By Carlos Guillen
With the Securities and Exchange Commission announcing adoption of Form ADV amendments proposed last year, regulated entities must now report if they outsource their chief compliance officer, and specify the name and tax identification for that individual.
The goal, according to the agency, is to enhance monitoring and regulation of the asset management industry, and improve the agency’s ability to assess potential risk. Firms must file newly amended Form ADVs under the requirement with the first amendment filed after October 1, 2017.
Explaining the rule, the commission noted its staff “has observed a wide spectrum of both quality and effectiveness of outsourced chief compliance officers and firms.” Advisors are already required to report on their Form ADV the names and addresses of independent public accountants that perform audits, surprise examinations and internal control reviews. The broadened amendment underscores the importance to regulators of ensuring the quality of a firm’s third party service providers.
Responding to the SEC’s invitation to weigh in on the rule before it was formalized, a number of observers expressed concern that it imposes a new burden on advisors that are already besieged with disclosure requirements. One commenter expressed concern that indicating a firm is outsourcing its CCO could “invite scrutiny about [the] advisor’s judgment in hiring externally versus internally.” Yet another commenter expressed concern that firms reporting they are outsourcing compliance management could be viewed as themselves having compliance problems.
The requirement will be no cause for concern for firms that already make high-caliber compliance management a top priority. The rule simply underscores the importance of selecting a qualified CCO – a goal that is in a firm’s and its clients’ best interests, whether the CCO is outsourced or in-house. Moreover, the trend to outsource the CCO function is gaining momentum and wider acceptance. Industry observers recognize the specialized and sensitive role is best left to experts.
"For smaller firms, it makes a lot of sense to hire an outside compliance consultant to help them meet their regulatory obligations," said Jaqueline Hummel, Managing Director and Partner, Hardin Compliance Consulting. "Consultants deliver experience and organizational resources to manage the compliance function. Especially in situations where a CCO has left a firm, or compliance staff needs help understanding regulations, an outside consultant can step in quickly to keep the firm on track."
Financial firms should do their due diligence to determine if a CCO outsource provider has the expertise and resources suited to the job, particularly since the outsourced CCO’s identity will now be public. In this regard, many compliance consultants and service providers are automating their compliance management toolkit to ensure the highest service levels possible on behalf of their clients.
Outsourced service providers, including CCOs, are increasingly relying on software to help manage compliance tasks, whether for one or multiple clients. Automated solutions can give CCOs an enterprise view of compliance management activities in progress or awaiting action, such as risk assessments, compliance manual updates or pending reviews. A dynamic web-based dashboard and online portal deliver enterprise visibility within or across organizations, with centralized activity management. Automated reminders and time-stamped tasks memorialize actions taken by responsible parties.
As financial firms yield to regulatory requirements to identify the individual(s) filling the role as their outsourced CCO, they should turn a critical eye to the selection criterion. What differentiates the CCO in the quality and standard of care that it offers? What are the tools he or she uses to manage compliance? Should an issue arise, does the outsourced CCO have the ability to instantly deliver historical documentation of compliance management tasks performed and actions taken?
With the new Form ADV disclosure comes increased scrutiny of the caliber of outsourced CCO service provider a firm retains to manage its compliance program. Registrants should carefully scrutinize the tools, expertise and resources the provider uses to carry out its duties.
These criterion are all the more important as regulators justifiably widen the purview of risk management accountability from regulated entities to the service providers that support them.
Carlos Guillen is the president, CEO and founder of BasisCode Compliance.