Every mutual fund must appoint a chief compliance officer, and every mutual fund board must oversee the CCO’s implementation of a comprehensive compliance program. Though boards and CCOs have gained familiarity with these technical requirements over the years and have adapted and tailored their programs to the specific needs of the funds they oversee, a particularly challenging and sometimes overlooked aspect of compliance with Rule 38a-1 is ensuring effective working relationships among the CCO and the constituencies he serves.
Not only is a CCO expected to be a subject matter expert, he also must skillfully navigate relationships among a fund’s board and its adviser. A CCO must be able to maintain good working relationships across a range of individuals, while also discharging ever-increasing technical responsibilities. The Securities and Exchange Commission staff has highlighted concerns in an effort to “raise awareness” about certain issues in a recent Office of Compliance Inspections and Examinations risk alert. Although the risk alert was focused on a specific context—that of outsourced CCOs—it also served as a reminder of the importance of the relationship aspect of the role in ways that may resonate across all types of CCO assignments.
In light of the risk alert’s renewed emphasis on the importance of an effective Rule 38a-1 compliance program, regardless of whether a board uses an internal or outsourced CCO, a board may find it useful to step back and review:
- The basic requirements of Rule 38a-1 and the responsibilities of the fund’s CCO;
- Some of the risk alert’s significant observations, and the key takeaways relevant to all types of CCO assignments; and
- How an effective CCO/compliance program and proper board oversight can help a registrant avoid the types of concerns noted in the risk alert.
Rule 38a-1, CCO Responsibilities
The overarching requirements of Rule 38a-1 are relatively straightforward, requiring that every fund:
- Adopt and implement written policies and procedures reasonably designed to prevent violation of the federal securities laws by the fund, including policies and procedures that provide for the oversight of compliance by each investment adviser, principal underwriter, administrator, and transfer agent;
- Obtain the approval of the fund’s board (including a majority of independent directors) of such compliance policies for the fund and the parties listed above;
- Review at least annually the adequacy of each such set of policies and procedures, including the effectiveness of their implementation; and
- Designate a CCO responsible for administering the policies adopted under the rule.
Rule 38a-1 also mandates that the CCO provide the board with written annual reports addressing material compliance matters and changes to compliance policies and procedures.
OCIE Risk Alert: Key Takeaways
The risk alert grew out of an examination of nearly 20 SEC-registered investment advisers and investment companies that outsource CCO responsibilities to unaffiliated third parties. OCIE conducted interviews which assessed each registrant’s “tone at the top” and culture of compliance.
The OCIE examinations led to several key insights into what tends to make an outsourced CCO arrangement effective, including:
- Frequent in-person communication, as opposed to impersonal communication through electronic means and checklists;
- Limiting the registrants that an outsourced CCO works for to a manageable number;
- Ensuring full access to the registrant’s records, empowering the CCO to ensure proper compliance with policies and procedures and to properly conduct his annual review; and
- Using tailored compliance checklists (rather than standardized, one-size-fits-all compliance matrices) to collect information uniquely relevant to each particular registrant.
According to the risk alert, when CCOs, funds or advisers failed to satisfy one or more of these criteria, the risk of incomplete or inaccurate CCO annual reporting increased. The risk alert went on to highlight the importance of the CCO’s professional and interpersonal attributes.
The risk alert emphasized that a CCO should have strong interpersonal skills and be a regular on-site presence. As OCIE noted, the best outsourced CCOs make frequent on-site visits—not only to develop relationships that allowed these CCOs to consistently effectuate compliance changes they deemed necessary, but also to understand the business well enough to develop a full and accurate picture of the registrant’s activities and risks. In contrast, the SEC staff expressed concern about outsourced CCOs who had “limited visibility and prominence” within a registrant, which appeared to be correlated with a CCO having “limited authority” within the organization to effectuate changes to policies and procedures.
Given the dynamic between a fund board and its management company, strong professional and interpersonal skills are essential to an effective CCO. Among these are the ability to manage the often-conflicting incentives of different parties and individuals within a complex and the ability to command respect. A board must do what it can to help empower the CCO within the organization and to cultivate transparency, trust and confidence with the CCO. A CCO that is not adequately supported may lack the stature within the management organization to access the information, resources and respect needed to discharge his or her technical duties under Rule 38a-1. At the same time, a CCO also must cultivate relationships within the management organization so as not to be viewed with suspicion or mistrust. Needless to say, this can be a delicate balance.
Regardless of whether the CCO is outsourced or internal, strong interpersonal skills and respect within the organization are critical. A CCO has to carefully manage the inherent tension of serving in an oversight role over activities of the adviser and its staff, in a reporting role to the fund board, and as a liaison that invites individual employees to come forward with potential compliance issues. The ability to “play well with others” is important to keep a CCO in the loop with employees who are part of an organization’s culture on a day-to-day basis. And the ability to influence others and earn respect within the organization empowers a CCO to approach anyone, regardless of seniority, to raise potential compliance issues before they become, in Rule 38a-1 parlance, “material compliance matters.”
A board should be alert to signs that a CCO may be:
- Reluctant to stand up to senior management in raising important compliance issues;
- Hesitant to conduct sufficient diligence concerning potential compliance issues, which may manifest through a lack of on-site visits, inadequate follow-up regarding incipient compliance issues, or a lack of interpersonal relationships;
- Adopting a confrontational nature with the board or management that can lead affronted personnel to be less than cooperative with the CCO, thereby potentially diminishing the quality and quantity of information the CCO may have access to in preparing annual reports or in shaping the firm’s compliance programs.
An effective CCO is one who seeks to cultivate a good working relationship with the board through periodic calls or other communications outside of the meeting environment. Along these lines, there likely will come a time when a CCO has to report to the board on compliance gaps or exceptions under his watch. A CCO who has cultivated a strong relationship with the board will be in a better position to do so without concern about unfair consequences.
As recent OCIE examinations have demonstrated, several personality traits and other guideposts continue to be relevant to hiring and evaluating a CCO. A poor CCO can subject a fund complex to liability, and even a good CCO can struggle if placed in the wrong environment or one in which he is insufficiently supported. The onus is therefore on boards not only to evaluate a CCO,but to help foster an environment that allows a good CCO (and by extension, an effective compliance program) to thrive.
Marco Adelfio is a partner in Goodwin Procter’s Financial Institutions Group and a member of its Investment Management Practice, where he advises registered investment companies and their independent directors on SEC regulatory issues and registrations, complex transactions and governance matters, and also counsels SEC registered investment advisers on a range of regulatory and transactional matters.
 See SEC, Compliance Programs of Investment Companies and Investment Advisers, Release Nos. IA-2204 and IC-26299 (December 17, 2003) (“Adopting Release”).
 OCIE, National Examination Program Risk Alert: Examinations of Advisers and Funds That Outsource Their Chief Compliance Officers, Volume V, Issue 1 (November 9, 2015) (“Risk Alert”). Although the Risk Alert focused on outsourced CCO roles by both advisers and funds, we’re focused in these Fund Board Views on fund CCOs and fund board oversight.
 Investment Company Act Rule 38a-1(a).
 Risk Alert at 1.
 Id. at 3.
 See generally Risk Alert.