Back in 2005, Associate Director Office of Compliance Inspection and Examinations of the SEC, Gene Gohlke gave a speech addressing hedge funds who would soon have to register under the doomed hedge fund rule. He focused on what the funds needed in a Chief Compliance Officer.
Rule 206(4)-7 requires a registered investment adviser to designate an individual responsible for administering the policies and procedures required to avoid violation of the Investment Adviser Act and its rules. That’s all the rule requires of a CCO.
The release adopting the Rule 206(4)-7 provides some more background on the requirement:
An adviser’s chief compliance officer should be competent and knowledgeable regarding the Advisers Act and should be empowered with full responsibility and authority to develop and enforce appropriate policies and procedures for the firm. Thus, the compliance officer should have a position of sufficient seniority and authority within the organization to compel others to adhere to the compliance policies and procedures. [C.1.]
The release also makes it clear that the adviser does not have to hire an additional person to take on the rule.
A CCO must have a good understanding of the requirements imposed by the Advisers Act, the related rules, and other aspects of the regulatory regime for advisers. A CCO should also remain current regarding changes to the regulatory requirements as the SEC changes and adds to them.
Gohlke lays out the need to have familiarity with the steps needed to create a compliance program:
- Risk identification and assessment. Know how to identify conflicts and other compliance factors creating risk exposure for the firm and its clients in light of the firm’s particular operations.
- Creating policies and procedures. Address the risks identified. The policies and procedures should address all conflicts of interest and other risks the firm is exposed to and not a set of risks that advisers in general may have.
- Implementation. Recognizing the principles of good management and controls.
Position in Organizational Structure
The compliance officer should have a position of sufficient seniority and authority within the organization to be able to compel others to adhere to the firm’s compliance policies and procedures. CCOs should be a member of the senior management of a firm.
The 24 Functions
Gohlke lays out a list of 24 functions that CCOs of advisers should perform or consider performing. (He admits that this ia an ambitious list and that they are above and beyond what is required by Rule 206(4)-7.)
- Advises senior management on the fundamental importance of establishing and maintaining an effective culture of compliance within the firm.
- Confers with and advises other senior management of the firm on significant compliance matters and issues.
- Is not only available but is sought out on a “consulting” basis regarding compliance matters and issues by business people throughout the firm. Should become known as the “go to person” on compliance matters.
- Becomes involved in analyzing and resolving significant compliance issues that arise.
- Ensures that the steps in the firm’s compliance process – risk identification, establishing policies and procedures and implementing those policies and procedures – are appropriate and are undertaken timely by staff of the firm to whom those functions have been assigned.
- Becomes personally involved in various steps of the process such as serving on risk or policies and procedures committees when necessary and appropriate.
- Ensures that compliance policies and procedures are comprehensive, robust, current and reflect the firm’s business processes and conflicts of interest.
- Ensures that appropriate principles of management and control are observed in the implementation of policies and procedures. These principles include separation of functions, clear assignment of responsibilities, measuring results against standards and reporting outcomes.
- Ensures that all persons within the firm with compliance responsibilities are competently and fully performing those functions.
- Ensures that quality control (transactional) testing is conducted as appropriate to detect deviations of actual transactions from policies or standards and that results of such tests are included on exception and other management reports and are promptly addressed, escalated when necessary, and resolved by responsible business people.
- Ensures there is timely and appropriate review of material and repetitive compliance issues as indicators of possible gaps and weaknesses in policies and procedures or risk identification processes and facilitates the use of such information in keeping the firm’s compliance program evergreen.
- Undertakes periodic analyses and evaluation of compliance issues found in the regular course together with the results of appropriate forensic testing conducted by compliance staff as a means for obtaining additional or corroborating evidence regarding both the effective functions of the firm’s compliance program and the possible existence of disguised or undetected compliance issues.
- Ensures that compliance programs of service providers used by the adviser are effective so that the services provided by these firms are consistent with the adviser’s fiduciary obligations to its clients.
- Establishes a compliance calendar that identifies all important dates by which regulatory, client reporting, tax and compliance matters must be completed to ensure that these important deadlines are not missed.
- Promotes a process for regularly mapping a firm’s compliance policies and procedures and conflicts of interest to disclosures made to clients so that disclosures are current, complete and informative.
- Manages the adviser’s compliance department or unit in ways that encourages proactive work, a practice of professional skepticism and “thinking outside the box” by compliance staff.
- Manages the adviser’s code of ethics which is a responsibility given to CCOs of advisers by rule 204A-1 under the Advisers Act.
- Undertakes or supervises others in performing the required annual review of an adviser’s compliance program. Every adviser is required to conduct at least an annual review of its compliance program. The review should consider any compliance matters that arose during the previous year, any changes in the business activities of the adviser or its affiliates, and any changes in the Advisers Act or applicable regulations that might suggest a need to revise the policies or procedures. Although the rule requires only annual reviews, advisers should consider the need for interim reviews in response to significant compliance events, changes in business arrangements, and regulatory developments.
- Reports results of the annual review to senior management and ensures that recommendations for improvements that flow from the review are implemented as appropriate.
- Is a strong and persistent advocate for allocating an appropriate amount of a firm’s resources to the development and maintenance of an effective compliance program and compliance staff.
- Recognizes need to remain current on regulatory and compliance issues and participates in continuing education programs.
- Ensures that staff of the firm is appropriately trained in compliance-related matters.
- Is the adviser’s liaison and point of contact with SEC examination staff, both during exams and as part of the SEC’s CCOutreach program.
- Is active in industry efforts to develop and implement good compliance practices for advisers to private investment funds.
That’s a big list of things to take on.
Although the SEC does not require a separate individual to take on the role of CCO, I occasionally hear some skepticism when a person assumes this role as an additional part of their job. The question the SEC asks is “what responsibilities did you relinquish in order to have time to take on the CCO role?”
Help Wanted image is by Andi Szilagyi