Home » Chief Compliance Officers

Category: Chief Compliance Officers

The Friday List: 10 Reasons Outsourcing Compliance Beats Hiring an In-House Chief Compliance Officer

Today, we offer our “Friday List,” an occasional feature summarizing a topic significant to investment management professionals interested in regulatory issues.  Our Friday Lists are an expanded “Our Take” on a particular subject, offering our unique (and sometimes controversial) perspective on an industry topic. 

Over the last several years, an increasing number of investment management firms have chosen to outsource the Chief Compliance Officer role and associated compliance function.  In our experience, these firms make this decision for rational business reasons based on an assessment that outsourcing the compliance function is better than hiring a full-time employee.  Usually, firms consider outsourcing because of an external event such as a less-than-perfect SEC exam or an institutional due diligence process that suggests unknown weaknesses.  Some firms decide to outsource after yet another internal CCO changes jobs.  Other times, firm management simply gets frustrated with the inherent limitations of the one internal compliance person.  Regardless, we list below the top 10 reasons investment firms should outsource the CCO role and compliance function rather than hire an in-house employee.

10 Reasons Outsourcing Compliance Beats Hiring an In-House CCO

  1. Experience: A team of professionals can draw on decades of aggregate compliance experience to address a firm’s regulatory challenges.
  2. Knowledge: No one person can provide the depth of knowledge of several compliance professionals working collaboratively. 
  3. Independence: A third party firm offers investors and other stakeholders an independent assessment of a firm’s compliance strengths and weaknesses.
  4. Industry best practices: A multi-person team working with multiple clients across the country has the industry vision to inform the compliance program.
  5. Accountability: A compliance firm stands behind its work and advice with a service level agreement and professional liability insurance. 
  6. 24/7/365 support: A person may take PTO, but a team of professionals is available at all times for any emergency including unplanned client due diligence and SEC exams.
  7. Personal liability: Serving as CCO involves significant personal liability, which is better left to professionals that understand and accept the regulatory and career implications. 
  8. Frees up internal resources: Internal personnel can focus on core activities such as portfolio management and fund-raising.   
  9. Management: Senior managers can avoid the confusing and time-consuming process of hiring, retaining, and managing an internal CCO, only to start the process anew in the event the CCO leaves. 
  10. Cost savings: Because of program efficiencies, outsourcing generally costs less than hiring a full-time employee. 

SEC Alleges that RIA and Principal Ignored Compliance Obligations

The SEC has commenced enforcement proceedings against an adviser and its principal for disregarding its compliance obligations for over 10 years.  The SEC alleges that the firm did not even draft or adopt compliance procedures until an SEC examination commenced in 2015, 11 years after it initially registered.  The SEC also asserts that the principal named two individuals on Form ADV as Chief Compliance Officers even though neither person had responsibility for compliance, and one of the individuals did not even know that he was named as CCO.  The SEC also charges the firm with failing to conduct annual compliance reviews, comply with the custody rule, and maintain required books and records. 

The SEC will offer no quarter to RIAs who ignore their basic compliance responsibilities.  At a bare minimum, firms must appoint a dedicated and qualified CCO, adopt tailored policies and procedures, annually test the program, and generally attempt to comply with the Advisers Act.  The initiation of proceedings, rather than a settled order, suggests that the SEC intends to pursue aggressive penalties. 

Deficient Compliance Will Cost RIA/BD $600,000; CCO Must Undergo Training

 A dually registered RIA/BD agreed to pay approximately $600,000 in disgorgement, penalties and interest because a deficient compliance infrastructure failed to ensure full disclosure of revenue sharing.  According to the SEC, the respondent engaged in a scheme since 1999 whereby its clearing broker would kick back a $20 markup fee on trades.  The clearing broker also paid trailer fees on NTF mutual funds.  The SEC alleges that the firm failed to properly disclose the revenue sharing and, in many cases, reps who didn’t know better told clients that the firm did not receive compensation from the clearing broker.  The SEC charges that the firm did not have adequate compliance policies and procedures and ordered the Chief Compliance Officer, the firm’s former receptionist, to complete 30 hours of compliance training.  The firm also agreed to hire an independent compliance consultant.

“We’ve always done it this way” is not a legitimate excuse for failing to comply with regulatory requirements.  The firm engaged in the undisclosed revenue sharing for nearly 20 years before the SEC uncovered the conflict of interest.  Perhaps, the firm never considered that its longstanding practice violated the securities laws.  This is why we recommend retaining a fully-dedicated and experienced chief compliance officer either as a full-time employee or through a compliance services firm. 

CCO Blamed for Signing Certifications that Facilitated Unlawful Securities Lending

 

The SEC censured and fined the Chief Compliance Officer of a broker-dealer for signing certifications that she knew, or should have known, were inaccurate, thereby enabling her firm to engage in unlawful securities lending transactions.  The CCO signed certifications to third party depositaries that confirmed her firm complied with certain ADR pre-release agreements that required that her firm hold ordinary shares that evidenced ADRs.  The SEC maintains, however, that the CCO knew the firm did not comply with those agreements because she participated in drafting the firm’s procedures for acquiring pre-release ADRs and knew that the firm did not comply with the pre-release agreements.  The SEC charges the CCO with causing her firm’s violations of the Exchange Act’s antifraud provisions.

OUR TAKE: Compliance officers should avoid signing certifications that facilitate securities transactions.  If the situation requires a certification, a CCO must conduct adequate due diligence to ensure the accuracy of all statements made.  Also, we would recommend that a CCO obtains back-up certifications from others in the organization.

 

CCO/AML Officer Barred and Fined for Failure to File SARs

The SEC fined and barred a CCO/AML Officer from the industry for failing to file Suspicious Activity Reports and otherwise ignoring his AML due diligence responsibilities.  The SEC accuses the CCO/AML Officer and his firm with ignoring clear red flags that suggested significant churning of penny stocks.  Red flags included questionable customer backgrounds, absence of a business purpose, multiple accounts with the same beneficial owners, rapid transactions, and law enforcement inquiries.  The firm sold over 12.5 billion shares of penny stocks over a 9-month period.  The SEC also charged the firm and its clearing firm.

OUR TAKE: While we certainly don’t condone the CCO’s inactions here, why is he the only executive officer charged?  Also, the respondent’s problems may have only just begun as FinCEN can impose a $25,000 fine on the CCO/AML Officer for each failure to file an SAR.

https://www.sec.gov/litigation/admin/2018/34-83252.pdf

Compliance Officer Charged with Securities Fraud

The SEC charged a compliance officer with securities fraud and aiding and abetting his employer’s violations by “adding an aura of legitimacy” to an oil and gas offering fraud.  The SEC accuses the compliance officer with ignoring misstatements in offering documents and client communications and with failing to conduct required investor eligibility due diligence. The SEC also charges the compliance officer with filing false Form Ds with the Commission.

OUR TAKE: This is what we call “voodoo compliance” i.e. using purported compliance as a tool to further securities law violations.  The SEC has become wise to firms that implement sham compliance programs.

 

BD President Sanctioned for Failing to Supervise Inexperienced CCO

The President of a broker-dealer was fined and barred for failing to supervise an inexperienced and ineffective Chief Compliance Officer.  The CCO failed to properly monitor and halt excessive mutual fund trading by a registered rep.  The CCO had difficulty analyzing the firm’s trade blotter and mutual fund reports even after a compliance consulting firm was hired to assist.  FINRA faults the President for failing to recognize the CCO’s failures and take the necessary action to implement an adequate supervisory system.  FINRA blames the President because he “was ultimately responsible for supervision.”

OUR TAKE: Do you know if your CCO is competent?  Firm leaders do not satisfy their obligations to implement a compliance and supervisory system by merely calling somebody the Chief Compliance Officer.  A CCO must be competent, have the necessary resources, effectively implement policies and procedures and test them.  Then, firm management must monitor the CCO to ensure that the CCO adequately performs the role.

http://www.finra.org/sites/default/files/fda_documents/2012033566204%20Wayne%20Ivan%20Miiller%20CRD%204813645%20AWC%20jm.pdf%20REDACTED.pdf

SEC Fines and Bars CCO for Ignoring Compliance Problems

The SEC fined and barred an adviser’s Chief Compliance Officer from acting in a compliance or supervisory capacity because of his failures to remedy compliance deficiencies.  The adviser hired an outside compliance consultant which recommended 59 compliance action items.  The SEC alleges that the CCO failed to address many of the issues raised including failures to (i) ensure a surprise audit pursuant to the custody rule, (ii) retain emails and other electronic records, and (iii) implement policies to protect customer information.  The SEC also charges the CCO with compliance program deficiencies including failures to update the compliance manual or conduct any meaningful annual review of the compliance program.  The firm’s president/principal was also censured and fined.

OUR TAKE: The SEC doesn’t often prosecute standalone (i.e. not dual hat) CCOs without an underlying client loss, but it will if the CCO ignores obvious compliance deficiencies of which he has notice.  This is what we call “compliance voodoo” i.e. an appearance of compliance infrastructure without an effective program.  This CCO had a compliance manual, did some quarterly testing, and hired a third party consultant.  But, neither the CCO nor the firm took any action to actually implement relevant procedures to address cited compliance deficiencies.

 

CCO Barred and Fined $250,000 for AML Compliance Breakdowns

The Chief Compliance Officer of a money transmitter agreed to pay a $250,000 penalty and a 3-year bar from serving in a compliance function in connection with anti-money laundering compliance failures.  As part of his settlement with FinCEN and the U.S. Attorney, the CCO also admitted to failing to stop potential money laundering despite being “presented with information that strongly indicated that the outlets were complicit in consumer fraud schemes” and implementing an inadequate AML program.  The settlement concludes the case which had initially imposed a $1 Million fine, which could have been as much as $4.75 Million based on the statutory penalty of $25,000 for each failure to file a Suspicious Activity Report.  The Acting U.S. Attorney explained the decision to prosecute a CCO: “Compliance officers perform an essential function, serving as the first line of defense in the fight against fraud and money laundering.”

OUR TAKE: Compliance officers that assume anti-money laundering duties are subject to prosecution and significant fines by both FinCEN and the DoJ (in addition to FINRA and other financial regulators).  Nobody condones the CCO’s conduct in this case, but one question many compli-pros have asked is why has the CCO been singled out for personal liability?  Why didn’t the feds pursue the operations folks that vet clients or the senior executives in charge?   And, why does the CCO pay a fine when he did not financially benefit from the misconduct?