Many financial services firms rely on compliance consultants for assistance with their compliance programs. Some outsource the CCO function entirely. As with any third-party service provider, however, a registered investment adviser or broker-dealer remains ultimately responsible for ensuring compliance with all applicable laws and regulations. An enforcement proceeding by the Massachusetts Securities Division (Division) against online brokerage Webull Financial LLC (Webull) shows the dangers of blind reliance on a compliance consultant. Webull’s unnamed compliance consultant allegedly provided reports and made regulatory findings with material inaccuracies that Webull failed to catch. This article parses the Division’s Consent Order against Webull, with commentary from Krista Zipfel, director at ACA Group (ACA). Zipfel noted that ACA does not comment on specific entities or enforcement matters; thus, her remarks addressed industry-wide compliance concerns. See our two-part series on the 2016 SEC risk alert on outsourced CCOs: Part One (Mar. 3, 2016); and Part Two (Mar. 10, 2016).