Hedge Fund Compliance Chapter 3: The Chief Compliance Officer and What They Actually Do
Every hedge fund needs someone who keeps things legal. That person is the Chief Compliance Officer, or CCO. Chapter 3 of Jason Scharfman’s book breaks down what a CCO actually does, what qualifications they need, and how the whole regulatory reporting process works.
Let me walk you through it.
Three Types of CCOs
Not every hedge fund sets up the CCO role the same way. Scharfman describes three common models:
Dedicated CCO - This person does nothing but compliance. Full time, full focus. This is what you see at bigger funds that can afford a specialist.
Shared CCO - The CCO wears multiple hats. They handle compliance plus some other job, like being the CFO or COO at the same time. Smaller funds do this a lot because they cannot afford a full-time compliance person.
Outsourced CCO - The CCO is not even an employee of the fund. They work for a third-party firm and come in from outside. Some funds go fully outsourced, others keep an in-house person with the title but outsource the actual work.
Which model a fund picks depends on its size, budget, and how complex its operations are.
Is a CCO Even Required by Law?
Yes, in most places. In the United States, SEC rules under the Investment Advisers Act of 1940 require registered hedge funds to designate someone as CCO. That person is responsible for running all compliance policies and procedures.
The UK has a similar setup. The Financial Conduct Authority (FCA) has a regulatory category called “control functions with significant influence” that covers the compliance oversight role.
So this is not optional. Regulators want a name on the dotted line. Someone has to be accountable.
What Does a CCO Actually Do?
Here is the thing. The SEC says the CCO should have “full responsibility and authority to develop and enforce appropriate policies and procedures.” That sounds impressive. But what does it mean day to day?
The CCO’s main job is to build what people call a “culture of compliance.” This is not a legal term. It is more of a mindset. The idea is that the fund should not just meet the bare minimum regulatory requirements. It should go beyond that.
Think of it this way. You can drive exactly at the speed limit and technically follow the law. Or you can drive safely, watch for other drivers, and be a responsible person on the road. A good CCO pushes the fund toward that second approach.
The practical tasks include:
- Compliance training for employees
- Testing whether compliance policies actually work
- Writing and updating compliance policies
- Managing third-party compliance consultants
- Running committee meetings related to compliance
- Handling all regulatory reporting
At a small fund, the CCO does all of this personally. At a large fund, the CCO manages a team that does the day-to-day work.
CCO Qualifications: Surprisingly Loose
This part surprised me. The SEC says a CCO should be “competent and knowledgeable.” That is it. No specific degree. No certification requirement. No minimum years of experience.
This means, in theory, an accountant who has never touched compliance work could become a CCO. Why would regulators allow this?
Scharfman explains the history. For a long time, especially at smaller funds, the CCO role was almost ceremonial. The real compliance work was done by outside lawyers. The person with the CCO title was usually already the CFO or COO and just added compliance to their list.
Regulators knew this was happening. If they set strict qualification requirements, they would create a conflict with how the industry actually operated. So they kept the rules vague.
Things have changed though. Today, especially at bigger funds, CCOs often have deep legal and compliance backgrounds. Some even worked at regulatory agencies before switching to the private side. The role has become much more specialized over time.
Regulatory Reporting: The Six-Step Process
A big chunk of the CCO’s job is regulatory reporting. This is where the fund proactively sends information to regulators without being asked. It is different from an examination, where the regulator comes to you.
Scharfman lays out six steps:
Step 1: Figure out if you need to file. This is not always obvious. A US fund with a small office in London might or might not need to file with the UK’s FCA, depending on what that office actually does. Just having a client service person there? Probably no filing needed. Add a trader? Now you likely need to register and file.
Step 2: Determine what forms and data are required. This depends on strategy, assets under management, trading volume, and other factors. For example, the CFTC has special reporting rules for funds that trade above certain volume thresholds.
Step 3: Develop a data strategy. This is where it gets tricky. Regulatory reporting is not just filling in blanks. The same term can mean different things on different forms. Take “assets under management.” Under normal accounting rules (GAAP), you report net assets. But on SEC Form ADV and Form PF, regulators ask for “regulatory assets under management” (RAUM), which counts gross assets without subtracting debt or leverage. RAUM makes a fund look bigger than it actually is. This causes confusion when investors see the numbers.
There are also estimation problems. Form PF asks funds to estimate how many investors would withdraw money during a market crisis. That is a guess, not a fact. And funds do not want to overestimate withdrawals because investors might see those numbers and get nervous.
Step 4: Submit the information properly. Different regulators use different systems. The SEC has its IARD website. The UK FCA uses a system called GABRIEL. The Cayman Islands authority has REEF. Some filings go by email. Some use XML format. You have to match each regulator’s preferred method.
Step 5: Keep filings updated. Initial filings are just the start. Most forms need periodic updates, sometimes annually, sometimes more often. Bigger funds typically face more frequent filing requirements.
Step 6: Watch for new requirements. When a fund starts new activities, like launching a broker-dealer to market its funds, that can trigger entirely new regulatory obligations. In the US, a broker-dealer would fall under FINRA oversight, adding another layer of reporting.
Cross-Border Complications
If a fund operates in multiple countries, it has to deal with multiple regulators. A UK-based CCO might know UK filing requirements well but struggle with US rules. In these cases, funds typically hire local compliance consultants or law firms to handle filings in each jurisdiction.
The CCO still stays involved. Even when outside experts prepare the filings, the CCO reviews them. In some cases, the CCO must personally sign the documents. That signature means personal liability, which is a strong incentive to make sure everything is accurate.
Chapter Summary
Chapter 3 makes one thing clear: the CCO role is the backbone of hedge fund compliance. Whether dedicated, shared, or outsourced, the CCO is the person responsible for keeping the fund on the right side of regulations.
The job has two big parts. First, building a compliance culture that goes beyond just checking boxes. Second, managing the complex, multi-step process of regulatory reporting across different jurisdictions with different rules and different definitions for the same data.
Historically, the CCO was a side job. Today, at serious funds, it is a specialized career. The book makes a strong case that this shift was necessary and overdue.
Other chapters in this series: