Assessing Outsourced CCO Risk Before the SEC Completes the Assessment for You
The OCIE staff of the SEC released a Risk Alert relating to the Outsourcing of Chief Compliance Officers and Compliance Activities. Truly, the findings and risks shouldn’t be a surprise to anyone. My colleagues and I have all recently left “in-house” Compliance positions to become “outsourced compliance advisors.” As Consultants that have recently had the opportunity to observe multiple Financial Firms that have utilize outsourced compliance we have spotted many of the issues that the SEC reported. A few things my colleagues and I have noted since leaving our “in-house” positions: Many Financial Institutions may have a false sense of security with respect to their Outsourced Compliance Office as they deem “no news” to be “good news”. Prior to hiring a Compliance Consultant, Financial Firms should ask the following questions:
- What is the experience of the individual(s) who will be supporting the Financial Institutions?
- How many other Financial Firms is the Compliance Consultant Supporting?
- Do the individuals have sales and consulting experience or Compliance Experience?
- For individuals with Compliance Experience what type of Firms did they provide Compliance advice to and what were their Compliance responsibilities.
- How many years of Experience do they have?
- Who will be the backup for the Firm’s Compliance support and what is the turn-over rate of the Compliance Consultants?
- How often will the Compliance Consultant be on-site?
- How often will the Firm meet with the Compliance Consultant?
Within moments of looking at a Firm’s policies and procedures, we can determine which Compliance Consulting Firm wrote the policies and procedures. Most Compliance Consulting Firms have “template” policies and procedures that they implement in each Financial Institution. And indeed it seems as if most Compliance Consulting Firms implement the entire policies and procedures without tailoring them to the particular Financial Institution. Not being privy to the agreements between the Consultant and Financial Firm, our belief, based on what we have observed, is that the Financial Firm is told they will be tailored. We have not been able to identify the exact cause of why the policies were not tailored, but it seems as if it is a combination of lack of experience, quality or business knowledge of the Consultant implementing the procedures. Often times a Compliance Consultant will complete a review by interviewing the Firm’s personal and then document the conversation as a report with few to no findings. If the Compliance Consultant hasn’t requested specific samples and has left it up to the Firm to determine the Compliance Consultant reviews, the Firm will be at risk. This is especially true when it comes to AML reviews. Compliance Consultants may not actually understand the business of the Financial Institution. If a Compliance Consultant does not have the requisite experience in the same type of Financial Firm as the Financial Firm they will be supporting the Firm is at risk to a lack of business knowledge. This is a key point that smaller Financial Firms overlook; it is easy to underestimate the specialization of Compliance Officers and to find that you have hired a Consultant that does not have experience with your particular business. What the SEC is asking: Has your Firm hired Compliance in Box and how effective is your appointed Outsourced CCO? As the demand for Outsourced Compliance Officers has increased, the field of Qualified Compliance Consultants has shrunk. One Compliance Consulting Firm has offered “Free 15 Minute Consultations.” That suggests that a Firm has 15 minutes to share information and receive recommendations from the Consulting Firm. This hardly seems to be a Consultant looking to for a long-term relationship, or a Consultant that would address the SEC concerns. In addition, some Compliance Consulting Firms have a link to the SEC Risk Alert and a statement that their programs address the SEC concerns and however, they offer little to no information on how their programs support the SEC concerns. If your firm is seeking to retain an industry savvy and seasoned Compliance Professional, see how CRC’s programs support the SEC’s concerns. Please contact us to get started.