OCIE Director Instructs Advisers to Empower Chief Compliance Officers

Sheppard Mullin Richter & Hampton LLP
Contact

Sheppard Mullin Richter & Hampton LLP

On November 19, 2020, Peter Driscoll, director of the Office of Compliance Inspection and Examination (“OCIE”) of the Securities and Exchange Commission (“SEC”), gave a speech urging advisory firms to empower their Chief Compliance Officers (“CCOs”).  The speech, made at the SEC’s annual compliance outreach conference, accompanied OCIE’s Risk Alert, issued the same day, identifying notable deficiencies and weaknesses regarding Registered Investment Advisors (“RIAs”) CCOs and compliance departments.  Driscoll’s speech complemented the Risk Alert by outlining the fundamental requirements for CCOs:  “empowered, senior and with authority.”

Under Rule 206(4)-7 promulgated under the Investment Advisers Act of 1940, 17 C.F.R. § 270.38a-1 (the “Compliance Rule”), an RIA must adopt and implement written policies and procedures reasonably designed to prevent violation of the Advisers Act and the rules thereunder.  According to Driscoll, this cannot be done unless the RIA’s CCO is empowered to fully administer the firm’s policies and procedures and holds a position of sufficient seniority and authority to compel others to comply with those policies and procedures.  In its Risk Alert, OCIE identified common compliance deficiencies among RIAs directly stemming from an unempowered CCO, including a lack of sufficient human resources to implement policies and procedures, failure of executive management to support the CCO, and even firing the CCO for reporting suspicious behavior.  In order to address and prevent these deficiencies, Driscoll described a set baseline expectations regulators should look for, and which firms can adopt, in assessing the power and authority of the CCO and compliance function.

  • Compliance Resources: RIAs should continually reassess their budgetary needs based on their business model, size, sophistication, adviser representative population and dispersal, and provide for sufficient resources as necessary for compliance with applicable laws.  This may mean hiring additional compliance staff and upgrading information technology infrastructure, especially if the firm has grown or taken on a new business.  Compliance staff should be trained, at a minimum, to perform annual reviews, accurately complete and file advisor registration forms (Form ADV), and timely respond to OCIE requests for required books and records.
  • Responsibility of CCOs: While CCOs may have multiple responsibilities, they must be, at a minimum, knowledgeable of the Advisers Act and its mandates in order to fulfill their responsibilities as CCO.  CCOs should not only assist firms from avoiding compliance failures, but should also provide guidance on new or amended rules.
  • Authority of CCOs: Senior management should vest CCOs with ample authority and routinely interact with them.   CCOs need to understand their firm’s business and, when necessary, be brought into the business decision-making process.  CCOs should also have access to critical operational information such as trading exception reports and investment advisory agreements with key clients.  CCOs should be consulted on all matters with potential compliance implications, such as disclosures of conflicts to clients, calculation of fees, and client asset protection.
  • Position of CCOs: At a minimum, CCOs should report directly to senior management, and preferably be a part of senior management.  CCOs should not be mid-level officers or placed under the Chief Financial Officer function.
  • Security of CCOs: CCOs should have confidence that they can raise compliance issues with the backing and support of senior management without being scapegoated or terminated.

These expectations should not be read as an exhaustive checklist but as a preliminary framework for evaluating the effectiveness of a firm’s compliance function and its CCO – key elements of a firm’s ability to comply with the mandates of the Compliance Rule.  This framework can be also be used to ensure the firm’s compliance function is appropriately tailored to its size, business model, and compliance culture.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Sheppard Mullin Richter & Hampton LLP | Attorney Advertising

Written by:

Sheppard Mullin Richter & Hampton LLP
Contact
more
less

Sheppard Mullin Richter & Hampton LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.