SEC Views on Compliance Outsourcing
On November 9, 2015, the SEC issued a Risk Alert about compliance outsourcing. Due to increasing regulations and reporting requirements, we have seen a growing trend in the investment management industry for firms to outsource some or all compliance duties to unaffiliated third parties. Often in smaller firms, where the person responsible for compliance wears multiple hats, there just isn't enough time or resources to handle everything required by the various rules and regulations. Fortunately, firms can obtain assistance from a multitude of consultants and law firms who provide compliance services, including acting as a firm's Chief Compliance Officer (CCO).
The SEC gave an early indication that compliance outsourcing was on its radar back in May 2015, when it proposed amendments to the ADV rule that (if passed) would require firms to provide data on outsourced compliance officers. The SEC conducted a sweep audit of approximately 20 firms that outsourced CCO duties, and the Risk Alert is the result of that sweep audit.
In brief, the SEC found that outsourced CCOs who had more frequent, regular, personal interaction with their advisory firm clients had a better understanding of these firms' businesses, operations, and risks. Thus, these firms had fewer inconsistencies between their policies and their actual business practices.
In comparison, firms that used outsourced CCOs who merely provided standardized checklists or template policies sometimes failed to adopt these template solutions to their actual business practices. As a result, there were discrepancies between the written policies and what the firms were actually doing in practice. SEC staffers have said on a number of that to have a written policy that is not followed may be viewed more harshly than to have no policy at all.
In other words, one-size-fits-all, off-the-shelf compliance solutions present risks for firms who don't adequately customize those solutions to fit their actual business practices. This is one reason why Adroit Compliance has a different business model. Our process is to achieve a comprehensive understanding of each client's business model to provide customized compliance support appropriate for each client's needs.