Compliance is a critical function in your firm, and its importance will only increase as industry regulations become more complex. On top of that, FINRA’s 2016 examinations will focus on how firms integrate compliance into their culture, adding another layer to your duties.
Ultimately, responsibility for compliance oversight rests with you. But given the growing demands you face, would it make sense to hire a chief compliance officer (CCO)? Although the answer to this question can depend on your business model, as many practices become more sophisticated and the industry shifts toward larger ensembles, more firms may decide to hire this dedicated compliance specialist.
The Evolution of the CCO
In years past, the compliance role was a generalist position, handled by someone who had many other responsibilities. But in today’s environment of increased regulations, more specialized expertise and a more sophisticated skill set are required, including competencies in risk, operations, and technology, as well as leadership skills.
For those of you with your own RIA, having a dedicated CCO is a requirement. And the SEC is specific in its definition. In the Final Rule: Compliance Programs of Investment Companies and Investment Advisers, it states that an individual in this role must be:
Competent and knowledgeable regarding the Advisers Act and should be empowered with full responsibility and authority to develop and enforce appropriate policies and procedures for the firm. Thus, the compliance officer should have a position of sufficient seniority and authority within the organization to compel others to adhere to the compliance policies and procedures.
In short, a CCO is responsible for ensuring that a firm complies with both internal and external policies and regulations. This may include creating and maintaining a compliance manual, as well as working with the firm’s leaders to ensure that compliance standards are adequate. For example, in response to the DOL’s new fiduciary rule, CCOs will need to revise their firms’ policies and procedures to reflect the changes the regulation requires.
What Are Your Options?
Given this ever-changing regulatory landscape, this may be a good time to evaluate your compliance needs. Depending on how you’re registered, you may have access, through your broker/dealer, to compliance professionals for guidance and support. But what if you need additional help to manage increasing requirements? If you’re rethinking how your firm addresses its responsibilities in this area, here are three options for filling the compliance role.
Option 1: Hire from within. In many offices, a staff member is responsible for fulfilling the firm’s compliance responsibilities, as well as other duties. Consider ramping up that individual’s compliance functions so that additional requirements are met.
- A current staff member knows and understands your practice.
- He or she already has a general understanding of compliance requirements.
- He or she is likely to have the organizational skills and operational understanding to oversee most aspects of compliance.
- You maintain control of compliance functions.
- Training the employee may become your responsibility.
- You may not know what you don’t know, which can lead to compliance violations.
- The employee may have limited experience in compliance, affecting his or her ability to protect your firm from risk.
- The employee may lack necessary leadership skills or the ability to think strategically.
Option 2: Hire from outside. Any time you bring on staff, it increases your fixed costs, so first consider whether hiring a CCO makes financial sense. Keep in mind that the compensation structure for a CCO is often a combination of base salary and discretionary bonus. As the CCO assumes additional responsibilities to keep up with increased regulation, his or her base salary is likely to increase.
- The CCO has the depth of compliance knowledge necessary to protect your firm.
- He or she is already trained and can take responsibility for your firm’s ongoing compliance training.
- He or she is prepared to jump in and provide the guidance and oversight your firm requires going forward.
- The new CCO must get to know your practice (e.g., investment and service models, operations, core processes).
- It may be difficult to find someone who has both the technical skills and the ability to lead your firm in creating a culture of compliance.
Option 3: Outsource. If you are your own RIA or a larger ensemble, outsourcing some compliance duties may be an option. For example, you may find that hiring someone to research and create internal manuals makes your compliance burden more manageable.
Of course, you must conduct proper due diligence to ensure that any outside firm you work with has highly qualified compliance professionals. It’s also important to remember that compliance with your supervisory firm’s policies and industry rules remains the responsibility of the registered people in your branch—although you can outsource support, implementation rests with you and your staff.
- The compliance professional you hire can provide expert guidance.
- He or she isn’t an employee, making it easier to freely discuss concerns.
- He or she will likely supplement the work your in-house compliance specialist is completing, which may be more cost-effective than hiring a new employee.
- You can control the number of hours he or she works.
- The outside compliance professional must learn your practice.
- He or she may support a number of clients, whose priorities might compete with your firm’s needs.
- You may not be able to get questions answered outside of the time he or she normally works with your firm.
- Your current staff may not be receptive to additional compliance support.
- You’ll need to carefully assess your business needs to determine the number of hours for which you will contract the compliance professional. (The outsourcing company you work with may not be amenable to adjusting the terms of the contract once they have been agreed upon, giving you little room to negotiate the specifics once you begin working with the contractor.)
Embracing a Culture of Compliance
Whatever option you choose, one aspect of FINRA’s examinations will be whether your firm has created a culture of compliance. Here are some steps you can take to demonstrate your commitment and ensure that your firm is embracing a culture of compliance:
- Implement a formal compliance program. There are no specific requirements regarding the structure of a compliance program, but consider pertinent information such as record retention, disclosures, data integrity, and more.
- Document and test your policies and procedures. Create repeatable processes that fulfill your compliance duties, test your procedures annually to ensure that they are still viable, and update them as necessary.
- Audit thyself. Conduct your own internal audits so that you can take steps to address deficiencies before an outside audit takes place.
- Prioritize communication. Develop a communications process that gives the person responsible for compliance direct access to the decision makers in the firm. It’s also essential to communicate compliance requirements to all employees in order to promote consistency in how requirements are carried out.
No matter how you choose to assign these duties—including whether or not you decide to hire a CCO—investing in compliance will help ensure that your firm is well positioned to thrive now and into the future.
Have you thought about hiring a CCO? How has your firm embraced a culture of compliance? Please share your thoughts with us below!