October 7, 2016

Protecting Vulnerable Adults from Financial Exploitation

The organization that represents the state securities agencies, North American Securities Administrators Association (NASAA), recently announced that its membership had voted to adopt a model act designed to protect vulnerable adults from financial exploitation.1 The model act, titled “An Act to Protect Vulnerable Adults from Financial Exploitation”, is now available for states to enact as legislation or implement through regulation. In addition, two new rules have been proposed by FINRA, which are also designed to also help combat financial exploitation of vulnerable adults.2 Finally, to bring more attention to this issue, the Consumer Financial Protection Bureau (CFPB) issued a report directed at financial institutions aimed at combating elder financial exploitation.

Protecting Vulnerable Adults in a Nutshell

Vulnerable adults are defined as persons over 65 years of age and those that qualify for protection under a state adult protective services statute. The protections for these individuals impact broker-dealers, investment advisor representatives, and those who serve in a supervisory, compliance, or legal capacity for broker-dealers and investment advisors. Generally, it will mean that as you are dealing with seniors and adults with disabilities, you may have additional responsibilities and a small amount of flexibility from regulators in dealing with certain situations.

Financial Exploitation

The type of financial exploitation that potentially could be stopped is the unauthorized use of the vulnerable adult’s assets, including when a power of attorney, guardianship, or conservatorship is used to make decisions harmful to the client. Both NASAA and the federal agencies have compiled evidence showing that trusted caregivers may obtain control over the vulnerable adult’s assets, then deprive them of the assets or convert the assets by exploiting the services of financial institutions including broker-dealers and investment advisors.3

Possible Changes

State securities regulators, FINRA and the CFPB may begin to incorporate regulatory changes to address this public concern. Advisors that have a reasonable belief that financial exploitation has been attempted or has occurred among their clients may be required to report it to the appropriate regulator and adult protective services agencies. Updates to state and federal rules may also allow advisors to notify any third parties designated by clients of their suspicions of financial exploitation, excepting any third party that are suspected to be the part of the financial exploitation. Finally, state rules may allow advisors to initially delay disbursements from an account of a vulnerable adult for up to 15 business days if, after review, there is suspicion that the disbursement may result in financial exploitation. The advisors may also extend the delay of disbursement for an additional 10 business days at the request of either the state securities regulator or adult protective services.

Crucially, NASAA’s model act grants immunity from administrative or civil liability for advisors when reporting to state regulators and agencies, notifying appropriate third parties, and delaying disbursements based on reasonable suspicions of financial exploitation while acting in good faith. However, the advisor will be required to provide records, including historical records, relevant to the suspected financial exploitation to the state’s adult protective services or law enforcement. As with all things compliance your books and records are very important.

CCO Best Practices

To prepare for dealing with vulnerable adults at your firm AdvisorAssist recommends the best practices of:

  • Train staff to prevent, detect, and respond to elder financial abuse by escalating any suspicious activity to the CCO.
  • Harness technology such as suspicious activity monitoring technology to identify potential financial abuse.
  • Collaborate with stakeholders like custodians, banks, and plan sponsors to identify potentially at-risk clients and trusted third parties acting for the client’s protection
  • Document, validate and report suspicious activity to your state regulators or federal agencies.
  • Offer clients the ability to have your firm notify a trusted third party when financial exploitation is suspected.
  • Maintain awareness of any existing rules or changes at your state securities regulator regarding their adoption of rules regarding vulnerable adults.
1. See NASAA Members Adopt Model Act at: Link.

2. See FINRA Regulatory Notice 15-37, October 2015 at: Link.

3. See Testimony of Judith Shaw, NASAA President before the US Senate Special Committee on Aging at: Link.

AdvisorAssist News for RIAs is a series of articles that will help your firm understand and prepare for changes that may be occurring on the state or federal level. Our goal is to help you increase your confidence that your firm remains in compliance as well as provide some practical steps to help Chief Compliance Officers address this topic.


Brendan Furey
Michael Conlon

September 2, 2016

Final Rules: Updated Form ADV & Books and Records

The Securities and Exchange Commission (the “SEC”) published final rules to amend the Form ADV in order to gather additional about separately managed accounts, create an umbrella registration for affiliated private fund advisors operating a single advisory business, and to add additional identifying questions to the Form ADV. The final rules also amend the books and records rule to clarify the obligation to keep supporting information on performance and rate of return calculations. Please note that these final rules become effective in 60 days; however, compliance with these requirements does not become effective until October 1, 2017.

Click here for a link to the SEC's press release. A link to the Final Rule is included on the right.

Separately Managed Accounts

The final rules will require advisors to aggregate information about the separately managed accounts, in order to improve the SEC’s risk management initiatives and risk-based exam program. The aggregate information about separately managed accounts will include types of assets held and the use of derivatives and borrowings in the accounts. The updated form will also ask that assets in separately managed accounts be reported on Schedule D. Finally, the final rules require advisors to identify the custodians with at least ten percent of separately managed account assets under management, and the amount of the assets under management attributable to the separately managed accounts held at the custodian.

Umbrella Registration for Private Fund Advisors

The final rules also create a process for umbrella registration of private fund advisors that operate a single advisory business through multiple legal entities. Umbrella registration is not mandatory, but will simplify the registration process for these advisors. To qualify for an umbrella registration, the advisor must have a principal place of business in the United States and must advise only private funds and qualified clients in separately managed accounts. Also all of the advisors must operate under the same policies and procedures (including a single code of ethics and single CCO) and be subject to the filing advisor’s supervision and control. Finally, all the advisor must agree to be subject to examination by the SEC.

Additional Form ADV Information Required

In addition to requiring reporting for separately managed accounts and creating umbrella registrations, the final rules also require additional identifying information be provided on the Form ADV.

  1. All Central Index Key numbers (“CIK Number”) for:
    1. The advisor.
    2. Private funds managed by the advisor (or Public Company Accounting Oversight Board, or “PCAOB”-assigned numbers).
  2. The addresses for each social media account where the advisor controls the content, such as Twitter, Facebook or LinkedIn. This does not require the listing of the social media accounts of the employees of an advisor, just the accounts where the advisor control the content.
  3. The total number of offices at which investment advisory business is conducted and details of the 25 largest offices in terms of number of employees.
  4. Report whether the advisor’s chief compliance officer is compensated or employed by any person other than the advisor (or a related person of the advisor or a registered investment company) and if so, the name and IRS Employer Identification Number.
  5. Advisors with assets of $1 billion or more report their assets within three ranges: (a) $1 billion to $10 billion; (b) $10 billion to $50 billion; (c) $50 billion or more.
  6. The number of clients and amount of assets under management attributable to each category of clients.
  7. The number of clients that do not have assets under management.
  8. Amount of assets under management:
    1. Attributable to non-United States clients.
    2. Of all parallel managed accounts related to an investment company (or series thereof) or business development company.
    3. Attributable to acting as a sponsor to or portfolio manager for a wrap fee program.

Books and Records Updates

Currently advisors are required to maintain records supporting performance claims in communications that are distributed or circulated to ten or more persons. However, the final rule requires that advisors maintain:

  1. Records supporting performance claims in any communication that is circulated or distributed, directly or indirectly, to any person.
  2. The originals of written communications received relating to the performance or rate of return of any managed accounts or securities recommendations.
  3. Copies of written communications sent by the advisor relating to the performance or rate of return of any managed accounts or securities recommendations.

How should a Chief Compliance Officer respond to the Rule?

To prepare for the implementation of these rule updates at your firm for the October 1, 2017 compliance date, AdvisorAssist recommends the best practices of:

  1. Review separately managed accounts to ensure that the amount of assets being held, types of assets held, and the use of derivatives and borrowings in the accounts is easily reportable.
  2. Perform an annual review of custodians for separately managed accounts to ensure you can identify the accounts and assets under management with each custodian.
  3. If you operate a single advisory business through multiple legal entities, review whether an umbrella registration is best for your business.
  4. Start tracking and reviewing the additional identifying information that will be required on the Form ADV.
  5. Prepare and maintain comprehensive records supporting performance and rate of return calculations.
  6. Perform an annual review of the advisor’s books and records archive to ensure you are keeping the required documentation for the required duration.

Brendan Furey
Michael Conlon

June 27, 2016

CCO Series: Top Regulatory Deficiencies for RIAs -- Advisory Agreements

What you need to know

Examiners will review agreements that the advisor uses for its client engagements during an examination as a standard request item. This will include a review of the agreement templates that you use for your prospective clients and a sample of agreements that your firm has executed with existing clients. In reviewing agreements examiners report finding two common deficiencies: 1) the fees are not fully disclosed in the agreement and 2) that firms do not have an executed copy of its client agreements in the advisor’s books and records.

Common Deficiency: Fees fully disclosed

The written advisory agreement must detail the relationship that the client is entering into with the advisor, including how fees are calculated and the payment methodology. The fees section of the agreement must be comprehensive to cover all fees being charged for the services, when the fees are being charged, and how they are to be paid. The information in the client agreement should also align with the general disclosure of fees made in Form ADV Part 2A Disclosure Brochure in Item 5. Any additional compensation that the firm receives in its advisory practice should also be described in Form ADV Part 2A in Item 14.

Common Deficiency: Books and records

Advisors are required to keep and maintain all written agreements (or copies thereof) entered into by the advisor with any client.1Examiners are reporting to the North American Securities Administrators Association that advisors are not creating written agreements for all of their client relationships. They also noted that when written agreements are created, the agreements are not clearly noting, and adequately explaining, the advisory fees as described above.2

How do we avoid these deficiencies?

To avoid these deficiencies at your firm AdvisorAssist recommends the best practices of:

  • Reviewing the language in your Form ADV Part 2A Disclosure Brochure to ensure that it adequately discloses for each type of fee the following:
    1. How fees accrue for each service offered.
    2. How fees are billed to the clients.
    3. Whether the advisory fees include other fees, such as brokerage trading fees.
    4. How fees are impacted by contract termination, such as a pro-rata refund if collected in advance.
    5. Whether the fees represent any compensation for the sales of securities or other conflicts of interest.
  • For each new client onboarded, ensure that a written agreement is executed for the services that the client will receive and the fee is consistent with Form ADV Part 2A.
  • Review client agreement[s] templates and Form ADV Part 2A at least annually to ensure that the fees described are consistent and fully disclosed.

1. See 17 CFR §275.204-2(a)(10). Link.
2. See North American Securities Administrators Association, “2015 Investment Adviser Coordinated Exams,”. Link.

AdvisorAssist’s CCO Series: Regulatory Deficiencies for RIAs is a series of articles that will help your firm understand and avoid the most common compliance deficiencies found by regulators. Our goal is to help you increase your confidence that your firm remains “exam ready” as well as some practical steps to help Chief Compliance Officers address this topic.

Brendan Furey
Michael Conlon

June 20, 2016

Cybersecurity: Best Practices and Webinar Replay

Webinar Replay

AdvisorAssist recently hosted a webinar titled "Cybersecurity for RIAs: How Safe are You?" Click here to watch or download the replay.

What you need to know

When seeking to act in their client’s best interest, registered investment advisors collect private information from their clients. This information forms the basis for the advice they will provide to their client, whether through consultation or discretionary investment management. Understandably, the advisor is in continuous possession of private client information while servicing a particular client, investor, or related participant.

Section 30(a) of Regulation S-P under the Gramm-Leach-Bliley Act of 1999 requires advisors (along with broker-dealers and investment companies) to adopt policies and procedures that create administrative, technical, and physical safeguards for the protection of customer records and information. These policies and procedures must must be reasonably designed to:

  • Ensure the security and confidentiality of customer records and information;
  • Protect against any anticipated threats or hazards to the security or integrity of customer records and information; and
  • Protect against unauthorized access to or use of customer records or information that could result in substantial harm or inconvenience to any customer.

The SEC has said that an RIA’s policies and procedures must include how advisors conduct periodic risk assessments, implement a firewall, encrypt private client information stored electronically, and maintain a response plan for cybersecurity incidents. Advisors are expected to anticipate potential cybersecurity events and have clear procedures in place rather than waiting to react once a breach occurs.1.

Why You Should Care

Identify theft, cyber fraud and high profile security breaches have become common occurrences, especially among commercial merchants and asset managers. Previously, we covered common misperceptions that sometimes stop advisors from properly protecting advisory clients from cyber threats. Since then, the SEC Office of Compliance Inspections and Examinations (“OCIE”) published a series of Risk Alerts announcing a priority for examinations to identify cybersecurity risks and assess cybersecurity preparedness in the securities industry.

The focus of the OCIE during exams will be on the following areas:

  • Governance and Risk Assessment, including the level of communication to, and involvement of, senior management and boards of directors.
  • Access Rights and Controls, including a review of controls associated with remote access, customer logins, passwords, protocols to address customer login problems, network segmentation, and tiered access.
  • Data Loss Prevention, including how advisors verify the authenticity of a customer request to transfer funds.
  • Vendor Management, including due diligence with regard to vendor selection, monitoring and oversight of vendors, and contract terms.
  • Training, including how procedures for responding to cyber incidents under an incident response plan are integrated into regular personnel and vendor training.

Our Recommendations

To ensure that your firm is keeping up with regulatory requirements and industry best practices in this area AdvisorAssist recommends that the CCO:

  • Review written policies and procedures to ensure they include:
    1. Identification of Cybersecurity risks
    2. Controls in place to detect and mitigate the Cybersecurity risks
    3. Assessment of points of vulnerability, both operational and technological
    4. A mechanism to gauge the effectiveness of policies and procedures that protect the your networks and sensitive information
    5. Descriptions of how you will respond to a breach of security
  • Train your employees on cybersecurity policies. The policies must be communicated and enforced by the highest levels of management.
  • Document all testing and monitoring of cybersecurity policies.
  • Engage an independent third party provider to conduct internal and external vulnerability assessment scans and penetration tests.
  • Review your Privacy Policy and update as needed.

1. See SEC Release No. 4204 published September 22, 2015. ↩ Back to note 1

Brendan Furey
Michael Conlon

May 27, 2016

Department of Labor Fiduciary Rule: Webinar Q&A

Last week, Advisors4Advisors (A4A) hosted a webinar on the DOL Fiduciary Rule change presented by members of the AdvisorAssist team. You must be a paying A4A member ($60 annually) to attend webinars, view replays, and receive CPA, CFP or IMCA CE credit. Click here for information on joining A4A, and Click here to access the webinar replay.

The following questions were raised after the webiar about the new DOL Fiduciary Rule. We cover the DOL Fiduciary Rule in more detail in a previous post

1. In RIA with Rollover, since AUM increases, but fees decrease or services increase then are you a conflict? Trusted advisor is increasing income, but client getting something for it.

A: This question seems to be asking when an Advisor is managing a client’s retirement plan assets and recommends a rollover to another vehicle, such as an IRA, since the Advisor’s assets under management (AUM) will increase but overall fees paid by the client will decrease, or services received by the client increase, then are you in a conflict? The Advisor’s compensation is increasing but the client getting something for it.

The recommendation of a rollover creates a potential for a conflict of interest. Therefore, the Advisor making the recommendation should document with the client why the rollover is in the client’s best interest. The fact that overall fees paid by the client will decrease, or services received by the client will increase with the rollover are good reason why the rollover is in the client’s best interest and therefore, should documented in the client’s profile and if it is not already in the client agreement, the client should receive notice that the Advisor is a fiduciary acting in the client’s best interest.

The definition goes on to explain what constitutes a “recommendation” and what may be excluded from that definition, such as providing certain services or information regarding the plan or IRA, such as marketing or making available to a plan fiduciary a platform or similar mechanism where the plan fiduciary may select or monitor investment alternatives; identifying investment alternatives that meet objective criteria specified by the plan fiduciary; providing objective financial data and comparisons with independent benchmarks to the plan fiduciary.

2. If an Advisor recommends that a client rollover from a 401(k), hence increasing the Advisor’s AUM and the client’s fees (regardless of investment), does not that create a conflict of interest?

A: Correct, the recommendation of a rollover creates a potential for a conflict of interest. Therefore the Advisor making the recommendation should document why the rollover is in the client’s best interest.

3. How do you get the expenses of the 401(k) that the employee was paying?

A: Clients should be able to produce documentation regarding the expenses that they are currently paying for their 401(k) plan. The Advisor will want to collect the current fee structure of their client’s 401(k) plan as a factor in making an informed recommendation about why any rollover from that plan is in the client’s best interest.

4. How do we get the expenses of the 401(k) to the client?

A: If you are trying to obtain information about a client’s 401(k) you should contact the plan sponsor. However, this question seems to be asking how do Advisors ensure they are not responsible for the expenses of a client’s 401(k).

Unless an Advisor is engaging clients in a “wrap fee” program, where the client pays a single advisory fee for the management and services of their account including custodian and brokerage fees, then the clients should be responsible for paying expenses related to the management of their account. Advisors should ensure that their client agreements and Form ADV Part 2A, Item 5(C) fully and accurately disclose which party is responsible for fees related to the account management.

Although an RIA may not be compensated by a commission or revenue sharing, Form ADV requires disclosure to clients regarding potential conflicts and compensation arrangements. Hybrid advisors receiving commission compensation will want to ensure they are satisfying the BICE. Therefore as a best practice we recommend that even firms without commission or revenue sharing fees should provide notice to retirement clients that they are providing their services in the client's best interest to uphold their fiduciary duty and review and update disclosures of any potential conflict of interest. This will ensure that you are availing your firm of the BICE and creating a presumption of compliance with the Rule.

5. If I'm an RIA and already a fiduciary, and serve ERISA qualified plans as a 3(21) advisor and 3(38) manager capacity, and already have level fees fully disclosed and transparent within Advisory Agreements. (408b2 compliant), how am I really impacted by the DOL Rule? The only thing I've read is needing to document rollovers if I will get compensated for the rollover into an IRA (versus keeping funds in a 401k Plan, for instance) - which I already do to some degree.

A: Correct. The ongoing receipt of a Level Fee such as a fixed percentage of the value of a customer’s assets under management, where such values are determined by readily available independent sources or independent valuations, typically would not raise prohibited transaction concerns for the Advisor.

Under these circumstances, the compensation amount depends solely on the value of the investments in a client account, and ordinarily the interests of the Advisor in making prudent investment recommendations, which could have an effect on compensation received, are aligned with the Retirement Investor’s interests in increasing and protecting account investments. However, there is a conflict of interest when an Advisor recommends that a participant roll money out of a plan into a fee-based account that will generate ongoing fees for the Advisor that he would not otherwise receive, even if the fees going-forward do not vary with the assets recommended or invested.

As stated in question 1, for a level fee fiduciary to recommend a rollover the Advisor should document information supporting the recommendation in the client’s profile. Additionally, if it is not already in the client agreement, the client should receive notice that the Advisor is a fiduciary acting in the client’s best interest. It is our view that this written notice can also be communicated to the client via Form ADV.

6. Are there any best practices yet regarding the type of disclosure of the compensation arrangement and conflicts of interest (slide 13) - which I already disclose in our Firm's ADV?

A: The best practices regarding disclosure of compensation arrangement and conflicts of interest will evolve as we get closer to the full implementation date of this rule, January 1, 2018. That being said, if you are not a level fee Advisor and seeking to make use of the Best Interest Contract Exemption you will want compensation arrangements and conflicts of interest disclosed in a separate Best Interest Contract or as an addition to existing agreements along with the other requirements of the Best Interest Contract Exemption.

Also in the preamble to the final rule, the Department of Labor recommended the creation of web disclosure, which they state should contain: A schedule of typical account or contract fees and service charges, and a list of product manufacturers with whom arrangements have been made to provide payments to the Advisor, including whether the arrangements impact Advisor compensation. The DOL also suggests disclosure of the business model and the Material Conflicts of Interest, including payout grids and non-cash compensation and rewards.

7. Not sure if you covered this.... what about my existing clients that generate trails?

A: At this time we do not believe that trail compensation from commission transactions based on prior recommendations would be relevant to the DOL Rule change. If it is in the client’s best interest to transition those assets to another vehicle, or if a new recommendation that would involve a commission trail should arise, those would be relevant to your compliance for your fiduciary duty and the DOL fiduciary rule, respectively.

8a. [Is there a] Conflict if [a] Fee Only RIA is NOT advisor to the qualified plan but solicits retiree to rollover to IRA? (the value added is RIA gives advise (sic) whereas existing qualified plan does not give that advice.

A: The recommendation of a rollover of retirement plan assets creates a potential for a conflict of interest. Therefore, the Advisor making the recommendation should document why the rollover is in the client’s best interest. Advisors should also be aware if any of their solicitors are making such recommendations and ensure they have documentation to support the recommendation. The statement that the IRA has more options available to it for investment, and therefore more opportunity for different strategies by means of advisory services from the RIA, can be given by the Advisor that the rollover may be in the client’s best interest given the full profile of the client.

8b. Does DOL recognize that distinction?

A: Yes. The DOL Fiduciary Rule would consider you to be a Level Fee Advisor.

8c. Am I giving client that disclosure or just adding to my ADV and client file?

A: Form ADV should be completely and accurately disclosing fees charged by the Advisor in Item 5, and any other compensation received in Item 14. Advisors are typically required to deliver Form ADV to all new clients, and existing clients annually or upon a material change. The DOL Fiduciary Rule would require full disclosure of all fees related to a client’s retirement plan assets when certain recommendations are made, such as a rollover.

9. Are [these] rules [applying] to discount brokers or robo advisors?

A: The DOL Fiduciary Rule applies to anyone making the recommendations to clients in qualified plans for a fee. ERISA contains an exemption to prohibited transactions in section 408(b)(14) that covers robo-advisors and is available for robo-advice involving prohibited transactions if its conditions are satisfied. However, robo-advisors that are Level Fee Fiduciaries may rely on the Best Interest Contract Exemption with respect to investment advice to engage the robo-advice provider for advisory or investment management services for Plan or IRA assets, provided they comply with the conditions applicable to Level Fee Fiduciaries, as discussed in question 1 above.

10a. Doesn't the rule impose a significant burden on the fee only RIA to know the fees charged in the 401(k)? Sometimes is it very hard to find this out fully. Clients don't always provide this information and it is not always correct.

A: The new rule sets forth a requirement for certain information when making a recommendation to Retirement Investors. It requires that the Advisor, when providing investment advice to the Retirement Investor, that at the time of the recommendation, such advice reflects the care, skill, prudence, and diligence under the circumstances then prevailing that a prudent person acting in a like capacity and familiar with such matters would use in the conduct of an enterprise of a like character and with like aims, based on the investment objectives, risk tolerance, financial circumstances, and needs of the Retirement Investor. Therefore, we would recommend performing all the necessary due diligence, whether with the client or directly with the plan sponsor of the client’s 401(k) in order to substantiate the recommendation(s) made, including current fee structure on 401(k) plans affected by the advice.

10b. Since we have no access to the 401(k), how do you confirm the information?

A: As stated in question 10a above, due diligence requirements should include gathering information from all sources available including contacting the sponsor of the plan, if needed.

11a. What do you mean by "level fee" advisor?

A: Level fee advisors are those that meet the definition of a level fee fiduciary by receiving the same compensation regardless of the particular investments the client makes, whether based on a fixed percentage of assets under management or a fixed dollar fee.

The full definition of a Level Fee Fiduciary is located in Section VIII(h) of the Best Interest Contract Exemption Final Rule

11b. Are you talking about an AUM %? or something else?

A: An Advisor whose compensation is based on the client’s assets under management would be an example of a Level Fee Fiduciary for the purposes of the DOL Fiduciary Rule.

12. Does the ADV Part II provide adequate disclosure for fee only RIAs?

A: It is our view that this written disclosure can also be communicated to the client via Form ADV.

13. Would an RIA be considered a level fee fiduciary if they charge differently for equities/bonds/cash?

A: Based on the definition of Level Fee Fiduciary above that does not sound like it would meet the requirements for the purposes of the DOL Fiduciary Rule since the Advisor would receive different compensation depending on what investments were made.

Brendan Furey
Michael Conlon