top of page
  • Laura Bewick Howitt, CFA, CIPM, MBA

What to Consider when Outsourcing Compliance

Updated: Apr 11, 2023


Investment firms often struggle with a lack of resources to fulfill all regulatory compliance functions. Smaller firms may only have staff working on compliance part time or may have a very small compliance staff leading to capacity issues. Larger firms can also suffer from a lack of resources.

A recent survey of investment firms conducted by the National Society of Compliance Professionals (NSCP) found that:

· 70% believe the overall compliance function at their firms is under resourced;

· 35% reported insufficient resources to conduct compliance training;

· 20% reported insufficient authority to develop and enforce compliance policies and procedures at their firms; and,

· 25% reported an inability to address compliance-related weaknesses and report concerns to senior management.

The NSCP represents a large cross-section of firms. While these firms are based in the United States, it is clear that Canadian firms experience similar compliance resource issues.


Registered firms are ultimately responsible and accountable for all functions they outsource and must maintain a system of controls to monitor service providers. However, many still benefit from the use of external consultants to assist with important compliance functions such as:

· reviewing and updating firm policies and procedures to reflect regulatory changes

· Identifying gaps in the compliance system

· accurately documenting workflow

· providing required regulatory training to registrants

· assisting the firm with regulatory reviews

· reviewing the firm’s oversight and due diligence of third-party service providers

· reviewing and recommending modifications to account opening documents, KYC forms and disclosure documents

· preparing staff for interviews during regulatory reviews

· drafting written responses to compliance reports and helping rectify reported deficiencies

· conducting compliance risks and conflicts of interest assessments


Under section 11.1 of National Instrument (NI) I 31-103, a registered firm must establish, maintain and apply policies and procedures that establish a system of controls and supervision to:

(a) provide reasonable assurance that the firm and its individuals comply with securities law, and

(b) manage its business risks in accordance with prudent business practices.

A June 2017 presentation by the Ontario Securities Commission suggests the following steps to ensure outsourced compliance functions meet the regulatory requirements.

A. Establish a clear outsourcing policy to assess whether and how compliance functions may be outsourced

B. Develop an outsourcing risk management program considering:

· the scope and importance of the outsourced function

· the potential impact in the event of a service provider failure

· the regulatory status of the service provider

· how well the service provider manages its own risks

C. Develop outsourcing selection criteria including the outsourced compliance firm’s:

· regulatory status

· financial soundness

· infrastructure and resources

· quality and knowledge of staff

· contingency planning

· cybersecurity measures

· internal audit functions

· reports on controls by external auditors

D. Have a written contract in place that clearly describes:

· all significant aspects of the outsourcing arrangement

· the rights and responsibilities of the parties

· the protection of confidential information of the firm and its clients

· service level requirements and metrics

· firm oversight

· the process to report instances of non-compliance

· record-keeping requirements


There are many reasons why your firm may wish to outsource elements of compliance including:

· in-house compliance staff is overwhelmed

· in-house Compliance Officer performs other roles, leading to capacity issues

· key compliance staff is resigning/retiring

· the firm’s budget does not support additional in-house staff or technology

· elimination or minimization of key person risk

· expertise and resources needed to respond to a regulatory review or enforcement action

Regulatory compliance consulting firms like SGD can help by:

· reviewing and updating firm policies and procedures

· providing required regulatory training (e.g., anti-money laundering, conflicts of interest)

· helping to complete financial and regulatory filings

· reviewing firm governance and compliance supervision

· reviewing marketing materials, performance presentations and investment product due diligence

· assessing KYC, KYP and investment suitability practices

· assisting with business continuity planning

· responding to regulatory reviews and addressing deficiencies

For these and many other reasons, your firm may benefit from hiring a compliance consultant on a one-time basis or to regularly perform certain functions.


There are many benefits to outsourcing compliance. The outsourcing firm can often handle parts of your compliance at a lower cost than if you resourced those areas yourself. They benefit from economies of scale due to specialization in their areas of expertise and they provide scalability during busier periods such as when responding to a regulatory review. And perhaps most importantly, the outsourcing firm typically stays on top of changing regulations so you don't have to constantly do research yourself.

Cost savings

· Reduce the cost of hiring full-time internal resources

· Customize service contract based on specific firm requirements

Time savings

· Reduce time to respond to regulators and research regulatory matters

· Free up staff time to deal with other issues

Regulatory risk reduction

· Reduce the risk related to regulatory reviews

· Reduce the costs by addressing deficiencies prior to regulatory reviews

· Reduce the risk and costs of regulatory fines and enforcement action


· Receive an objective assessment from someone outside the business

· Identify missing information or gaps


· Benefit from industry knowledge and expertise

· Add specialized knowledge and skills to existing resources


· Extend resources on a temporary basis during periods of high demand


SGD Compliance Consulting offers you access to combined industry and regulatory experience. Our staff includes consultants who have worked directly for and with the regulators for many years. Our backgrounds provide for effective policies in:

  • Governance and compliance supervision

  • Conflicts of interest

  • Registration matters

  • Portfolio management and trading reconciliations

  • Know your client, know your product and due diligence

  • Investment suitability

  • Performance presentation

  • Client account reporting

  • Financial and regulatory filings

  • Referral arrangements

  • Business continuity planning

  • Marketing and client communications

  • Dealing with senior and vulnerable clients

  • Anti-money laundering

For further information please contact us at:

© 2023 SGD Compliance Consulting Inc.

No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system, without permission of the copyright holder.

This article was prepared for informational purposes only and is not intended to provide, and should not be relied on for specific advice. You should not act upon the information in this article without an independent assessment of the law or regulations applied to the facts of your situation.

SGD Compliance Consulting Inc. is not responsible for the content of websites and information resources that may be referenced in the article. Reference to these sites or resources does not constitute an endorsement by SGD Compliance Consulting Inc. of the information contained therein. Although we have endeavored to ensure that the information contained in this article has been obtained from reliable and up-to-date sources, the changing nature of statistics, laws, rules, and regulations may result in delays, omissions, or inaccuracies in information contained in this report

73 views0 comments


bottom of page