Articles & White Papers

Research performed and published by SEC3 and CCO3 professionals and other relevant information.

These compliance articles are provided for informational and education purposes. We suggest reviewing our Communique section - it is frequently updated with the latest actionable compliance information for today's busy compliance executives.

Tips for SEC Exam Preparedness

March 19, 2018

Read SEC Exam Tips in PDF Format

Before the SEC comes in:

  1. Disclosure, Disclosure, Disclosure. Make sure it’s adequate and complete. It’s not a cure-all, but it’s your first line of defense. For advisers, this starts with the ADV. Know what it says and make sure its comprehensive.
  2. Be aware that your firm’s performance and marketing could attract SEC attention.
  3. The best way to prepare for an SEC exam is to be very proactive and thoughtful about identifying conflicts and remediating those conflicts with strong policies, procedures and other risk controls.
  4. Be sure that the firm has a strong ethical culture from top to bottom or find another firm! Explain to Senior Management the goal of Compliance and be sure there is support and understanding from everyone in the firm.
  5. Ensure that your Compliance team has adequate resources to comply with securities laws in this changing regulatory environment.
  6. Evaluate the risk assessment process within your compliance structure before the exam. The process should include the following:
    • Business personnel, who have frontline responsibility for managing risk;
    • Independent risk and control personnel (compliance, IT, ethics, risk and control) who must identify critical issues; and
    • Internal audit personnel or third parties, who provide independent verification and assess whether the control environment is operating effectively.
    The SEC has stressed that these three lines of defense, when effectively utilized, protect investors, ensure the integrity of the capital markets, and promote capital formation.
  7. Consistency is key. Ensure that your disclosure documents, your compliance manual and your actual practices and procedures are all consistent and have been updated according to new regulation and best practices put out by the Commission
    • With respect to the firm’s procedures, confirm that all the stated practices are actually being performed, and that you can prove it with backup documentation.
    • Review the results of your annual review, your firm’s website and a recent response to a request for proposal (RFP) or due diligence questionnaire (DDQ).
  8. Review recent headlines and regulatory speeches. Keep up with regulatory developments and update your policies regularly. Attend compliance conferences.
  9. Ensure prior examination findings and internal audit findings are fixed.
  10. Correct known problems or be in the process of correcting them.
  11. Do a test run. Mock audits go a long way in helping you prepare for an exam.
  12. Maintain an exam team that has a SEC response process in place and that can ensure an effective and efficient response the moment you receive a SEC document request letter. Once the exam begins, the team should meet daily, track document requests, update management on the progress of the exam and remind employees that SEC examiners are on-site.
  13. Prepare key personnel that are likely to be interviewed by Staff in the process of the examination by discussing likely topics and ensuring they adequately understand compliance policies and procedures.
  14. Mitigate the possibility of risk of data breaches and results for breaches to firm financials and reputation by performing independent testing of cybersecurity policies in place to protect client data. Work with your internal IT team or outsourced provider to review recent SEC risk alerts regarding cybersecurity and ensure that you have a reasonable cybersecurity policy in place to mitigate cyber breaches and protect your infrastructure with a robust Disaster Recovery and Business Continuity plan.
  15. Train employees regarding what to expect during an examination; how to conduct themselves during an examination and in interviews with SEC staff and impart to them not to take offense if the CCO interrupts during an interview. Remind them to maintain a clean work space and mind common area discussions.
  16. Management, the Board of Directors and the CCO are advised to understand, contain and insure against their liability.
    • Reviewing enforcement cases is a great way to understand where and how the SEC has more success when bringing actions.
    • Understand the insurance coverage currently in place and know if there are other options to enhance the protection.
    • Once you are notified of an Exam:
  17. At the outset, try to maintain one point of contact; assign an examiner liaison and have all requests go through/from that person (typically the CCO).
  18. Get management participation and backing prior to the onset of the exam; include them in the initial meeting with the SEC staff and solidify their ultimate accountability and responsibility with respect to firm compliance and the firm’s conduct during the examination, including responses to SEC staff.
  19. During the opening phase, including initial interviews and tour of the firm’s offices, impress the staff by treating them with courtesy and respect, set the tone, paint a positive picture of the firm, and focus on your risk management and compliance culture.
  20. Discuss with the staff what the protocols will be during the onsite examination. for example, confirm with the SEC that you will have one point-person through whom all requests should filter. Confirm the staff agrees to one or two meetings per day etc.
  21. At the initial meeting with examiners, it is recommended that CCO and senior staff show a PowerPoint that goes over the firm's last risk assessment and which describes the firm and its compliance culture, such as listing firm training and recent compliance conferences you have attended. This is part of the effort to demonstrate that your firm is committed to compliance. This will give a clear understanding of your firm’s practices to the Staff before they begin their examination onsite. This can also help create a “road map” that can steer the Staff towards the parts of your compliance program you believe are stronger and away from those that are not as robust. Consider having this initial meeting by telephone prior to the onsite to prevent unnecessary questions and document production.
  22. Firm staff should answer questions, but not appear standoffish (don’t interject if there is silence after a verbal response, don’t provide more information than necessary, don’t speculate or mislead). 23
  23. Ensure firm staff complies with a “clean desk” policy wherein they do not leave any documents exposed on their desk and make sure that all computers are locked and inaccessible without passwords when employees leave their desks.
  24. Facilities provided to the examiners should be conducive to carry out their functions effectively and in reasonable comfort. Ensure there is reliable and secure access to internet, phone etc. Ensure that examiners do not have access to any internal documents or servers.
  25. Throughout the examination, remain polite, convey mutual respect and establish a productive relationship.
  26. Establish and maintain control of the examination by 1- checking in periodically, 2-asking if anything is outstanding and whether there is anything that requires clarification; and 3-by responding promptly and accurately to requests.
  27. Ensure two people are at all interviews and take notes.
  28. Put yourself in the examiners’ shoes. Ask yourself: “what can I provide to expedite the closing of the examination and to effectively respond to requests so they can do their job?”
  29. If you utilize any third-party service providers (such as email archiving systems or trade management systems), ensure that there is appropriate login information for examiners to access these systems to perform testing.
  30. Consult with counsel and consultants as needed and use your resources. It is important to consider disclosing problems you have internally uncovered. According to the SEC, nothing could be worse than for the SEC to find a problem through an examination or through a tip, complaint or referral that personnel in your organization knew about but tried to conceal.
  31. Keep track of all requests and respond promptly to additional requests for information and documents. Ask that subsequent requests be put in writing for the purposes of tracking and clarity. Number and date them.
  32. Organize information in a manner that corresponds to the information requests and in the format requested. Prepare folders that are labeled and/or provide items in electronic media. Convey the appearance of preparedness.
  33. Consider bate stamping materials or otherwise indicating or tracking when documents were provided to the SEC staff. Consider placing Freedom of Information Act (FOIA) stickers on sensitive materials.
  34. Don't be afraid to discuss examiner document requests. Ask examiners to notify the CCO if they feel they are not getting the information they need.
  35. Follow up on requests that appear burdensome and make sure you are providing what is being requested. Don’t be afraid to attempt negotiations to provide a document that is both responsive to their request and not unduly burdensome to the firm. Seek clarity if there is confusion and offer alternate records if they may be responsive to the examiners’ request.
  36. Never back date or create documents unless the SEC staff has made a request that entails creation of a new document or report. Be candid about corrections that have been made and whether new documents need to be created as well as the time it will take to respond to such a request.
  37. Request an exit interview. If you can make progress in addressing SEC concerns immediately, you may influence the way an exam letter is written as it may address your progress and cooperation. In addition, in some cases you may be able to prevent an enforcement referral.

Commentary: How Compliance Officers & Firms Can Help Limit CCO Personal Liability

February 23, 2017

This article originally appeared on the Thomson Reuters Regulatory Intelligence subscription service for compliance and risk professionals and is reprinted with the permission of Thomson Reuters.

How Compliance Officers & Firms Can Help Limit CCO Personal Liability


President Janaya Moscony Interviewed by Julie DiMauro - Thomson Reuters

February 23, 2017

This January, Janaya Moscony, president of SEC3, was interviewed by Julie DiMauro - Thomson Reuters.


Liability and Outsourcing – Identifying and Controlling the Real Risks Part 2 of 2: Choosing a CCO

March 03, 2016

The roles and responsibilities undertaken by Chief Compliance Officers ("CCOs"), whether in house or outsourced, is a significant point of interest for the Commission. Given the recent SEC feedback on CCO outsourcing and recent enforcement actions generally, advisers are well advised to ensure that proper controls are in place to limit liability. In this article, originally published in the February edition of NSCP Currents, SEC3 continues the discussion on liability and outsourcing.  In this Part 2 of 2, SEC3 provides key takeaways for compliance officers and management. (Part 1 was published in December 2015)

Individual liability is quickly rising to the forefront of the radar of the Securities and Exchange Commission. In fact, over the last five years, 80% of SEC enforcement cases have involved charges being brought against individuals. In a recent speech, Andrew Ceresney explained this increased focus stating "Holding individuals accountable for their wrongdoing is critical to effective deterrence and, therefore, the Division considers individual liability in every case."

In a separate speech also highlighting individual liability, Mr. Ceresney noted that many of the recent enforcement cases brought against individuals make it clear that the SEC will "aggressively pursue business line personnel and firms who mislead or deceive."

Recent SEC enforcement cases have shown that the SEC is willing to bring cases for compliance oversights even when there is no harm to clients. We bring this to the attention of investment advisers, fund boards and CCO's so that they stay alert and informed.  A vast majority of such enforcement actions can easily be avoided with proper oversight.

Improving your Compliance Program

The Importance of Proper Risk Assessment

In order for any compliance program to adequately insulate advisers, fund boards and CCOs, it must begin with a detailed risk assessment and gap analysis.  This will lead to the creation of a detailed compliance program that encompasses all risks.

Any discussion on CCO liability must begin with the foundation of building one's compliance program, the adoption of the policies and procedures.  In order to create comprehensive policies and procedures, a CCO must take into account the specific investment adviser, broker dealer or investment company business model, and tailor a program to deal with the risks inherent to the particular model.

As noted in the SFX case, if the CCO conducted a risk assessment and prioritized his time to address the highest areas of risk, he likely could have avoided enforcement action even in light of fraudulent activity personnel.

The real cause of failure to supervise actions is often insidious where the impetus is a poor process to identify risk. 

Section 203(e)-6 of the Advisers Act, in part, reads:

" person shall be deemed to have failed reasonably to supervise any person, if--

  1. there have been established procedures, and a system for applying such procedures, which would reasonably be expected to prevent and detect, insofar as practicable, any such violation by such other person, and
  2. such person has reasonably discharged the duties and obligations incumbent upon him by reason of such procedures and system without reasonable cause to believe that such procedures and system were not being complied with."

To avail yourself of the safe harbor, subparagraph A requires that the adviser has adequate policies and procedures, and subparagraph B requires that you be able to adequately demonstrate that you "reasonably discharged" your duty to supervise. Too many CCO's focus on subparagraph B and ensure timely compliance work and documentation.  However, while the existing compliance procedures may be working well, if certain key risks have not been addressed, the CCO can unknowingly bear significant risk.  CCO's who wish to quantify and manage their liability need to focus on ensuring they have the policies and procedures to address the business's risk. 

We always advise developing a scheduled process that involves the CCO and executive management team working together to conduct a review of the business from top to bottom.  The process should be thorough and involve a broad range of questions. Each risk should be identified and rated, and based on ratings, adequate policies and procedures drafted.

In the SEC's Risk Alert on Outsourcing, the SEC found some concerns with outsourced CCO's ability to communicate firm risk. However, such a concern is not limited to outsourced CCO's – all CCO's should be communicating frequently with fund boards and senior management. Assessing firm risk and conflicts of interest should always involve a team approach with open communication.

Fund Board and Management Takeaways

Tone at the Top Really Does Matter                     

In Malcolm Gladwell's, 2006 New York Times bestseller, Blink, he discusses work conducted researcher John Gottman who can predict, with 95% accuracy, after watching a husband and wife talking for one hour whether the couple will still be married 15 years later.  The premise of Blink is that certain quick decisions often prove accurate.  During Mr. Ceresney's speech, the SEC Director of Enforcement stated that "the state of a firm's compliance function says a lot about the firm's likelihood of engaging in misconduct and facing sanctions." Mr. Ceresney also specifically noted that you can "predict a lot about the likelihood of an enforcement action by asking a few simple questions about the role of the company's compliance department in the firm." Such questions included:

  • Are compliance personnel included in critical meetings?
  • Are their views typically sought and followed?
  • Do compliance officers report to the CEO and have significant visibility with the board?
  • Is the compliance department viewed as an important partner in the business and not simply as a support function or a cost center?
  • Is compliance given the personnel and resources necessary to fully cover the entity's needs?


Mr. Ceresney observed that "far too often, the answer to these questions is no, and the absence of real compliance involvement in company deliberations can lead to compliance lapses, which, in turn, result in enforcement issues." Mr. Ceresney reassured the audience of CCOs noting that, "the Commission is in your corner when your work is hindered by uncooperative or obstructionist business personnel, and that a number of our actions have sent the clear message that you must be provided with the resources and support necessary to succeed."

Mr. Ceresney also highlighted a few important points that investment advisers should be sure to remember. Mr. Ceresney noted that compliance officers have the full support of the Commission and that the SEC relies on them "as essential partners in ensuring compliance with the federal securities laws" and "will do all we can to help you perform your work." Mr. Ceresney made clear that the SEC will not hesitate to bring enforcement actions against personnel in circumstances where they have deceived or misled, or where their failure to provide compliance professionals with adequate resources and information causes compliance rule violations.

The point he was driving home is that management must support the CCO and provide proper resources.

Last summer, the SEC settled a proceeding  brought against Pekin Singer Strauss Asset Management Inc., Ronald L. Strauss, William A. Pekin, Joshua D. Strauss, its former President, as well as other principals at the firm.  The proceedings were initiated when it was determined the compliance function within the firm was not adequately staffed and not adequately resourced. An independent compliance consultant along with SEC staff subsequently identified a number of compliance violations during an examination of the firm that had not been previously detected by the firm or its Chief Compliance Officer.

Many of the SEC's findings are worth highlighting:

  • The SEC found that the President had promoted the CCO to that role, knowing the CCO had limited prior experience and training in compliance; that the CCO still retained his previous functions, including backup trader, backup trade reconciliation, research analyst, and portfolio manager; and that he failed to provide the CCO with sufficient guidance regarding his duties and responsibilities as the new CCO.
  • The SEC found that the CCO lacked the experience, resources, and knowledge as to how to adopt and implement an effective compliance program or how to conduct a comprehensive and effective annual compliance program review. Additionally, the firm failed to conduct the required annual compliance reviews several times, and there was a three-year gap between annual reviews.
  • Nevertheless, the CCO was able to learn certain aspects of the CCO role from the former CCO and from attending a compliance conference. He was thus able to identify certain weaknesses in the firm's compliance program and began to implement new compliance policies and testing procedures.
  • The SEC found the President did not make the compliance program a priority for the firm. He directed the CCO to prioritize his investment research responsibilities over compliance, and also gave him other responsibilities including naming him CFO.
  • Between his research and other responsibilities, the SEC found that the CCO was only able to devote between 10% and 20% of his time on compliance matters.
  • The CCO told the President on multiple occasions that he needed help fulfilling his compliance responsibilities, including the annual compliance program review. However, the President told the CCO that the firm's primary responsibility was serving clients, and that they could address any problems that came up in an SEC examination at that time.
  • The firm eventually engaged a compliance consultant to assist the CCO, primarily because the firm needed to conduct an annual review for the board of a mutual fund that the firm advised, and they needed the compliance consultant to handle the annual review.
  • Nevertheless, the President narrowed the scope of the compliance consultant's engagement from a more comprehensive compliance review, in part to reduce the cost of the engagement.
  • The compliance consultant issued a report that enumerated several compliance deficiencies at the firm. Shortly thereafter, the SEC exam staff conducted an examination and cited the firm for several compliance deficiencies, most notably the failure to conduct annual compliance program reviews and code of ethics violations surrounding personal trading accounts.
  • Subsequently, the CCO stepped down as CCO and remained as CFO. The firm hired a new CCO with compliance and operations experience.

Based on these and other findings, the SEC found the firm willfully violated the Advisers Act, and the firm eventually settled with cease-and-desist orders and payment of monetary damages.

The SEC, in agreeing to accept the settlement offer, noted the firm's remedial efforts, which included:

  • The firm expanded its relationship with its outside compliance consultant and hired an additional full-time Compliance Director to support the firm's CCO.
  • The firm has continued to retain a compliance consultant as an additional compliance resource and to ensure that the consultant will monitor and advise on the firm's annual compliance program reviews.
  • The firm hired a new CCO.

While many of the specific factual findings may strike some readers as being egregious, in our experience many firms do struggle in trying to find the right level of experience, resources and independence for their CCOs and compliance obligations.

It is also common, particularly with smaller advisers, that many CCOs have other, non-compliance roles with substantive and substantial duties.

Many of these "dual hatted" CCOs also have specific expertise in those other, non-compliance areas, and may feel challenged to find the time or acquire the expertise to discharge their compliance duties in the way the SEC and investors would expect.

Another factor in this case that we encounter sometimes is the lack of a "compliance culture," or "tone from the top," which can manifest in a variety of ways, such as; failing to appreciate the importance of the compliance function, prioritizing non-compliance functions over compliance functions or not allocating appropriate resources to compliance functions.

Another compliance violation that we see frequently is the failure to conduct the required annual compliance review. Whether it is due to time constraints, resource constraints or having other priorities, it is important for registered investment advisers to remember that the annual compliance review is a legal requirement and there are potentially significant consequences for overlooking this obligation.

Finally, we find it noteworthy that the facts in this case date back a few years. The current regulatory regime emphasizes "broken windows," enforcement actions, record penalties, and "message cases." There is also enhanced focus on CCOs as "gatekeepers," in addition to CCO liability. We have also previously noted whistleblower awards now being paid out to compliance personnel. Thus, we would expect the SEC to continue to focus on firms' CCOs and their compliance efforts and resources.

Stay Diligent and Informed

Executives and fund boards should keep abreast of current enforcement actions taken by the Commission, especially relating to CCO and executive liability. Such cases include the Ted Urban case and can provide insight for how advisers can avoid coming under fire from the SEC. This seminal case provides that, in addition to executives and directors, CCOs can be held liable for failure to supervise if they are deemed a "supervisor" by a totality-of-the-circumstances review. Knowing what steps the regulators are taking, who they are going after, and for what specifically, will help firms steer clear of enforcement action.

 What to look for when choosing a CCO

Given the SEC's recent cases and speeches, advisers should ensure that the CCO has the right experience and background — specifically a background that shows s/he understands all relevant SEC regulations. Advisers should also ask questions and understand the niche experience that is needed to be an effective CCO.  Several factors distinguish a well-suited CCO from an inexperienced, lower-cost alternative. For example, a suitable CCO will customize a compliance program to the fund's business, interact with service providers and test the compliance program to appropriately identify potential failures.

Another important aspect for advisers to consider when determining whether it is beneficial to hire an outsourced CCO is accountability and time-management skills.  This is critical for a CCO because if s/he fails to either cover the ground required, or follow through on designated responsibilities, then the adviser could be subject to enforcement action. Mr. Ceresney spoke  about how the SEC will charge CCOs in cases where they have failed to carry out their responsibilities. Certain individuals might have exceptional experience and backgrounds and yet lack this basic skill of accountability, Advisers must be diligent to ensure hired CCOs are dependable and reliable. 

CCOs must not only ensure that they create the necessary policies and procedures to effectively prevent violations of federal securities laws, they must also take steps to ensure such policies and procedures are properly implemented and tested.  The failure to do so allows for impropriety to occur and harms the shareholders, and industry at-large.  Ask potential CCO candidates how they will create or manage your policies and procedures. Asking detailed questions will help you identify the best fit candidate.

There are no prerequisite qualifications to be a CCO. Ideally, the best fit is someone who has in-house experience as a CCO at several firms coupled with regulatory background.  This is niche experience.

It is important to note that CCOs should make it a priority to keep up to date on new and changing securities regulations. In doing so, CCOs will recognize exactly what rules they are being required to comply with and can subsequently impart that knowledge to the adviser, providing assurance that they are capable to fulfill the responsibilities delegated to them. Be sure you communicate with your CCO and understand his or her continuing education efforts and diligence.

The CCO needs Oversight Too

Advisers should monitor outsourced CCOs the same way they would a full-time CCO. When choosing to outsource compliance duties, executives and directors should make a concerted effort to ensure that they are comfortable with the individual, as well as his/her ability and self-discipline. The adviser can't simply delegate these important responsibilities and walk away. They must remain diligent in their oversight, and stay current with the ever-evolving regulatory environment.  The inherent risks and pitfalls that the regulators associate with outsourcing the role of CCO should be considered by all advisers, even ones that do not outsource the position. This is because the weaknesses found are not necessarily correlated with the decision to outsource or not, but are often related to the specific skills and drive of the individual CCO.

Not only should management generally be overseeing CCOs to be sure they are actively doing their job, but also to prevent fraud in the extreme cases. There have been several cases where compliance personnel are the perpetrators. For example, the SEC is currently taking action against a compliance associate alleged to have traded on material nonpublic information obtained from his investment bank employer, Goldman Sachs.  The SEC asserts that Yue Han misappropriated nonpublic information about impending mergers and traded on this information through undisclosed brokerage accounts in violation of the firm's policies.  Failing to monitor the CCO's activities is a common issue we see at many firms.

Compliance Personnel Takeaways

Go Desktop?

Recent SEC deficiency letters emphasize that the policies and procedures need to be detailed and explain your overall operations. This can present a conundrum where you might be increasing your liability exposure which such over-disclosure. You should conversely be mindful of the many reasons to not include every minute risk and corresponding control in your manual. 

For example, former Commissioner Gallagher opined that Rule 206(4)-7 is at the center of the Commissioner's concerns. The rule is "not a model of clarity." It provides, in part, that the adviser is required to adopt "and implement written policies and procedures reasonably designed . . ." to prevent violations of the Act. On its face the rule addresses the adviser – it requires the firm to designate a CCO. However, while the adviser is responsible for implementation, the SEC has shown an interpretation of Rule 206(4)-7 as if it is directed to CCOs.

Yet neither the Rule itself, nor the SEC offer guidance on compliance. According to Gallagher, this sends a troubling message, "…that CCOs should not take ownership of their firm's compliance policies and procedures, lest they be held accountable for conduct that, under Rule 206(4)-7, is the responsibility of the adviser itself. Or worse, that CCOs should opt for less comprehensive policies and procedures with fewer specified compliance duties and responsibilities to avoid liability when the government plays Monday morning quarterback. Gallagher stated he is "…very concerned that continuing uncertainty as to the contours of liability under Rule 206(4)-7 will disincentive a vigorous compliance function at investment advisers." He recommended that the Commission take a hard look at Rule 206(4)-7 and consider whether amendments, or at a minimum staff or Commission-level guidance, are needed to clarify the roles and responsibilities of compliance personnel.

As a result of this uncertainty, many argue for shorter, pointed compliance manuals separate from desktop procedures, or even suggest avoiding desktop policies altogether.  However, given recent cases and deficiency letters, we are of the opinion that a CCO who does not consider every material detail to include in their policy and procedure manual may be exposing their firm to liability.

According to Mr. Ceresney, "When we have charged a CCO with causing violations of rule 206(4)-7, we have not second guessed their professional judgment, critiquing the choices they made in the creation of policies; rather, we have brought actions where there was a wholesale failure to develop such policies or to implement them, and where the CCO was properly held responsible for that failure."

The root of the issue is that you need a risk assessment that flows into the policies and procedures and certain policies and procedures should therefore be desktop. This should be considered one of the higher risk areas in your compliance program.

Rule 206(4)-7 and Rule 38a-(1) suggests areas minimally where advisers and funds, respectively, should consider adopting policies and procedures. It does not provide specific instruction on how policies and procedures should address; 1) how to monitor and assess employees for conflicts of interest, 2) how to monitor employees who participate in firm-approved outside business activity ("OBA") or, 3) how to determine when an employee's OBA should be disclosed to the board or clients. 

It is this type of detail cited regarding policies and procedures that causes grave concern for CCOs.

Continue to try to avoid being deemed a supervisor - lessons learned from Ted Urban

Even though Chief Compliance Officer Ted Urban was exonerated from liability, a curious dicta emerged from SEC enforcement action against him.  The dicta provided that Urban was deemed a "supervisor" over an employee, a classification which led to additional liability placed over him.  Under a totality-of-the-circumstances review, the administrative judge had to determine whether Urban met the classification of "supervisor."  The court reviewed whether Urban had the "requisite degree of responsibility, ability or authority to affect" one's conduct, despite not being a supervisor in the classical sense. 

Despite Urban not having any of the traditional powers associated with a person supervising a firm's employees, the case law found Urban to be classified as the employee's supervisor. Once deemed a "supervisor" one is subject to maintaining "reasonable supervision," which extends above and beyond the usual and customary duties of a CCO.  Reasonable supervision is determined by whether there is negligence under the reasonably prudent person test. This is an unnecessary hurdle for a CCO when so much liability is inherently built into Rule 206 (4)-7, Rule 38a-1 and the corresponding securities laws. The Ted Urban case also emphasizes the need to review your insurance coverage and make sure you are well covered and protected shielded from liability.

Know Your Responsibilities and Be Diligent

The SEC noted in the Risk Alert following the Outsourced CCO Initiative that in many instances, the outsourced CCOs were designated as the individuals responsible for conducting reviews to ensure compliance met the requirements of Rule 206(4)-7. This included testing of the existing policies and procedures. However, the staff observed throughout these examinations a "general lack of documentation evidencing the testing" recorded by the firms.  CCO's should take note of this observation, as again, this is not limited solely to outsourced CCOs.

CCOs must remain proactive when updating the compliance program, and ensure that they stay current with guidance provided by the SEC through recent cases, speeches and risk alerts. 

Understand that your duties as CCO are to develop and implement the compliance program, but also understand that you alone are not solely responsible for the implementation and development of a "culture" of compliance.  It is imperative that executive management and fund boards work cooperatively with CCOs to efficiently mitigate risks and liabilities particular to their business model.  This is essential to proper risk assessment, and the creation, implantation and testing of a successful compliance program.

Fund boards, adviser personnel and compliance professionals should be sure to keep up with current regulatory guidance and enforcement cases.  This is not just best practice; this should be the only practice for any staff tasked with compliance oversight.  CCOs now find themselves more and more often coming under the SEC's crosshairs for issues related to the compliance programs they oversee.  This presents additional risks that are largely unnecessary but based on recent history, it stands to reason that the SEC will continue naming CCOs for compliance oversights.


SEC exam prep: What to expect in second half 2015

July 27, 2015

The U.S. Securities and Exchange Commission's (SEC's) 2015 examination priorities (PDF) are very different in scope and structure from those of previous years. For instance, they are considerably more concise and less detailed. As we head into the second half of the year, below are a few reminders of the scope of the 2015 priorities advisers should be cognizant of in preparation for a possible examination by the SEC.

Read more: SEC exam prep: What to expect in second half 2015


How bright are expert networks blinking on the SEC's radar screen?

June 23, 2011

This June SEC3 Compliance Consultants published an article for Thompson Reuters Acceluson the topic of adding and managing external resources to aid in your research process. We recommend every client to read and heed the advice of this document.

Read more: How bright are expert networks blinking on the SEC's radar screen?


CNN: Hedge fund regulation? What hedge fund regulation?

June 23, 2011

Janaya Moscony, President & CEO of SEC3, is quoted in the Fortune / CNNMoney article entitled "Hedge fund regulation? What hedge fund regulation?" (article link). The article covers the confusion surrounding hedge fund / private equity firms are experiencing with the latest SEC filing requirements.

Read more: CNN: Hedge fund regulation? What hedge fund regulation?


Janaya Moscony quoted in Wall Street Journal Fraud Risk Article

June 23, 2011

Janaya Moscony, President and CEO of SEC3, was quoted in a recent Wall Street Journal article entitled "Danger! Danger! - How to Size Up the Risk of Fraud in Hedge Funds" (article link). In this article, Ms. Moscony advises "to be wary of any fund (manager) that can not answer questions in "layman terms".  Complete text of the article can be read here.


SEC3 Publishes Guide to SEC Registration of Private Fund Investment Advisers

July 21, 2010

On July 21st, 2010, the President signed into law the Dodd-Frank Wall Street Reform and Consumer Protection Act, which includes in Title IV, the Private Fund Investment Advisers Registration Act of 2010 (the “Registration Act”).The Registration Act, among other things, amends the Investment Advisers Act of 1940, (the "Advisers Act") and has significant implications for advisers to both U.S. and non‐U.S. domiciled private funds.

Read more: SEC3 Publishes Guide to SEC Registration of Private Fund Investment Advisers


SEC3 Offers Private Fund Registration and Compliance Services

July 21, 2010

Janaya Moscony, CFA, President of SEC3 says, “Once registered, private fund managers must follow the same rules as traditional managers. However, the difference in business models and infrastructure between the different types of private funds and traditional managers can be significant. Recognizing these differences we have developed services to fit the different models and requirements of private fund managers.

Read more: SEC3 Offers Private Fund Registration and Compliance Services


Page 1 of 2



Get the latest compliance news and insights - delivered weekly. The SEC3 Communique covers all compliance topics. CCO3 focuses on CCO topics.
tip: check both to keep informed!


FINRA’S Box of Chocolates

While we know you prefer a box of chocolates today instead of this industry update on compliance, this one is a gift and hence, will not add to your ever-growing... read more »

A Motivated Agency: The SEC Closing the Loop on the Edgar System Cyber Breach

You may recall after Clayton took the helm as Chairman at the SEC, the agency disclosed that it had its own cyber breach and the Edgar system was compromised. Today,... read more »

Examiners Take Reprieve with Gov’t Shut Down, But CCOs Must Carry On

These government shut downs don’t usually go on indefinitely. Before we blink an eye, examiners will be back on the beat. CCOs must stay vigilant. On December 20th the SEC’s Office... read more »

Pre-Dating & Back-Dating are Equally Risky

The SEC today suspended three accountants formerly of BDO USA LLP for improper professional conduct during its 2013 audit of AmTrust Financial Services Inc., an exchange-listed insurance company. According to the... read more »

Fiduciary Duty

On Friday, September 28, 2018 the SEC charged LendingClub Asset Management (LCA) and its former president Renaud Laplanche with fraud for improperly using fund money to benefit LendingClub Corporation (LendingClub),... read more »

Exciting Summer Project -- Dig Into Some Sand or Dig Into Your Firm's Best Ex Pr…

The Office of Compliance Inspections and Examinations (OCIE) issued a risk alert July 11 targeting investment advisers’ most common deficiencies with regard to their best execution obligations under the Investment... read more »


Chief Compliance Officer Roundtable: Breakfast Briefing - November 8, 2018

When: November 8, 2018 Where: Blank Rome LLP | The Chrysler Building | 405 Lexington Avenue | New York, NY 10174 | 22nd Floor Boardroom | Phone: 212.885.5000 Schedule: 9:00-9:30am - Networking...

Dorsey PF 2018 Symposium

When: September 26, 2018 (8:30 am - 6 pm Where: Dorsey & Whitney LLP | 51 W. 52nd Street | New York, NY 10019 Directions > SEC3’s President, Janaya Moscony will join...

Chief Compliance Officer Roundtable: Breakfast Briefing - June 14, 2018

When: June 14, 2018 Where: Blank Rome LLP | The Chrysler Building | 405 Lexington Avenue | New York, NY 10174 | 22nd Floor Boardroom | Phone: 212.885.5000 Schedule: 9:00-9:30am - Networking...

Webinar: 2018 SEC Exam Priorities & Recent Exam Highlights

Don’t miss the opportunity to meet with us in person to discuss the topics that matter most to you. Tobin S. Cochran, Managing Member/President of Focus 1 Associates, LLC and...

Chief Compliance Officer Roundtable: Breakfast Briefing - February 7, 2018

When: February 7, 2018 Where: Blank Rome LLP | The Chrysler Building | 405 Lexington Avenue | New York, NY 10174 | 22nd Floor Boardroom | Phone: 212.885.5000 Schedule: 9:00-9:30am - Networking...

Upcoming Events - September & October 2017

Upcoming Events Don’t miss the opportunity to meet with us in person to discuss the topics that matter most to you. SEC3 is teaming up with industry experts in NYC to discuss...

May 23, 2017 - Webcast: WannaCry Ransomware: Were You Really Protected or Just L…

When: Tuesday, May 23rd, 2017 | Schedule: 12pm - 1pm EST Who: Paul Caiazzo, CEO and Co-Founder, TruShield Security Solutions Michael Brice, Founder, BW Cyber Services John Lukan, Managing Director, SEC Compliance Consultants, Inc. We...

June 14, 2017 - Compliance Breakfast Briefing

8:30-9:00am - Networking and Continental Breakfast 9:00-10:30am - Program Location: Willkie Farr & Gallagher LLP | 600 Travis Street | Suite 2310 | Houston, TX Barry Barbash from Willkie Farr & Gallagher LLP,...

June 13, 2017 - Compliance Breakfast Briefing

8:30-9:00am - Networking and Continental Breakfast 9:00-10:30am - Program Location: Haynes and Boone, LLP | 2323 Victory Avenue | Suite 700 | Dallas, TX 75219 Validated parking is available in the garage attached...

May 31, 2017 - Chicago

9:00-9:30 a.m - Networking and Continental Breakfast 9:30-11:00 a.m - Program Location: Baker & McKenzie LLP | 300 East Randolph Drive | Suite 5000 | Chicago, IL 60601 Kristin Gonzalez and Jerome Tomas...

May 17, 2017 (NYC WIMF)

This event is by invitation only. Please email to learn more.

May 15, 2017 (NYC Chief Compliance Officer Roundtable)

9:00-9:30am - Networking and Continental Breakfast 9:30-11:00am - Program Location: Blank Rome LLP | The Chrysler Building | 405 Lexington Avenue | New York, NY 10174 | 22nd Floor Boardroom | Phone:...

Webcast: The Most Insidious Cybersecurity Threat Is Also The Least Understood

When: Tuesday, April 25th | Schedule: 12pm - 1pm EST Who: Paul Caiazzo, CEO and Co-Founder, TruShield Security Solutions Michael Brice, Founder, BW Cyber Services John Lukan, Managing Director, SEC Compliance Consultants, Inc. Ransomware, the...

CCO Liability (Part III): Managing Liability Webinar

In this webinar, panelists discuss indemnifications and insurance as potential remedies to address the direct financial risks to a CCO. Attendees will learn: What terms and conditions should Chief Compliance Officers be...

Webinar: CCO Liability (Part III): Managing Liability: Navigating Indemnities an…

When: Tuesday, February 21, 2017 Schedule: 11:00am ET / 10:00am CT / 9:00am MT / 8:00am PT / 7:00am AT Description of Webinar: The National Society of Compliance Professionals is pleased to host...