The role of the CCO in a highly scrutinised global regulatory environment
By Gary Kaminsky, ConceptONE – It seems almost daily that regulators on both sides of the pond remind the industry of the importance of compliance and their high expectations of the individuals charged with managing the risks associated with operating an asset management company in the current environment.
Article 61 of Level 2 of the AIFMD mandates that AIFMs “establish, implement and maintain adequate policies and procedures designed to detect any risk of failure by the AIFM to comply with its obligation under [the Directive]”, and that they designate a permanent compliance officer to oversee these. (Council Directive 2011/61/EU on Alternative Investment Fund Managers, 2011 O.J. L 174/62, art. 61).
In the UK, the FCA recently increased its enforcement focus on individuals, highlighting misconduct of senior executives in control roles and their failure to provide adequate oversight. (see Financial Conduct Authority, Final Notice to Alison Moran, 2013). This message has also been loudly broadcast in the US through the medium of frequent public speeches by senior SEC officials as well as a litany of enforcement actions accompanied by more statements containing broad pronouncements of the Staff’s view of the role of a CCO.
Are these expectations realistic for one person to fulfil? Is it prudent for anyone to voluntarily take responsibility for the compliance of an organisation that prides itself on engaging in sophisticated trading strategies run by self-proclaimed “masters of the universe?” These are questions that many CCOs may be contemplating as they consider their professional options.
The good news is that a closer look at some of the regulators’ words offers a light into the dark tunnel of acceptable compliance and a CCO’s obligations. True, the CCO is a gatekeeper of appropriate behaviour, but definitely not a guarantor, which is an important distinction.
Andrew Ceresney, the current Director of the SEC’s Division of Enforcement, recently highlighted this distinction, saying “at the end of the day, though, legal and compliance officers who perform their responsibilities diligently, in good faith, and in compliance with the law are our partners and need not fear enforcement action.” (Andrew Ceresney, Keynote Address at Compliance Week 2014)
Robust regulatory enterprise risk management systems aligning front, middle and back offices with regular oversight are a CCO’s best ally (see A Mandate For Regulatory Enterprise Risk Management). Regulatory Enterprise Risk Management is the system by which a firm aligns its front, middle and back offices to better aggregate and harmonise data flows internally and among third party providers and constituents.
A CCO’s role should be to assist in the development, implementation and maintenance of the firm’s RegERM, and work with the other C-level professionals to regularly review the system to test that it is reasonably designed to prevent violations and other compliance and operational transgressions. Ceresney explained that the Staff intends to work to facilitate the CCO’s ability to perform its role by encouraging a firm’s senior management to provide them with the requisite deference and infrastructure.
Similarly, the AIFMD requires AIFMs to establish infrastructure to ensure that the governing body, the senior management, and where relevant, the supervisory function are responsible for the AIFMs complying with its obligations under the AIFMD. (Council Regulation EU No 231/2013 supplementing Directive 2011/61/EU, 2013 O.J. L 83/38, sec. 6)
Regulators consistently speak of the need for a “tone from the top” in establishing effective compliance systems. The CCO needs to be able to trust that firm personnel buy into the idea of compliance and appreciate the risk associated with actions that create regulatory arbitrage.
Andrew Bowden, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) Chief made this point in recent remarks: “[A] compliance department has the best chance of success if management is fully supportive of compliance efforts and provides the CCO with the resources needed to do an effective and thorough job.” (Andrew Bowden, Spreading Sunshine in Private Equity, excerpt from a speech to the Private Fund Compliance Forum 2014).
An investment in compliance is not a discretionary buy for an asset manager, for the cost of not devoting the appropriate resources can be prohibitive (see The Cost of Non-Compliance). Ironically, many firms seem to prefer to spend money to find ways to avoid certain regulatory burdens, i.e. marketing in the EU under AIFMD, rather than enabling their compliance professionals to navigate the path towards growing their business. Given the chance, a CCO can add significant value to the overall business of the firm.
A CCO’s role is not intended to be the guarantor of compliance, but rather an overseer of compliance systems.
In order to effectively carry out this function, the CCO needs to work closely with management and other personnel in the day-to-day business of the firm. CCOs need to gain the respect and confidence of the firm by not being seen as a barrier to conducting appropriate business, but as a check and balance of the firm’s legal and compliance framework.
Bowden explains: “Additionally, strength and effectiveness of a compliance department is boosted when compliance officers not only understand relevant laws and rules, but are integrated into a firm’s business. In OCIE, we’ve seen that compliance officers, who — for example — participate in weekly deal meetings and in meetings with investors, or who review deal memos, tend to be more effective in spotting issues early and are more respected in their organisations.”
It is essential to an effective and comprehensive compliance system that the CCO be someone who personnel will seek out for advice and counsel, rather than a person to be avoided and left in the dark. The CCO’s role should be a facilitator of lawful moneymaking – a trusted advisor who can help navigate the firm through the many regulatory hurdles that can impede its mandate of alpha creation in compliance with law.
Gary Kaminsky has over 27 years of experience in the securities industry, particularly with regard to issues relating to the legal/compliance and operational infrastructure of asset management companies. At ConceptONE Gary continues a distinguished career in the financial services sector that began as an attorney with the Enforcement Division of the Securities and Exchange Commission and includes stints as CCO of Susquehanna Investment Group and principal and co-founder of two AIFMs. He is a frequent speaker and author on matters relating to Dodd Frank, Form PF, AIFMD, Annex IV and other current regulatory issues.