Recent sanctions by FINRA highlight risks associated with outsourcing compliance. However, outsourcing compliance functions makes sense for some firms, provided it is done conscientiously.
The principal of a small broker dealer was sanctioned by the Financial Industry Regulatory Authority (FINRA) earlier this year for delegating supervisory responsibility in an ineffective manner. FINRA alleged that the principal of Lane Capital Markets LLC delegated compliance responsibilities to a part-time Financial and Operations Principal (“FINOP”) who had similar responsibilities at multiple firms. Lane Capital then hired two employees with significant disciplinary histories.
The part-time FINOP expressed concerns about being able to adequately supervise these employees, particularly since they were in a separate office. According to FINRA, the principal did not address these concerns.
The situation was compounded by Lane Capital’s alleged failure to prepare an annual certification of the firm’s processes to establish, maintain, review, test and modify written compliance policies and written supervisory procedures. Further, there was no certification that the principal had conducted one or more meetings with the FINOP in the preceding twelve months to discuss the firm’s compliance/supervisory processes.
It would be a mistake to draw the conclusion that FINRA frowns on outsourcing compliance. Many smaller broker dealers use outsourced FINOPs, and there is nothing inherently wrong with this.
The moral of the story is that certain compliance responsibilities cannot be outsourced. Senior management has the ultimate responsibility for ensuring that compliance policies and practices are effective. As illustrated in this case, senior management can’t delegate overall responsibility for compliance:
- Senior management needs to keep policies up-to-date, which is particularly important in this regulatory environment;
- Senior management needs to make sure that the compliance function, whether internal or outsourced, is adequately staffed for the requirements of the firm;
- Effective compliance requires the ongoing involvement and support from senior management to ensure that all employees understand that compliance is an important component of their jobs.
Too often the approach to compliance is ‘tick the box’. Given the regulatory environment, and the evolving nature of insider trading litigation, it is dangerous to assume that compliance risks are static. Further, firms evolve. New employees are added. New locations opened. New products launched. Each has different compliance implications.
The biggest risk with outsourcing is the assumption that it can be fully outsourced. It can’t. Outsourcing can be a viable option to ensure that you have appropriate expertise and staffing to help administer policies. But to be effective, it still requires a significant ongoing commitment from the leadership of the firm.