Study advisory, managed, online, OEO, institutional, capital-markets, and proprietary business models through the different control risks and compliance obligations they create.
An Investment Dealer’s business model determines which risks are central and which controls must be strongest. A CCO should therefore analyze business models by asking what the firm promises the client, how decisions are made, who exercises discretion, what products are offered, and how the firm earns revenue.
The exam may compare several models directly, such as advisory, portfolio management, online advice, order execution only, institutional, capital-markets, or proprietary activities. The correct answer usually depends on which model creates the relevant conduct, supervision, product-governance, or market-integrity risk.
This lesson is usually testing whether the candidate can infer the dominant control framework from the business model.
The exam is usually not asking for a commercial description of the model. It is asking:
That is why OEO, digital advice, managed accounts, and proprietary activity often appear side by side in comparison questions.
Business model is not just a commercial label. It determines where the firm takes risk, who can create client harm, what kind of supervision is needed, and how issues should be escalated. Two firms can sell similar products but need very different control frameworks because one gives advice, one exercises discretion, and one only provides execution.
The strongest exam answer usually avoids saying that one business model is simply riskier than another in the abstract. A better approach is to identify the main control consequences of the model being described.
| Business model clue | Strongest first compliance lens |
|---|---|
| Recommendation-based relationship | KYC, suitability, supervision, and conflicts |
| Discretion or centralized portfolio decision-making | Mandate, allocation, performance, and manager oversight |
| OEO or digital platform access | Platform governance, account appropriateness, communications, and escalation design |
| Proprietary or capital-markets activity | Market conduct, information barriers, valuation, and conflicts |
An advisory model is built around recommendations made to the client. That makes KYC quality, suitability determinations, communications standards, conflicts management, and supervisor review central control points. The opportunities are strong relationship depth and broad client-service potential. The risks are recommendation-driven misconduct, inconsistent documentation, and suitability or disclosure failures across many accounts and representatives.
Portfolio management and other managed-account models concentrate discretionary authority and strategy design more heavily. That can improve consistency and investment process discipline, but it shifts control attention toward mandate adherence, fair allocation, conflicts of interest, manager oversight, performance reporting, and the governance of model changes. A CCO should also expect stronger documentation and clearer committee structures where the firm offers managed programs.
The exam often tests whether the candidate understands that discretion changes the framework. Once the firm controls trading decisions directly, it cannot rely on the same control logic that might be used for ordinary advisory relationships.
Online advice uses digital onboarding, model-based or algorithm-supported processes, and defined product limits. The opportunities include efficiency, scale, and standardized delivery. The risks include weak digital KYC capture, poor handling of exceptions, excessive reliance on algorithms, inadequate human escalation, and misunderstandings about what the platform does or does not recommend.
Order execution only, or OEO, removes personalized recommendations, which changes the suitability framework. However, it does not eliminate the need for controls. OEO businesses still need account appropriateness, communications review, conflicts controls, supervision of platform information, complaint handling, cybersecurity awareness, and gatekeeper discipline. A common exam trap is to treat OEO as exempt from meaningful compliance oversight because it does not make recommendations. That is incorrect.
The right comparison is therefore not advisory versus no compliance. It is recommendation-based controls versus a different set of account-opening, information, supervision, and platform-governance controls.
Institutional and capital-markets activities create a different risk profile from mainstream retail distribution. Trading, underwriting, syndication, research, corporate advisory work, and issuer relationships can generate concentrated conflicts, market-conduct issues, due-diligence demands, information-barrier concerns, and high-impact documentation failures.
Proprietary activity can support liquidity provision, inventory management, or strategic positioning, but it also raises conflict, valuation, capital, and market-conduct issues. The CCO should pay close attention to whether controls distinguish clearly between client-serving activity and firm-serving activity, especially when the same desks or leaders influence both.
These models often require more formal escalation because fewer transactions or relationships can still create serious consequences. A small number of high-impact failures can matter more than a large number of minor retail errors.
A dealer that expands or adds a new business model should be able to show:
The main question is not whether the model is commercially attractive. It is whether the dealer can operate it under a defensible control framework.
flowchart TD
A[Business model] --> B{What does the firm do for the client?}
B -->|Recommend| C[Advisory controls: KYC, suitability, supervision, conflicts]
B -->|Exercise discretion| D[Managed controls: mandate, allocation, oversight, performance]
B -->|Provide digital or OEO access| E[Platform, account-appropriateness, information, escalation controls]
B -->|Trade, underwrite, or act in markets| F[Market-conduct, information-barrier, valuation, and escalation controls]
C --> G[Document, monitor, and reassess]
D --> G
E --> G
F --> G
The diagram shows why business model is a control-design question. Different models require different control concentration.
Stronger answers usually:
That is stronger than comparing models only by revenue opportunity or complexity labels.
An Investment Dealer that historically operated a branch-based advisory model launches a digital OEO platform and a small proprietary trading desk at the same time. Management keeps the existing supervisory structure, argues that the OEO platform does not require meaningful conduct oversight because it makes no recommendations, and says the proprietary desk can be supervised informally because it serves a strategic liquidity role.
What is the strongest CCO conclusion?
Correct answer: D.
Explanation: The issue is not simply whether suitability risk declines in part of the business. The dealer has added two new models with different control demands. OEO still requires account, platform, communication, and conflict controls, while proprietary activity raises market-conduct, valuation, and conflict issues. The existing advisory structure may no longer be sufficient. Option B understates the redesign required. Option C is too narrow. Option A wrongly removes compliance from proprietary activity.