Ignorance of the law is no excuse, and naivete will not insulate a Chief Compliance Officer from liability. When operating in a regulated industry, failure to retain competent regulatory advisers will result in a date with a federal judge.
There is no “just following orders” defense for employees of registered investment advisers. We can appreciate the conundrum when your boss and mentor engages in wrongdoing; but, failing to resign and call out the wrongdoing can lead to significant civil and criminal penalties.
The SEC fined a now-defunct fund manager for ignoring its compliance obligations. The SEC charges that the firm never delivered audited fund financials within 120 days as required by the custody rule (206(4)-2). Although the firm did hire an auditor, the firm never received an opinion that the financials were prepared in accordance with GAAP. Instead, the audit firm issued reports stating that it was unable to express such an opinion. In addition, the SEC charges the firm with violating the compliance rule (206(4)-7) because the principal, who also served as the Chief Compliance Officer, failed to adopt and implement policies and procedures and disregarded his obligation to conduct annual compliance reviews.
When you register as an investment adviser, you subject yourself to the full panoply of substantive regulation imposed by the Investment Advisers Act. To comply and continue as a going concern, you need to hire a competent Chief Compliance Officer to help you meet the regulatory requirements. Otherwise, you may end up either in your next career or in jail.
The Chief Compliance Officer has extraordinary (and in some cases, unwarranted) access to employee records in addition to other confidential information such as executive meetings and emails. Firms should pursue enhanced background due diligence on potential CCO candidates, create information barriers so that the CCO does not have access to non-regulatory information, and implement a supervisory structure that ensures CCO accountability. Alternatively, consider outsourcing to a third-party firm that has limited access to firm systems as well as direct legal liability for breaches of confidentiality.
Today, we offer our “Friday List,” an occasional feature
summarizing a topic significant to investment management professionals
interested in regulatory issues. Our
Friday Lists are an expanded “Our Take” on a particular subject, offering our
unique (and sometimes controversial) perspective on an industry topic.
Over the last several years, an increasing number of investment
management firms have chosen to outsource the Chief Compliance Officer role and
associated compliance function. In our
experience, these firms make this decision for rational business reasons based
on an assessment that outsourcing the compliance function is better than hiring
a full-time employee. Usually, firms
consider outsourcing because of an external event such as a less-than-perfect
SEC exam or an institutional due diligence process that suggests unknown weaknesses. Some firms decide to outsource after yet
another internal CCO changes jobs. Other
times, firm management simply gets frustrated with the inherent limitations of
the one internal compliance person.
Regardless, we list below the top 10 reasons investment firms should outsource
the CCO role and compliance function rather than hire an in-house employee.
10 Reasons Outsourcing Compliance Beats Hiring an In-House
CCO
Experience: A team of professionals can draw on decades of aggregate compliance experience to address a firm’s regulatory challenges.
Knowledge: No one person can provide the depth of knowledge of several compliance professionals working collaboratively.
Independence: A third party firm offers investors and other stakeholders an independent assessment of a firm’s compliance strengths and weaknesses.
Industry best practices: A multi-person team working with multiple clients across the country has the industry vision to inform the compliance program.
Accountability: A compliance firm stands behind its work and advice with a service level agreement and professional liability insurance.
24/7/365 support: A person may take PTO, but a team of professionals is available at all times for any emergency including unplanned client due diligence and SEC exams.
Personal liability: Serving as CCO involves significant personal liability, which is better left to professionals that understand and accept the regulatory and career implications.
Frees up internal resources: Internal personnel can focus on core activities such as portfolio management and fund-raising.
Management: Senior managers can avoid the confusing and time-consuming process of hiring, retaining, and managing an internal CCO, only to start the process anew in the event the CCO leaves.
Cost savings: Because of program efficiencies, outsourcing generally costs less than hiring a full-time employee.
In this podcast, Todd Cipperman advises investment firms to end the practice of appointing a Chief Compliance Officer by dual-hatting another senior executive who already has a full-time job.
Broker-Dealers and advisers must abandon the dual-hat compliance model, the practice of naming a non-regulatory professional with multiple executive roles. Firms must retain a competent and dedicated Chief Compliance Officer either by hiring a full-time employee or by retaining the services of an industry-recognized outsourcing firm.
A dually registered RIA/BD agreed to pay approximately $600,000 in disgorgement, penalties and interest because a deficient compliance infrastructure failed to ensure full disclosure of revenue sharing. According to the SEC, the respondent engaged in a scheme since 1999 whereby its clearing broker would kick back a $20 markup fee on trades. The clearing broker also paid trailer fees on NTF mutual funds. The SEC alleges that the firm failed to properly disclose the revenue sharing and, in many cases, reps who didn’t know better told clients that the firm did not receive compensation from the clearing broker. The SEC charges that the firm did not have adequate compliance policies and procedures and ordered the Chief Compliance Officer, the firm’s former receptionist, to complete 30 hours of compliance training. The firm also agreed to hire an independent compliance consultant.
“We’ve always done it this way” is not a legitimate excuse for failing to comply with regulatory requirements. The firm engaged in the undisclosed revenue sharing for nearly 20 years before the SEC uncovered the conflict of interest. Perhaps, the firm never considered that its longstanding practice violated the securities laws. This is why we recommend retaining a fully-dedicated and experienced chief compliance officer either as a full-time employee or through a compliance services firm.
The CCO should review the compliance manual or WSPs and ensure s/he understands and undertakes all designated responsibilities. If the CCO can’t or won’t follow the procedures, then s/he must revise the procedures to satisfy regulatory requirements while reflecting the firm’s accurate allocation of authority.