Books and records compliance for registered investment advisers is one of those activities that can be as simple or as difficult as one choses to make it.
Admittedly, it does take some time and know-how to understand exactly must be maintained. But if you think about it, each of these records are really just outputs from a well-managed firm (e.g. financial statements, communication tracking, version-controlled document storage). By and large, each requirement has a purpose behind it that will help you manage your firm in a more effective and risk-managed manner..
So if you approach records retention not as a compliance requirement but as a result of sound business management, you will be amazed by how it can be simplified, while at the same time improving the effectiveness of how your firm is run.
Investment Advisor Books and Records In a Nutshell
Investment advisors are expected to make and keep true, accurate and current books and records relating to its investment advisory business. The overarching objective behind these requirements is the protection of your clients and the general public. Regulators expect advisors to be able to produce any information that may be used to substantiate their finances, support the decisions behind all of the decisions they make on behalf of their clients, and validate that they are always adhering to their fiduciary duty.
The records that advisors must maintain fall into these general categories: Compliance Program, Client Management, Trading, Marketing, and Business Management. The majority of these must be maintained by all advisors, but there are a number that depend on your specific business practices (e.g. soft dollar usage, proxy voting, custody, government-related clients, use of solicitors).
For reference, here is a link for the complete books and records requirements for investment advisors. Click Here.
Most records have a prescribed retention duration of five years (the last two of which must be on-site or accessible from your office). Some records must be retains for longer periods of time, or indefinitely. For example, an advertisement for a one-time event must be kept for 5 year from the date of the event (it's last use) and a Client Agreement (while the client is active) must be kept as long as you have this client under this agreement. And then you must keep for at least 5 more years.
Thankfully, regulators allow for records to be maintained electronically using cloud-based storage. When doing so, advisors must demonstrate their ability to reasonably safeguard them from loss, alteration or destruction and to prevent unauthorized access from individuals outside your firm. Scanning and storing hard copies is fine as well, as long you can attest that the retrieved record is legible, complete and true.
Through the Regulator's Eyes
It's helpful to keep in mind that the purpose of advisor records retention is to protect the general public, including your clients. Regulators expect you to be able to produce any information that may be used to substantiate your finances, support the decisions made on behalf of your clients, and validate that you are always adhering to your fiduciary duty.
Thinking through an example of a client complaint sometimes helps reveal the regulators' logic. Regulators are obliged to respond to every complaint lodged against an advisor. When doing so, they will likely want to see documentation of everything that client received from you (historical versions of your ADV, marketing collateral), nature of the relationship (client agreement), any interim communications (client communications log), and any supporting documentation for your investment decisions.
A complete set of records will allow you to produce this history quickly and efficiently so that the regulator can come to a swift resolution.
State regulators have stepped up "books and records" examinations, especially with newly-registered advisors. Their objective is to assess not only the ability to produce these records but also the business practices that surround them. If they perceive sloppiness or indifference, they come back for a more complete examination.
CCO Best Practices
- Create an "inventory list" that includes all books and records requirements. Then, mark off those which pertain to your particular business model and practices. For example, your inventory list will include proxy voting records, but if you don't vote proxies, mark it as "NA". This way you are demonstrating that you understand that proxy voting records should be maintained, but since your agreements and ADV state that you don't, this doesn't apply.
- Don't approach records retention as a "compliance chore". The path of least resistance in the long term is to incorporate these responsibilities into your everyday activities. For instance, your client on-boarding process should include each of the activities and documents needed for compliance retention. If you are using your CRM religiously, you can be confident that all client communications are archived in an easily accessible manner as well.
- Be wary of over-reliance on third-party generated records. Your portfolio management system may not store all of the order ticket and confirmation data you need to pass muster with a regulator.
- Remain mindful of regulatory "hot spots". Hot spots include advertising (review and archiving), email/social media archiving, security of electronic storage, and documented investment decision making.
- Pay particular attention to your firm's "high risk" areas. These may include trade allocation procedures, social media advertising, soft dollars, or any area where there is a disclosed conflict of interest.
- Conduct (and document) annual due diligence on cloud storage vendors to ensure that they have appropriate physical, electronic and procedural safeguards in place to secure your data.
The AdvisorAssist CCO Series is a collection of blog posts that cover each of the elements of your RIA's compliance program. Each post will provide an overview of one compliance topic, including our insights on how regulators view each topic as well as some practical steps to help Chief Compliance Officers address this topic. As always, we would welcome your comments and thoughts.