The Role of the CCO – Empowered, Senior and With Authority
- Source: sec.gov
Treliant Takeaway:
Treliant works with clients to address the risks outlined in the speech and get ahead of the SEC 2021 examination focus areas. Here’s how we can help:
- Our team of ex-regulators conduct a large number of mock reviews and annual examinations for investment advisors, private funds, and broker-dealers;
- cybersecurity reviews and remediation to ensure that current controls are sufficient to address the concerns of the regulators and prevent hacks and cyber-attacks;
- Working with CCOs on the development of compliance programs, whether as part of a start up or a large well-established firm; and
- COOs and CFOs often need ongoing advice and support on regulatory issues. Our experienced team of senior industry consultants will be there to provide the insights and benchmarking they need.
Article Highlights:
Recently Peter Driscoll, Director, SEC Division of Examinations presented a critical speech focused on the role of the CCO at the SEC National IA/IC Outreach Program. In that speech he highlighted a number of items that firms should take note of in designing and managing their compliance programs.
- Prior to moving to the main topic of the speech he gave an overview of the SEC’s pandemic response and the state of the regulators oversight program. Specify, he noted that while the primary concern of the Comission is the health and safety of its staff, he noted that they are fully operational and up and running. While COVID may have slowed them down slightly, during the 2020 fiscal year they conducted more than 2,900 examinations, representing approximately 15% of the registrants. They intend to continue this pace of examinations in 2021, but would also continue to conduct them remotely/virtually and through correspondence.
- Focus areas of the exams included business continuity plans (BCPs); operational resiliency; virtual due diligence practices for vendors, counterparties and investments; LIBOR changes and Reg BI enhancements; and of course, cybersecurity and remote connectivity.
- The primary focus then moved to the role of the CCO and what it takes to be successful. Critical success factors outlined include: empowerment; seniority and authority: management support (tone from the top); compliance culture: access to management process and decision making: adequate resources; and full access to critical business functions.
- The SEC, through its examinations, noticed that firms with weak compliance programs and typically exam deficiencies tend to have issues related to: check the box or window dressing, where the CCO has limited support and authority; the CCO is replaced for raising issues; is the “designated fall guy” for compliance failings resulting from management decisions; is too junior, low organizationally or isolated from critical decisions; and lacks adequate budget and resources to successfully execute the program.
- Expensive discussion focused on where the CCO should report within the organization; what the “right” compliance department spend should be, and the issue of dual hatting the CFO or GC as the CCO. Interestingly the dual hatting issue was raised in the context of over-work and prioritization and not conflict of interest.
- The speech closed with a discussion of common issues being identified in recent regulatory exams.