January 6, 2015

CCO Series: Top 12 Regulatory Deficiencies for RIAs -- # 5: Brochure Delivery

What You Need to Know

To our surprise, failure to follow the brochure (aka Form ADV Part 2) delivery rules continues to be one of the most common deficiencies for RIA firms.

Annual distribution of Form ADV Part 2 (along with the privacy policy) is required by all RIA firms. Additionally, an updated version must be delivered to clients when any material changes occur within your business.

A common (and logical) questions we get is “What’s material?” The SEC doesn’t define material, which makes sense since materiality is very much dependent on circumstances. A rule of thumb we use with clients is this: if a knowledgeable client or prospect would expect to be alerted of a change, it’s material. Admittedly, this still leaves a lot open to interpretation (we’ve seen it first hand). Regulators will cast the final vote on this during their next examination, so it usually pays to err on the side of caution.

When material changes do occur, RIAs have the following options:

Option 1: If there have been material changes to your business, they must be described in ADV Part 2, Item 2. Under the current rules, you could provide your clients with a summary of these material changes and an offer to deliver the entire ADV Part 2. In your offer you must include instructions on how clients can obtain a copy from you.

Option 2: Advisors can also opt to deliver a full copy of the entire ADV Part 2. In this instance Item 2 - Material Changes still needs to be updated.

All brochures must be delivered to clients within 120 days of fiscal year end. Electronic delivery will suffice if you are attaching the document to an email. Uploading your ADV to your website and sending a link to clients does not constitute proper delivery. You may lose the ability to show exactly what was delivered to the client.

Why You Should Care

Your brochure informs clients of the details of your firm and any recent material changes that could potentially impact them. You should view your brochure as a publicly-visible sign for your firm, and should be written and updated with this notion of "curb appeal" in mind. Potential and current clients see this brochure as a representation of your firm, and providing them with an up-to-date, accurate brochure signals that you take external communications seriously.

Competitors are reading your firm's brochure as well. A sloppy, outdated, or inaccurate ADV sends a message to competitors that may be damaging when competing for new business.

Our Recommendations

To ensure that your firm is keeping up with regulatory requirements and industry best practices in this area:
  • Review your ADV to ensure that it reflects your business, including disclosures for conflicts of interest, outside business activities, advisory services, and advisory fee practices. These are all important issues for regulators.
  • Deliver brochure to clients within 120 days of your fiscal year end
  • Maintain records that demonstrate delivery of Form ADV Part 2 to clients (annually or upon material changes) and prospective clients (prior to executing advisory agreement).
  • Maintain copies of prior versions of your Form ADV Part 1 and 2

AdvisorAssist’s CCO Series: Top 12 Regulatory Deficiencies for RIAs is a series of articles that will help your firm understand and avoid the most common compliance deficiencies found by regulators. Our goal is to help you increase your confidence that your firm remains “exam ready.” Click here to read more posts from our CCO Series: Top 12 Regulatory Deficiencies for RIAs. We would welcome the chance to learn more about you and your firm. Click here to request an introductory call from one of our consultants.

December 10, 2014

CCO Series: Top 12 Regulatory Deficiencies for RIAs -- # 4: Privacy Policies

What You Need to Know

The fourth most common compliance deficiency for RIA firms involves the creation, delivery and enforcement of the firm’s privacy policy.

All RIAs must have a privacy policy in place that outlines how they protect their clients’ confidential information. Advisors are expected to include the following in their privacy policy:
  • What information is collected from clients;
  • What sources that information is collected from (over and above information provided by the client);
  • The firm’s basis for sharing this information;
  • What safeguards you have in place to protect client information; and
  • Any state-specific privacy regulations the firm is subject to.
This privacy policy must be distributed to all new clients, as well as all ongoing clients on an annual basis. Any subsequent changes to the privacy policy necessitates an additional delivery to clients as well.

Why You Should Care

Identify theft, cyber fraud and high profile security breaches have become common occurrences. The media attention they receive has undoubtably heightened your clients' sensitivity to protecting their personal information.

Your privacy policy can become a very compelling relationship management tool, as it serves as a proof statement to clients that you respect and guard their information. Likewise, it should be used internally to lay out for your employees some simple protocols to guide their decisions when handling confidential client information.

As a general policy, supervised persons should not release confidential client information without first consulting with the CCO. This mitigates your regulatory risk by ensuring that nonpublic information is disclosed only to the extent it is needed to conduct business for that client.

Our Recommendations

To ensure that your firm is keeping up with regulatory requirements and industry best practices in this area:
  • Provide a copy of your firm’s privacy policy to new clients along with your investment advisory agreement and Form ADV Part 2. (Since Form ADV Part 2 and the privacy policy follow similar delivery rules, we usually recommend combining these two documents.)
  • Deliver a copy of your privacy policy to all clients at least annually.
  • Confirm that your investment advisory agreements contain an acknowledgement of receipt of your privacy policy.
  • Train your staff on the content, purpose and importance of your firm’s privacy policy.

AdvisorAssist’s CCO Series: Top 12 Regulatory Deficiencies for RIAs is a series of articles that will help your firm understand and avoid the most common compliance deficiencies found by regulators. Our goal is to help you increase your confidence that your firm remains “exam ready.” Click here to read more posts from our CCO Series: Top 12 Regulatory Deficiencies for RIAs. We would welcome the chance to learn more about you and your firm. Click here to request an introductory call from one of our consultants.

November 24, 2014

CCO Series: Top 12 Regulatory Deficiencies for RIAs -- # 3: Advisory Agreements

What You Need to Know

According to the North American Securities Administrators Association (NASAA), 44% of regulatory exams conducted in 2013 resulted in deficiencies related to the firm’s contracts or advisory agreements.

The most common contract deficiency was not in the content of the contracts, but instead the faulty execution of them. In cases where the actual content of the contracts were deficient, the most common issues were:
  • Fees and fee calculation methods not being correctly identified
  • Inaccurate or out-dated terms within the agreement
  • Use of “hedge clauses” that inappropriately limited the advisor’s role or responsibilities

Why You Should Care

Apart from regulatory issues, inaccurate advisory agreements have the potential to negatively impact your firm or your relationship with your clients by increasing business risk, creating the potential for personal liability and creating confusion among clients.

Improperly executed contracts create both regulatory and legal risk, and in some cases financial risk. Documenting and adhering to the fee terms and calculation methods in your advisory agreements will ensure that you are getting paid the correct amount by your clients. Performing a review of your existing agreements gives you a chance to find discrepancies before a regulator does.

Maintaining an updated version of all contract templates (both current and prior versions) serves as an effective control so that your firm is always using the most recent version with new clients.

Our Recommendations

To ensure that your firm is keeping up with regulatory requirements and industry best practices in this area:
  • Don’t “borrow” language from another firm’s advisory agreement. Your agreements must be both internally consistent and in alignment with the language and declarations in your ADV (including the fee calculation methods used).
  • Avoid hedge language that conflicts with or absolves you from your duties as a fiduciary
  • Use a separate agreement for ongoing advisory services (both discretionary and nondiscretionary) as well as “project-based” services, like financial planning. Your duties differ with each and this should be clear in your agreements.
  • Maintain one set of agreements as “production versions” to ensure that the most up-to-date contracts include the current terms.
  • Store retired versions in your books and records files and take steps to ensure that IARs are pulling from the production version.
  • Ensure that you track the delivery and receipt of advisory agreements and maintain a signed agreement for each client. Test the completeness of these files periodically.

AdvisorAssist’s CCO Series: Top 12 Regulatory Deficiencies for RIAs is a series of articles that will help your firm understand and avoid the most common compliance deficiencies found by regulators. Our goal is to help you increase your confidence that your firm remains “exam ready.” Click here to read more posts from our CCO Series: Top 12 Regulatory Deficiencies for RIAs. We would welcome the chance to learn more about you and your firm. Click here to request an introductory call from one of our consultants.

November 11, 2014

CCO Series: Top 12 Regulatory Deficiencies for RIAs -- #2: Registration

What You Need to Know

The second most common compliance deficiency for RIA firms is omissions or inaccuracies in the firm’s Form ADV. Some of these result from inconsistent upkeep of the ADV as the firm evolves. But in most cases we see, the deficiencies occur when firms use cookie cutter ADVs or borrow some/all of the content from another firm’s ADV.

On at least a yearly basis, RIAs are required to review and update their Form ADV so that it accurately describes the nature of their business to clients and prospects. (This occurs within 90 days of the firm’s fiscal year end.)

Advisors are also expected to immediately update their Form ADV to reflect any material changes that occur throughout the year. These updates include, but are not limited to:
  • An accurate description of their fee structure
  • Full and accurate description of their business and services
  • Disclosure of any conflicts of interest or affiliations
  • Significant changes in their business (e.g. meaningful changes in AUM)
  • Changes in how clients may contact the firm (e.g. Address, Phone Number)

Why You Should Care

While it may seem like a hassle to maintain an accurate Form ADV, these documents will not only make a difference from a regulator’s perspective, but also from the point of view of clients and prospects. While not always apparent, your Form ADV creates an initial (sometimes lasting) impression on prospects, clients and competitors. Ensuring the accuracy of your Form ADV can lead to to more productive and efficient relationships by removing (or at least not creating) any potential ambiguity in the early stages of your relationships.

It is not only important that the information contained in Form ADV is comprehensive and accurate, but you must also be able to evidence its timely delivery to all clients and prospects, keeping in mind that regulators must take a stance that if it’s not documented, it didn’t happen.

Our Recommendations

To ensure that your firm is keeping up with regulatory requirements and industry best practices in this area:
  • Avoid using a “one size fits all” approach to creating your Form ADV so that you can be sure that it accurately reflects your firm’s business practices, conflicts of interest, fee schedule, etc.
  • Update both Parts 1 and 2 of the Form ADV at least annually, keeping in mind that it must be updated more frequently if there have been material changes in your RIA.
  • Deliver Form ADV to clients in a timely fashion (within 120 days following your fiscal year end or upon any material update of the document).
  • Deliver Form ADV to all prospects prior to them signing your investment advisory agreement.
  • Maintain records of these distributions to ensure proper documentation for regulators.

AdvisorAssist’s CCO Series: Top 12 Regulatory Deficiencies for RIAs is a series of articles that will help your firm understand and avoid the most common compliance deficiencies found by regulators. Our goal is to help you increase your confidence that your firm remains “exam ready.” Click here to read more posts from our CCO Series: Top 12 Regulatory Deficiencies for RIAs. We would welcome the chance to learn more about you and your firm. Click here to request an introductory call from one of our consultants.

November 4, 2014

CCO Series: Top 12 Regulatory Deficiencies for RIAs -- #1: Books & Records

What You Need to Know

The most common compliance deficiency for RIA firms (impacting roughly 68% of firms) is insufficient maintenance of books and records. Under the “Books and Records Rule” there are several things that must be kept which generally fall into the following categories: Compliance Program, Client Management, Trading, Marketing, and Business Management. For the most part, these must be maintained by all advisors, but there are some requirements that depend on individual business practices, such as soft dollar usage, proxy voting, custody, use of solicitors.

For a detailed look at Books & Records requirements please click here.

For the most part, these records must be kept for a minimum of five years, the first two of which must be “readily accessible” to the advisor. Cloud storage, for example is readily accessible from the advisor’s office. Off site hard copies stored at a facility like Iron Mountain, is not. For the sake of business continuity, it is also important to keep backups of these documents off site in the event of an unexpected disaster.

Why You Should Care

Ensuring that your books and records are in order can be beneficial on several levels. Accurate books and records can validate your firm’s adherence to its fiduciary duty, support the decisions you have made on behalf of your clients, and substantiate your firm’s finances. Considering the fact that state regulators have made a point of ramping up “books and records” examinations and that they are obligated to pursue every complaint received against an advisor, diligent upkeep allows for efficient, swift resolution to future questions.

It should also be kept in mind that these requirements are in place to protect clients from fraudulent management of their assets, which can also provide protection from unwarranted scrutiny for responsibly managed firms. Highlighting this connection between compliance responsibilities and client protection has been a huge missed opportunity for RIAs historically.

Our Recommendations

To ensure that your firm is keeping up with regulatory requirements and industry best practices in this area:
  • Maintain an inventory list that includes any potential requirements, and conduct periodic reviews of your books and records to ensure adherence to the proper regulations.
  • Rather than viewing this regulation as a hassle, it is important to focus on the long term benefits of incorporating these responsibilities into the everyday activities of the firm. Leveraging tools such as a CRM, for example, can instill confident that things are being archived and maintained in an efficient manner.
  • Remain mindful of regulatory “hot spots” that can change over time. These currently include: advertising, email/social media archiving, cybersecurity, and documented investment decision making.
  • Conduct annual due diligence on cloud storage vendors to ensure that they have appropriate physical, electronic and procedural safeguards in place to secure your data.

AdvisorAssist’s CCO Series: Top 12 Regulatory Deficiencies for RIAs is a series of articles that will help your firm understand and avoid the most common compliance deficiencies found by regulators. Our goal is to help you increase your confidence that your firm remains “exam ready.” Click here to read more posts from our CCO Series: Top 12 Regulatory Deficiencies for RIAs. We would welcome the chance to learn more about you and your firm. Click here to request an introductory call from one of our consultants.