Outsourced CCOs, Back Under the Microscope
A recent dispatch from the SEC's OCIE highlighted concerns about the rise of outsourced compliance chiefs.
![bourgaize-murray bourgaize-murray](/sites/default/files/styles/landscape_750_463/public/import/IMG/106/287106/bourgaize-murray-580x358.png.webp?itok=DXKup3gH)
The SEC's Office of Compliance Inspections and Examinations (OCIE) doesn't exactly make a lot of news. With such a colorful name, it competes with the Internal Revenue Service (IRS) for enthusiasm among government entities ... and, well, generally not much more.
However, its National Exam Program occassionally pushes out studies designed to raise some eyebrows and this week produced one: A short-but-sweet note examined the rise of outsourced chief compliance officer (CCO) functions among smaller buy-side shops.
The outsourced CCO isn't anything new. You could probably say it really hit the big-time around 2011 or so, in the aftermath of the Bernie Madoff scandal.
In that year, Charles Schwab's Benchmarking Study for RIAs found that 38 percent of surveyed firms use such a service. Since then it has hovered around a third.
When the option first began gaining traction in the early 2000s after heightened compliance requirements came into force, Lori Richards, then OCIE director, emphasized the need for CCOs to have “intimate knowledge" of the firm’s operations in order to administer an effective compliance program.
It's a fair question to ask whether these "certain weaknesses", as the note described them, are directly attributable to the outsourced CCO phenomenon or, rather, if the level of compliance among RIAs and smaller investment shops is simply lacking — and, perhaps, if the level of understanding around expectations is lacking as well. Keep in mind, Peter Madoff — Bernie's compliance chief — was as close to Bernie as possible; in fact he was family.
"It would therefore be logical to infer that a reasonable amount of time would have to be spent not only overseeing the structure of the compliance program but its implementation as well," she said in a 2004 speech. "Because of this, I am wary about whether a compliance ‘rent-a-cop’ could really be up to the task.”
Custom Tailoring
Richards, in no small irony, left the agency in 2009 following criticism of OCIE's (lacking) oversight in the run-up to Madoff.
But a general sense of worry over outsourced compliance remains still today.
This week's note observed, for example, that "certain outsourced CCOs," when asked, "could not articulate the business or compliance risks of the registrant [RIA or investment firm] or, to the extent the risks were identified, whether the registrant had adopted written policies and procedures to mitigate or address those risks. In some instances, the risks described to the staff by the registrant’s principals were different than the risks described by the outsourced CCO."
Not good. In addition to these flaws, OCIE's staff broadly identified "several areas" where registrants did not appear to have tailored policies, procedures or disclosure requirements in place as part of their outsourcing agreement.
And unsurprisingly, a number of these highlighted areas are technology related. To wit (bold added):
- Critical areas were not identified, and thus certain compliance policies and procedures were not adopted, such as reviewing third-party managers hired to manage client money, or safeguarding client information.
- Policies were adopted, but were not applicable to the advisers’ businesses and operations, such as: monitoring of account performance composites when in practice the adviser did not monitor composites because it did not advertise performance; collecting management fees quarterly in advance when in practice clients were billed monthly in arrears; and referencing departed employees as responsible parties in performing compliance reviews or monitoring.
- Critical control procedures were not performed, or not performed as described, including: oversight of private fund fee and expense allocations; reviews of solicitation activities forcompliance with the Advisers Act; trade allocation reviews for fairness of side-by-side management of client accounts with proprietary accounts; oversight of performance advertising and marketing; personal trading reviews of all access persons; and controls over trade reconciliations.
A Sector Problem?
Now, it's a fair question to ask whether these "certain weaknesses", as the note described them, are directly attributable to the outsourced CCO phenomenon, or if the level of compliance among RIAs and smaller investment shops is simply still lacking — and, perhaps, if the level of understanding around those expectations is lacking as well. Is this a model problem, or a sector problem?
Keep in mind, Peter Madoff — Bernie's compliance chief — was as close to Bernie as possible; he was family, after all.
And these things aren't black-and-white issues. Oversight of trade reconciliation can prove tricky even for in-house compliance, depending on the asset class. The definition of prop trading continues to change. Troubles related to fees and the publishing of performance numbers — while less complicated or excusable — still happen frequently. And as for "safeguarding client information", we all know how much of a priority and challenge that's become in the cyber-crime era.
Next Time
Given the non-differentiating costs associated with operating a financial services firm at this point, one would think it doubtful that compliance will come back in-house after it's already left. Improved effort on the part of both firms and their services providers alike could be the answer, rather than changing the model.
But the next time a Madoff-type event happens, it may not be the culprit's brother sitting in the CCO chair, so much as someone at a much larger entity, flying blind.
And it could well have to do more with technical ignorance than a Ponzi scheme —or even one contributing to the other.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@waterstechnology.com or view our subscription options here: http://subscriptions.waterstechnology.com/subscribe
You are currently unable to print this content. Please contact info@waterstechnology.com to find out more.
You are currently unable to copy this content. Please contact info@waterstechnology.com to find out more.
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@waterstechnology.com
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@waterstechnology.com
More on Regulation
The costly sanctions risks hiding in your supply chain
In an age of geopolitical instability and rising fines, financial firms need to dig deep into the securities they invest in and the issuing company’s network of suppliers and associates.
Industry associations say ECB cloud guidelines clash with EU’s Dora
Responses from industry participants on the European Central Bank’s guidelines are expected in the coming weeks.
Regulators recommend Figi over Cusip, Isin for reporting in FDTA proposal
Another contentious battle in the world of identifiers pits the Figi against Cusip and the Isin, with regulators including the Fed, the SEC, and the CFTC so far backing the Figi.
US Supreme Court clips SEC’s wings with recent rulings
The Supreme Court made a host of decisions at the start of July that spell trouble for regulators—including the SEC.
This Week: FCA, Plato/Turquoise, Franklin Templeton, and more
A summary of the latest financial technology news.
Insurers deny cyber premiums are rising
Contrary to banks’ complaints, underwriters and brokers claim current market for policies is soft.
Size matters: US equity market players wrangle over new tick size regime
The industry expects the SEC to finalize the Reg NMS shake-up as soon as late summer. While there is broad agreement about the need for change, the extent of the reduction in access fees and tick sizes will have a big impact on markets.
CME: CFTC OKs clearing move to Google Cloud
The CFTC has given the Chicago-based exchange approval to run its clearing and settlement infrastructure on the Google Cloud Platform, while the exchange and vendor have extended their partnership to last until at least 2037.