September 8, 2014

How to Properly Count Advisory Clients for your RIA Firm's Form ADV

Most advisors view their client base in terms of households (i.e distinct relationships), which often makes it challenging to translate into the “clients” and “accounts” data that regulators expect to see accurately reported in Form ADV 1.

Regulators care about two things: clients and accounts. They do not recognize or ask for any data related to households [Note: In some instances a household may equal a client.] During examinations, regulators will check the accuracy of these numbers in your Form ADV 1, so it is important to understand the logic that goes into calculating them.

In another post, we discuss some tips on how to determine your firm's total accounts.

Who is a Client?

A "client" is any natural person, along with their children (minors) and relatives or spouse with same principal residence. This includes any accounts or trusts where a natural person(s) are the only primary beneficiaries or any entity (corporation, general partnership, limited partnership, limited liability company, trust) where you provide investment advice based on the entity’s investment objectives.

Sometimes it helps to think about this way: to whom do I owe a fiduciary duty? If multiple accounts all roll up to one individual, then typically they count as just one client because your are maintaining one fiduciary relationship between you and that one individual.

Confused yet? Me too. So let’s go through a few scenarios.

If Mr. Smith has an IRA, a taxable account and a corporate account where he’s the sole owner, that’s ONE client because Mr. Smith is the only person engaged in this fiduciary relationship.

If you manage accounts for Mr. and Mrs. Smith and consider both of their interests in making investment decisions, they are generally considered ONE client. (In this case, you should have both spouses as a party to your client agreement.)

If Mr. and Mrs. Smith has two individual accounts and one UGMA, this is ONE client.

If Mr. and Mrs. Smith have one joint tenant account and a trust where they are the sole beneficiaries, this is ONE client. Now if the trust had one additional beneficiary outside of their family, then the trust becomes a separate client (that’s TWO clients).

If Mr. and Mrs. Smith have one joint tenant account and a corporate account that is wholly-owned by both, then that is ONE client. But...if that corporate account had external shareholders (outside their family), then it is TWO clients--the couple and the corporation are each a separate client.

If Mr. and Mrs. Smith have one joint tenant account and an adult child with an IRA, that would generally be TWO clients. But if it were a minor child with a 529 plan, it would be ONE client.

If Mr. and Mrs. Smith have one joint tenant account as well as a trust account for the sole benefit of Mrs. Smith, you can still consider this ONE client. But if trust is for an adult child, it would be counted as TWO clients.

When determining your RIA firm’s total number of clients:
  • You may (but are not required to) include clients where you do not receive no compensation for your services.
  • Include clients who are not U.S. residents (and also report these separately on Form ADV 1).
  • For pooled vehicles (hedge funds and mutual funds), the underlying investors are generally not counted as clients (but this may vary by state). So the fund is considered one client.
  • If you have your principal office and place of business outside the United States, you are not required to count clients that are not United States residents. But if your principal office and place of business is in the United States, you must count all clients.

Brian Lauzon

How to Determine the Total Number of Accounts for your RIA Firm's Form ADV

Regulators expect that RIA firms to accurately report their total number of clients and accounts in Form ADV 1. Determining each of these data points can be trickier than you'd expect. In this post, we lay out the logic you can use to calculate total accounts for Form ADV 1.

In another post, we discuss how to count your firm's total clients.

What’s an Account?

Accounts are distinct (segregated) groupings at the client’s designed custodian, trust company or transfer agency or administrator (collectively the “custodians”). This makes relatively easy to determine (as opposed to total clients) since custodians maintain and report on an account-level basis, with each being specifically identified.

When determining your RIA firm’s total number of accounts:
  • You must only include accounts where you provide continuous and regular supervisory or management services.
  • You must include both discretionary and nondiscretionary accounts, as applicable,and report them separately on Form ADV 1, Item 5.F.
  • You may include accounts where you do not receive compensation for your services, as long as you provide continuous and regular supervisory or management services.
  • For pooled vehicles (hedge funds and mutual funds), the underlying investors are generally not counted. So the fund is one account.
  • You should exclude accounts with zero values or those established to allow a client self-directed investments.

During examinations, regulators will check the accuracy of these numbers in your Form ADV 1. We hope that this helps you accurately calculate and report your RIA firm's total accounts.

August 12, 2014

The AdvisorAssist CCO Series: Business Continuity Planning (BCP)

Each of us tend to either ignore or underestimate the possibility of disasters occurring in our futures. This has been proven time and again by cognitive science research and often referred to as "normalcy bias."

In our experience, RIA firms place a high importance on business continuity planning, yet often (particularly with smaller firms), either postpone or abbreviate the process of creating, testing and maintaining their business continuity plans.

These tendencies leave them exposed to the risk of disruptions in their ongoing responsibilities to clients. However, they would all agree that the protection of client information is essential to maintaining the integrity of their business.

Advisor Business Continuity Planning (BCP) In a Nutshell

We employ this framework to help RIA firms implement their business continuity planning:
  1. Business Analysis. Identify the critical business processes that you must perform daily, as well as those that become critical in a typical 10-day period. Think through the possible and likely scenarios that could result in a business disruption (i.e. power outages, weather, systems failures in your office building). Take an inventory of all technologies and external partners that you rely on to run your business.
  2. Plan Design. Define the scope of your plan. (Will it cover disaster recovery only or should it be expanded to include succession planning to mitigate key-person risk?) Your BCP must also contain: firm policy/plan expectations, contingency scenarios, critical business functions (Day 1 vs. Day 10), critical business systems and how to access them, Contact information for employees, vendors and partners, alternate work location(s), back-up and restoration of critical information, protection of client information, and protocols for testing, updates and revisions.
  3. Implementation. With the buy-in and support of your leadership, socialize and review the plan with your team and provide training (and cross-training) for key activities, data access and data protection. Ensure that your plan is accessible to everyone from a remote location (e.g. current copy at home, copy on separate secure server or Intranet)
  4. Testing. Perform a "real" test at least annually by following the BCP as written. Your BCP should be self-implementing; it should contain the process for how to continue your business operations. Document gaps in the plan and document deviations from the plan. Require full participation (at the same time!) and test all critical functions and systems, including operations, vendors, and communications.
  5. Maintenance. Update your plan on a real-time basis for process changes, technology enhancements, regulatory changes, and contact information. Deliver and train your team on changes.

Through the Regulator's Eyes

The SEC has identified business continuity planning as a requirement for RIA firms. (See SEC Release IA 2204) While they require policies and procedures to address business continuity, they do not mandate specific requirements for the BCP, other than it must address the procedures to meet the fiduciary responsibility to protect client interests from being at risk as a result of an advisor’s inability to operate. Some states have adopted formal BCP requirements for state-registered RIA firms. If you are a state-registered RIA firm, be sure to verify your BCP meets applicable state requirements, or check with your compliance consultant.

Regardless of the implicit or explicit requirements, all RIAs should have a formal BCP in place to demonstrate to regulators and clients that they have planned for the undisrupted performance of their fiduciary duty.

CCO Best Practices

  • Plan for the 99.5% and not the 0.5%
  • Ensure buy-in from senior management and owners
  • Test your plan at least annually by selecting one day to conduct business from alternate location(s)
  • Update your plan with new and changing contact information for staff and external partners
  • Ensure that information security is a priority of your BCP, including the protection of client information during business disruptions
  • For state-registered RIAs, validate against the NASAA model rule for business continuity planning
  • Leverage your business continuity planning obligations by using them as a foundation for a documented operating plan (Operating Manual) for your business. Your firm's activities can run just as smoothly day-to-day as they do during business disruption!


The AdvisorAssist CCO Series is a collection of blog posts that cover each of the elements of your RIA's compliance program.  Each post will provide an overview of one compliance topic, including our insights on how regulators view each topic as well as some practical steps to help Chief Compliance Officers address this topic. As always, we would welcome your comments and thoughts.
Brian Lauzon

May 8, 2014

Chris Winn will be hosting a webinar on "SEC's New RIA Guidance On Social Media" at 4:00pm EST

Advisors4Advisors

SEC's New RIA Guidance On Social Media


Register Now
Friday, May 9 at 4 p.m. Eastern
http://advisors4advisors.com/webinar-registration

You must be a paying A4A member ($60 annually) to attend webinars, view replays, and receive CPA,
CFP or IMCA CE credit. Join.
 
How do RIAs and their teams use social media without raising the risk of compliance problems?

Last month, the SEC released new guidance for RIAs on the use of client testimonials in social media, clarifying what you can and cannot say and do. For instance, publishing a partial client list is okay, the SEC says, and SEC no longer maintains that a social profile with non-investment related commentary regarding an IAR, such as regarding an IAR’s religious affiliation or community service, may violate the testimonial rule.   

At this webinar, Chris Winn will cover the current trends in social media regulation, including the SEC’s recent guidance to provide practical advice to navigate the social world in a compliant manner, including:
  
  • Current social media regulatory framework
  • New SEC guidance
  • When is an action a "testimonial"?
  • Common social media mistakes made by IARs
  
Chris Winn is founder of AdvisorAssist, a management consulting firm focused exclusively on investment advisory firms. AdvisorAssist manages the start-up and transition to help firms get off to a good start. It also provides ongoing support on compliance, practice management and technology to aid in risk-managed growth. Services include strategy, transition management, registration, incubation, vendor selection and compliance program design.
Advisors4Advisors is a continuing education sponsor for CFP, CPA, CIMA, CIMC, and CPWA professionals. CFP® and IMCA-accredited professionals receive professional education credit on 24/7 replays as well as live sessions held Fridays at 4 p.m. ET. CPAs must attend live sessions to receive CPE. View details.

This webinar is pending eligibility for CFP®, IMCA® and PACE credit toward CLU® and ChFC® designations and it is eligible for CPA CPE credit.
Who Should Attend:
 Financial Advisors, CFPs, CFAs, CPA/PFSs, CIMAs, CLUs and ChFCs.
Cost: There is no fee to attend this course if you are a member of Advisors4Advisors ($60/year).CPE credit: 1 hour, in the Regulatory Ethics field of study
Prerequisites: None
Advanced Preparation: None
Course Level: Overview
Course Delivery Method: Group Internet-Based
Program Policies: For more information regarding administrative policies such as refund, cancellation and complaint, please contact our offices at 516-333-0066 x219, or via email: admin@advisors4advisors.com.

Advisors4Advisors is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website:www.learningmarket.org. Advisors4Advisors is also approved as a continuing education sponsor by IMCA, which administers the CIMA and CPWA designations, and CFP Board of Standards, which licenses the designation for CFP® professionals.
View webinars

February 21, 2014

SEC Warns Never Before Examined Advisors - We're Coming!

Are you ready for an SEC Exam?

If you are SEC registered and have yet to receive an exam, you better prepare.

For months the SEC has alluded to its focus on "never-before examined advisers".

On February 20, 2014, despite tight resources at the SEC, they formally issued a letter to Firm Owners and Chief Compliance Officers.

"Our [SEC] records indicate your firm is a registered investment adviser that has never been examined by the Office of Compliance Inspections and Examinations (“OCIE”) within the United States Securities and Exchange Commission (“Commission”)." [See SEC Letter dated February 20, 2014.]

So, we have established they are coming. Now we are left with "when" and are you ready?

As a compliance consultant, I can attest that the SEC has been active. We have been neck deep in supporting advisor exams throughout the fall and coming into 2014. However, it is quite doubtful that they will get to all NBE Advisers in 2014, but your firm must prepare as if your turn is imminent.

The SEC has disclosed two approaches towards these examinations, including: a risk assessment reviews and focused reviews.

Risk-Assessment Reviews are broader examinations that cover your entire compliance program. These reviews will focus on the effectiveness of your overall compliance program in preventing, detecting and correcting violations of the securities laws. In these examinations, the SEC will examine your overall business model and ensure you not only have the policies and procedures in place, but that your firm adheres to these policies consistently. The SEC will focus on your documentation and its consistency. [Note: If you can prove you completed a task or action, it did not happen in the eyes of the regulators. So please maintain proper documentation of business and compliance activities.]

Focused Reviews will target specific areas of your business model, including the Compliance Program, Filings/Disclosures, Marketing, Portfolio Management, and Safety of Client Assets. While these items may sound focused, they are both broad and inherent in most aspects of your enterprise risk and compliance. If the SEC finds some areas of weakness, they are very likely to continue into a deeper examination. In addition, the SEC recently announced their 2014 Priorities, which may yield some additional insights into the topics for Focused Reviews.

So how do you prepare?

There is no single answer to this question, but certainly taking no action has a certain end result. Here are some suggestions:

  • Risk Inventory. Start with developing a risk matrix that identifies all the business and compliance processes of your firm. Rank each items for their level of risk, impact, frequency and other parameters. The outcome of this activity should be a sortable list of your risk areas that can serve as the basis to formulate priorities.
  • Review Action Plan. Develop a reasonable and continuous action plan to review the target areas on your risk assessment. [Note: you will want to cover all areas of your business over time.]
  • Document. Document. Document. It is imperative that you document the details of your reviews. If you find areas of material weakness, you may want to consult your compliance or legal partners before committing the issues to writing. However the key takeaway is that you must be able to demonstrate [through evidence] that you perform these reviews of your firm. The approach towards documentation is not defined by the regulations, but it must sufficient to demonstrate the effectiveness of the control environment.
  • Leverage your Team. Compliance has largely been left on the shoulders of the Chief Compliance Officer. An effective compliance program contemplates a "culture of compliance". Leaving the risk management to the CCO is not an effective way to manage risk and it naturally results in a low return on your investment. Integrating risk management into your organization brings accountability to all supervised persons of your firm and creates a stronger risk environment.
  • Seek External Support. If you have areas of your compliance program that require immediate attention or you are not sure how to get started, it is often best to engage external compliance resources. Mock examinations, structured compliance programs and targeted support are some of the options that are available.

Best of luck in your preparation