In a speech last month, Peter Driscoll, the director of the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE), stressed that registered investment advisers must take steps to grant authority to their Chief Compliance Officers, pointing out that the failure to do so is often cited as a deficiency following RIA audits. Driscoll explained that CCOs must be supported and empowered by an RIA’s upper management and that OCIE examiners are looking closely to determine whether that is or is not happening at a particular firm.
Driscoll’s speech comes on the heels of the SEC’s upholding a FINRA enforcement action against the CCO of a broker-dealer who was fined $45,000 and given a 90-day suspension for failing to follow up on “red flags” that the broker-dealer was making payments to a firm owned by a barred broker. A federal appellate court recently affirmed that decision. The speech seemed designed, in part, to allay concerns by CCOs that they are at risk of becoming frequent enforcement targets. Consistent with prior SEC guidance, Driscoll’s speech highlighted that compliance failures are more often the result of other senior firm officers not sufficiently fulfilling their roles to assure that the compliance function is adequately staffed and complied with. Compliance should not fall entirely “on the shoulders of the CCO,” he said.
Too often, says Driscoll, OCIE sees firms take a “check-the-box” approach to their CCO position, meaning they are given just enough authority to complete the bare minimum compliance tasks but aren’t fully integrated into the ongoing operations, direction, or major decisions of the company. He notes that in many examination meetings, the CCO stays quiet as the company’s other senior executives dominate answers to core compliance questions. In other instances, he says, firms try to use the CCO as a “scapegoat” to cover failings by other firm personnel to follow clear policies or guidance. When OCIE notices that the CCO is turned into a target for every compliance problem identified, while CEOs take no responsibility, it is an indication that the firm has not set the proper tone and the top that is critical to all good compliance programs.
Other indications that the CCO lacks proper authority include situations where the CCO holds many roles and is given insufficient time to devote to his or her compliance responsibilities, or is placed in the middle of the firm hierarchy, or reports to another officer not sufficiently versed in compliance, like a CFO. Preferably, OCIE would like to see the CCO as part of senior management or have a direct and proximate reporting relationship to senior management. Another factor OCIE looks for is whether the firm outlays enough capital to assure that its compliance obligations are met. While this varies from firm to firm, according to Driscoll, OCIE is not hesitant to point out when a firm has insufficient personnel to fulfill its compliance obligations.
Driscoll also stressed that firms must regularly reassess whether it is devoting sufficient resources to compliance. This should be done at least as frequently as annually, as is required by Rule 206(4)-7. As a firm shifts its model, aligns with new vendors, acquires other advisors or significantly expands its business, compliance must grow to fulfill the function of providing oversight to the firm’s new initiatives. When self-evaluation reveals firm compliance weaknesses, those must be addressed promptly and adequately. Many firms fail to conduct annual compliance reviews at all, Driscoll noted.
Parker MacIntyre provides legal and compliance services to investment advisers, broker-dealers, registered representatives, hedge funds, and issuers of securities, among others. Our Investment Adviser Group assists financial service providers with complex issues that arise in the course of their business, including complying with federal and state laws and rules. Please visit our Investment Adviser Practice Group page for more information.