Bill Hortz's picture

"Ultimately, the best practice is to have the right person in the CCO position, implement the right processes for your business, and document everything." - Bo Howell, CCO Technology

[The trends in compliance enforcement are increasing and can be very costly for firms that are not prepared – not just in monetary fines, but in personal and professional reputation. Regulators - to make their point in as visceral a way as possible - have increasingly been targeting and fining Chief Compliance Officers (CCO) and senior executives personally for non-compliance and lack of proper preparation and diligence. This is especially an issue for small to mid-sized advisory firms where a designated CCO is, in many cases, an executive with multiple job duties. And it’s not just the SEC that is focusing on investment advisers and senior executives as state regulators have been more active in the space as well.  

The Institute for Innovation Development reached out to Institute member Bo Howell of CCO Technology - a FinTech software-as-a-service (SAAS) company focused on supporting small and middle-sized advisory firms with regulatory compliance – to get his practical and engaged perspective on this issue and discuss the growing need for developing a detailed, comprehensive and defendable compliance strategy.]

Hortz: You warn about the personal liability risks within compliance enforcement actions in your firm’s materials. To what extent is the Chief Compliance Officer, or other executives in the firm, personally liable for regulatory actions versus just the firm?

Howell: Generally, the SEC goes after CCOs and other executives if they participate in wrongdoing, hinder an SEC examination or investigation, or oversee the wholesale failure of a compliance program. For example, in the Temenos Advisory case that was filed in 2018, the CCO was also the Founder and Advisor Representative. He placed his clients in unsuitable investments and neglected his duties as a CCO - he didn’t perform any due diligence on the investments; he failed to disclose to clients known issues with the investments and his conflict of interest; and he overcharged many clients.

In other cases, the CCO had incomplete or inaccurate compliance documentation at the start of an examination so they “fixed” the documents and submitted them to the SEC, but the documents did not accurately show the state of the compliance program at the time under review. Rather, it created a fiction in response to an SEC exam.

Wholesale failures usually occur when the adviser has been hit with a deficiency in one or more examinations and the CCO fails to take the remedial action that he submitted to the SEC. A case in point is the Southwind Associates case from 2017 where the SEC’s Office of Compliance, Inspections, and Examination (“OCIE”) conducted three exams of the adviser over a ten year period and each exam resulted in deficiencies that were not corrected. Additionally, the SEC will sanction a CCO if he fails to follow-up on red flags, as was the case in the Chardran matter filed in May 2018.

As these actions illustrate, major lapses in a compliance program can result in a CCO and other senior executives being fined by the SEC or even suspended or barred from the financial services industry. 

Hortz: What have you seen as best practices to defend against personal regulatory action?

Howell: The best defense is a good offense, which means ensuring your compliance program addresses all your business operations and it is documented. As Commissioner Pierce noted, a CCO that continually implements and updates their compliance program in response to business and regulatory developments should be in good standing with the SEC and investors. Of course, this means the CCO is actually following the written policies and procedures and addressing red flags or weaknesses as they are discovered.  Ultimately, the best practice is to have the right person in the CCO position, implement the right processes for your business, and document everything.

Hortz: Based on your experiences and discussions, what do you see as the biggest challenges for managing compliance at a smaller advisory firm?

Howell: We recently conducted a survey that asked small and middle-sized investment advisers what their biggest challenges are in managing their compliance program. The four biggest challenges were:

1.Keeping up with new regulations,

2.Managing existing policies and procedures,

3.Keeping up with business growth, and

4.Obtaining enough resources to manage the program.

Keeping up with new regulations is really a subject matter issue. As we talk with small advisers, we find that many CCOs have multiple roles at their firms and compliance is not their area of expertise. As a result, they are nervous about not having enough subject matter expertise in-house. One way to remedy this is to have an outsourced partner that is dedicated to being current on compliance issues and the details in regulatory actions, which can supplement a firm’s institutional knowledge. That’s one role that CCO Tech plays.

Managing existing policies and procedures is a process issue. What we find is that many smaller advisers have manual processes or outdated technology, such as using Microsoft Office, email, and hardcopy documents to manage their compliance program. These processes are burdensome to both the CCO and the employees. Additionally, advisers aren’t leveraging their compliance data to streamline processes. What is needed, and what we aim to change, is the way compliance is managed by creating simple-to-use, easily accessible applications that use the compliance data to automate processes and cross-check testing.

The last two challenges - keeping up with business growth and obtaining enough resources - is a common issue among advisers of all sizes. Compliance budgets are tight and managing growth through new hires is hard. It takes time to find the right person, to properly train and integrate them into your program. Using technology helps improve processes and extend your current resources, helps efficiently train and integrate new hires, and can reduce or mitigate turnover.

Hortz: What are the key features and benefits of CCO Tech’s compliance software?

Howell: Our system is a web-based application comprised of several components that work together. SEC Filing Manager incorporates regulatory changes into your filing process and provides tips and frequently asked questions to give the user the right information at the right time. It interfaces with users in a friendly way while also providing methodical completion of the form. We built a more conversational approach to complete these forms, which are often structured in complex ways that become more burdensome as the SEC adds additional regulatory requirements onto the form. Our system is designed so that even a user without a compliance background could complete the form accurately. It’s also very affordable so even the small shops can use it without substantial costs or onboard time. Further, we help tag the data in these applications to automate parts of the compliance program.

For example, our CCO Calendar leverages data from your SEC filings and other sources to automatically schedule compliance testing and other important regulatory dates. Our forthcoming Document Manager helps clients maintain audit-ready compliance documents, including certifications and testing reports. The data in the Document Manager will be cross-checked against data in the SEC Filing Manager and the system will flag any inconsistencies. This allows the CCO to focus more on exceptions or regulatory updates and less on data input, documentation maintenance, and scheduling. Finally, a Policies Manager module will help CCOs create and maintain policies and procedures that are customized to their business. The policies will be cross-checked against data in the other applications to ensure there are no gaps or unnecessary policies. The Policies Manager will also integrate with the Compliance Calendar to schedule and initiate testing, which will give CCOs peace of mind that they are doing everything in the manual that they should be doing. The results of all these processes will be organized in the Document Manager.

As you can see, our focus is on integrating your data into your compliance processes so that you don’t need to constantly repeat administrative tasks, stay up-to-date with regulations that affect you, and make the processes faster, easier and more automated.

Hortz: How did you go about building your product? What processes and research do you use in its development?

Howell: I’m not a computer coder and I don’t have a background in information systems. But I am an end-user. I wanted to design a system that was easy for me and my fellow compliance officers. I knew the tasks that I didn’t want to do, like data input. With this perspective, I started to conceptually design a system that would cover the core areas of the compliance program: filings, testing, policies, and documentation. I talked with many compliance officers about the tools they wish they had. I then researched available products in the marketplace to determine what was missing or what could be done better. From there, it was a process of translating this market data into actual software.

Every week I spend time with the development team taking ideas from inside and outside our industry. Once we build an application, we immediately take it to market to get feedback from end users. As we get this real-time feedback from compliance officers, we prioritize the most important features and functionality. We keep a CCO wish list that changes as we get more feedback from our clients and prospective clients. We continually repeat this process. At the end of the day, we want our users to feel like they’ve helped build the product.

Hortz: Where are you focusing your R&D next? What other plans or enhancements are you working on?

Howell: We will continually expand and adjust our offerings based on feedback from clients and the needs of CCOs. For example, we recently added a services component in response to clients who have asked for additional help overseeing their compliance activities. Looking ahead, we plan to incorporate artificial intelligence to make our system even more intuitive and leverage data from outside the system. Our end goal is to automate at least 80% of the processes overseen by CCOs.

Hortz: Any final thoughts or advice you would like to share with advisors and advisory firms?

Howell: When building your compliance program, understand that one size doesn’t fit all - the SEC says this all the time and yet people don’t get the message. If you use generic documents and tools, the SEC will notice it and you put your business reputation at risk.

Just as important as having the right processes is having the right people to oversee those processes. A healthy compliance program needs a CCO that has the time and subject matter expertise to manage the processes and identify red flags or implement needed changes. If an advisory firm doesn’t have that person in-house, then they should consider outsourcing parts of their compliance programs to and using tools from providers like CCO Tech. As for vendor selection, any service provider that you select should be flexible, meaning they should adapt their products and services to your needs. You shouldn’t have to change your compliance program to meet your vendor’s needs.

Finally, understand what functions are core to your business and which ones your firm already excels at doing. Any areas where you don’t excel or don’t have the right resources are ideal areas to leverage a trusted service provider that can provide you with economies of scale and expertise. Leveraging the right service provider can be a better business decision than trying to build an in-house option.


The Institute for Innovation Development is an educational and business development catalyst for growth-oriented financial advisors and financial services firms determined to lead their businesses in an operating environment of accelerating business and cultural change. We position our members with the necessary ongoing innovation resources and best practices to drive and facilitate their next-generation growth, differentiation and unique community engagement strategies.

The institute was launched with the support and foresight of our founding sponsors - Pershing, Voya Financial, Ultimus Fund Solutions, Fidelity, and Charter Financial Publishing (publisher of Financial Advisor and Private Wealth magazines). For more information click here.



Sign Up for Your Free Innovation Newsletter