Last week, the Securities and Exchange Commission (SEC) issued a widely-publicized release announcing the proposal of new regulatory rules that would apply to registered investment adviser (RIA) firms registered at the federal level. The release highlighted a few of the key proposals including requiring additional reporting details related to client assets held in separately managed accounts, branch office operations, and the use of social media. In addition, the SEC proposed an amendment to Investment Advisers Act Rule 204-2 that would require investment advisory firms to maintain records of the calculation of performance information that is distributed to any person whereas today the firm is only required to maintain such performance information if distributed to 10 or more persons.
However, tucked into the full proposed rule release (file number S7-09-15 published in the Federal Register) is a signal that the SEC is beginning to officially take issue with the outsourced Chief Compliance Officer (CCO) model.
Page 19 of the full proposed rule release states the following:
Item 1.J. of Form ADV currently requires each adviser to provide the name and contact information for the adviser’s chief compliance officer. We propose to amend Item 1.J. to require an adviser to report whether its chief compliance officer is compensated or employed by any person other than the adviser (or a related person of the adviser) for providing chief compliance officer services, and, if so, to report the name and IRS Employer Identification Number (if any) of that other person. Our examination staff has observed a wide spectrum of both quality and effectiveness of outsourced chief compliance officers and firms. Identifying information for these third-party service providers, like others on Form ADV,32 would allow us to identify all advisers relying on a particular service provider and could be used to improve our ability to assess potential risks.
It’s also worth noting that for a number of years the SEC Office of Compliance Inspections and Examinations (OCIE) staff has publicly expressed concern with the outsourced RIA CCO model. In particular, former OCIE Director, Lori Richards, made the following comments regarding the “rent a CCO” model in a speech on June 28, 2004:
I also understand that many fund firms are thinking about “outsourcing” the Chief Compliance Officer function. While the rule does not preclude outsourcing, let me caution you that the Chief Compliance Officer is responsible for administering the fund’s compliance program, which includes both adopting and implementing the policies and procedures. She has to have intimate knowledge of the firm’s operations in order to administer an effective compliance program. Remember that the Commission stated in the Release that the Chief Compliance Officer should be competent, knowledgeable and empowered. It would therefore be logical to infer that a reasonable amount of time would have to be spent not only overseeing the structure of the compliance program but its implementation as well. Because of this, I am wary about whether a compliance “rent a cop” could really be up to the task. For example, is it reasonable to expect a Compliance Officer in New York to be able to effectively implement and monitor a compliance program in California? Is it reasonable for a Compliance Officer serving 10 different fund complexes to effectively service them all? This is a decision that must be made by the fund’s Board. In thinking through this issue, be aware that if the compliance program is not effective because the procedures are not implemented effectively and problem is insufficient Chief Compliance Officer involvement or expertise, your fund firm will not be in compliance with the Rule.
However, with this new proposed rule, the SEC would now have the ability to more easily identify which RIA firms are utilizing the services of an outsourced CCO person or firm. While not directly stated in the proposed rule for additional disclosure, one can assume that the SEC may ultimately determine that firms utilizing an outsourced CCO should receive a higher investment adviser examination risk rating in future years.
As RIA compliance consultants, we’ve always stressed to the over 1,200 investment advisory firms that we provide compliance support to that it is essential that the proper individual at the firm fulfill the firm’s CCO role requirements. In its final rules release on February 5, 2004 titled Compliance Programs of Investment Companies and Investment Advisers, the SEC noted:
Rule 206(4)-7 requires each adviser registered with the (SEC) to designate a chief compliance officer to administer its compliance policies and procedures. An adviser’s chief compliance officer should be competent and knowledgeable regarding the Advisers Act and should be empowered with full responsibility and authority to develop and enforce appropriate policies and procedures for the firm. Thus, the compliance officer should have a position of sufficient seniority and authority within the organization to compel others to adhere to the compliance policies and procedures
Some may argue that advancements in technology over the past decade allow for much better remote compliance monitoring and supervision. While this may be true, there is still no substitute to having a competent individual with proper seniority located in an advisory firm’s physical office to hold the Chief Compliance Officer role. Especially in smaller RIA firms, it’s quite common for this individual to also hold other roles at the firm, but it’s essential that the CCO seek out the proper guidance and training in order to be properly equipped to fulfill the responsibilities of the Chief Compliance Officer position. As such, we encourage any investment adviser thinking about hiring an outsourced CCO to proceed with tremendous caution given the SEC staff’s clear guidance on the issue. Unfortunately, the short term cost savings may lead to further regulatory issues in the future.