Outsourced CCO

Home
Outsourced CCO

DEFINING OUR GOALS

CCS was a pioneer in providing fully outsourced chief compliance officer services. As with most of our offerings, client demand drove the development of our outsourcing solution.

Many prospective clients had become dissatisfied with the disinterested, non-committal, cookie-cutter, billable hour compliance consulting model. The legacy providers would offer generic advice based on public SEC statements and then walk away when it came time to implement policies or explain them to institutional clients or the regulators.

 

We set out to create a fully accountable, fixed price, and fully engaged outsourced chief compliance officer solution. Todd’s experience as a lawyer made him predisposed to an advice model in which the advice-giver owned full accountability and liability for any counsel. He wanted to create a compliance services model with the same sense of responsibility as a law firm providing a legal opinion.

 

Click here to learn more about how regulators view outsourcing.

Understanding risks.

The first consideration was how to manage risk. CCS began by focusing on extensive due diligence to ensure that we understood the risks inherent with every client and how to manage those risks.

1
Due diligence would include an on-site visit even before CCS would provide proposal pricing to ensure that management took compliance seriously and accepted the role that CCS would perform as CCO.
2
CCS would go on-site again with the entire service team to onboard the client during an extensive live meeting intended to exchange all relevant compliance information.
3
CCS would schedule a weekly call to discuss compliance issues and return again to the client site at least six times per year for compliance activities.
4
All of these touch points would ensure that our personnel would have as much information as any in-house employee.

Building the model.

The second challenge was to ensure that the SEC would allow CCO outsourcing. Along with a couple of other providers, Todd met with senior OCIE staff in Washington to discuss the outsourcing model. The SEC officials said that they did not believe CCO outsourcing was illegal or even undesirable as long as it was done properly.

  • The SEC objected to “cellophane outsourcing” in which the adviser retained a name-only outsourced CCO for a nominal fee without the extensive on-site communications and testing necessary to comply with the rules. The compliance firms in attendance advocated for high standards that included experienced compliance professionals, extensive engagement, ongoing and open communications, on-site testing, and senior management access.
  • Months later, the SEC released an Alert on acceptable CCO outsourcing practices. The Alert included many of the practices for which CCS and the other firms advocated. In the Alert, the SEC acknowledged that outsourcing compliance activities had become a “growing trend in the investment management industry.” The OCIE staff had conducted a review of 20 firms and described elements of compliance programs “where the outsourced CCO was generally effective.”
  • These elements included regular (in-person) communication with management, sufficient “registrant support” of the outsourced CCO, access to documents and information, and CCO knowledge of the business and regulatory requirements. The SEC also highlighted the importance of customized documents and testing over standardized checklists and template manuals.

 

We strongly supported the Alert and its recommendations. We then customized our program to the Alert’s recommendations:

  • Communications

    CCS requires an internal liaison/compliance officer who serves as a main point of contact. CCS schedules weekly calls with the…

    CCS requires an internal liaison/compliance officer who serves as a main point of contact. CCS schedules weekly calls with the liaison and other personnel that includes an agenda and minutes. The calls typically include, among other things, a discussion of current compliance issues, progress on the testing program, business changes that could affect the compliance program, and regulatory issues. In addition, CCS requires no less than six on-site visits per year for compliance activities for testing, meetings, and training. Also, the CCS program requires quarterly compliance meetings with senior members of management to address significant compliance issues resulting from the weekly calls or arising from the ordinary course of the firm’s business. CCS also facilitates communications by utilizing online file sharing in which documents can be shared and retained. There is nearly daily interaction by phone and email with the CCS team.

  • Resources

    CCS uses a team approach, whereby every client is assigned at least two regulatory professionals involved in all client activities.…

    CCS uses a team approach, whereby every client is assigned at least two regulatory professionals involved in all client activities. The client team leverages other CCS professionals, including our dedicated marketing review function. CCS closely monitors the number of CCO relationships per person. The actual number of relationships will vary depending on client allocations because some clients may be larger/more complex than others. However, we use our time-billing system to ensure that no person becomes overloaded to the point of risking the integrity of the compliance program.

  • Empowerment

    CCS has a very robust testing program that we summarize in an extensive matrix and cover report. We then discuss…

    CCS has a very robust testing program that we summarize in an extensive matrix and cover report. We then discuss that report with management. If we are not provided with access to necessary documents, we will report that lack of access as a deficiency in the report. In rare cases, we have told clients that we will resign if we are not given proper access. We also believe that our independence allows a more robust review, free of conflicts of interest.

  • Meaningful Risk Assessments

    At the beginning of every relationship, CCS conducts a gap analysis to determine whether to create a new compliance manual…

    At the beginning of every relationship, CCS conducts a gap analysis to determine whether to create a new compliance manual or amend the current manual. The CCS team then works iteratively with the client to create a manual that addresses relevant risks. Risks are then discussed at weekly meetings and quarterly compliance committee meetings.

  • Policies and Procedures

    CCS undertakes to draft, update and maintain the compliance policies and procedures as the business evolves and the regulatory environment…

    CCS undertakes to draft, update and maintain the compliance policies and procedures as the business evolves and the regulatory environment changes. CCS monitors the regulatory environment and communicates changes through its daily email alerts and blog. CCS relies on the internal client liaison as well as the on-site visits to ensure the compliance program is tailored to the business. CCS also owns the annual compliance testing and reviews required by Rule 206(4)-7. CCS prepares an extensive matrix of testing (50-100 pages) that outlines the regulatory requirements, the testing conducted, notable findings or deficiencies, and recommended changes. CCS then prepares a cover report highlighting the most significant issues. CCS then meets in person with management to discuss compliance gaps and remediation. The first section of the following year’s report includes the prior year’s findings and how CCS and the client worked to remediate identified deficiencies.

Measuring and proving performance.

The third challenge was convincing the industry. We have worked with outside lawyers, Board members and service providers to create a workable and acceptable service model. Over time, those industry players have become one of our greatest sources of client referrals. Sixteen years after our founding, more asset management firms than ever have turned to the outsource CCO model. The reasons for the model’s success include the following:

Experience.

A team of professionals can draw on decades of aggregate compliance experience to address a firm’s regulatory challenges.

Knowledge.

No one person can provide the depth of knowledge of several compliance professionals working collaboratively.

Efficiency.

An entire team is ready to meet your business challenges including quick turnaround of marketing materials or an SEC exam.

Independence.

A third-party firm offers investors and other stakeholders an independent assessment of a firm’s compliance strengths and weaknesses.

Industry best practices.

A multi-person team working with multiple clients across the country has the industry vision to inform the compliance program.

Accountability.

A compliance firm stands behind its work and advice with a service level agreement and professional liability insurance.

24/7/365 support.

A person may take PTO, but a team of professionals is available at all times for any emergency including unplanned client due diligence and SEC exams.

Personal liability.

Serving as CCO involves significant personal liability, which is better left to professionals who understand and accept the regulatory and career implications.

Frees up internal resources.

Internal personnel can focus on core activities such as portfolio management and fundraising.

Management.

Senior managers can avoid the confusing and time-consuming process of hiring, retaining, and managing an internal CCO, only to start the process anew in the event the CCO leaves.

Scalability.

An outside firm can scale up and down as the firm’s fortunes change over time without the management and emotional costs of constantly hiring and firing.

Proven.

The outsourced CCO model has worked for hundreds of firms that have engaged either CCS or a competitor through business changes, personnel transitions and SEC exams.