FINRA Arbitration: How One Advisor’s Fight Cleared His Record of an Old Annuity Claim
The High Cost of RIA Compliance Oversight: A Cautionary Tale
CFP Board vs. BrokerCheck: A Battle for Advisor Fairness
Why a “Dismissed” Claim Isn’t Enough: A Virginia Advisor’s Fight to Expunge His BrokerCheck Record
Outsourced CCO for RIAs: Is It SEC-Compliant?
Outsourcing the Chief Compliance Officer (CCO) position is a significant dilemma for many Registered Investment Advisors (RIAs). While having a dedicated CCO is essential for meeting regulatory obligations, a growing number of firms are considering whether to hire an external professional. This trend raises a critical question: Is the SEC concerned about RIAs outsourcing this key role?
The short answer is that the SEC does not prohibit it, but its guidance and observations highlight a clear focus on the CCO’s competence and authority, regardless of their employment status. This guide will explore the regulatory landscape and provide clarity on what the SEC expects from an outsourced CCO, helping your firm make an informed decision to maintain continued compliance and success.
The Regulatory Baseline: 17 CFR § 275.206(4)-7(c)
The foundation of CCO requirements lies in 17 CFR § 275.206(4)-7(c), which mandates that RIAs “designate an individual (who is a supervised person) responsible for administering the policies and procedures1.” The rule necessitates a designated individual to oversee your firm's compliance framework.
- Key takeaway: The regulation focuses on the designation of a supervised person, and it doesn't prohibit outsourcing.
SEC Insights: OCIE's Observations & The CCO's Role
The SEC's Office of Compliance Inspections and Examinations (OCIE) has provided valuable insights through its Risk Alert (November 19, 20202) and a speech by then-Director Peter B. Driscoll titled “The Role of the CCO – Empowered, Senior, and With Authority3.”
- The SEC emphasizes that a CCO must be competent, knowledgeable regarding the Advisers Act, and possess the authority to enforce compliance policies and procedures4.
- OCIE has identified these concerns around the COO position:
- restricting CCO access to critical compliance information;
- limited interaction between management and the CCO;
- management action without consulting the CCO on compliance matters;
- insufficient CCO resources due to staffing or additional job functions; and
- rapid firm growth without adequate compliance staff expansion.
- Neither the OCIE nor the SEC have released any guidance, as it pertains to RIAs outsourcing the CCO role. The OCIE only discusses that the CCO should have seniority, authority, and be empowered to fulfill the duties of the CCO. These observations highlight the SEC's focus on the CCO's effectiveness, regardless of whether the CCO is in-house or outsourced.
The Proposed Rule: Increased Due Diligence
In 2022, the SEC proposed a rule aimed at enhancing due diligence for outsourced functions, including the CCO role. While this rule is not yet approved, it signals the SEC's interest in ensuring that firms select service providers with appropriate expertise.
- The proposed rule doesn't prohibit outsourcing, and it emphasizes the need for thorough vetting of service providers.
- The SEC has voiced concerns regarding firms claiming ignorance of compliance issues due to reliance on outsourced compliance. As shown in the proposed rule document: (cite to https://www.sec.gov/files/rules/proposed/2022/ia-6176.pdf)
- The SEC wants to ensure that the service provider has sufficient knowledge of the firm's business to provide accurate services, such as Form ADV filings and Form CRS.
AdvisorLaw's Approach: Expertise & Empowerment
AdvisorLaw understands the SEC's focus on CCO competence and authority. Our Outsourced Chief Compliance Officer (OCCO) team is built on:
- Extensive Experience: Each team member is required to have a minimum of 10 years of industry experience and may have held securities licenses, such as the Series 4, 6, 7, 9, 10, 24, 63, 65, and 66. Currently, members of AdvisorLaw’s OCCO team each have over 13 years of experience in the legal or financial services industry, including compliance, operations, and production.
- Team Support: Our team is managed by an experienced attorney with more than 20 years of industry experience. It also includes associates and compliance analysts, who provide a wealth of knowledge and support.
- Independence & Authority: Our Senior Compliance Analysts (SCAs) are AdvisorLaw employees, ensuring that they have the independence to act in the best interest of your firm’s compliance requirements.
- Empowerment Through Partnership: “Empowerment, seniority, and authority” — Peter B. Driscoll, Director of the OCIE, specifically used these three words to reinforce how important they are in the speech that he gave on November 19, 2020. A CCO must be empowered by the firm, have seniority, and the firm must respect the CCO’s authority. We work closely with our clients to ensure that our SCAs are empowered by you and have the necessary authority.
AdvisorLaw's OCCO Advantage
AdvisorLaw provides clients with a Senior Compliance Analyst (SCA) — a highly qualified professional with extensive industry experience — to serve in the CCO role. This individual is supported by a robust team of compliance professionals who collectively serve over 250 RIAs nationwide. The breadth and depth of our team's combined experience and knowledge offer a significant advantage that often surpasses the capabilities of a single, in-house CCO.
While AdvisorLaw's SCAs possess the requisite seniority for the CCO role, their effectiveness hinges on a strong working partnership with our clients. The empowerment granted to our SCAs and the authority they wield are directly influenced by this collaboration. Regardless of whether a CCO is in-house or outsourced, success is contingent upon the unwavering support of the RIA’s management and personnel. The SCA's ability to effectively implement and enforce compliance policies directly correlates with the level of backing received from the firm.
Our Stance: Empowered OCCOs Meet Regulatory Standards
If an SCA perceives a lack of proper empowerment or encounters persistent disregard for established policies and procedures, they are obligated to escalate their concerns to the adviser. In extreme cases, the SCA may be compelled to resign from the CCO role. This action, while significant, is more readily executed by an OCCO, as it involves terminating a client relationship, rather than resigning from employment. This independence underscores the OCCO's ability to prioritize compliance without the constraints faced by an in-house CCO, who would need to seek alternative employment.
Safeguarding Compliance: The OCCO's Independence & Accountability
Although the SEC has not explicitly endorsed or prohibited the outsourcing of the CCO role, AdvisorLaw firmly believes that a properly empowered outsourced chief compliance officer, backed by a dedicated team of experts, fulfills and exceeds all regulatory requirements for the CCO position.
In navigating the complexities of RIA compliance, the role of the CCO remains pivotal. The SEC's guidance emphasizes competence, authority, and empowerment. AdvisorLaw believes that a strategically implemented and empowered outsourced chief compliance officer, supported by a team of seasoned professionals, meets and even enhances regulatory compliance. By fostering strong partnerships and prioritizing independence, we provide RIAs with the expertise and support necessary to thrive in an ever-evolving regulatory landscape.
Connect with our compliance experts today! Fill out the form below to get started.
Engage with our experts today!