U.S. Securities & Exchange Commission
SEC Seal
Home | Previous Page
U.S. Securities and Exchange Commission

Speech by SEC Staff:
Managed Funds Association Educational Seminar Series 2005: Practical Guidance for Hedge Fund CCOs Under the SEC's New Regulatory Framework


Gene Gohlke

Associate Director Office of Compliance Inspection and Examinations
U.S. Securities and Exchange Commission

New York, NY
May 5, 2005

A Job Description For CCOs of Advisers to Private Investment Funds


Good afternoon. I am very pleased to be here today. I would like to thank Jack Gaine and other officers of the MFA for inviting me to speak and provide an opportunity to discuss a topic -- chief compliance officers - that is very much on the SEC's agenda. The activities and qualifications of CCOs should also be a major issue with all of you that represent firms registered with the SEC or who will be filing for registration during the next 9 months. Yes, the magic date, February 1, 2006, is only 9 months or "272 preparation" days away.

Before I go further, I must give the standard SEC disclaimer:

The Securities and Exchange Commission disclaims responsibility for any private publication or statement of any SEC employee or Commissioner. This presentation expresses the author's views and does not necessarily reflect those of the Commission, the Commissioners, or other members of the staff.

During the next 25-30 minutes, I want to discuss with you the qualities and duties the SEC's release adopting the compliance rules establishes for CCO's of advisers - I like to think of those qualities and duties as the SEC's job description for CCOs. I will cover the minimums set out by the Commission, and add some suggestions of my own that are extensions of the SEC's guidance and seem to be logical attributes and duties needed to carry out effectively a CCO's responsibilities. There should be time after my presentation for any observations and questions you may have.

Before discussing the job description for CCO's, I thought it would be useful to put the work of CCOs into perspective by showing that:

  • While the SEC's requirement to have a CCO is new,
  • The need of advisers to have a compliance officer is not new.

So I will begin with a little background.


Fiduciary Obligations: Every investment adviser is a fiduciary to its clients. This status exists whether the adviser is registered with the SEC, a state, or is not registered with any regulatory authority.

As a fiduciary, an adviser has an obligation that becomes part of every decision or every transaction undertaken by the adviser that affects or impacts it clients. To put it simply, an adviser's fiduciary obligation requires the adviser to always put the interests of clients first and its own interests second. In other words, in situations when an adviser's interests or those of its staff conflict with the interests of clients, clients always win or come out on top.

The only permissible exception to this fundamental duty of advisers occurs when an adviser has made full and fair disclosure to its clients regarding the conflict of interest and how the adviser will handle each such conflict. Disclosures of conflicts of interest allow clients to look out for their own interests in such areas.

Conflicts of Interest: Examples of common conflicts of interest advisers face include:

  • Using clients' brokerage to get anything that benefits the adviser, whether or not it may also benefit clients and whether or not the benefit to the adviser fits within the so called soft dollar safe harbor.
  • Personal trading activities of advisory firm insiders.
  • Allocation of investment opportunities among clients.

I have been in the regulatory business for 30 years and have yet to see an adviser that does not have a long list of areas where its interests can potentially conflict with those of its clients.

Any adviser that fails to fulfill its fiduciary obligations to clients and as a result favors itself over clients in conducting its business runs the risk of a visit from SEC enforcement staff whether or not the adviser is registered with the SEC. A review of enforcement actions the SEC has brought against unregistered advisers, a number of whom were managers of private investment funds, demonstrates the likelihood of this outcome. Examples of such actions include:

  • Beacon Hill Asset Management
  • House Asset Management
  • Tiburon Asset Management
  • Others

Compliance Programs Advisers that desire to fulfill their fiduciary obligations to clients - and who recognize the consequences to reputation and pocket book of failing to effectively disclose, mitigate and manage their conflicts of interest -- should have given thought to and established compliance programs that are tailored to their individual businesses and reflect the conflicts of interest as well as other risks to which the adviser and its clients, including pooled investment funds, are exposed.


In late 2003, the SEC formally recognized the fundamental importance of compliance programs when it adopted rule 206(4)-7 under the Investment Advisers Act of 1940, which is also known as the Advisers' Compliance Rule.

Compliance Programs That Rule requires all SEC registered advisers to have implemented effective compliance programs by October 5, 2004 and newly registered advisers to have effective compliance programs before they begin providing advisory services to clients. In their compliance programs, registered advisers are required to establish in writing and maintain policies and procedures to prevent violation of the Advisers Act.

In its release adopting the rule, often called the Adopting Release, the Commission further noted that a firm's compliance policies and procedures should be designed to accomplish not just one, but three objectives:

  • First, those policies and procedures should be reasonably designed to prevent violations of the Advisers Act by the adviser or any of its supervised persons. In short, the rule requires advisers to consider their fiduciary and regulatory obligations under the Advisers Act and to formalize policies and procedures to address them.
  • Second, the program should find violations or compliance issues that occur; and
  • Third, the program should promptly correct such violations or issues.

The rule requires only that the policies and procedures be reasonably designed to prevent violations of the Advisers Act, and thus they need only encompass compliance considerations relevant to the operations of the adviser.

Chief Compliance Officers: The Compliance Rule also requires that each registered adviser designate one person -a Chief Compliance Officer -- who will be responsible for administering its compliance program. By requiring designations of CCOs, the SEC recognized a principle taught in Management 101 courses. The principle is that: for a program or function to be successful and achieve its objectives, responsibility for that program or function must be clearly assigned to a single person.

The extent to which a compliance program will achieve the objectives laid out by the Commission is also, to a certain extent, dependent on the abilities of the CCO and the Commission, in its Adopting Release, identified three attributes that a CCO should have: knowledge, competence, and empowerment. In essence, the Commission described two general attributes, or qualities, that an advisory firm's CCO should possess, and a third attribute that depends more on the CCO's position in the firm's organization.


I want to review with you what these three job attributes listed in CCO's "job description" entail, and also provide some additional qualities and capabilities that I believe a CCO should have in order to be successful. I will then talk about some of the duties CCOs have as they administer compliance programs

Qualities: The CCO is expected to be knowledgeable and competent regarding the Advisers Act.


It seems fairly clear on its face that to be knowledgeable about the Advisers Act, a CCO must have a good understanding of the requirements imposed by the Advisers Act, the related rules, and other aspects of the regulatory regime for advisers -- such as SEC policy statements and no-action letters. CCOs should also remain current regarding changes to these regulatory requirements that the SEC may make.

The rule does not require advisers to hire a new employee or executive to serve as compliance officer. An existing employee could be designated as the adviser's chief compliance officer, or the firm could designate an employee of an outside service provider as CCO. It is likely that many small investment advisers may designate a principal or employee of the firm to serve as chief compliance officer. But advisers should remember that the person designated CCO must be knowledgeable and competent.


What is required to be "competent" regarding the Advisers Act is a bit more difficult to discern. The dictionary definition of competent includes such concepts as

"properly or well qualified; adequate for the purpose, suitable, and sufficient".

In my view, to be competent a CCO should be well qualified in regard to understanding compliance requirements of advisers and how attributes of effective compliance activities relate to those requirements and prevent violations of the Advisers Act. This understanding includes the means or process by which compliance programs are created and maintained as well as the issues they are designed to address. To me, competence requires familiarity with steps needed to create compliance programs such as:

  • Risk identification and assessment - how to identify conflicts and other compliance factors creating risk exposure for the firm and its clients in light of the firm's particular operations. This is the important starting point for establishing effective compliance programs but is also a step many advisers, especially smaller ones overlook.
  • Creating policies and procedures to address the risks identified - the rule identifies certain issues that should be covered by such policies and procedures to the extent the risks are relevant to an adviser. To be effective, such policies and procedures should address all conflicts of interest and other risks the firm is exposed to and not a set of risks that advisers in general may have.
  • Implementation of the policies and procedures while recognizing principles of good management and controls.

I think competence would also include familiarity with functions required to administer compliance programs, such as:

  • Requesting resources to carry out compliance activities.
  • Monitoring implementation by managers throughout the firm which requires good inter-personal skills.
  • Knowing the business of an adviser.
  • Being pro-active, inquisitive and being able to exercise professional skepticism.

These are some of the qualities I think CCOs should possess.

Position in Organizational Structure: While CCOs are not required to have any particular or common position in the management hierarchy or a firm, the CCO is still expected to be "empowered."


In the Adopting Release, the Commission said that an adviser's CCO should be empowered with full responsibility and authority to develop and enforce appropriate policies and procedures for the firm. It seems logical, then, to conclude that the compliance officer should have a position of sufficient seniority and authority within the organization to be able to compel others to adhere to the firm's compliance policies and procedures. To achieve this result, CCOs will usually be a member of the senior management of a firm.

The Compliance Rule does not require that a CCO report to a firm's CEO or an equivalent position. However, if other "C" level executives (e.g., CFO, CIO) report directly to the CEO and the CCO does not, the firm should be aware that its staff may interpret this difference in reporting structure to mean that compliance is not as important as those other functions and the ability of the CCO to compel compliance may be weakened. In addition, if legal and CCO roles are combined into a single position or if a CCO reports to the firm's chief legal officer, a number of difficult conflicts may arise.

I have been talking about the qualities and organizational position that should be considered in hiring a CCO and structuring the position within the firm. Now lets look at what a CCO should actually do.

Duties and Functions: The rule is largely silent on specific tasks and functions expected of CCOs other than the CCO is to "administer" the compliance program of an adviser. Another word for administration is management. So I think it is reasonable to conclude that CCOs are responsible for managing advisers' compliance programs.

Management of a function potentially encompasses a wide range of specific duties. However, neither the rule nor the adopting release list specific duties that CCOs of advisers are required to perform. Instead, the release indicates that each adviser should determine what the management responsibilities of its CCO should be light of its particular circumstances.

For small advisers, the CCO may also have other business responsibilities, may be the firm's only "compliance person", and may personally perform many of the specific compliance functions required by the firm's policies and procedures. For larger firms, CCOs may operate in more of a consultative mode to business people throughout the firm regarding their specific compliance responsibilities. If a firm has a compliance department or unit, its CCO is likely to be responsible for day to day management of that department or unit. The bottom line is that the size, resources and business activities of a firm will all have an impact on what a CCO does to administer the firm's compliance program.

That being said, I think there are a number of specific duties or functions that CCOs of advisers should perform or consider performing. The following list of 24 functions sets an ambitious agenda for CCOs of advisers and not all functions on the list may be appropriate for all CCOs. [Note, CCOs of registered investment companies have certain additional responsibilities that are described in the compliance rule for such registered funds.] Also, you should keep in mind that these are my thoughts and are above and beyond what is required by Rule 206(4)-7.

  1. Advises senior management on the fundamental importance of establishing and maintaining an effective culture of compliance within the firm.
  2. Confers with and advises other senior management of the firm on significant compliance matters and issues.
  3. Is not only available but is sought out on a "consulting" basis regarding compliance matters and issues by business people throughout the firm. Should become known as the "go to person" on compliance matters.
  4. Becomes involved in analyzing and resolving significant compliance issues that arise.
  5. Ensures that the steps in the firm's compliance process - risk identification, establishing policies and procedures and implementing those policies and procedures - are appropriate and are undertaken timely by staff of the firm to whom those functions have been assigned.
  6. Becomes personally involved in various steps of the process such as serving on risk or policies and procedures committees when necessary and appropriate.
  7. Ensures that compliance policies and procedures are comprehensive, robust, current and reflect the firm's business processes and conflicts of interest.
  8. Ensures that appropriate principles of management and control are observed in the implementation of policies and procedures. These principles include separation of functions, clear assignment of responsibilities, measuring results against standards and reporting outcomes.
  9. Ensures that all persons within the firm with compliance responsibilities are competently and fully performing those functions.
  10. Ensures that quality control (transactional) testing is conducted as appropriate to detect deviations of actual transactions from policies or standards and that results of such tests are included on exception and other management reports and are promptly addressed, escalated when necessary, and resolved by responsible business people.
  11. Ensures there is timely and appropriate review of material and repetitive compliance issues as indicators of possible gaps and weaknesses in policies and procedures or risk identification processes and facilitates the use of such information in keeping the firm's compliance program evergreen.
  12. Undertakes periodic analyses and evaluation of compliance issues found in the regular course together with the results of appropriate forensic testing conducted by compliance staff as a means for obtaining additional or corroborating evidence regarding both the effective functions of the firm's compliance program and the possible existence of disguised or undetected compliance issues.
  13. Ensures that compliance programs of service providers used by the adviser are effective so that the services provided by these firms are consistent with the adviser's fiduciary obligations to its clients.
  14. Establishes a compliance calendar that identifies all important dates by which regulatory, client reporting, tax and compliance matters must be completed to ensure that these important deadlines are not missed.
  15. Promotes a process for regularly mapping a firm's compliance policies and procedures and conflicts of interest to disclosures made to clients so that disclosures are current, complete and informative.
  16. Manages the adviser's compliance department or unit in ways that encourages proactive work, a practice of professional skepticism and "thinking outside the box" by compliance staff.
  17. Manages the adviser's code of ethics which is a responsibility given to CCOs of advisers by rule 204A-1 under the Advisers Act.
  18. Undertakes or supervises others in performing the required annual review of an adviser's compliance program. Every adviser is required to conduct at least an annual review of its compliance program. The review should consider any compliance matters that arose during the previous year, any changes in the business activities of the adviser or its affiliates, and any changes in the Advisers Act or applicable regulations that might suggest a need to revise the policies or procedures. Although the rule requires only annual reviews, advisers should consider the need for interim reviews in response to significant compliance events, changes in business arrangements, and regulatory developments.
  19. Reports results of the annual review to senior management and ensures that recommendations for improvements that flow from the review are implemented as appropriate.
  20. Is a strong and persistent advocate for allocating an appropriate amount of a firm's resources to the development and maintenance of an effective compliance program and compliance staff.
  21. Recognizes need to remain current on regulatory and compliance issues and participates in continuing education programs.
  22. Ensures that staff of the firm is appropriately trained in compliance-related matters.
  23. Is the adviser's liaison and point of contact with SEC examination staff, both during exams and as part of the SEC's CCOutreach program.
  24. Is active in industry efforts to develop and implement good compliance practices for advisers to private investment funds.


Advisers' CCOs have been given important responsibilities in managing compliance programs advisers are required to have and ensuring that those compliance programs remain effective. In designating their CCOs, advisers should reflect on the qualities and duties CCOs are expected to have. In performing their duties, CCOs should continually remind themselves of the essential role they play in assisting advisers in fulfilling their fiduciary obligations to clients and in achieving everyone's goal of effecting the best possible protection of investors' interests.


Modified: 05/06/2005