November 11, 2015

SEC Releases Risk Alert Related to Outsourcing of Chief Compliance Officer Duties by Investment Advisers and Investment Companies

A Nov. 9 risk alert from the SEC’s Office of Compliance Inspections and Examinations outlines examination results and recommended practices for firms using third-party Chief Compliance Officers, often called outsourced CCOs.

On Nov. 9, the SEC’s Office of Compliance Inspections and Examinations (OCIE) released a risk alert reporting observations from its examination of investment advisers and investment companies that outsource their Chief Compliance Officer (CCO) duties to unaffiliated third-parties. As part of this Outsourced CCO Initiative, the SEC Staff noted that the role of CCO (a role mandated under Investment Advisers Act and Investment Company Act rules) is increasingly being outsourced by advisers and investment companies. Though OCIE noted that it found many strong third-party CCO practices in its initiative, it also identified several practices that should be strengthened.

A CCO should ensure that a proactive compliance policy tailored to the specific fund or adviser is in place and keep open lines of communication with those in charge of implementing the policies. The CCO should also command sufficient respect within the company to ensure that the CCO has access to documents necessary to performing his or her duties and the ability to demand change where necessary with company leaders.

OCIE noted several strong indicators of whether an outsourced CCO was able to effectively implement his or her duties including:

(1)   frequent, in-person communication with investment adviser or investment company employees (enabling the CCO to effectuate change where necessary, particularly with high-level employees on matters important to the SEC);

(2)   serving as the CCO for fewer funds or advisers rather than multiple, unaffiliated firms;

(3)   sufficient access to the investment adviser’s or investment company’s records on demand—largely fostered by a culture of in-person communication—allowing the CCO to ensure compliance with policies and to properly perform his or her annual review; and

(4)   the use of tailored compliance checklists, rather than standardized checklists, that allow the CCO to collect information uniquely relevant to the investment adviser or investment company.

Separately worthy of note is that, in a recent Financial Crimes Enforcement Network (FinCEN) rule proposal to require investment advisers to establish anti-money laundering programs, FinCEN suggested that “[a] person designated as a compliance officer should be an officer of the investment adviser.” If FinCEN maintains this position following adoption of a final AML program rule for investment advisors, then investment advisers subject to the rule may need to closely scrutinize circumstances in which they delegate responsibility for management of their AML programs to a third-party.