OCIE Director Instructs Advisers to Empower Chief Compliance Officers

On November 19, 2020, Peter Driscoll, director of the Office of Compliance Inspection and Examination (“OCIE”) of the Securities and Exchange Commission (“SEC”), gave a speech urging advisory firms to empower their Chief Compliance Officers (“CCOs”).  The speech, made at the SEC’s annual compliance outreach conference, accompanied OCIE’s Risk Alert, issued the same day, identifying notable deficiencies and weaknesses regarding Registered Investment Advisors (“RIAs”) CCOs and compliance departments.  Driscoll’s speech complemented the Risk Alert by outlining the fundamental requirements for CCOs:  “empowered, senior and with authority.”

Under Rule 206(4)-7 promulgated under the Investment Advisers Act of 1940, 17 C.F.R. § 270.38a-1 (the “Compliance Rule”), an RIA must adopt and implement written policies and procedures reasonably designed to prevent violation of the Advisers Act and the rules thereunder.  According to Driscoll, this cannot be done unless the RIA’s CCO is empowered to fully administer the firm’s policies and procedures and holds a position of sufficient seniority and authority to compel others to comply with those policies and procedures.  In its Risk Alert, OCIE identified common compliance deficiencies among RIAs directly stemming from an unempowered CCO, including a lack of sufficient human resources to implement policies and procedures, failure of executive management to support the CCO, and even firing the CCO for reporting suspicious behavior.  In order to address and prevent these deficiencies, Driscoll described a set baseline expectations regulators should look for, and which firms can adopt, in assessing the power and authority of the CCO and compliance function.

  • Compliance Resources: RIAs should continually reassess their budgetary needs based on their business model, size, sophistication, adviser representative population and dispersal, and provide for sufficient resources as necessary for compliance with applicable laws.  This may mean hiring additional compliance staff and upgrading information technology infrastructure, especially if the firm has grown or taken on a new business.  Compliance staff should be trained, at a minimum, to perform annual reviews, accurately complete and file advisor registration forms (Form ADV), and timely respond to OCIE requests for required books and records.

  • Responsibility of CCOs: While CCOs may have multiple responsibilities, they must be, at a minimum, knowledgeable of the Advisers Act and its mandates in order to fulfill their responsibilities as CCO.  CCOs should not only assist firms from avoiding compliance failures, but should also provide guidance on new or amended rules.

  • Authority of CCOs: Senior management should vest CCOs with ample authority and routinely interact with them.   CCOs need to understand their firm’s business and, when necessary, be brought into the business decision-making process.  CCOs should also have access to critical operational information such as trading exception reports and investment advisory agreements with key clients.  CCOs should be consulted on all matters with potential compliance implications, such as disclosures of conflicts to clients, calculation of fees, and client asset protection.

  • Position of CCOs: At a minimum, CCOs should report directly to senior management, and preferably be a part of senior management.  CCOs should not be mid-level officers or placed under the Chief Financial Officer function.

  • Security of CCOs: CCOs should have confidence that they can raise compliance issues with the backing and support of senior management without being scapegoated or terminated.

These expectations should not be read as an exhaustive checklist but as a preliminary framework for evaluating the effectiveness of a firm’s compliance function and its CCO – key elements of a firm’s ability to comply with the mandates of the Compliance Rule.  This framework can be also be used to ensure the firm’s compliance function is appropriately tailored to its size, business model, and compliance culture.


Copyright © 2020, Sheppard Mullin Richter & Hampton LLP.

SEC’s Office of Compliance Inspections and Examinations Releases 2019 Examination Priorities

On Dec. 20, 2018, the Office of Compliance Inspections and Examinations (OCIE) of the U.S. Securities and Exchange Commission (SEC) issued its annual Examination Priorities for 2019 (Exam Priorities), which is available for download here. The Exam Priorities focus around six thematic areas: (1) Retail Investors, including seniors and those saving for retirement; (2) Registrants responsible for critical market infrastructure; (3) FINRA and MSRB; (4) Digital Assets; (5) Cybersecurity; and (6) Anti-Money Laundering (AML) Programs.

As in the past, OCIE notes that their priorities are not exhaustive. The scope of any examination is determined through a risk-based approach that includes analysis of the registrant’s operations and products offered. For example, OCIE typically examines the disclo­sure of services, fees, expenses, conflicts of interest for investment advisers, and trading and execution quality issues for broker-dealers. OCIE is continually evaluating changes in market conditions, industry practices, and investor preferences to assess risks to both investors and the markets.

In connection with OCIE’s priority to protect retail investors, OCIE reviews retail fees and expenses paid by investors, conflicts of interest of industry personnel, treatment of senior investors and the advertising and suitability of retirement products, portfolio management and trading, operations of and the selection of mutual funds and ETFs, procedures of municipal advisors, procedures for broker-dealers entrusted with customer assets, and microcap securities.

OCIE also continues to prioritize critical market registrants impacting the safety and operation of our financial markets, including clearing agencies, entities subject to Regulation SCI, transfer agents, and national securities exchanges.

Finally, OCIE will prioritize examinations of the effectiveness of FINRA and MSRB, which are assigned the responsibility for certain aspects of investor protection. OCIE also will conduct inspections to gather information and evaluate practices affecting digital assets, cybersecurity, and AML programs (especially broker-dealers subject to express obligations and SAR filing obligations).

Overall, OCIE noted that although changes to its priorities may be continual, OCIE’s analytic efforts and examinations remain firmly grounded in its four pillars: promoting compliance, preventing fraud, identifying and monitoring risk, and informing policy.

 

©2019 Greenberg Traurig, LLP. All rights reserved.
This article was written by Arthur Don and Vincent Lewis of Greenberg Traurig, LLP.