On November 19, 2020, Peter Driscoll, Director of the Security and Exchange Commission’s Office of Compliance Inspections and Examinations (“OCIE”) spoke about the importance of empowering chief compliance officers (“CCOs”) in his opening remarks at 2020’s National Investment Adviser/Investment Company Compliance Outreach event.
Driscoll’s statements were meant to further emphasize the issue of compliance deficiencies, which he says “have been among the most common cited by OCIE, both for investment advisers and investment companies.”
Indeed, his comments come alongside a Risk Alert issued the same day that focused on investment adviser compliance program issues.
Empowering Chief Compliance Officers
“Empowerment, seniority and authority. These three words matter,” Driscoll says, bemoaning the “check-the-box” approach some firms take in employing CCOs.
Compliance officers aren’t just about filling a requirement, he says, but an essential component of running a business. And he says OCIE can tell when companies treat their compliance duties as such.
“We notice on exams when firms hire someone for the role to check the box but do not support or empower them. We notice when a CCO holds one or more roles in a firm and is inattentive to their compliance responsibilities. We notice when a firm positions a CCO too low in the organization to make meaningful change and have a substantive impact, such as a mid-level officer or placed under the CFO function. We notice when CCOs are expected to create policies and procedures, but are not given the resources to hire personnel or engage vendors to provide systems to implement those policies and procedures.”
By the same token, OCIE also notices when companies make good-faith efforts to integrate compliance into everything they do – when CCOs are given access and interaction opportunities with senior managers, and when actions back up words supporting CCOs and the compliance process.
“A good CCO can be a true ‘value-add’ to the business; by keeping up with regulatory expectations and new rules, they can assist in positioning their firms not only to avoid costly compliance failures, but also provide pro-active compliance guidance on new or amended rules that may provide advisers with additional business options.”
Driscoll also points out that while CCOs need to be empowered within their organizations, “the critical function of compliance should not fall on the shoulders of CCOs.” He says that no matter how capable a CCO is, they cannot be effective without management’s support.
He also brought up two difficult questions that he frequently fields that have varying answers depending on the organization:
- Who should a CCO report to? He says there’s no easy answer, with several variables, including the CCO’s experience, as well as the business’s leadership structure and compliance culture. “While I do not think there should be a uniform requirement of who a CCO should report to, I do believe that, at a minimum, a CCO should have a direct line of reporting to senior management, if not be part of senior management,” Driscoll says.
- How much should a firm budget for the compliance function? Again, this is another area where there is no hard answer. Instead, he says “firms should appropriately assess their own needs based on their business model, size, sophistication, adviser representative population and dispersal, and provide for sufficient resources as necessary for compliance with applicable laws.”
Ultimately, Driscoll says, “without a culture that truly values the CCO, supported by a sincere ‘tone at the top’ by senior management, a firm stands to lose the hard-earned trust of its clients, investors, customers and other key stakeholders.”
Read the full statement at https://www.sec.gov/news/speech/driscoll-role-cco-2020-11-19.