Jul 21, 2021

When was the last time you asked your chief compliance officer (CCO) how he or she was doing? Because your CCO may likely have something to say ─ and don’t be surprised if you get an unenthusiastic answer.

The SEC’s Division of Examinations, formerly the Office of Compliance Inspections and Examinations (OCIE), periodically releases Risk Alerts about compliance program deficiencies. These alerts could have CCOs worried about their responsibility to implement an effective compliance program at their firms, especially as asset managers expand their business activities and transform where and how they work. Even if your firm isn’t regulated by the SEC, you’ll want to keep reading, because all regulators have similar expectations.

What’s surprising is that the Division of Examinations continues to find deficiencies related to the SEC’s Compliance Rule. Years ago, I worked on implementing the requirements at a large asset manager, with the full backing of senior management to get it done right. Maybe it’s easier to implement something out of the gate, while it’s fresh and new and people are paying attention, versus the need to maintain something and keep it current, which doesn’t always get the attention it deserves.

The Division of Examinations cites examples of notable deficiencies or weaknesses in the following broad areas:

  • Inadequate compliance resources
  • Insufficient authority of CCOs
  • Annual review deficiencies
  • Inadequate written policies and procedures because they are neither followed nor updated, or flawed as designed

Regulations for Advisers

Regulators around the globe have conduct rules for registered advisers. For example, in the United States, Rule 206(4)-7 and Rule 38a-1 (the Compliance Rule) requires advisers to:
• Adopt and implement written policies and procedures reasonably designed to prevent violations of the Investment Advisers Act of 1940
• Review policies and procedures no less frequently than annually
• Designate a CCO

Questions to Ask Your CCO

As you think through your 2021-2022 priorities and budgets, use the effort as an opportunity to emphasize the need for talent and technology to support your compliance program and regulatory obligations. By answering the following questions, you can bring to light areas where you might be falling short and take action:

  • Do you have enough compliance staff devoted to your firm’s ability to implement policies and procedures and to comply with fundamental regulatory requirements, such as performing annual reviews of the program and responding in a timely manner to regulator requests?
  • Have you grown in size and complexity? If yes, have you hired additional knowledgeable compliance staff, added modern technology to support your firm’s growth and complexity, and updated your policies and procedures to cover new processes?
  • Is your CCO an active member on key enterprise committees, aware of new business opportunities, and consulted by senior management and employees regarding matters that have potential compliance implications?
  • Do you have proof that your policies and procedures are followed? Are they up to date and in line with current business activities at your firm?
  • Is your compliance program review conducted and evidenced annually? Is it comprehensive? Does it identify key risk areas with plans to improve on them?
  • Have you enhanced your policies and procedures to address new or increased remote work activities and technologies used during the COVID-19 pandemic and beyond?
  • Can you implement new technology solutions to automate activities that support your compliance program and to provide your CCO with oversight dashboards and reporting?

Compliance Focus Areas

See the Risk Alert for more information and examples of deficient or weak policies and procedures that the Division of Examinations disclosed in the following key areas: portfolio management, marketing, trading practices, disclosures, advisory fees and valuation, safeguards for client privacy, required books and records, safeguarding of client assets, and business continuity plans.

Take Steps Now ─ and Don’t Wait

Unfortunately, topics like this usually don’t receive much attention until you’re dealing with a tough regulator inquiry, a regulatory exam, a black swan event, or when a negative headline about an industry peer grabs senior management’s attention. It’s up to the CCO to lead a strong team of compliance experts, work with the business to adopt relevant policies and procedures, provide oversight, and set and continually reinforce a tone from the top that emphasizes everyone’s role as a fiduciary.

Is your firm supporting your CCO in this endeavor? Compliance resources, projects, and technology are often underserved and only funded when mandated, such as complying with a new reporting requirement. Make sure you’re listening to your CCO and supporting advancements to stay ahead of your firm’s compliance program needs. And include your CCO in any post-COVID-19 “return to work” strategies, so that your program continues to progress as your firm’s work environment evolves. Your firm’s reputation and continued success may depend on it.

And the next time you ask your CCO how he or she is doing, hopefully you’ll get a smile and the response, “I’m doing just fine ─ thanks for asking.”

Contact us at [email protected] to discuss this topic or learn more about Cutter research membership and Cutter consulting services.

Stacia Graham has more than 20 years of experience in investment management, including various compliance-related roles. She brings a deep understanding of end-to-end asset management processing and project management to her role as Managing Director on the research team at Cutter.