RIAs and advisory firms that outsource Chief Compliance Officer responsibilities are often doing so at significant compliance risk, specifically related to fee disclosure regulations, according to a new risk alert from the Securities and Exchange Commission.

The SEC's Office of Compliance Inspections and Exams conducted a review of 20 advisory and investment firms that outsource CCO responsibilities, often to third-party consultants and law firms.

It is a trend that has been on the rise, the OCIE noted.

Recommended For You

A 2011 Charles Schwab Benchmarking Study for RIAs found that 38 percent of firms outsource CCO responsibilities.

The exam results described in the risk alert give insight into the attributes of the most successful outsourced relationships.

CCO consultants that had frequent and personal interactions with firm leaders, as opposed to maintaining an arm's-length relationship via electronic communications and pre-determined check lists, had a better understanding of firms' operations and risks, the SEC found.

SEC also noted fewer inconsistencies between compliance policies and actual business practices when outsourced CCOs were regularly present with firms.

The alert doesn't name names, as is the SEC's policy, but it did say "certain" outsourced CCOs that infrequently visited firms and conducted only limited on-site reviews held limited prominence in the advisory firms.

That resulted in limited authority, which often showed up in sloppy compliance procedures in key areas, like fee and conflict of interest disclosure requirements.

Some CCOs appeared to have insufficient resources, or too many clients for whom to provide effective oversight.

Compliance audits where most effective when CCOs were able to independently obtain firms' records, the exams found. In some cases, the SEC documented advisors that maintained control over the records that outsourced CCOs reviewed. That selective access affected the accuracy of firms' annual reviews, the SEC said.

In the worst cases, the SEC's examiners found that some CCOs couldn't accurately articulate firms' compliance risks, and in some cases had little grasp as to whether polices had been put in place to mitigate identified risks.

In other cases advisors described risks to the SEC's examiners that were fundamentally different from the ones their outsourced CCO described.

Some standardized checklists, which the SEC said can be useful but should not be over relied on, were generic, and produced inconsistent information about a firm's practices.

The SEC recommends that firms with outsourced CCOs review business practices in light of the risks the OCIE noted in the exams.

NOT FOR REPRINT

© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Nick Thornton

Nick Thornton is a financial writer covering retirement and health care issues for BenefitsPRO and ALM Media. He greatly enjoys learning from the vast minds in the legal, academic, advisory and money management communities when covering the retirement space. He's also written on international marketing trends, financial institution risk management, defense and energy issues, the restaurant industry in New York City, surfing, cigars, rum, travel, and fishing. When not writing, he's pushing into some land or water.