When a person outsources their retirement planning to an Advisor do they surrender responsibility for their retirement? Of course not, and similarly, when a firm outsources some or all of their compliance functions to third parties, ultimate responsibility for the firm’s compliance still belongs with the firm.
Responsibility for compliance begins at the top with the Chief Compliance Officer who must not only be aware of, but must understand the compliance functions of the firm, especially those functions that have been outsourced. The CCO should be especially knowledgeable about those outsourced functions because they will need to fully understand what the third party will be doing and how those functions will be completed.
Along those lines, the SEC’s Office of Compliance Inspections and Examinations released a Risk Alert last November reminding advisors about Rule 206(4)-7 which requires them to adopt policies and procedures designed to prevent violations of federal securities laws and rules. The Risk Alert also served to remind firms that a CCO must be appointed to administer these policies and to review them at least annually and this review should include any functions that have been outsourced.
Often small to mid-sized advisors do not have the resources to hire a full time CCO dedicated to the monotonous administrative functions of compliance. Resources for these firms tend to go towards growing and maintaining new client relationships. Small to mid-sized firms will often outsource some or all of their compliance functions and will add the responsibility of overseeing that outsourced compliance to one of the firm’ Representatives.
This is certainly cost effective for smaller firms and it is important to remember that even if outsourcing compliance functions, the buck stops with the firm and not the third party compliance consultants. According to the SEC, the person designated as the CCO, even if only overseeing outsourced compliance functions, must be “competent and knowledgeable regarding the Advisers Act and . . . empowered with full responsibility and authority to develop and enforce appropriate policies and procedures for the firm.”