Apr 26, 2022

My, how compliance has changed since 2004 when the Compliance Rule was enacted!

In 2004, the SEC enacted the Compliance Rule (206 (4)-7 and 38a-1), which required, among other things, the following:

  • Investment advisers and fund complexes must name a Chief Compliance Officer (CCO)
  • The CCO must review compliance policies and procedures
  • Fund CCOs must provide a written compliance report annually to fund trustees

As many readers know, this was only the beginning. The expectations for compliance departments, and CCOs in particular, have dramatically changed from the days of reviewing personal trading activities and the Form ADV. Those days are long gone! The main drivers of change have been the increased use of new investment strategies and regulations and heightened regulatory expectations. These changes compel compliance officers to learn new skills and CCOs to rethink how they lead risk management efforts.

So, what is driving compliance changes, and what are a compliance officer’s new realities?

New Investment Strategies, New Realities

Going forward, the reality is that few firms will be successful by only investing in US equities. This space is so crowded that it is hard to compete and thrive without offering different options for investors such as using derivatives and alternatives, including commodities and even cryptocurrencies. New investment types bring compliance issues for officers to resolve with their business partners.

New Investment Compliance Issues Include the Following (Non-Exhaustive List)

  • New regulations
  • Custody issues (particularly for cryptocurrencies)
  • Valuation issues
  • ESG
  • Hybrid/remote work environments
  • Disclosure requirements
  • Reporting obligations
  • Complex guideline compliance engine coding

Hybrid/Remote Work Environments

The world has changed dramatically in recent years, and COVID forced the investment industry to face the same realities as other industries with hybrid/remote work environments. In the past, firms have dabbled with employees working from home with limited success, but beginning with the pandemic in early 2020, firms had to implement their business continuity plans at scale. Not surprisingly, this brought new challenges. From a compliance perspective, the most important aspect of hybrid/remote work environments is remembering that managers actually have to manage. Without the proper level of oversight and engagement, the risk is that employees will grow less engaged and lose their connection to the company. Companies and managers must constantly focus on this significant risk.


ESG presents a much different problem for compliance professionals, who must ensure that the marketing of ESG investments is fair, accurate, and reflects the realities of how each of their respective investment teams is managing the client assets. As part of this, compliance officers must remember the rule: If there is no documentation to verify a stated fact, it did not happen in the eyes of auditors and regulators. Make sure you have the documentation and audit trail that supports your ESG status.

New Regulations

It feels like the SEC and the FCA are constantly proposing new regulations, and the SEC recently published proposed cybersecurity regulations. I would argue that few CCOs have experience in cybersecurity, but the SEC is pushing in that direction. Cybersecurity is just one example of new regulations. If we were to mention them all, the list would be long and daunting for compliance officers. I believe the CCO’s role has changed from only being called upon for “typical compliance expertise,” such as disclosures and conflicts of interest, to one that weighs in on a wide range of enterprise-wise business activities.

New Regulatory Expectations

As I mentioned above, the SEC has pushed compliance officers to consider many distinct aspects of the compliance program than officers have ever thought of before. Using cybersecurity as an example, the SEC will now sanction firms for violating the Compliance Rule if they have not established policies and procedures for cybersecurity. In today’s world, the SEC expects firms and their compliance departments to have the capabilities and the expertise to understand these issues, along with the challenges of portfolio management, and issues relating to trading, operations, regulations, distribution, disclosures, and technology.

New Skills Needed!

The compliance officer’s job at any investment management firm today is extremely challenging. Change is happening daily, and for a compliance officer who sits in the middle of every aspect of the firm’s business, it gets more challenging by the day. With rapid changes coming at investment management firms every day, all departments at every firm need to evolve to survive. Future compliance departments will potentially look quite different in terms of staff composition and their roles at the firm.

First, compliance staff will have more diverse backgrounds and experiences. Historically, compliance officers have been either former lawyers or accountants, but going forward the modern compliance department will have officers with backgrounds in operations, distribution support, and technology. We expect new members will join compliance with technology expertise, including report writing, data science, and workflow projects.

Additionally, compliance officers have historically had expectations in their job description that includes being a project manager for their compliance projects. While this may suit the skill set of some compliance officers, it is undoubtedly not the expertise of all compliance officers. Project management is itself is a skill that compliance officers need to incorporate into their team unless your firm is big enough to have a project management office (or department). I am a big proponent of putting people in the position to succeed, and that means letting people do what they do best and, in this case, having project management experts manage the projects and having compliance officers oversee various aspects of the firm.

What Does the Future Hold for Compliance Departments?

Compliance has had technology solutions in place as the basis of conflict-of-interest concerns, i.e., personal trading systems as well as workflow tools using SharePoint. Few firms today have yet to start using more sophisticated tools that encompass AI in their eComm surveillance, conflict-of-interest oversight, or conducting trading forensics. But that day will arrive soon.

The compliance department of the future will have the burden of one-off solutions with attempts to aggregate the output into a homegrown solution. I have seen the future and the future for compliance is a single dashboard where a CCO or a senior manager can track all of the operational oversight processes as well as the regulatory and advisory work taking place. Like it or not, metrics matter. If you want resources for the compliance program, a CCO must be able to talk about the numbers. Think “Shark Tank” here: As billionaire entrepreneur Mark Cuban says, "You better know your numbers, how much you can produce, and what it’s costing you."

As a result, with the combination of the right technology solutions and staff with the right skill sets, it is possible to have a “balanced” compliance department between staff and technology so you can answer the numbers questions.

Modern Compliance Virtual Meeting

Attention, compliance and risk officers! Cutter is inviting members to attend the Modern Compliance Virtual Meeting on Wednesday, June 15, 2022.