Our Start-Up Series highlights the compliance needs of start-up companies during the pre-operational, launch, and live start-up stages. While Heritage Risk & AML Services has over 20 years of experience in this area, this article is intended for informational purposes only. Any questions specific to your business model should be made via inquiry to chris.gunias@heritageaml.com, or to a licensed attorney.
What is a Chief Compliance Officer?
A Chief Compliance Officer (“CCO”) is responsible for the day-to-day operations of a company’s compliance program and ensuring that the company successfully meets the requirements of the four pillars of compliance:
Internal Controls
In order for an AML Program to run efficiently, a set of internal controls, such as written policies and procedures, must be established and maintained over time.
Chief Compliance Officer
The Board of Directors must appoint a qualified Chief Compliance Officer. The CCO must have adequate experience, authority, and resources to ensure that the company is complying with regulatory requirements such as the BSA and OFAC screening and is not being used to facilitate money laundering or terrorist financing.
Training
All staff, including up to the board of directors, have an obligation to help protect the company from being used to launder money or finance terrorism. That being said, all staff must undergo training at least annually to give them the proper knowledge to help recognize suspicious activity if it arises within their job function.
Independent Review
A financial institution must undergo a periodic review by an independent third party. The purpose of this review is to identify any potential gaps in an AML Program, in order for the company to develop a road map to address and mitigate any identified risk.
The Chief Compliance Officer is also responsible for communicating compliance-related matters to the Board of Directors, by keeping executive management informed about the good, the bad, and the ugly of the compliance program. The Board of Directors must be open to hearing all that the Chief Compliance Officer has to report and be committed to supporting the Chief Compliance Officer with the proper authority and resources to perform their job. Periodically (usually on a quarterly or semi-annual basis), the Chief Compliance Officer will update the Board of Directors on compliance matters such as:
General transaction monitoring and SAR filing statistics (how many, emerging trends, etc.)
Any law enforcement requests or 314(b) request received and the status of any ongoing request
Compliance needs (people or technology)
Legislative updates that may affect the company
Staff turnover or new team additions
What are Your CCO Options?
There are several paths to choose when determining how your company will choose a CCO.
Hiring
As a pre-operational or early-stage startup, it can be tempting to go ahead and hire a full-time CCO for your company. However, this can be expensive to have a full-time CCO on your payroll. In addition, while there is a lot to do to build up a functional AML Compliance function until the company is conducting several thousand transactions a day, there might not be enough work to warrant needing a full-time CCO.
Outsourced
You can hire an outsourced CCO to fulfill your requirements under the BSA. This is an ideal option for start-ups as it is much cheaper than having a full-time CCO. An outsourced CCOs have the same benefits as having a CCO on staff, plus they usually have a wide range of experiences that can be used to help set up your company for success. When the time comes to hire a full-time CCO (more on this below), most outsourced CCOs will help you recruit and interview candidates for the long-term success of the AML program.
What Shouldn’t You Expect from an Outsourced Chief Compliance Officer?
The most important thing to remember in outsourcing a CCO is that you cannot outsource your compliance obligations. The ultimate responsibility for the compliance of the organization rests with the Board of Directors. It is important that anyone considering an outsourced CCO as an option recognizes this. That is not to say that your outsourced CCO would take their responsibilities lightly. Quite the opposite, whether outsourced or not, every CCO takes on personal risk and will always act in the best interest of the company at all times.
The Benefit
An outsourced CCO is a great opportunity to bring in a professional with decades of experience to fill your CCO position while not having to pay the full-time salary of a professional with decades of experience. Regardless of if you need a CCO for a few hours a week or 40+ hours a month, Heritage Risk & AML Services Can support your needs. We have experience in building up AML compliance programs for several types of financial institutions and offer outsourced CCO services, as well as recruiting for all levels of compliance from analyst level to CCO level.
Get in touch with us at chris.gunias@heritageaml.com today to discuss how we can support your BSA/AML/OFAC Compliance function.