Now that you’ve seen what ACA Insight has to offer, don’t be without it. Subscribe now!

The weekly news source for investment management legal and compliance professionals

Current subscribers - please log in to the website in the upper right-hand corner

News May 16, 2005 Issue

Gohlke Provides CCO Job Description

In a rare published speech, OCIE associate director Gene Gohlke provided a "CCO job description," consisting of a must-read list of specific functions that advisory firm CCOs should consider performing.

According to Gohlke, a CCO should:

  • Advise senior management on the importance of establishing and maintaining an effective culture of compliance.
  • Confer with and advise senior management on significant compliance issues.
  • Be sought out on a "consulting" basis regarding compliance matters by business people throughout the firm. The CCO, Gohlke said, should become known as the "go-to person" on compliance matters.
  • Become involved in analyzing and resolving significant compliance issues that arise.
  • Ensure that the steps in the firmís compliance process, such as risk identification and establishing and implementing policies and procedures, are appropriate and are undertaken in a timely manner by relevant staff.
  • Become personally involved in various steps of the process, such as serving on the firmís risk committee or policies and procedures committee, when necessary and appropriate.
  • Ensure that compliance policies and procedures are comprehensive, robust, current, and reflect the firmís business processes and conflicts of interest.
  • Ensure that appropriate principles of management and control are observed when implementing policies and procedures (such as separation of functions, clear assignment of responsibilities, measuring results against standards, and reporting outcomes).
  • Ensure that all persons within the firm who have compliance responsibilities are competently and fully performing those functions.
  • Ensure that appropriate quality control (transactional) testing is conducted to detect deviations of actual transactions from policies or standards, that results of such tests are included on exception and other management reports, and that identified issues are promptly addressed, escalated when necessary, and resolved by the responsible business people.
  • Ensure that there is timely and appropriate review of material and repetitive compliance issues, which may indicated gaps and weaknesses in policies and procedures or risk identification processes, and facilitate the use of that information in keeping the firmís compliance program "evergreen."
  • Undertake periodic analysis and evaluation of compliance issues found in the regular course, together with issues identified from forensic testing, to obtain additional or corroborating evidence about the effective functions of the firmís compliance program and the possible existence of disguised or undetected compliance issues.
  • Ensure that service providersí compliance programs are effective, so that the services provided are consistent with the adviserís fiduciary obligations to its clients.
  • Establish a compliance calendar identifying all important dates by which regulatory, client reporting, tax, and compliance matters must be completed.
  • Promote a process for regularly mapping a firmís compliance policies and procedures and conflicts of interest to disclosures made to clients, so that disclosures are current, complete, and informative.
  • Manage the adviserís compliance department or unit in ways that encourage proactive work, a practice of professional skepticism, and "thinking outside the box" by compliance staff.
  • Manage the adviserís code of ethics.
  • Undertake or supervise others in the compliance program annual review.
  • Report results of the annual review to senior management and ensure that recommendations for improvements that flow from the review are implemented as appropriate.
  • Be a strong and persistent advocate for allocating an appropriate amount of a firmís resources to the development and maintenance of an effective compliance program and compliance staff.
  • Stay current on regulatory and compliance issues and participate in continuing education programs.
  • Ensure that firm staff is appropriately trained in compliance-related matters.
  • Be the adviserís liaison and point of contact with SEC examination staff, both during exams and as part of the SEC's new "CCOutreach" program.
  • Be active in industry efforts to develop and implement good compliance practices for advisers to private investment funds.

Gohlke acknowledged that his list sets an "ambitious agenda" for CCOs and that not all functions may be appropriate for all CCOs. He also noted that fund CCOs might have additional duties. And, as Gohlke himself pointed out, the list represents his own thoughts and goes "above and beyond" what is required by the compliance program rule.

Gohlke also touched on how CCOs could meet the "knowledgeable, competent, and empowered" standard set forth in the compliance program release.

To be knowledgeable, said Gohlke, CCOs must have a good understanding of the requirements imposed by the Advisers Act and rules as well as by SEC policy statements, no-action letters, and other regulatory initiatives.

To be competent, CCOs should understand the process by which compliance programs are created and maintained. They should be familiar with risk identification and assessment processes. "This is the important starting point for establishing effective compliance programs," said Gohlke, "but is also a step many advisers, especially smaller ones overlook." CCOs also should know how to create and implement policies and procedures to address the identified risks, he said.

People skills are important as well. CCOs should have the "good interpersonal skills" necessary to monitor implementation of the compliance program by managers throughout the firm, said Gohlke. They also should be knowledgeable about the adviserís business. CCOs, he said, should be pro-active, inquisitive, and able to exercise professional skepticism.

To be empowered, said Gohlke, CCOs usually will be a member of the senior management of a firm. While CCOs are not required to report to a firmís CEO or an equivalent position, Gohlke noted that if other C- level executives, such as the CFO or CIO, report directly to the CEO, and the CCO does not, "the firm should be aware that its staff may interpret this difference in reporting structure to mean that compliance is not as important as those other functions and the ability of the CCO to compel compliance may be weakened." Gohlke also cautioned that "a number of difficult conflicts" may arise if legal and CCO roles are combined into a single position, or if a CCO reports to the firmís chief legal officer.

Interestingly, Gohlke said that a firm "could designate an employee of an outside service provider as CCO," echoing Commissioner Paul Atkinsí recent remark that an outside CCO may be an appropriate choice for some firms.

Gohlke encouraged all advisers to ferret out conflicts of business. "I have been in the regulatory business for 30 years and have yet to see an adviser that does not have a long list of areas where its interests can potentially conflict with those of its clients," he said.

Gohlke was speaking at a May 5 Managed Funds Association conference.