Compliance Program Rule, Rule 206(4)-7 | Compliance Programs | SEC News

SEC issues Risk Alert on Outsourcing Compliance

SEC Municipal Advisor Rule

By Jaqueline M. Hummel, Managing Director

November 13, 2015

On November 9, 2015, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) published a Risk Alert on the outsourcing of compliance activities by investment advisers and funds.  OCIE conducted an “Outsourced CCO Initiative,” targeting SEC-registered investment advisers using third parties in the role of Chief Compliance Officer.

The staff conducted nearly 20 examinations and found …. nothing new.  The most effective outsourced CCOs were those that:

  1. Communicated frequently with advisory and fund personnel
  2. Devoted sufficient time and resources to perform their compliance duties
  3. Received unfettered access to records required to perform annual reviews

If the outsourced CCO has an in-depth understanding of the firm, its business model and operations, then the firm generally had better policies, procedures and disclosures in place to address its risks and conflicts of interest.  Conversely, outsourced CCOs who “infrequently” visited their clients’ offices and conducted “only limited reviews of documents or training on compliance-related matters while onsite” generally were less effective in implementing a robust compliance program. 

The staff’s findings would be true of any CCO, whether outsourced or in-house.  All CCOs should be knowledgeable of the securities laws and regulations, as well as the business and operations of the firm.  All CCOs should also be supported by management and given sufficient resources to perform the job.  The SEC has made this point many times by bringing cases under Rule 206(4)-7 of the Advisers Act (the Compliance Program Rule) against firms for failing to devote adequate resources to compliance.[1] 

From the consultant’s perspective, it is much easier to provide quality service when firm management supports the compliance effort, and ensures that all employees understand their roles in implementing the compliance program.  When a firm fully engages in the compliance effort, the compliance program is much more rigorous and effective.  Engagement means reviewing and providing feedback on compliance policies and procedures, including compliance personnel in discussions about new products, marketing efforts and operating issues, and disclosing material facts. 

From a firm perspective, a consultant should be knowledgeable, available and proactive. The consultant should request firm input to determine the gaps in the existing compliance program and the regulatory risks specific to the firm’s business, operations and client base.  The consultant should also assist the firm in developing a testing schedule based on the duties and responsibilities included in the compliance manual and regulatory requirements. When new regulations are enacted, the consultant should contact the firm to explain the potential impact and provide recommendations on actions to take.   

The big takeaway from the SEC’s risk alert is that outsourcing the CCO’s role is neither a magic bullet to avoid liability, nor an automatic strike against an adviser.  The SEC expects firms who outsource the compliance function to select experienced and knowledgeable consultants who can dedicate sufficient time and resources to effectively manage a compliance program.  Additionally, the SEC stresses that the adviser “is ultimately responsible for adopting and implementing an effective compliance program and is accountable for its own deficiencies.”  So an adviser must be willing to give the consultant sufficient information, attention and authority to be effective.       


[1] For example, In the Matter of The Buckingham Research Group, Inc., Buckingham Capital Management, Inc., and Lloyd R. Karp, IA Release No. 3109, November 17, 2010,; In the Matter of OMNI Investment Advisers Inc. and Gary R. Beynon, at  In the Matter of Consultiva Internactional, Inc., at; In the Matter of Equitas Capital Advisors, LLC, Equitas Partners, LLC, David S. Thomas, Jr., and Susan Christina, at; In the Matter of Stephen Derby Gisclair, at and [1] In the Matter of Pekin Singer Strauss Asset Management, Inc., IA Release No. 4126, at