Sharing Information with Other CCOs is Helpful, But There Are Limits
Professionals share information, and advisory group chief compliance officers are no exception. Sharing information can be a great resource for CCOs – as long as they don’t share more than they should.
"One of the first things I talk about when I meet someone who is a new CCO is talking with other CCOs," said Shearman & Sterling partner Nathan Greene. CCO networks provide "practical, on the ground knowledge" to those new in the position. Those in such networks share information on problem solving, resources, references and more. "Even seasoned compliance officers need a network of people that they trust, and even they are looking for new people who may bring new ideas."
It’s very common for working groups of advisory firm CCOs who practice in the same geographic area and whose firms manage similar investments, such as equity fund managers or real estate fund managers, to get together and "share war stories," said Mayer Brown attorney Adam Kanter. "Individual CCOs have a lot of knowledge about what happens at their firms, and it’s helpful to compare notes once in a while."
Here are just some of the benefits that can be derived:
Problem-solving. CCOs can ask their peers how they handled a particular type of situation. "No one individual has all the answers," said Kanter. For instance, given the attention currently being given to cybersecurity, information that other CCOs might be asked could include what they are doing to address the cyber threat at their firms, the programs they are using, and how their cybersecurity systems are structured.
Resource solutions. CCOs can share with one another how they structure their compliance staff to handle individual issues, the overall size of their staff and how it is deployed, and more, said Greene. Consider tapping them for references on vendors you may be considering.
Exam experience. Learn from CCOs whose firms have been examined just what the experience was like. Find out the questions examiners asked and the documents they requested, said Kanter, if only to ensure your firm’s exam readiness.
Get granular. Some of the information sharing can be quite detailed, Greene said. For instance, finding out whether specific questions should be asked when performing annual employee certifications. That level of detail, which might also be shared for policies and procedures, is particularly helpful when it comes from a peer facing similar situations.
Get a consensus on new issues. As new issues emerge, as cybersecurity did a few years ago, discuss them among your CCO colleagues and seek a consensus on the best ways to handle them. Each CCO may bring a different experience and knowledge to the table, depending on what each may have heard at conferences, or an experience with the SEC.
Aaron De Angelis, chief compliance officer at Spring Mountain Capital, a New York City-based private fund and separately managed account advisory firm, belongs to the Philadelphia Compliance Roundtable, a group of 40 to 50 CCOs who meet twice a year. Each meeting is divided into two parts, the first where a guest speaker from a regulatory agency, such as the SEC or FINRA, speaks, and the second where individual members talk to the group candidly under an understanding of total confidentiality, he said.
"It’s very helpful," he said, to learn how other CCOs handle issues like what to do when your firm is growing and new policies and procedures need to be quickly developed, with solutions at hand for any conflicts that may accompany that growth. Information technology challenges, including cybersecurity, are another topic that’s been discussed.
One benefit of the meetings has been strong friendships with individual CCOs at other firms. De Angelis has one such friendship with another CCO, and the two of them "double check with one another" on actions they might take to get "a read" on whether changes need to be made.
Separate from the organically grown advisory firm CCO groups, professional trade associations, such as the Investment Adviser Association and the National Society of Compliance Professionals, offer conferences and forums where information can be shared. "It’s one of the great benefits to trade association membership," said IAA general counsel Robert Grohowski.
Valuable as the sharing of information with other CCOs may be, there are dangers from sharing too much, or sharing the wrong kind of information. Consider the following:
Violations. "In this era of whistleblowers and the SEC fielding tips from the public, you want to be careful about sharing any violations your firm may have committed," said Kanter.
Inside information. Don’t get so comfortable that you share material, non-public information about your firm that may later be seen as contributing to insider trading. "This is particularly true about important information at public companies. If another CCO learns about a problem at that company, he or his firm may decide to sell it short based on that inside information," said Kanter.
Anti-trust issues. If the information shared is only about compliance, then there probably will not be a problem, Kanter said. But if business information, such as decisions regarding fee rates, is shared, it may give the perception of collusion with the firm of the CCO it is being shared with. Greene noted that this can be a particular concern at meetings that bring competitors together. The IAA, which has an anti-trust policy, makes it very clear to members that they are not to discuss any business matters that may even give the perception of agreements at association events, Grohowski said.
Privileged information. If the CCO sharing the information is also an attorney, or is sharing information provided by the firm’s counsel, there is a risk that any information shared may not be able to be claimed as privileged information in a future legal matter, said Kanter, since it was already revealed to third parties.
Overall, if good judgment is used and trust is built and kept among the participants in CCO groups, information sharing may be one of the best resources you have.