Q58 – What Is An Outsourced Chief Compliance Officer?

Also available as podcast (Episode #58)

Apple  |  Android  |  Spotify  |  Amazon  |  Stitcher

What is an Outsourced Chief Compliance Officer?

Every Registered Investment Advisor (RIA) is required to have a named Chief Compliance Officer (“CCO”).  Depending on the size of the RIA, this is often a member of the team who wears “multiple hats”, and is not solely a full time CCO.  To assist that individual fulfill their compliance responsibilities, the standard practice of an RIA is to lean on the guidance provided by a third party compliance consulting firm.  For RIAs that have the resources to do so, there is the ability to take this one step further and utilize the services of a fully outsourced CCO solution.  Under this path, the provider becomes the named CCO of the firm, and provides compliance services to the RIA accordingly.

Show Notes

Dinsmore Compliance Services (website)

Jeff Chapman (LinkedIn  |  [email protected])

Found This Video Helpful?

Want to learn even more by better understanding what a transition to the RIA model might look like for your own practice?  I encourage you to schedule a Discovery call, and I’d be happy to begin that conversation with you.

Full Transcript:

Brad: What is an outsourced CCO? That is today’s question on the Transition To RIA question and answer series. It is question #58.

Hi. I’m Brad Wales with Transition To RIA where I help you understand everything there is to know about why and how to transition to the RIA model.

If you’re not already there, head over to TransitionToRIA.com, where you can see the show notes from today’s episode as well as all of the other resources I put out there from the video series, podcast series, whitepapers. There’s all kinds of great resources. Again, TransitionToRIA.com.

On today’s episode, we’re going to be talking about compliance, which is not the most exciting and sexy topic in the entire RIA space. But it is one of the most important topics that needs to be managed as an RIA. We’re going to be talking about how you can manage that responsibility.

For those of you watching on video, I have Jeff Chapman with Dinsmore Compliance Services. Jeff, thank you for joining us.

Jeff: Brad, thanks for having me today. I appreciate the opportunity to talk a little bit about compliance with your audience.

Brad: It’s going to be a good conversation. I’m going to turn it back to Jeff to provide a little background on himself and his firm in just a moment.

If you were to start an RIA, you are responsible for compliance and there are pros and cons to that. I’ve talked about this topic in several episodes, and a main question is how do you manage that responsibility?

Some advisors join existing RIAs, and in turn are outsourcing that responsibility to someone else. To the degree you are going to have your own RIA, you need to manage that responsibility yourself. There are different flavors of how to do that.

What we’re talking about on today’s episode is the concept of an “outsourced CCO”, an outsourced Chief Compliance Officer. That’s what Jeff is the expert on. He’s going to help us understand what that is and how that might be a fit for your individual practice.

Jeff, before we dive into the questions, if you could give a brief background on yourself and your firm, that would be helpful.

Jeff: Thanks, Brad. I’ve been in the financial services industry for over 30 years, most of that time in running businesses, mostly capital markets businesses for regional banks. And, as you probably know, after the financial crisis in 2008 and 2009, that became a lot less interesting. So my partner, Kevin Woodard, and I formed a firm in 2016.

Kevin and I have worked together now for over 20 years in some form or fashion. He is a compliance expert. He supported my businesses in the capital markets arena and I always had a great working relationship with him. He is the compliance officer that is not the, excuse me, “hell no” compliance officer. He always understood, this is a business we have to operate, please identify the risks, and let us make business decisions. That was a great working relationship. This is what you’re looking for in a compliance officer.

We talked about forming our firm and taking this on the road as we understood frankly, that there’s a great need for compliance expertise out there for investment advisors and those advisors many times form their own firm. We like to say (joke) somebody loses and has to have that CCO responsibility. It isn’t what they got in the business to do.

We think it’s a great opportunity for advisors who are forming or growing their own firm, and need more expertise, to outsource that function. We formed our firm in 2016. It’s been a real ride since. We’ve had a lot of acceptance, we’ve got clients across the country, and we really have exceeded our expectations in terms of growth. We found a real need and we’re filling that need.

Brad: That background is going to delve perfectly into these questions.

To start with, and you alluded to it, for the viewers here that are listening or watching, that aren’t familiar, if you start an RIA, what is that CCO responsibility?

Generically speaking, you’re responsible for your own compliance, but are you required to name a person? Do you have to hire a person? What is the baseline requirement?

Jeff: Under Rule 206(4)-7, it’s required that you name someone as CCO and you have to establish policies, procedures, and manuals that are going to guide your firm and help them be consistent with SEC rules.

Then it’s required that you review those rules on an annual basis. It’s absolutely required that you fill this position and someone has to be named for that responsibility. So, coming out of the gates, someone will be the named CCO.

Brad: For those that don’t know, you can look at any RIA’s ADV to see who the CCO is.  Until you get to a size where you’re so big that you can afford to hire a full-time compliance person in-house, it usually is someone on the team wearing multiple hats that is the CCO. It might be the main principal, the main owner. Is that generally what you see with smaller and mid-sized firms?

Again, if you get to a couple billion, maybe you have the resources to hire in-house, but is that typically what you see?

Jeff: It is typically what we see. The named CCO might also be listed on the ADV as the chief investment officer and the CEO.

The SEC over the last couple years has said that they are looking for people to wear multiple hats and they’re realists, they understand it. Probably the CCO work is the last thing on the day that the person is working on. So, when they see people wearing multiple hats and have multiple titles in the firm, they get extra scrutiny and we think that that’s an opportunity to outsource that function, and make sure that it’s taken care of.

Brad: There’s no regulatory requirement that you have to engage any sort of third-party compliance consulting firm to help you with any of this. Now, it’s absolutely the best practice, it’s utilized by essentially every RIA that is trying to do the right thing. If someone came to me and they wanted to start an RIA but said, “I’m not going to use one of those folks”, I would not even work with them. That’s a sign that they’re not willing to do this correctly.

But for the typical scenario where they are using such a consultant – I have done episodes on the different kinds of compliance consultants – what is something short of this outsourced solution?

I’m doing this to show the contrast with an outsourced solution. When an RIA where someone is wearing multiple hats works with a compliance consultant, what does that arrangement look like from a who’s-doing-what perspective?

Jeff: When folks are forming an RIA, many times they’ll reach out and find a compliance consultant. While we do some of that work, about 80% of our work is the outsourced CCO work.

Folks who reach out, find a compliance consultant to help them form their advisor, to help them establish policies and procedures, and manuals, and turn it over to the firm, and have that person in the firm that’s named CCO manage that function going forward. Here’s your plan, now you execute it.

While a lot of people might have a legal background or a compliance background, or a COO kind of background, it’s not their expertise and it’s not what they do on a daily basis.

Many times it gets short shrift and it’s not something that they enjoy doing so they don’t spend a lot of time on it. When the annual review or the annual updates to ADV come around, that’s probably the next time they look at their compliance program. And so, it’s not something that we advise. Obviously, we’re in the business of offering outsourced chief compliance officer, but that’s the way a lot of people would start it.

Brad: I’d say that’s the majority of them. There are some RIAs that unfortunately aren’t doing anything, which again is highly inadvisable. The majority are engaged with some sort of consultant.

For an advisor that’s going to have an RIA, or maybe already has one, where this is resonating might be thinking…”I really don’t like being responsible for those things or spending the time on those sorts of things,” so that leads us to what is an outsourced CCO?

We know we have to have a named person, there’s things that should be done to manage all this. If someone comes to you, what is that offer? What do you do as an “outsourced CCO”?

Jeff: A fully outsourced CCO means one of our staff, one of our experienced chief compliance officers will be named on the ADV of the advisor as the chief compliance officer. They really become a team member. They are not only advising and developing the policies, and procedures, and manuals, but they’re actually operating the program. It’s as if you had an onsite chief compliance officer on your team.

We offer a somewhat lesser service than that which we call CCO light. We’ll establish the policies, procedures, and manuals, all the same work, but someone in the RIA will operate that and will be listed on the ADV. While we run the exact same program, it’s sometimes preferable to the RIA to have their person still named on that ADV and that’s another option for us.

But we take a considerable amount of time when we have a new client, whether they’re already established or they’re establishing a new RIA. The onboarding process takes about two months.

We fully understand the type of business that this advisor wants to run. Our model is not based on AUM. It’s based upon the model of the business that is run there. It’s how many IARs you have, how many locations do you have, what is your portfolio management strategy, do you do a lot of advertising? We spend quite a bit of time to establish those policies, procedures, and manuals that are customized to that individual RIA.

There are a lot of other consultants out there that have what I would deem a template that is kind of pushed down to the advisor and try to make that fit into what they’re up to. We customize every compliance program that we design for that individual advisor. It takes a considerable amount of time to get to know them. We really want to become embedded if you will with that advisor so that we’re part of that team.

Brad: You might have just answered my next question with that thought there of just how much time you spend with them to understand the business.

A lot of advisors are trying to move away from that broker-dealer world, that large firm model, in part because they feel, “Compliance just tells me no. I can’t do anything. They’re not willing to consider new things.  I want to get away from that and yes, I will have some responsibility to do it myself, but that’s a whole lot better than this horrible situation I have now.”

How do you balance your responsibility of taking on the CCO role and helping the RIA stay out of trouble, at the same time not giving them the same experience that they had before where compliance is a hindrance, not a help?

Jeff: One of things we do is during the onboarding process we’re evaluating the client as much as they’re evaluating us. Maybe an overused term, but a culture of compliance. There are advisors we don’t work for because they say, “Let’s check that box, check that compliance box, but we’re going to do what we’re going to do.” That’s not the kind of folks that we want to work with.

We really want to check to make sure that they indeed are going to operate their business in an upright fashion and that they’re going to comply with the rules that we establish. It’s really a two-way street. And there are advisors that we decline to work with.

While they may be coming from a bigger firm or a BD background, the BD is more rules-based as opposed to the SEC type of compliance procedure. They generally had somebody that they’ve relied on for their compliance questions, but it might be three offices down, they never meet that person and they don’t have a relationship with them.

If you have a compliance officer that’s embedded in your firm and understands what you want to do, what we like to say is, “We know where you want to get to. We don’t think you can do it the way you’ve proposed it. Here’s another way to get to the same answer that’ll be within the compliance procedures that we’ve established for you.”

We want to be business partners. Sometimes there are opportunities to make a business decision. Here’s the rule, here’s where we are, here’s how much risk you might take on with this opportunity. But at the end of the day, it’s a business decision. We want to identify opportunities for folks to get to the right answer.

Brad: That’s important, the risk spectrum. Some stuff is black and white, and binary. That’s perhaps helpful because those are easy decisions to make. But often is it, “Where are we on the comfort level, the spectrum level?” Having someone like you or your team explain what the options are and why one might be better than another, is a value add for sure.

I’m going reverse chronological order of how someone might work with a firm like yours. Let’s say they’ve talked to you, they’ve talked to your team, they like everything. Maybe it’s an existing RIA now or someone that’s looking to transition to the RIA model, they like your story, they like this concept about outsourced CCO. How long does that process take to get everything up and going?

It’s an evolving process, but a lot of work has to be done on the front end. What kind of timeline is that looking at?

Jeff: Right now the SEC gets back to us on applications – I think they’re required to within 45 days – about 30 days right now. We like to say, give us 60 days for a launch and we think that gives us enough time to identify your business strategy and how you want to operate. It gets us the ability to file the proper framework if it’s a new RIA. If it’s an existing RIA, we still like to get about 60 days of onboarding because we’re going to spend a lot of time with the principals of the firm to understand what they’re doing.

One of the things the SEC doesn’t like is if you in fact purchase the policies and procedures type of manual that is a template, if you will, it might say you’re doing things that you’re not. The SEC doesn’t like that. If it says you’re doing something in your manuals, they’re going to look for it and many times they’ll come and say, “It says you’re doing this, but we don’t see any evidence of that. Why is that in your manuals?”

That happens when people get shoved down into a box. We specifically design each program for the individual advisor’s business model. So, a long answer to your question there, but about 60 days is what we think a good onboarding takes.

Brad: That’s good. I would be worried if you said 10 days because that would run counter to everything you just said about needing to really dive in and make it a partnership. I think 60 days is quite reasonable.

All this sounds great, “I can have my RIA. I can meet my compliance responsibilities and not have to do it entirely on my own, and I could outsource it. Fantastic.” It always comes down to price though. Everything has a cost and if you’re going to use a solution that provides more value, it’s going to cost more. So, typically, how do you price out this type of service?

Jeff: Our business model is run much as an RIA’s money management model is. Although we’re not asset under management-based, it is a retainer type of an arrangement. We charge a fixed retainer, which allows the advisor to budget and not think that they’re going to get nickel-and-dimed or have to get charged every time we have a call, or every time we have a question.

We quote upfront an annual fee. That includes at least one onsite visit every year by your compliance officer. And if you like, we’ll run your calendar which can be events-based or day-based.

We like to refer to the fee as…it’s going to cost you about one-third of what it would cost you to have a dedicated CCO in your office that you’re going to go out and hire.

I’m reluctant to quote numbers, but our fee is either side of $50,000 annually for most of our clients. We think that’s a great value because you have access to the entire compliance department.

Another advantage to having an outsourced CCO is if you have your own CCO and they’re sending their kids to college, they’re going to want to keep that job. They might be reluctant to give you the answer that you want to hear more times than not.

With an outsourced CCO, we’re going to give you the down and dirty answer that sometimes you’re not going to want to hear, but it’s going to keep your business running and in good stead with the SEC. So that’s what we think is another advantage.

One other thing I’ll mention while we’re here Brad is that the other advantage is when the SEC does come calling – and they will, right now they’re about once every seven years for the average advisor – we’re onsite.

If we’re the outsourced CCO, our chief compliance officer will be onsite as long as the SEC is. During Covid, they haven’t done any onsite exams, but the days are probably coming back at some point. And when it does, our CCO will be onsite until they leave.

When the CEO and the CCO get the letter for the documents that are required, that comes to us and we will prepare everything and we’ll be ready for them, and we’ll be there until they’re gone.

Brad: A lot of peace of mind comes with having that partner there onsite physically to help through that process.

When I am asked how much an outsourced CCO might cost, it’s like you alluded to, it’s more expensive than hiring a compliance consulting firm to give you guidance and you’re retaining the responsibility yourself. But to your point, significantly less than what it would cost, all in, with salary, benefits, overhead, etc for an experienced CCO you’ve hired in-house onto your team. Your price range is a fraction of what that would cost.

Related to that, what size RIA do you see this making sense for? You’ve alluded to the SEC, which for those listening that don’t know, that applies to RIA’s $100 million and above. You’d be SEC registered.

There is economics involved with all of this. A smaller RIA might not have the budget space for your type of solution. And then on the other end of the spectrum, you arguably could get so large that you can afford to have someone in-house directly on your team.

What is the sweet spot people are seeing value in it?

Jeff: Probably 90% of our clients are between – and I know this is a big range – $250 million to $1.5 billion. Most folks over that size, they probably are going to bring that in-house and we certainly understand that.

We’ve got some clients that are much larger than that and they use us to augment their own compliance staff for projects or new rule implementations, or something of that ilk. But most of the folks when they get to $250 million in assets under management, they’re creating some decent revenue and they understand the value that gets taken away from their clients by having to manage compliance themselves.

SEC rules are living, breathing, and flexing all the time. There are a couple new rules coming out this year. Do you want to read that, start with a blank piece of paper, and implement that in your own advisor or do you want to work with somebody who’s done that for hundreds of other people, and can do it for you, and make sure that you’re compliant on the date that it’s required?

So, $250 million and above really makes a lot of sense.

We also work with state-registered folks in helping them establish their RIAs. We’ll charge a fee to get them registered and get their policies and procedures. But because there’s 50 states, we’re not experts in all 50 of those states and the regulatory environment in every other state. We can help people get registered as a state advisor, but we will not serve as the chief compliance officer.

Brad: Staying on top of SEC rules is a handful as it is. It is a magnitude more difficult to stay on top of 50 different state changes as well.

For someone that this has resonated with and they think this might be a good solution – a question I’m always a big fan of, I always want to help people understand – what they can expect when they reach out?

Someone has listened to this episode, they’ve never spoken to you before, what does that first conversation look like?

Jeff: We’re going to explain our value proposition. We’re going to want to talk to the principals of the firm.

If they’re a breakaway firm – leaving a wirehouse or a larger bank – that conversation is a little different than an existing RIA that says, “I’m pulling my hair out because I’ve been trying to do this compliance thing myself.”

Those conversations are, “Here’s what we do. We know we’re not the cheapest guys in town, but there’s value you’re going to get from us. You’re not going to have to think about this again because we’re going to run your program for you and we’re going to run a pristine program so that when the SEC comes in, you’re going to be very comfortable with that.”

It takes time to have that conversation with our potential clients. A lot of them say, “That’s more than I want to spend,” or, “That’s more than I need right now,” and we understand that.

Many people go to plan B and they come back to us, and say, “I’m getting nickel-and-dimed with that. I didn’t realize I would still be doing all the work by going to plan B.”

We’re not the hard sell guys. We’re, “Here’s our value proposition. Here’s what we’re going to charge you and if you think this is right for you, we’re going to have a pristine program for you.”

Brad: If someone wants to have that conversation, what’s the best way to get in contact with you or learn more about your firm?

Jeff: We’re Dinsmore Compliance Services. You can check our website, DinsmoreComplianceServices.com. It’s a little wordy, but my email is [email protected]. And Brad, you have my contact information if they want to contact you.

We feel we have a great program that works for a lot of folks. We’re busy right now. There’s a lot of people, as you know, breaking away and forming their advisor. There are a new rules coming this year that are keeping people very focused on their compliance program. We’re working with them on that. It’s good times in the business right now. We appreciate all the support we get.

Brad: For anyone that didn’t write that down, I’ll include the contact info in the show notes. You can access it that way.

For those that have only ever been in a more captive broker/dealer type environment your whole career, you generally don’t have any say over who’s on the compliance team or how they interact with you.  They basically dictate to you how things are done.

In the RIA world, you can go out and hire the compliance consulting firm yourself. You, the advisor, are the client. The compliance consulting firm still has an obligation to perform their job to try to keep you compliant, keep you from running afoul of rules. But the nice thing is for arguably a lot of advisors, for the first time in their career, they have a say for once. If that compliance partner is not responsive to their needs or is not open to thinking through solutions, you can find another compliance provider that has a better value proposition.

That’s a great feeling for advisors. It’s almost a full 180 of not being dictated to. As you talked about, actually having a partnership. Jeff and his team have an interest in retaining your business, so they do need to be responsive, they need to be willing to think things through.

And again, you have to respect that you are hiring them to tell you when you should not be doing things or that things should be done differently, so there is a balance there, but it’s by no means a one-way street which for many advisors, currently it is.

As a reminder again, contact information in the show notes. If you head on over to TransitionToRIA.com, you’ll be able to see the show notes as well as all the other resources I put out. The video series, podcast series, whitepapers, all kinds of things, you can find it there.

I hope everyone found this a useful resource to understand this concept of an outsourced CCO. It is a niche solution by design because as you can tell from everything Jeff described, not anyone and everyone can provide this kind of solution. I think it’s important to have it in your consideration pool and understand what it is and whether it is a fit for your practice.

Jeff, with that, I appreciate you coming on today.

Jeff: Thanks, Brad. Glad to be here.

Want To Learn More?

Schedule a Discovery call and lets begin a conversation.

Share this post

Read my free whitepaper!

Get instant access to my free whitepaper on "11 Ways The Economics Of The RIA Model Are Superior To Other Advisor Affiliation Options".
FREE WHITEPAPER:  “Steps To Take Now If You Anticipate Transitioning Your Practice To The RIA Model Anytime Within The Next 10 Years.”

YES, I WANT TO BE PREPARED