November 24, 2014

CCO Series: Top 12 Regulatory Deficiencies for RIAs -- # 3: Advisory Agreements

What You Need to Know

According to the North American Securities Administrators Association (NASAA), 44% of regulatory exams conducted in 2013 resulted in deficiencies related to the firm’s contracts or advisory agreements.

The most common contract deficiency was not in the content of the contracts, but instead the faulty execution of them. In cases where the actual content of the contracts were deficient, the most common issues were:
  • Fees and fee calculation methods not being correctly identified
  • Inaccurate or out-dated terms within the agreement
  • Use of “hedge clauses” that inappropriately limited the advisor’s role or responsibilities

Why You Should Care

Apart from regulatory issues, inaccurate advisory agreements have the potential to negatively impact your firm or your relationship with your clients by increasing business risk, creating the potential for personal liability and creating confusion among clients.

Improperly executed contracts create both regulatory and legal risk, and in some cases financial risk. Documenting and adhering to the fee terms and calculation methods in your advisory agreements will ensure that you are getting paid the correct amount by your clients. Performing a review of your existing agreements gives you a chance to find discrepancies before a regulator does.

Maintaining an updated version of all contract templates (both current and prior versions) serves as an effective control so that your firm is always using the most recent version with new clients.

Our Recommendations

To ensure that your firm is keeping up with regulatory requirements and industry best practices in this area:
  • Don’t “borrow” language from another firm’s advisory agreement. Your agreements must be both internally consistent and in alignment with the language and declarations in your ADV (including the fee calculation methods used).
  • Avoid hedge language that conflicts with or absolves you from your duties as a fiduciary
  • Use a separate agreement for ongoing advisory services (both discretionary and nondiscretionary) as well as “project-based” services, like financial planning. Your duties differ with each and this should be clear in your agreements.
  • Maintain one set of agreements as “production versions” to ensure that the most up-to-date contracts include the current terms.
  • Store retired versions in your books and records files and take steps to ensure that IARs are pulling from the production version.
  • Ensure that you track the delivery and receipt of advisory agreements and maintain a signed agreement for each client. Test the completeness of these files periodically.

AdvisorAssist’s CCO Series: Top 12 Regulatory Deficiencies for RIAs is a series of articles that will help your firm understand and avoid the most common compliance deficiencies found by regulators. Our goal is to help you increase your confidence that your firm remains “exam ready.” Click here to read more posts from our CCO Series: Top 12 Regulatory Deficiencies for RIAs. We would welcome the chance to learn more about you and your firm. Click here to request an introductory call from one of our consultants.

November 11, 2014

CCO Series: Top 12 Regulatory Deficiencies for RIAs -- #2: Registration

What You Need to Know

The second most common compliance deficiency for RIA firms is omissions or inaccuracies in the firm’s Form ADV. Some of these result from inconsistent upkeep of the ADV as the firm evolves. But in most cases we see, the deficiencies occur when firms use cookie cutter ADVs or borrow some/all of the content from another firm’s ADV.

On at least a yearly basis, RIAs are required to review and update their Form ADV so that it accurately describes the nature of their business to clients and prospects. (This occurs within 90 days of the firm’s fiscal year end.)

Advisors are also expected to immediately update their Form ADV to reflect any material changes that occur throughout the year. These updates include, but are not limited to:
  • An accurate description of their fee structure
  • Full and accurate description of their business and services
  • Disclosure of any conflicts of interest or affiliations
  • Significant changes in their business (e.g. meaningful changes in AUM)
  • Changes in how clients may contact the firm (e.g. Address, Phone Number)

Why You Should Care

While it may seem like a hassle to maintain an accurate Form ADV, these documents will not only make a difference from a regulator’s perspective, but also from the point of view of clients and prospects. While not always apparent, your Form ADV creates an initial (sometimes lasting) impression on prospects, clients and competitors. Ensuring the accuracy of your Form ADV can lead to to more productive and efficient relationships by removing (or at least not creating) any potential ambiguity in the early stages of your relationships.

It is not only important that the information contained in Form ADV is comprehensive and accurate, but you must also be able to evidence its timely delivery to all clients and prospects, keeping in mind that regulators must take a stance that if it’s not documented, it didn’t happen.

Our Recommendations

To ensure that your firm is keeping up with regulatory requirements and industry best practices in this area:
  • Avoid using a “one size fits all” approach to creating your Form ADV so that you can be sure that it accurately reflects your firm’s business practices, conflicts of interest, fee schedule, etc.
  • Update both Parts 1 and 2 of the Form ADV at least annually, keeping in mind that it must be updated more frequently if there have been material changes in your RIA.
  • Deliver Form ADV to clients in a timely fashion (within 120 days following your fiscal year end or upon any material update of the document).
  • Deliver Form ADV to all prospects prior to them signing your investment advisory agreement.
  • Maintain records of these distributions to ensure proper documentation for regulators.

AdvisorAssist’s CCO Series: Top 12 Regulatory Deficiencies for RIAs is a series of articles that will help your firm understand and avoid the most common compliance deficiencies found by regulators. Our goal is to help you increase your confidence that your firm remains “exam ready.” Click here to read more posts from our CCO Series: Top 12 Regulatory Deficiencies for RIAs. We would welcome the chance to learn more about you and your firm. Click here to request an introductory call from one of our consultants.

November 4, 2014

CCO Series: Top 12 Regulatory Deficiencies for RIAs -- #1: Books & Records

What You Need to Know

The most common compliance deficiency for RIA firms (impacting roughly 68% of firms) is insufficient maintenance of books and records. Under the “Books and Records Rule” there are several things that must be kept which generally fall into the following categories: Compliance Program, Client Management, Trading, Marketing, and Business Management. For the most part, these must be maintained by all advisors, but there are some requirements that depend on individual business practices, such as soft dollar usage, proxy voting, custody, use of solicitors.

For a detailed look at Books & Records requirements please click here.

For the most part, these records must be kept for a minimum of five years, the first two of which must be “readily accessible” to the advisor. Cloud storage, for example is readily accessible from the advisor’s office. Off site hard copies stored at a facility like Iron Mountain, is not. For the sake of business continuity, it is also important to keep backups of these documents off site in the event of an unexpected disaster.

Why You Should Care

Ensuring that your books and records are in order can be beneficial on several levels. Accurate books and records can validate your firm’s adherence to its fiduciary duty, support the decisions you have made on behalf of your clients, and substantiate your firm’s finances. Considering the fact that state regulators have made a point of ramping up “books and records” examinations and that they are obligated to pursue every complaint received against an advisor, diligent upkeep allows for efficient, swift resolution to future questions.

It should also be kept in mind that these requirements are in place to protect clients from fraudulent management of their assets, which can also provide protection from unwarranted scrutiny for responsibly managed firms. Highlighting this connection between compliance responsibilities and client protection has been a huge missed opportunity for RIAs historically.

Our Recommendations

To ensure that your firm is keeping up with regulatory requirements and industry best practices in this area:
  • Maintain an inventory list that includes any potential requirements, and conduct periodic reviews of your books and records to ensure adherence to the proper regulations.
  • Rather than viewing this regulation as a hassle, it is important to focus on the long term benefits of incorporating these responsibilities into the everyday activities of the firm. Leveraging tools such as a CRM, for example, can instill confident that things are being archived and maintained in an efficient manner.
  • Remain mindful of regulatory “hot spots” that can change over time. These currently include: advertising, email/social media archiving, cybersecurity, and documented investment decision making.
  • Conduct annual due diligence on cloud storage vendors to ensure that they have appropriate physical, electronic and procedural safeguards in place to secure your data.

AdvisorAssist’s CCO Series: Top 12 Regulatory Deficiencies for RIAs is a series of articles that will help your firm understand and avoid the most common compliance deficiencies found by regulators. Our goal is to help you increase your confidence that your firm remains “exam ready.” Click here to read more posts from our CCO Series: Top 12 Regulatory Deficiencies for RIAs. We would welcome the chance to learn more about you and your firm. Click here to request an introductory call from one of our consultants.

November 3, 2014

RIA Renewal Fees - It is that time again!

As Benjamin Franklin so eloquently stated in 1789, "... in this world nothing can be said to be certain, except death and taxes."
As we roll into the holiday season and prepare for year end, there is yet another certainty. If your fees are not paid in December, you won't be a Registered Investment Advisor in 2015!

FINRA Preliminary Renewal Statements

While FINRA is not your RIA's regulator, they do own the systems that the SEC and the States use to register your firm and its advisory persons. They are also paid to administer the task of collecting your money for the regulators. Starting on November 10, 2014, FINRA will begin emailing designated contacts in your firm with your Preliminary Renewal Statement. This statement identifies what you owe based on where you are registered at the firm and individual levels. All payments must then be made prior to December 12, 2014.

What other steps should my firm take?
  1. Review client geography and registration requirements. Are both your RIA firm and your investment advisor representatives properly notice filed and/or registered with each state in which you conduct business (or exempt)? If you exceed the de minimis threshold, you may be required to notice file or register.
  2. Review existing registrations. Are you registered in any states where you are under de minimis standards?
  3. Review IAR Registrations. Are your IARs properly registered? For SEC firms, some states do not require IAR registration if there is no place of business or under the de minimis threshold.

What happens if I don't pay my fees?

On December 31, 2014, all RIA and IAR registrations expire. If you have not paid and renewed those registrations for 2015, you may be terminated and your right to do business may be revoked. Several states automatically terminate your registration through their participation in the Automatic Fail To Renew Program for 2015. If your RIA firm or its representatives are registered or notice filed in a jurisdiction that participates in the program, your jurisdiction has authorized FINRA to automatically terminate your registrations on December 31, 2014 if all fees are not correct funded in the IARD Renewal Account by the deadline (December 12, 2014).

Next Steps

If you are an AdvisorAssist Compliance Client, we will analyze your account and your Preliminary Renewal Statement to provide guidance on requirements and fees. You may also receive notices from the state(s) and/or FINRA. You may forward those to our attention.

If you are not an AdvisorAssist Compliance Client, we welcome the opportunity to discuss our services. Please contact us at info@advisorassist.com.

Additional information can be found on the FINRA website.

October 31, 2014

Webinar Recap: Cybersecurity for RIA Firms

Yesterday we hosted 175 RiA firms on a webinar discussing the relevance and importance of protecting advisory clients from cyber threats.

We began by addressing three common misperceptions that sometimes prevail within our industry.

1) Cyber threats against RIA firms are rare.

Regrettably, this isn't the case. Just among our client base, we see attempted (and in one case successful) cyber frauds occur all the time. In fact, 10% of our clients (the clients of our clients, to be exact) have been the target of cyber fraud, usually by means of a hacked email account and a fraudulent wire request.

Michelle Wraight, vice president and chief privacy officer at Pershing agrees: “We’re seeing wire transfer fraud at epidemic levels,”

2) Cybersecurity is a “big firm” problem.

Every RIA - big or small - have points of vulnerability. In fact, regulators have specifically noted that smaller RIA firms will not get a pass when it comes to putting procedures in place to protect clients.

3) Cybersecurity is an IT issue.

Cybersecurity requires a multi-pronged approach. Effective cybersecurity goes way beyond information technology. Effective cybersecurity risk management is a cross-functional challenge that must also address operational processes, vendor management, regulatory requirements and human resources.

We then addressed the topic from a reguator's perspective. Regulators expect that compliance and risk management be an integrated part of the operations of your business. Cybersecurity is not just a technology concern.

The SEC's Office of Compliance Inspections and Examinations' (OCIE) recent cybersecurity initiative was designed to assess the preparedness of RIAs and ensure that firms are taking necessary steps to mitigate cyber threats. These include: preparedness, firm governance, identification and assessment of risks, protection of networks and information, remote access and funds transfer requests

We then provided some practical steps for RIAs to follow that would not only satisfy their regulatory expectations but also protect their clients from the very real threats that exist today. They include: maintaining a working knowledge of all clients (and their "normal" activity with respect to wire requests), securing mobile devices, securing hardware/office space and setting procedures and controls that govern how your firm processes client wire requests.

Click here for a replay of the webinar.

Click here to download the slides.