Sponsored by Commonwealth Financial Network.
By Angela Sarver
In 2016, FINRA decided to take a closer look at how firms integrate compliance into their culture. Although this focus didn’t make it into the 2017 exam priorities letter, it stands to reason that your compliance responsibilities will only increase as industry regulations, such as the Department of Labor’s Conflict of Interest Rule, become more complex.
If you’re affiliated with a broker/dealer, you likely receive some support and guidance from that firm, although compliance oversight is ultimately your responsibility. But as you grow your advisory firm, or consider becoming a registered investment adviser (RIA), you may find that you need a chief compliance officer (CCO) to help you manage your business.
From Generalist to Specialist
For years, the compliance role has been a generalist position, handled by someone who had many other responsibilities. But in today’s environment of increased regulations, more specialized expertise and a more sophisticated skill set—including competencies in risk, operations, and technology—are required.
If you have your own RIA, you’re required to have a dedicated CCO, and the SEC is specific in its definition of that role, stating that the individual must be:
Competent and knowledgeable regarding the Advisers Act and should be empowered with full responsibility and authority to develop and enforce appropriate policies and procedures for the firm. Thus, the compliance officer should have a position of sufficient seniority and authority within the organization to compel others to adhere to the compliance policies and procedures.
In short, a CCO is responsible for ensuring that a firm complies with both internal and external policies and regulations. This may include creating and maintaining a compliance manual, as well as working with the firm’s leaders to ensure that compliance policies and procedures are adequate.
3 Options for Filling the CCO Role
Given our ever-changing regulatory landscape, now may be a good time to reevaluate your needs and responsibilities in this area. If you think you may need a CCO, here are three options for filling the role:
1) Hire from within. You may have a staff member who is responsible for fulfilling the firm’s compliance responsibilities, as well as other duties. Consider ramping up that individual’s compliance functions to meet additional requirements.
- A current staff member knows and understands your practice.
- He or she already has a general understanding of compliance requirements.
- He or she is likely to have the organizational skills and operational understanding to oversee most aspects of compliance.
- You maintain control of compliance functions.
- Training the employee may become your responsibility.
- You may not know what you don’t know, which can lead to compliance violations.
- The employee may have limited experience in compliance, affecting his or her ability to protect your firm from risk.
- The employee may lack necessary leadership skills or the ability to think strategically.
2) Hire from outside. Any time you bring on staff, it increases your fixed costs, so first consider whether hiring a CCO makes financial sense. Keep in mind that the compensation structure for a CCO is often a combination of base salary and discretionary bonus. As the CCO assumes additional responsibilities, his or her base salary is likely to increase.
- The CCO has the depth of compliance knowledge necessary to protect your firm.
- He or she is already trained and can take responsibility for your firm’s ongoing compliance training.
- He or she is prepared to jump in and provide the guidance and oversight your firm requires going forward.
- The new CCO must get to know your practice (e.g., investment and service models, operations, core processes).
- It may be difficult to find someone who has both the technical skills and the ability to lead your firm in creating a culture of compliance.
3) Outsource. If you have your own RIA or head up a larger ensemble, outsourcing some compliance duties may be an option. For example, you may find that hiring someone to research and create internal manuals makes your compliance burden more manageable.
Of course, you must conduct proper due diligence to ensure that any outside firm you work with has highly qualified compliance professionals. It’s also important to remember that compliance with your supervisory firm’s policies and industry rules remains the responsibility of the registered people in your branch—although you can outsource support, implementation rests with you and your staff.
- The compliance professional you hire can provide expert guidance.
- He or she isn’t an employee, making it easier to freely discuss concerns.
- He or she will likely supplement the work your in-house compliance specialist is completing, which may be more cost-effective than hiring a new employee.
- You can control the number of hours he or she works.
- The outside compliance professional must learn your practice.
- He or she may support a number of clients, whose priorities might compete with your firm’s needs.
- You may not be able to get questions answered outside of the time he or she normally works with your firm.
- Your current staff may not be receptive to additional compliance support.
- You’ll need to carefully assess your business needs to determine the number of hours for which you will contract the compliance professional. (The outsourcing company you work with may not be amenable to adjusting the terms of the contract once they have been agreed upon it, giving you little room to negotiate the specifics once you begin working with the contractor.)
Demonstrating Your Commitment to Compliance
Whatever option you choose, remember that FINRA has expressed its desire to see firms create and maintain a culture of compliance. Here are some steps you can take to demonstrate your commitment:
- Implement a formal compliance program. There are no specific requirements regarding the structure of a compliance program, but consider pertinent information such as record retention, disclosures, data integrity, and more.
- Document and test your policies and procedures. Create repeatable processes that fulfill your compliance duties, test your procedures annually to ensure that they are still viable, and update them as necessary.
- Audit thyself. Conduct your own internal audits so that you can take steps to address deficiencies before an outside audit takes place.
- Prioritize communication. Develop a communications process that gives the person responsible for compliance direct access to the decision makers in the firm. It’s also essential to communicate compliance requirements to all employees in order to promote consistency in how requirements are carried out.
No matter how you choose to assign these duties—including whether or not you decide to hire a CCO—investing in compliance will help ensure that your firm is well positioned to thrive now and into the future.
This post originally appeared on Commonwealth Independent Advisor, a blog authored by subject-matter experts at Commonwealth Financial Network®, the nation’s largest privately held independent broker/dealer–RIA. To subscribe, please visit http://blog.commonwealth.com/.
Angela Sarver is manager, practice management at Commonwealth Financial Network®, member FINRA/SIPC, an independent broker/dealer–RIA.