The decision of the US Securities and Exchange Commission to require fund managers to disclose on their Form ADV whether they have outsourced their chief compliance officer role is starting to cause some angst. Asset managers wonder if they will be targeted for additional scrutiny, only because they delegated their regulatory compliance work to an external provider.
Form ADV, used by investment advisers to register with the SEC, consists of two parts. The first, relying on a check-the-box format, collects information on the business, ownership, clients, employees, affiliations and disciplinary actions, The second requires narrative explanations on types of services, disciplinary actions, fees, conflicts of interest and employees.
As of October 2017, registered investment fund advisers must cough up more details about their separately managed account (SMA) business, must aggregate data about the use of borrowings and derivatives, and disclose more information about other aspects of their advisory business. That includes branch office operations and the use of social media. “The SEC has been expanding its reach from traditional investment advisers to private fund advisers to pooled funds such as hedge funds and private equity,” says Jay Baris, a partner with the law firm of Morrison & Foerster in New York. “SMAs can be considered hedge funds for single accounts or individuals.”
However, one of the questions on the new Form ADV — item 1J — specifically addresses the issue of outsourced CCOs. It asks fund managers to reveal whether they are using a third-party compliance manager, the name of the individual, the firm used and its IRS Employer Identification number. Until now, the form only required that the fund manager identify the CCO, so the SEC had no way of knowing whether the CCO was an internal or external employee. About 30 percent of registered investment advisors engage external CCOs, fund managers tell FinOps Report.
Seven out of the ten fund management operations directors contacted by FinOps Report say they are worried that the SEC will be more rigorous in exams of firms using external compliance officers. Because the new Form ADV gives the SEC for the first time the ability to track outsourced CCOs, the agency could give the registered investment advisers relying on outsourced CCOs a higher examination risk ranking, particularly if they are using outsourced services that are already in their sites as potentially risk. The SEC relies on a risk-based approach to determine whether it will examine a registered investment adviser. The higher the risk rating the more likely an exam will take place.
“The SEC will likely be looking at the ‘concentration risk of particular external compliance managers. That means that if the SEC notices one with too many clients, it might wonder whether it can juggle all of them and pay closer attention to its client fund managers, even if there is no indication of any problems,” predicts one compliance manager at an East Coast fund management shop. Likewise, says another, “the SEC might decide to put any fund management firm with an outsourced chief compliance officer under greater scrutiny during an exam.” The SEC declined to comment for this article.
Even if the SEC doesn’t use the information about outsourced CCOs sharpen scrutiny on fund managers that use them, it is still on a fishing expedition for information, particularly about the outsourced CCOs. “The SEC says it wants the information to measure the quality and effectiveness of CCO structures and to improve the ability to assess potential risks,” says Baris. “This suggests the SEC wants empirical data to help it determine whether advisers that outsource CCOs are more likely to experience particular compliance issues or not.”
Why is the SEC so focussed on this? “The concern may originate from a common believe that outsourced CCOs generally do not have the same level of access to an advisor’s operations, as would a CCO employed by the adviser, because the outsourced CCO may serve several advisers,” says Baris.
Past Indications
The new requirements for Form ADV aren’t the first time the SEC has suggested that outsourcing the role of the CCO could be risky business. Lori Richards, the former director of the SEC’s Office of Compliance Inspections and Examinations (OCIE) did so in June 2004, about five months after the SEC started requiring registered investment advisers to appoint CCOs. “I am wary of whether a compliance rent a cop could really be up to the task. For example, is it reasonable to expect a compliance officer in New York to be able to effectively implement and monitor a compliance program in California,” said Richards at the Investment Company Institute’s mutual fund compliance programs conference in Washington DC. She also noted that fund boards should be aware that if a compliance program is not effective because procedures were not implemented effectively due to an insufficient chief compliance officer, the firm will be in violation of SEC rules.
The SEC first hinted it might more closely monitor firms that outsourced their CCO role in May 2015 when it proposed amendments to Form ADV that would require advisers to report whether their CCO is compensated or employed by any person other than the adviser or an affiliate. At that time, the SEC said: “Our examination staff has observed a wide spectrum of both quality and effectiveness of outsourced chief compliance officers and firms. Identifying information for these third-party providers, like others on Form ADV would allow us to identify all advisers relying on a particular service and could be used to improve our ability to assess potential risks.”
In November 2015, the SEC issued a detailed risk alert on the “growing trend of outsourcing chief compliance officers. The deep dive by the commission mentioned cases of strong compliance work by outsourced officers but it also said that some practices by off-site CCOs were cause for concern. In some cases, the fund managers never implemented their suggestions; in worse cases, the outsourced CCO was clueless about the firm’s activities. “A CCO, either as a direct employee of a registrant or as a contractor or consultant, must be empowered with sufficient knowledge and authority to be effective,” said the SEC.
At that time the SEC laid out broad guidelines for companies using an outsourced compliance officer. The agency’s attention to the growing trend of using third-party compliance providers renewed discussion over when it is appropriate for a company to use an outsourced chief compliance officer. Although CCOs were relieved that the SEC finally clarified what were previously unclear expectations, debate still remains over whether using outside compliance officers is a good idea. Some smaller firms may need to do so because they don’t have the in-house compliance expertise, while others may view compliance as such an important task that it can never be outsourced. The most common business model is to augment an internal CCO with an external consultancy specializing in specific compliance issues, say fund management compliance managers.
Investment advisers thinking about contracting outsourced CCOs or those already using them should take notice. The requirement to report information about the adviser’s CCO structure might not change the reasons to outsource a CCO, but at the very least it may change the way advisors handle their external CCO relationships. “Given the SEC’s repeated suggestions about the potential shortcomings of external CCOs, investment advisors might want to think twice about using an outsourced CCO,” says the compliance manager of a US fund management firm. “If they do, they need to put in place more rigorous procedures to ensure performance. An ineffective CCO is the last thing a fund manager needs.”
Leave a Comment
You must be logged in to post a comment.