Hedge Fund Compliance Chapter 4: Building an In-House Compliance Team
In the last chapter we talked about the Chief Compliance Officer. The person in charge. But here’s the thing. One person can’t do everything. Even the best CCO needs a team. Chapter 4 is about how that team gets built and how the whole thing works together.
Who Actually Does Compliance Work?
Scharfman breaks the people involved in compliance into three groups.
Dedicated compliance employees. These are people whose only job is compliance. Full time. They have titles like Compliance Associate or Deputy Compliance Officer. They support the CCO and handle the daily grind of compliance tasks.
Shared compliance employees. These folks split their time. Part of their day goes to compliance work, part goes to something else. How much time they spend on compliance changes depending on what’s happening. Some weeks it might be a lot, some weeks less.
Noncompliance personnel. These are traders, analysts, operations people. Their main job has nothing to do with compliance. But they still play a role. A trader, for example, needs to make sure their trades don’t break the fund’s compliance rules. They’re not compliance professionals, but compliance is still part of their daily life.
The first two groups together make up what the book calls “in-house compliance professionals.” Add in the outside help like consultants, lawyers, and administrators, and you have the full compliance picture.
The CCO as a General
I liked the analogy in this chapter. Scharfman compares the CCO to a military general. Generals don’t usually fight on the front lines. They set strategy and make sure the troops carry it out. That’s what a good CCO does. They design the compliance program and oversee it, while the team handles the day-to-day work.
Of course, at smaller funds the CCO might also be doing front-line work. But managing the overall compliance function is always their core responsibility.
Training: The Foundation of Everything
Two big tasks come up in every compliance function: training and testing. Let’s start with training.
Every hedge fund has a compliance manual and a code of ethics. When a new employee joins, they get compliance training on day one. Here are the rules, here is what you can and can’t do, sign here to confirm you understand.
But training doesn’t stop there. Ongoing training comes in three flavors.
Annual firm-wide compliance meeting. Once a year, the whole firm sits down for a compliance refresher. The CCO or an outside consultant leads it. They go over existing policies, talk about any changes from the past year, preview what’s coming next year, and open the floor for questions. Attendance is tracked. An agenda is prepared. Everything is documented. If a regulator ever asks “do you train your people?” you want a paper trail.
This annual meeting is also when employees sign acknowledgment forms. These forms say “I received the compliance manual, I read it, I understand it, and I’ve been following the rules.” This is called a compliance attestation. It’s not just a formality. Regulators expect it.
Department-specific training. Not every compliance rule matters equally to every department. A person who deals with Swiss investors needs to know about Swiss regulations, like the 2015 requirement for non-Swiss hedge funds to appoint a Swiss legal representative. A trader who never talks to clients doesn’t need that training. So compliance departments run targeted sessions for specific teams.
Issue-specific training. Sometimes a particular topic needs its own deep session. The best example is insider trading. Regulators have been cracking down on material nonpublic information (MNPI) for years. Many hedge funds run dedicated training sessions just on this one topic. These sessions go deeper than what you’d cover in a general annual meeting.
Testing: Did It Actually Work?
Training tells people the rules. Testing checks if they follow them.
Compliance testing is basically an audit of whether the fund’s policies are being followed in practice. It has two goals. First, if you find actual violations, you fix them. Second, even if you don’t find violations, you might find weaknesses in the system that need attention.
Here’s a concrete example. Say a fund has a trade allocation policy that says how completed trades get distributed among different fund vehicles. The compliance team will pull trading records from a specific time period and check if the allocation rules were actually followed. This backward-looking check is called compliance back testing.
How many trades they review and from what time period depends on a few things. Has this area been tested recently? Have there been violations before? If yes, they test more frequently and more extensively. They might also use random selection, picking trades from random time periods to get a broader picture.
An interesting concept from this section is the “near miss.” That’s when something almost violated a policy but didn’t quite cross the line. Smart compliance departments keep a near miss register and study these cases. If you see a pattern of near misses in one area, it’s a warning sign. Better to fix the problem before a real violation happens.
Beyond specific policy testing, there’s also firm-wide testing. This is a broader effort that follows a compliance calendar. Maybe in January you test business development policies, in March you test trading procedures, and so on. It’s similar to what an internal audit function does, and in fact many hedge funds have merged their internal audit work into the compliance function.
Compliance Committees
Now here’s where it gets organizational. Hedge funds don’t just rely on the compliance department to keep things in order. They also set up committees.
Committees bring together people from different departments. Some committees are directly about compliance. Others deal with investments, risk, or management but still touch compliance issues. Here’s the thing about committees: they don’t meet every day. They meet monthly, quarterly, or as needed. Between meetings, individual employees handle the day-to-day oversight, and their work feeds into the committee’s discussions.
Committees come in two types.
Formal committees have set meeting schedules, prepared agendas, documented minutes, and a defined list of members who can vote on issues. They’re permanent. A compliance committee is a good example.
Informal committees are more temporary. A fund might create one to handle a specific project, like preparing a new regulatory filing for the first time. Once the project is done, the committee disbands. Though informal committees can still have regular meetings and agendas, they’re not meant to last forever.
Common Committee Types
Compliance committee. Members include the CCO, compliance staff, and people from other departments. It coordinates compliance work across the firm and keeps everyone informed about priorities and trends.
Management committee. Focuses on running the firm as a business. Sets the overall compliance tone alongside the compliance committee.
Investment committee. Oversees investment decisions. Meets frequently, often weekly. A compliance representative usually attends to flag any compliance issues with specific trades or strategies.
Risk committee. Analyzes the fund’s risk exposure: financial risk, counterparty risk, operational risk, regulatory risk. Larger funds may have separate sub-committees for different risk types.
Valuation committee. Makes sure the fund values its investments correctly and consistently. This is deeply connected to compliance because how you value securities affects everything from performance reporting to investor trust. The CCO is typically a voting member.
Other committees might cover business continuity, technology, best execution, or strategic planning.
Wrapping Up
Chapter 4 shows that compliance is not a one-person show. The CCO leads it, but the actual work spreads across dedicated staff, shared employees, and even people whose primary job has nothing to do with compliance.
Training makes sure everyone knows the rules. Testing makes sure people actually follow them. And committees bring different departments together to coordinate on compliance issues that cut across the whole firm.
The takeaway is simple. Good compliance needs structure. It needs clear roles, regular training, systematic testing, and organized committees that meet regularly and keep records. Without all of that, even the best compliance policies are just words on paper.
Next chapter covers something I find personally interesting: compliance technology. How software and systems help (or sometimes fail to help) the compliance function.
Previous: Chapter 3 - The Chief Compliance Officer