities regulator as a violation Rule 206(4)-7 or equivalent rule of the state securities regulator depending upon the facts and circumstances.
If an Outsourced CCO is responsible for designing and then implementing the investment adviser firm’s compliance program and the firm answers “No” to any of the following questions (depending upon the particular facts and circumstances), the investment adviser firm should investigate whether the Outsourced CCO is empowered with sufficient involvement, knowledge and authority to be effective.
- Onsite Visits – Does the Outsourced CCO make monthly visits to the investment adviser firm’s principal place of business and maintain published office hours when he or she will be available on site to officers, supervisors and staff for general inquiries?
- Meetings with President/CEO – Does the Outsourced CCO have a regular one-on-one meeting each month with the president or chief executive officer of the investment adviser firm?
- Senior Management Committee Meetings – Does the Outsourced CCO attend each month the investment adviser firm’s management committee meetings with the senior executives?
- Strategic Planning – Does the Outsourced CCO attend early-on strategic planning and new business development meetings?
- Investment, Risk, Due Diligence & Representative Selection Committees – Is Outsourced CCO a member and attend the regular meetings (if any) of the investment adviser firm’s investment committee, risk committee, due diligence committee and representative selection committee?
- Ad-Hoc Meetings with Supervisors/Team Leaders – Does the Outsourced CCO meet one-on-one with supervisors, team leaders or other subject matter experts in the investment adviser firm throughout the year?
- 3rd Party Service Providers/Solicitors – Does the Outsourced CCO review initially and annually thereafter all arrangements with third-party service providers and solicitors/endorsers and have regular communication with such service providers/solicitors/endorsers regarding compliance issues?
- Visibility to Supervised Persons – Will the Outsourced CCO be visible to all supervised persons on at least a monthly basis by attending a meeting of all supervised persons? Does the investment adviser firm have an organized and consistent campaign of encouraging supervised persons to contact the Outsourced CCO?
- Training of Supervised Persons – Does the Outsourced CCO provide compliance training to the supervised persons of the investment adviser firm each calendar quarter?
- Branch Office Exams – Does the Outsourced CCO visit and examine annually each branch office of the investment adviser firm?
- Limiting Contact with Supervised Persons – Is the Outsourced CCO permitted to make requests for information or communicate directly with the applicable supervised person of the investment adviser firm (without an internal gatekeeper)?
- Tailored Risk Assessment & Customized P&P – Does the Outsourced CCO conduct annually a risk assessment with the senior executives of the investment adviser firm and then establishes/updates the policies and procedures which are customized based upon the firm’s actual business model, practices and conflicts of interest.
- Access to Firm Records & Systems – Does the Outsourced CCO have independent and direct access to all books and records, committee meeting minutes, income statement and balance sheet, client relationship management software, trading and performance reports of the firm? Does the investment adviser firm (instead of the Outsourced CCO) select on a discretionary basis and/or retrieve/gather the information and documents necessary for the Outsourced CCO to conduct the annual review?
- Outsourced CCO’s Authority – Does the Outsourced CCO actually have the have authority to implement and enforce the investment adviser firm’s compliance policies (e.g., voting on whether to affiliate with prospective investment adviser representatives, rejecting outside business activities, requiring heightened supervision plans, rejecting advertising, requiring additional disclosures, establishing or updating a specific compliance policy, fining and/or terminating supervised persons for compliance violations)?
- Capacity of Outsourced CCO – Does the Outsourced CCO have capacity to serve effectively your investment adviser firm in light of his or her other outsourcing clients? Does the Outsourced CCO have responsibility for more than 30 supervised persons (based upon your firm and the other investment adviser firms where he or she is serving as CCO) without additional staff support?
As evident from the above questions, it can be challenging and expensive to establish an arrangement in which there is a reasonable level of confidence that the Outsourced CCO has sufficient time, involvement, presence, authority, and knowledge to meet a securities regulator’s expectations. Even with a more robust outsourcing arrangement, there’s still a significant risk that the lack of an in-house CCO in itself could diminish the culture of compliance within an investment adviser firm and promote indifference from the investment adviser firm’s employees and management to follow the rules.
Ultimately, the responsibility for compliance with the Investment Advisers Act of 1940 or state securities act and the associated rules falls on the investment adviser firm and its management and not merely the outsourced CCO. In our opinion, the most prudent solution is one that combines the best of both worlds – the expertise of a dedicated compliance professional with the internal expertise and business familiarity of a firm insider. An internal CCO is familiar with the business, interacts with employees every day on a face-to-face basis, and has easier access to records yet can still have ready access to expert assistance from third-party consultants.
Related Posts & Resources
- RCC Blog: The Chief Compliance Officer’s Role & the Risks of Outsourcing
- RCC Blog: SEC Risk Alert-Outsourcing CCO
- RCC Sample Form: CCO – Determining Who to Designate as CCO of RIA
- SEC Risk Alert: Examinations of Advisers and Funds That Outsource Their Chief Compliance Officers
- SEC Official’s Speech: The Role of the CCO – Empowered, Senior and With Authority
The information contained in this blog post is general in nature intended for educational purposes only and is not intended to be a comprehensive analysis of this topic. It is not intended to constitute compliance consulting advice or apply to any particular investment adviser firm’s specific situation. Please consult the applicable securities regulator’s rules and published guidance for more details about the topics referenced above. For more information about the limitations of this blog post and information on our website, please see our Disclosures webpage.