December 10, 2014

CCO Series: Top 12 Regulatory Deficiencies for RIAs -- # 4: Privacy Policies

What You Need to Know

The fourth most common compliance deficiency for RIA firms involves the creation, delivery and enforcement of the firm’s privacy policy.

All RIAs must have a privacy policy in place that outlines how they protect their clients’ confidential information. Advisors are expected to include the following in their privacy policy:
  • What information is collected from clients;
  • What sources that information is collected from (over and above information provided by the client);
  • The firm’s basis for sharing this information;
  • What safeguards you have in place to protect client information; and
  • Any state-specific privacy regulations the firm is subject to.
This privacy policy must be distributed to all new clients, as well as all ongoing clients on an annual basis. Any subsequent changes to the privacy policy necessitates an additional delivery to clients as well.

Why You Should Care

Identify theft, cyber fraud and high profile security breaches have become common occurrences. The media attention they receive has undoubtably heightened your clients' sensitivity to protecting their personal information.

Your privacy policy can become a very compelling relationship management tool, as it serves as a proof statement to clients that you respect and guard their information. Likewise, it should be used internally to lay out for your employees some simple protocols to guide their decisions when handling confidential client information.

As a general policy, supervised persons should not release confidential client information without first consulting with the CCO. This mitigates your regulatory risk by ensuring that nonpublic information is disclosed only to the extent it is needed to conduct business for that client.

Our Recommendations

To ensure that your firm is keeping up with regulatory requirements and industry best practices in this area:
  • Provide a copy of your firm’s privacy policy to new clients along with your investment advisory agreement and Form ADV Part 2. (Since Form ADV Part 2 and the privacy policy follow similar delivery rules, we usually recommend combining these two documents.)
  • Deliver a copy of your privacy policy to all clients at least annually.
  • Confirm that your investment advisory agreements contain an acknowledgement of receipt of your privacy policy.
  • Train your staff on the content, purpose and importance of your firm’s privacy policy.

AdvisorAssist’s CCO Series: Top 12 Regulatory Deficiencies for RIAs is a series of articles that will help your firm understand and avoid the most common compliance deficiencies found by regulators. Our goal is to help you increase your confidence that your firm remains “exam ready.” Click here to read more posts from our CCO Series: Top 12 Regulatory Deficiencies for RIAs. We would welcome the chance to learn more about you and your firm. Click here to request an introductory call from one of our consultants.

November 24, 2014

CCO Series: Top 12 Regulatory Deficiencies for RIAs -- # 3: Advisory Agreements

What You Need to Know

According to the North American Securities Administrators Association (NASAA), 44% of regulatory exams conducted in 2013 resulted in deficiencies related to the firm’s contracts or advisory agreements.

The most common contract deficiency was not in the content of the contracts, but instead the faulty execution of them. In cases where the actual content of the contracts were deficient, the most common issues were:
  • Fees and fee calculation methods not being correctly identified
  • Inaccurate or out-dated terms within the agreement
  • Use of “hedge clauses” that inappropriately limited the advisor’s role or responsibilities

Why You Should Care

Apart from regulatory issues, inaccurate advisory agreements have the potential to negatively impact your firm or your relationship with your clients by increasing business risk, creating the potential for personal liability and creating confusion among clients.

Improperly executed contracts create both regulatory and legal risk, and in some cases financial risk. Documenting and adhering to the fee terms and calculation methods in your advisory agreements will ensure that you are getting paid the correct amount by your clients. Performing a review of your existing agreements gives you a chance to find discrepancies before a regulator does.

Maintaining an updated version of all contract templates (both current and prior versions) serves as an effective control so that your firm is always using the most recent version with new clients.

Our Recommendations

To ensure that your firm is keeping up with regulatory requirements and industry best practices in this area:
  • Don’t “borrow” language from another firm’s advisory agreement. Your agreements must be both internally consistent and in alignment with the language and declarations in your ADV (including the fee calculation methods used).
  • Avoid hedge language that conflicts with or absolves you from your duties as a fiduciary
  • Use a separate agreement for ongoing advisory services (both discretionary and nondiscretionary) as well as “project-based” services, like financial planning. Your duties differ with each and this should be clear in your agreements.
  • Maintain one set of agreements as “production versions” to ensure that the most up-to-date contracts include the current terms.
  • Store retired versions in your books and records files and take steps to ensure that IARs are pulling from the production version.
  • Ensure that you track the delivery and receipt of advisory agreements and maintain a signed agreement for each client. Test the completeness of these files periodically.

AdvisorAssist’s CCO Series: Top 12 Regulatory Deficiencies for RIAs is a series of articles that will help your firm understand and avoid the most common compliance deficiencies found by regulators. Our goal is to help you increase your confidence that your firm remains “exam ready.” Click here to read more posts from our CCO Series: Top 12 Regulatory Deficiencies for RIAs. We would welcome the chance to learn more about you and your firm. Click here to request an introductory call from one of our consultants.

November 11, 2014

CCO Series: Top 12 Regulatory Deficiencies for RIAs -- #2: Registration

What You Need to Know

The second most common compliance deficiency for RIA firms is omissions or inaccuracies in the firm’s Form ADV. Some of these result from inconsistent upkeep of the ADV as the firm evolves. But in most cases we see, the deficiencies occur when firms use cookie cutter ADVs or borrow some/all of the content from another firm’s ADV.

On at least a yearly basis, RIAs are required to review and update their Form ADV so that it accurately describes the nature of their business to clients and prospects. (This occurs within 90 days of the firm’s fiscal year end.)

Advisors are also expected to immediately update their Form ADV to reflect any material changes that occur throughout the year. These updates include, but are not limited to:
  • An accurate description of their fee structure
  • Full and accurate description of their business and services
  • Disclosure of any conflicts of interest or affiliations
  • Significant changes in their business (e.g. meaningful changes in AUM)
  • Changes in how clients may contact the firm (e.g. Address, Phone Number)

Why You Should Care

While it may seem like a hassle to maintain an accurate Form ADV, these documents will not only make a difference from a regulator’s perspective, but also from the point of view of clients and prospects. While not always apparent, your Form ADV creates an initial (sometimes lasting) impression on prospects, clients and competitors. Ensuring the accuracy of your Form ADV can lead to to more productive and efficient relationships by removing (or at least not creating) any potential ambiguity in the early stages of your relationships.

It is not only important that the information contained in Form ADV is comprehensive and accurate, but you must also be able to evidence its timely delivery to all clients and prospects, keeping in mind that regulators must take a stance that if it’s not documented, it didn’t happen.

Our Recommendations

To ensure that your firm is keeping up with regulatory requirements and industry best practices in this area:
  • Avoid using a “one size fits all” approach to creating your Form ADV so that you can be sure that it accurately reflects your firm’s business practices, conflicts of interest, fee schedule, etc.
  • Update both Parts 1 and 2 of the Form ADV at least annually, keeping in mind that it must be updated more frequently if there have been material changes in your RIA.
  • Deliver Form ADV to clients in a timely fashion (within 120 days following your fiscal year end or upon any material update of the document).
  • Deliver Form ADV to all prospects prior to them signing your investment advisory agreement.
  • Maintain records of these distributions to ensure proper documentation for regulators.

AdvisorAssist’s CCO Series: Top 12 Regulatory Deficiencies for RIAs is a series of articles that will help your firm understand and avoid the most common compliance deficiencies found by regulators. Our goal is to help you increase your confidence that your firm remains “exam ready.” Click here to read more posts from our CCO Series: Top 12 Regulatory Deficiencies for RIAs. We would welcome the chance to learn more about you and your firm. Click here to request an introductory call from one of our consultants.

November 4, 2014

CCO Series: Top 12 Regulatory Deficiencies for RIAs -- #1: Books & Records

What You Need to Know

The most common compliance deficiency for RIA firms (impacting roughly 68% of firms) is insufficient maintenance of books and records. Under the “Books and Records Rule” there are several things that must be kept which generally fall into the following categories: Compliance Program, Client Management, Trading, Marketing, and Business Management. For the most part, these must be maintained by all advisors, but there are some requirements that depend on individual business practices, such as soft dollar usage, proxy voting, custody, use of solicitors.

For a detailed look at Books & Records requirements please click here.

For the most part, these records must be kept for a minimum of five years, the first two of which must be “readily accessible” to the advisor. Cloud storage, for example is readily accessible from the advisor’s office. Off site hard copies stored at a facility like Iron Mountain, is not. For the sake of business continuity, it is also important to keep backups of these documents off site in the event of an unexpected disaster.

Why You Should Care

Ensuring that your books and records are in order can be beneficial on several levels. Accurate books and records can validate your firm’s adherence to its fiduciary duty, support the decisions you have made on behalf of your clients, and substantiate your firm’s finances. Considering the fact that state regulators have made a point of ramping up “books and records” examinations and that they are obligated to pursue every complaint received against an advisor, diligent upkeep allows for efficient, swift resolution to future questions.

It should also be kept in mind that these requirements are in place to protect clients from fraudulent management of their assets, which can also provide protection from unwarranted scrutiny for responsibly managed firms. Highlighting this connection between compliance responsibilities and client protection has been a huge missed opportunity for RIAs historically.

Our Recommendations

To ensure that your firm is keeping up with regulatory requirements and industry best practices in this area:
  • Maintain an inventory list that includes any potential requirements, and conduct periodic reviews of your books and records to ensure adherence to the proper regulations.
  • Rather than viewing this regulation as a hassle, it is important to focus on the long term benefits of incorporating these responsibilities into the everyday activities of the firm. Leveraging tools such as a CRM, for example, can instill confident that things are being archived and maintained in an efficient manner.
  • Remain mindful of regulatory “hot spots” that can change over time. These currently include: advertising, email/social media archiving, cybersecurity, and documented investment decision making.
  • Conduct annual due diligence on cloud storage vendors to ensure that they have appropriate physical, electronic and procedural safeguards in place to secure your data.

AdvisorAssist’s CCO Series: Top 12 Regulatory Deficiencies for RIAs is a series of articles that will help your firm understand and avoid the most common compliance deficiencies found by regulators. Our goal is to help you increase your confidence that your firm remains “exam ready.” Click here to read more posts from our CCO Series: Top 12 Regulatory Deficiencies for RIAs. We would welcome the chance to learn more about you and your firm. Click here to request an introductory call from one of our consultants.

November 3, 2014

RIA Renewal Fees - It is that time again!

As Benjamin Franklin so eloquently stated in 1789, "... in this world nothing can be said to be certain, except death and taxes."
As we roll into the holiday season and prepare for year end, there is yet another certainty. If your fees are not paid in December, you won't be a Registered Investment Advisor in 2015!

FINRA Preliminary Renewal Statements

While FINRA is not your RIA's regulator, they do own the systems that the SEC and the States use to register your firm and its advisory persons. They are also paid to administer the task of collecting your money for the regulators. Starting on November 10, 2014, FINRA will begin emailing designated contacts in your firm with your Preliminary Renewal Statement. This statement identifies what you owe based on where you are registered at the firm and individual levels. All payments must then be made prior to December 12, 2014.

What other steps should my firm take?
  1. Review client geography and registration requirements. Are both your RIA firm and your investment advisor representatives properly notice filed and/or registered with each state in which you conduct business (or exempt)? If you exceed the de minimis threshold, you may be required to notice file or register.
  2. Review existing registrations. Are you registered in any states where you are under de minimis standards?
  3. Review IAR Registrations. Are your IARs properly registered? For SEC firms, some states do not require IAR registration if there is no place of business or under the de minimis threshold.

What happens if I don't pay my fees?

On December 31, 2014, all RIA and IAR registrations expire. If you have not paid and renewed those registrations for 2015, you may be terminated and your right to do business may be revoked. Several states automatically terminate your registration through their participation in the Automatic Fail To Renew Program for 2015. If your RIA firm or its representatives are registered or notice filed in a jurisdiction that participates in the program, your jurisdiction has authorized FINRA to automatically terminate your registrations on December 31, 2014 if all fees are not correct funded in the IARD Renewal Account by the deadline (December 12, 2014).

Next Steps

If you are an AdvisorAssist Compliance Client, we will analyze your account and your Preliminary Renewal Statement to provide guidance on requirements and fees. You may also receive notices from the state(s) and/or FINRA. You may forward those to our attention.

If you are not an AdvisorAssist Compliance Client, we welcome the opportunity to discuss our services. Please contact us at info@advisorassist.com.

Additional information can be found on the FINRA website.