NAPFA ADVISOR

Back to NAPFA ADVISOR

 

COMPLIANCE CORNER

Print this Article
Facebook   Twitter   LinkedIn   YouTube

Choosing Between an OCCO and a Compliance Consultant: What RIAs Need to Know

By Nancy Harry and Kari Thiessen

In today’s regulatory environment, registered investment advisers (RIAs) must remain vigilant in their compliance efforts. The U.S. Securities and Exchange Commission (SEC) continues to scrutinize the effectiveness of advisers’ compliance programs—most recently underscored in its 2025 Exam Priorities. For RIAs navigating this landscape, two options often emerge: hiring an outsourced Chief Compliance Officer (OCCO) or engaging a compliance consultant.

Each path offers distinct benefits and trade-offs. Understanding the practical implications, risks, and value of each model is critical to selecting the right fit for your firm.

Understanding the Models

OCCO: This model involves delegating the CCO role entirely to a third party. The OCCO serves as the named CCO on Form ADV and is expected to manage the firm’s compliance program in a hands-on, executive-level capacity.

Compliance consultant: A consultant typically supports the firm’s internal CCO (or equivalent) without assuming the official role. They advise, design programs, help with audits and exams, and provide strategic guidance tailored to the firm’s needs.

Pros and Cons of the OCCO Model

Pros:

  • Turnkey solution: OCCOs offer immediate coverage for the CCO role, which can be attractive for small or newly registered RIAs.
  • Efficiency in the short term: For firms with no internal compliance resources, having an OCCO can reduce the initial administrative burden.

Cons:

  • Regulatory scrutiny: The SEC has raised concerns about OCCOs lacking firm-specific knowledge or sufficient authority. In its 2015 Risk Alert, the commission emphasized that a CCO must be empowered and positioned to enforce compliance procedures—a challenge for someone external to the firm.
  • Liability concerns: Engaging an OCCO does not absolve a firm of its compliance responsibilities. Ultimate accountability always lies with the RIA.
  • Lack of customization: Some OCCOs may apply a one-size-fits-all program, risking misalignment with the firm's unique structure.
  • Cost and inflexibility: OCCO contracts can be rigid and expensive. Expanding or revising the scope often requires contract renegotiation, adding time and legal complexity.

Pros and Cons of Engaging a Compliance Consultant

Pros:

  • Expertise with flexibility: Consultants often bring deep knowledge of the RIA regulatory landscape and can adapt to various firm structures and risk profiles.
  • Scalable support: Whether your firm needs help with initial registration, an SEC exam, or a complete compliance overhaul, consultants provide modular services aligned with those needs.
  • Cost-effective: You pay for specific deliverables or projects, which can be more affordable than an ongoing OCCO engagement.
  • Collaborative integration: Consultants typically work closely with internal teams, helping to embed a culture of compliance without assuming full control.

Cons:

  • No formal authority: Because consultants aren’t the named CCO, they can only influence—not enforce—compliance practices.
  • Internal resourcing required: A firm still needs a designated internal party to coordinate and implement the consultant’s recommendations.
  • Variable quality: Not all consultants are created equal. Without vetting, firms risk hiring advisors who offer limited regulatory depth or outdated knowledge.

What the SEC Has Said About Outsourced CCOs

The SEC has signaled concerns about the OCCO model over several years. Its 2015 sweep found instances where outsourced compliance professionals failed to tailor policies to the firm’s specific operations—and this misalignment led to enforcement actions and regulatory criticism.

The SEC reiterated these concerns in subsequent guidance and changes to Form ADV, requiring firms to disclose whether their CCO is outsourced—making OCCO arrangements more visible to examiners and potentially triggering deeper scrutiny.

The key message from the SEC is clear: Compliance programs must be bespoke, proactive, and enforced by individuals with real authority and deep understanding of the business.

How to Successfully Engage a Compliance Consultant

If a consultant model seems more appropriate for your firm, the key to success lies in thoughtful engagement. Here are a few strategies to ensure a productive relationship:

1. Clarify Your Needs

Are you preparing for an exam, registering a new firm, or refining an existing compliance framework? Be clear about your goals. This will help you select a consultant with the right expertise and avoid paying for unnecessary services.

2. Vet Experience and Regulatory Knowledge

Look for consultants with prior SEC experience, up-to-date industry knowledge, and a history of working with firms of similar size or complexity. Ask for references, sample deliverables, or case studies.

3. Define Scope and Communication Protocols

Avoid ambiguity. Establish a clear scope of work, expected outcomes, and timelines. Define who in your firm will liaise with the consultant and how frequently updates will occur.

4. Ensure Alignment with Firm Culture

Compliance should be a core part of your business—not a bolt-on. A good consultant should work alongside your team, respecting your firm’s structure while encouraging best practices. Avoid those who seem too prescriptive or generic.

5. Review Outputs Regularly

Don't just “set it and forget it.” Review compliance materials produced by the consultant to ensure accuracy, relevance, and they reflect your firm’s operations. This includes manuals, testing logs, risk assessments, and policies.

Final Thoughts

Both OCCOs and compliance consultants offer viable pathways to regulatory compliance. The choice depends on your firm’s structure, risk tolerance, budget, and long-term strategy. While OCCOs may appear convenient, they come with regulatory trade-offs and potential internal disconnects. Consultants, when well-chosen and properly integrated, offer tailored guidance with fewer red flags—especially when paired with strong internal compliance leadership.

For RIAs looking to build sustainable, SEC-ready compliance programs, engaging a skilled consultant offers strategic value with less operational risk—provided the engagement is approached thoughtfully and collaboratively.

In 2022, Nancy Harry co-founded True West, a high-touch boutique compliance consulting firm. She brings with her over 20 years of financial industry experience, focused on regulatory compliance for registered investment advisors. With a service-first approach, Nancy helps clients to develop efficient compliance programs and foster a strong culture of compliance.

True West co-founder Kari Thiessen brings 30 years of experience in regulatory tax compliance, tax planning, economics, and supply chain consulting. She leads True West’s efforts to launch new RIAs and support advisors going independent with full back-office solutions.

image credit: Adobe Stock Images

 

Back to NAPFA ADVISOR