June 18, 2015

CCO Series (2015) - Email Archiving and Surveillance

An important and modern advancement of the SEC’s “Books and Records Rule” is the storage and review of email activity by Registered Investment Advisors (RIAs).

Emails, and their attachments, fall under the regulatory definition of “written communications” and therefore are subject to the archiving requirements defined within the Books and Records Rule. Additionally, CCOs are expected to ensure that the content of these electronic communications remain within regulatory guidelines and consistent with the fiduciary standard to which they are held by documenting periodic reviews of the archive.

Email Archiving & Surveillance in a Nutshell

Your RIA needs to ensure that email with clients is preserved in an archive and regularly reviewed for compliance concerns, specifically violations of the fiduciary duty and misleading or other inappropriate communications. The Books and Records Rule for RIAs states that “written communications” are subject to archiving requirements of all RIAs. Specifically, written messages with clients must be kept (with some exceptions) for a period of five1 years, the most recent two of which must be stored on-site or immediately accessible from your office. As is the case with all books and records, cloud-based systems that are accessible from on-site are considered "on-site" since files and information stored there can be produced without traveling to another location. Email messages that fall under the Books and Records Rule are those sent or received by employees of RIAs that fall into any of these categories:
  • Any recommendations or advice proposed or given
  • Any receipt, disbursement or delivery of funds or securities
  • Communications relating to the placing or execution of any security trade
And more generally, communications with clients regarding:
  • Compliance Program
  • Client Management
  • Trading
  • Marketing
  • Business Management
  • Potentially others, depending on your RIA’s specific business practices
For more detail on the Books and Records Rule, please see our prior blog post here, and also the text of the full Books and Records Rule 204-2 here.

Email Archiving
Email messages and attachments must be archived in a manner that preserves their original record state. It is the CCO's responsibility to ensure that all email records are maintained and protected from any alteration or destruction. Additionally, it is the CCO's responsibility to ensure that client communications are conducted on an email system that is being archived (that is, no personal email accounts) to ensure that future communications will be archived. The CCO should also be familiar with the email archiving system used and know how to retrieve items from it for review or to produce for regulators upon request. Similar to your other books and records, regulators allow for cloud-based, electronic storage of email messages and attachments. The key is that you can demonstrate your ability to:

  • reasonably safeguard them from loss, alteration or destruction,
  • prevent unauthorized access from individuals outside your firm, and
  • retrieve archived messages in their original recorded state based on keyword searches, employees and/or specific time frames.
Technology controls of archived email should be understood and reviewed periodically to ensure that they are reasonably configured to minimize risk of loss or destruction. Access should be reviewed as well to ensure that only those responsible for administration or review have access to edit or view the archive. Note: Your “Inbox” does not demonstrate the proper archiving standard expected by regulators because anyone who has access to that inbox has the ability to alter or destroy messages or attachments.

Email Surveillance
While the Books and Records Rule requires that you keep copies of your email communications and attachments, there is no specific language in the Adviser's Act to monitor or periodically search emails. However, CCOs are expected to follow procedures to detect risks, prevent and correct violations of the compliance program, so it is considered a best practice to conduct some level of proactive surveillance in order to demonstrate that as CCO you are providing supervision to your supervised persons regarding their adherence to the RIA's compliance program.

CCOs would therefore want to implement some periodic review of the messages that are sent and received, so as to ensure compliance with SEC (or state) regulations that impose fiduciary and supervisory duties, like adherence to your Code of Ethics and advertising constraints, among others. The frequency and depth of review should be based on the structure and complexity of your RIA's business, and the CCO's familiarity or involvement with the client communications of a particular supervised person. If the CCO works closely with one but remotely with another, it would be reasonable for the CCO to apply greater supervision of the remote person's email archive messages. Finally, the CCO should document these surveillance reviews of the email archive and capture information at least regarding the time period reviewed, the number of messages in the time period, the number of messages reviewed, whether or not issues where found, and the resolution to those issues.

Through the Regulator’s Eyes

Regulators will focus on two aspects of your email system: the quality of your archive, and your surveillance process. In their view, these tasks are designed to protect your business and clients from unauthorized access or disclosure of sensitive data, and also to ensure that your RIA is actively monitoring its supervised persons and addressing issues internally. Regulators expect you to be able to retrieve any email sent or received that may be used to substantiate your finances, support the decisions made on behalf of your clients, or validate that you are always adhering to your fiduciary duty. The documentation of your surveillance activities should reasonably demonstrate that as CCO you are applying supervision to the communications between your supervised persons and your clients.

Recently, the SEC Commissioners’ opinion has also clarified that a RIA's obligation to produce electronic records includes employees’ personal email messages, instant messages, text messages and personal computer hard drives when they are used for business purposes. This is why it is critical to ensure that approved mediums for written communications are included in your archive.

Thinking through an advisor complaint will help define the expectations that will be placed on your RIA during an examination. Regulators are required to respond to every complaint lodged against an RIA, and in that response, they may request that you produce any and all written communications, including emails, sent and received between the RIA and the client involved. As such, you want to be confident that those records exist and are ready to retrieve. A complete history of all communications through the past five1 years in a readily accessible archive will allow you to promptly respond to the regulator’s request and reach a resolution. Additionally, the regulators may wonder why it reached this point, and look to your policy and process of email surveillance and the business practices that surround them. Regulators want to ensure that you are reasonably monitoring your employee’s communications that are subject to the Books and Records Rule, to verify you have a satisfactory level of prevention to internally address potential issues before they escalate. In response, you will want to provide reports and supporting documentation of email surveillance performed by the CCO of the RIA.

Most states enforce the Books and Records requirement on RIAs in a manner consistent with the SEC, but you are under the oversight of state regulators, you’ll want to familiarize yourself with their requirements as well.

CCO Best Practices for Email Archiving & Surveillance

  • Know the different ways in which your supervised persons could exchange written communication with your clients.
  • Consider creating an approved technology and device list, so as to limit unauthorized use of written communications with clients and limit the scope of your RIA's technology usage for the purposes of monitoring and regulatory examination. For example, requiring that business communications and documents are transmitted only through company-owned computers or devices, or even applications such as email but not instant message.
  • Expect regulators will request to review personal email or messages sent, received or stored on personal devices, such as personal cell phones, so as to ensure that there is no business usage of those devices, and prepare your employees for those requests.
  • Periodically conduct email reviews of your archive, and try to focus on supervised persons or clients which with which you are less familiar in order to have a broad understanding of communications among all supervised persons and your firm's clients. Document all reviews conducted and parameters of the archive being reviewed.
  • Use keywords to try to find suspicious emails, such as by searching for keywords such as “complaint”, “guarantee”, “superior”, “great performance”, “guaranteed performance”, "disappointed", "trick", etc. Contact your email archiving vendor to see if they are maintaining a list for you to use. Here are the ten most commonly flagged fraud terms from Smarsh.
  • Don’t approach email surveillance and archiving as a compliance chore. The best practice in the long term is foster strong relationships between compliance and the individuals that are subject to your RIA's compliance program. For instance, ensure that compliance is represented in any discussions related to operational or technology changes, such as a new approved device for client communications and the related compliance components to authorize that device's use.
  • Integrate your email surveillance and archiving requirements into your RIA's technology architecture to strengthen your culture of compliance among your technology operations, and keep current with any changes in your technology policies and procedures.
  • Perform due diligence on vendors that provide your firm with applicable communication streams, such as cloud-based email archiving service providers, to verify they have appropriate physical, electronic and procedural safeguards. Document the results of this due diligence and include in your annual CCO report.

[1] The Books and Records Rule generally requires records to be kept for five or more years, from the end of the fiscal year in which an entry was last made to the record, with the most recent two years being accessible from the RIA's primary office location.


The AdvisorAssist CCO Series is a collection of blog posts that cover each of the elements of your RIA's compliance program. Each post will provide an overview of one compliance topic, including our insights on how regulators view each topic as well as some practical steps to help Chief Compliance Officers address this topic. As always, we would welcome your comments and thoughts.

Michael D. Conlon

Photo Courtesy of: http://www.flickr.com/photos/epublicist/

May 12, 2015

CCO Series (2015) - Best Execution

As an investment advisor, the duty to seek best execution arises from the core fiduciary duty and the related duties of loyalty and care for your clients. In seeking best execution for your clients, the advisor's duty focuses on your firm’s obligation to seek the best available trade execution when exercising discretion to trade on behalf of your clients. While the concept can be subjective it is an important element of the fiduciary duty owed to clients since the costs of trading have a material impact on portfolio performance, especially over years of management.

Best Execution In a Nutshell

Regulations state that as fiduciaries, registered investment advisors owe their clients a duty to seek and obtain “best execution” on securities transactions, under the circumstances of the particular transaction.

It is important to note that this does not necessarily mean “lowest trading fee” or “most favorable execution price” but rather, the best qualitative execution quality that is available to the advisor at that time.

While commission rates are certainly a component of determining best execution, the explicit “cost to trade” is just one of several factors to consider. Advisors may also consider the full range and quality of a broker’s services, including:

  • Value of research
  • Execution capability (e.g. minimizing market impact, liquidity, order size)
  • Financial responsibility or solvency (e.g financial strength of broker-dealer)
  • Responsiveness of the broker-dealer
  • Availability of price improvement
  • Cost effectiveness, including related clearing and settlement impacts

Below we describe some specific guidelines you should follow based on your firm’s specific circumstances.

Discretion to Select Brokers vs. Recommending Brokers

If your firm has brokerage discretion (see Item 8.C.3 on your Form ADV Part 1, and Item 12 of your Form ADV Part 2A) this means that, on a trade by trade basis, your clients have given you the ability to determine which broker-dealer will execute each transaction. In this case, you will be expected to demonstrate the rationale behind broker selection for each trade, relying on factors such as those listed above.

If your firm does not have brokerage discretion but rather you recommend brokers to your clients (See Item 8.D on Form ADV Part 1), then your client is formally selecting the broker-dealer to be used for their trades, which is typically noted in the client advisory agreement. They are doing so based on your recommendation, usually because your firm has a preexisting relationship with a recommended custodian that executes and clears your client trades, based on your prior best execution diligence. In this case, your compliance duties are lighter than a situation where you have brokerage discretion, and firms are obligated to monitor and assess this broker-dealer/custodial relationship on a periodic basis, and confirm that your factors supporting the recommendation continue to remain valid.

Single vs. Multiple Brokerage Relationships?

Regardless of whether your firm uses one or multiple broker-dealers, you are required to “periodically and systematically” evaluate the quality of execution services received from each.

In either case, you are expected to monitor and review formally, at least annually, the arrangement(s) in place with your broker-dealer(s) to confirm that the total transaction costs paid continue to be competitive when compared to other alternatives available to your firm. A key point here is that the formal diligence on your best execution compliance is geared towards what is best for your client and supports your assertion that you are upholding your fiduciary duty to your clients by ensuring they receive best execution as a client of your firm.

A common misperception is that if you utilize just one broker-dealer (and your firm simply recommends that broker-dealer) then there is no evaluation or due diligence requirements. However, this is not the case, because that broker-dealer could be providing inadequate execution for your clients.

Through the Regulator's Eyes

Since the concept and determination of best execution is in many ways a qualitative one, it may be helpful to view it more as a process. Regulators need to evaluate your firm to ensure it has a process of continuously assessing the overall execution services provided to your clients, after considering the facts and circumstances that prevail, such as discretion, strategy and due diligence.

A common examination request from regulators is for a copy of trade blotters for a specific period of time that identifies the executing broker, as well as any documents created in the evaluation of brokerage arrangements and best execution.

The latter can be satisfied by providing the regulator with a copy of your Annual CCO report, which should include a section on vendor due diligence and best execution assessment.

Regulators expect your firm to be able to answer questions such as:

  1. Is our current line-up of broker-dealers the best available?
  2. Are there alternatives to this line-up that could provide our clients with a better deal?
  3. What factors are considered when evaluating a particular broker-dealer for your clients?
  4. How frequently do you perform diligence on broker-dealers and could you provide me the historical diligence documents?

CCO Best Practices for Best Execution

  • Review the “Brokerage Practices” section of your compliance manual to confirm that the policies and procedures laid out here are being followed.
  • Review the brokerage-related disclosures in your ADV Part 1 and 2A for consistency with your compliance manual and current brokerage activities.
  • Review execution performance of brokers on an ongoing basis, paying particular attention to commission rates paid and quality of execution and settlement (i.e quality execution prices, low error rate on order management and trade settlement).
  • For any brokers you recommend to clients, perform a review of your relationship of each broker at least annually, to assess the full range and quality of the services your firm receives based on best execution factors (i.e. value of research, execution quality, commission rates, financial responsibility and responsiveness) to ensure the recommended brokers would provide best execution for your clients.
  • If you have brokerage discretion, implement a process of periodically reviewing your trade blotter to monitor broker usage at the firm- and client-level, as well as by security type.
  • Document your brokerage review process in your Annual CCO Report and related assessments.
  • Review your investment advisory agreements to confirm that they are consistent with your brokerage discretion disclosures and brokerage practices.


The AdvisorAssist CCO Series is a collection of blog posts that cover each of the elements of your RIA's compliance program.  Each post will provide an overview of one compliance topic, including our insights on how regulators view each topic as well as some practical steps to help Chief Compliance Officers address this topic. As always, we would welcome your comments and thoughts.

Michael Conlon

CCO Series (2015) - Trade Practices & Conflicts

Registered Investment Advisors have fairly broad discretion in constructing their trading practices to their specific business model and service offerings.

In doing so for your firm it is your responsibility to explain these trading practices in your Form ADV and compliance manual, and review the related policies and procedures in place to ensure they are followed consistently.

In addition, certain trading practices may create conflicts of interest which must be disclosed appropriately, and may require certain procedures in your compliance program to prevent or mitigate these conflicts from impacting your clients. Regulators look specifically for conflicts of interest between your firm, your employees, and your clients to ensure you are handling them appropriately and upholding your fiduciary duty.

Trading Practices & Conflicts In a Nutshell

Your RIA firm must disclose to clients specific details on your conflicts of interest and other relationships that may create influence decisions made when providing client services. Below we describe the specific trading-related practices and conflicts that you may need to disclose in your Form ADV and include related policies and procedures in your compliance manual.

Brokerage Affiliations

If your firm places trades which result in your firm or its principals receiving an economic benefit from the trades, you must disclose this as a conflict related to your broker-dealer affiliations in your Form ADV Part 2A.

Regulators expect a higher level of care to be exercised when the broker-dealer and adviser have a relationship "so that the adviser’s fiduciary obligation to act solely in the interest of his beneficiary is satisfied."[1] The burden of justifying paying a commission rate in excess of the lowest rate available is particularly heavy. Placing trades with an affiliated broker-dealer means that you must make the good faith judgment that this broker is uniquely qualified to obtain the best price on these trades and that the trading costs are at least as favorable as those charged by other qualified brokers.

Client Directed Brokerage

There may be circumstances where a client asks your firm to direct their trades to a certain broker-dealer. Since this typically results in extra fees and costs in managing such an account, you will want to obtain certain documentation where the client has acknowledged this consequence in writing. You can accomplish this by obtaining written instructions from the client regarding the directed brokerage acknowledgment either as part of the client's investment advisory agreement or by separate written acknowledgement signed by the client and a representative of the firm.

Client directed brokerage transactions may result in the client receiving a price that is less favorable than the price your firm could obtain by batching their trade along with those of other clients. They may also result in higher commissions or less favorable net prices than might achieved if your firm was empowered to select the broker-dealer. If you accept client directed brokerage, this must be disclosed in your Form ADV Part 1 and the consequences described above must be disclosed to clients in Form ADV Part 2A.

Soft Dollars

Your RIA firm may direct brokerage transactions to broker-dealers who provide research services to your firm consistent with the safe harbor provision under Section 28(e) of the Exchange Act of 1934.

Only research products and services that are used for the benefit of clients may be obtained with client commission dollars. The amount of the commission paid must be reasonable in relation to the value of the research services provided by the broker-dealer. By obtaining soft dollar products, and services via soft dollars, it is expected that you are doing so to reduce expenditures you would otherwise obtain via "hard dollars".

When utilizing soft dollars, your firm will be expected to maintain a complete set of books and records that quantify soft dollar commissions paid and the nature of all services received.

Principal and Agency Trades

Principal and agency transactions are two examples where your firm has an interest in the circumstances or outcome of the client trades that then becomes a conflict of interest in the discretion or recommendation of that transaction.

Principal trades involve securities transactions in which your firm has a proprietary interest in the securities being traded. Principal transactions must be disclosed to the client in writing prior to the completion of the transaction. Written client consent must also be obtained. This consent may be obtained after execution, but prior to settlement, of the transaction.

Agency trades involve securities transactions in which your firm acts directly (or through an affiliate) as the client’s advisor and as broker for the person on the other side of the transaction. Advisors may execute agency trades as long as they can show that they are in the best interests of the advisory clients involved in the transaction.

For both principal and agency trades, your firm must disclose this in Form ADV Parts 1 and 2A and maintain appropriate documentation to support these transactions.

Cross Trades

Cross trades are when clients of the same portfolio manager exchange the same security, that is, the buy and sell are offset without the need of going to the exchange for a participant in the trade. It is permissible as long as it is recorded as a cross trade by the broker and manager and providing fair market value, and that it was in the best interests of each participating client.

Trade Aways

Trade away transactions may become warranted when your firm's existing broker-dealer does not have access to markets that are suitable for your particular clients. As data regarding execution becomes more tangible through technology, best execution gains more transparency and may create obligations on advisors to select other advisors or relationships to ensure they uphold their client duties.

For both cross trades and trade away relationships, your firm must disclose this in Form ADV Parts 1 and 2A and maintain appropriate documentation to support these transactions.

Absorbing Transaction Costs

In some instances, RIA firms absorb ticket charges or other transaction-based costs for client trading, typically known as a wrap program. If you absorb ticket charges for any of your clients this may present a conflict due to your incentive to minimize trading volume. Wrap program information must be disclosed in your Form ADV Part 1 and 2A.


Through the Regulator's Eyes

Regulators operate under the premise that transaction costs and commissions paid are the client’s property, so you must treat them as such and ensure that the benefits of these ultimately benefit the client and contribute to your fiduciary duty.

When circumstances exist that would alter your objectivity with respect to trading, such as noted the conflicts described above, these must be clearly disclosed as well.

CCO Best Practices for Trading Practices and Conflicts

  • Review your firm's Form ADV Part 1 and 2A to confirm that each of these trading practices are appropriately disclosed.
  • In instances where conflicts of interest result, confirm that they are properly disclosed in Form ADV Part 2A in a way that identifies the conflict, why it is a conflict, and what procedures you have in place to prevent or mitigate these conflicts.
  • Maintain books and records that document all client directed brokerage, soft dollar usage, principal trades, agency trades, cross trades, and trade aways. Each must be maintained for at least five years, two of which must be immediately accessible by your firm.
  • For trades placed through an affiliated broker-dealer, maintain documentation that demonstrates the rationale for selecting this affiliate over other qualified broker-dealers.
  • If you utilize soft dollars, maintain a soft dollar policy that explains the rules related to paying for research with client commissions, the actual amounts paid and the specific services received.

The AdvisorAssist CCO Series is a collection of blog posts that cover each of the elements of your RIA's compliance program.  Each post will provide an overview of one compliance topic, including our insights on how regulators view each topic as well as some practical steps to help Chief Compliance Officers address this topic. As always, we would welcome your comments and thoughts.

Michael Conlon

[1] Securities and Exchange Commission, News Digest, Issue No. 72-89, May 10, 1972.

February 19, 2015

CCO Series: Top 12 Regulatory Deficiencies for RIAs -- # 6: Advertising

What You Need to Know

Advertising for RIAs is obviously a highly-regulated activity, so it makes sense that it ranks among the most common compliance deficiency for advisors.

When regulating advisor advertising, regulators focus first on disclosures, rather than methodology. While offering little guidance on how to do certain things, they do heavily regulate the disclosures displayed on advertisements. Certain advertisements may be “compliant” per se, however, the omission of proper disclaimers results in a false or misleading message.

Beyond disclosures, regulators tend to focus on certain areas of advertising, including:
  • Testimonials
  • Social Media
  • Past Specific Recommendations
  • Recordkeeping/Approval Process
  • Performance-based Advertising
For a complete overview of the "Advertising Rule" for RIAs, click here.

Why You Should Care

The ability to confidently and efficiently advertise your services can be of great benefit in growing your firm. With that said, inaccurate or misleading public-facing content can destroy a firm’s reputation quickly.

Unlike brokers overseen by FINRA, the SEC and state regulators are not responsible for reviewing or approving an RIA’s advertisements prior to use. The responsibility is placed on your firm and your CCO to ensure that all advertisements are compliant with regulations.

With social media becoming an increasingly important advertising channel, it is important to treat this activity with the same care as you would traditional mediums. Because of it’s ease of use, however maintaining control and oversight of social media activity brings a unique set of challenges.

We cover social media compliance in more detail in a previous post.

Our Recommendations

To ensure that your firm is keeping up with regulatory requirements and industry best practices in this area:
  • Ensure you have a review process in place to analyze firm advertisements for compliance.
  • Check your advertisements for proper disclosures.
  • Coordinate a process with your IARs to review new advertisements and obtain copies for Books and Records requirements.
  • Review seminar presentation content for appropriate regulatory disclosures and compliance.
  • Perform checks on your performance calculations to validate accuracy before use.
  • Understand your firm's social media presence and ensure you and your employees are not directly or indirectly interacting with the public in a way that runs afoul with the Advertising Rule.

AdvisorAssist’s CCO Series: Top 12 Regulatory Deficiencies for RIAs is a series of articles that will help your firm understand and avoid the most common compliance deficiencies found by regulators. Our goal is to help you increase your confidence that your firm remains “exam ready.” Click here to read more posts from our CCO Series: Top 12 Regulatory Deficiencies for RIAs. We would welcome the chance to learn more about you and your firm. Click here to request an introductory call from one of our consultants.

January 6, 2015

CCO Series: Top 12 Regulatory Deficiencies for RIAs -- # 5: Brochure Delivery

What You Need to Know

To our surprise, failure to follow the brochure (aka Form ADV Part 2) delivery rules continues to be one of the most common deficiencies for RIA firms.

Annual distribution of Form ADV Part 2 (along with the privacy policy) is required by all RIA firms. Additionally, an updated version must be delivered to clients when any material changes occur within your business.

A common (and logical) questions we get is “What’s material?” The SEC doesn’t define material, which makes sense since materiality is very much dependent on circumstances. A rule of thumb we use with clients is this: if a knowledgeable client or prospect would expect to be alerted of a change, it’s material. Admittedly, this still leaves a lot open to interpretation (we’ve seen it first hand). Regulators will cast the final vote on this during their next examination, so it usually pays to err on the side of caution.

When material changes do occur, RIAs have the following options:

Option 1: If there have been material changes to your business, they must be described in ADV Part 2, Item 2. Under the current rules, you could provide your clients with a summary of these material changes and an offer to deliver the entire ADV Part 2. In your offer you must include instructions on how clients can obtain a copy from you.

Option 2: Advisors can also opt to deliver a full copy of the entire ADV Part 2. In this instance Item 2 - Material Changes still needs to be updated.

All brochures must be delivered to clients within 120 days of fiscal year end. Electronic delivery will suffice if you are attaching the document to an email. Uploading your ADV to your website and sending a link to clients does not constitute proper delivery. You may lose the ability to show exactly what was delivered to the client.

Why You Should Care

Your brochure informs clients of the details of your firm and any recent material changes that could potentially impact them. You should view your brochure as a publicly-visible sign for your firm, and should be written and updated with this notion of "curb appeal" in mind. Potential and current clients see this brochure as a representation of your firm, and providing them with an up-to-date, accurate brochure signals that you take external communications seriously.

Competitors are reading your firm's brochure as well. A sloppy, outdated, or inaccurate ADV sends a message to competitors that may be damaging when competing for new business.

Our Recommendations

To ensure that your firm is keeping up with regulatory requirements and industry best practices in this area:
  • Review your ADV to ensure that it reflects your business, including disclosures for conflicts of interest, outside business activities, advisory services, and advisory fee practices. These are all important issues for regulators.
  • Deliver brochure to clients within 120 days of your fiscal year end
  • Maintain records that demonstrate delivery of Form ADV Part 2 to clients (annually or upon material changes) and prospective clients (prior to executing advisory agreement).
  • Maintain copies of prior versions of your Form ADV Part 1 and 2

AdvisorAssist’s CCO Series: Top 12 Regulatory Deficiencies for RIAs is a series of articles that will help your firm understand and avoid the most common compliance deficiencies found by regulators. Our goal is to help you increase your confidence that your firm remains “exam ready.” Click here to read more posts from our CCO Series: Top 12 Regulatory Deficiencies for RIAs. We would welcome the chance to learn more about you and your firm. Click here to request an introductory call from one of our consultants.