What you need to know
In developing policies and procedures for a registered investment advisor ("RIA") a topic that should be addressed is custody. As stated in their release, the SEC created rule 206(4)-2 under the Advisers Act, “to reflect modern custodial practices and clarify circumstances under which a RIA has custody of assets.” The rule requires a RIA that has custody of client securities or funds to implement a set of controls designed to protect those assets from being lost, misused, or misappropriated. The rule provides that, in general, a RIA should maintain funds and securities with a broker-dealer, bank, or other "qualified custodian" to avoid having custody themselves. Then, if the qualified custodian sends account statements directly to the RIA's clients, the RIA is relieved from undergoing an annual surprise custody audit. Many states have also implemented custody rules similar to 206(4)-2.
Definition of Custody
A RIA has custody when it holds, "directly or indirectly, client funds or securities or [has] any authority to obtain possession of them." The SEC created examples to illustrate circumstances under which a RIA has custody of client funds or securities.
- Holding clients' stock certificates or cash, even temporarily, is custody. However, the rule acknowledges that there may be times of inadvertent receipt of funds or securities. Therefore, to avoid custody, any check or security certificate inadvertently received by a RIA must be returned to the sender or placed with the qualified custodian within three business days of receiving them.
- A RIA has custody if it has the authority to withdraw funds or securities from a client's account, such as a power of attorney, possession of account login credentials or an authorization other than discretionary trading.
- Acting in any capacity that gives it legal ownership of, or access to, the client funds or securities, such as acting as both general partner and investment advisor to a limited partnership is custody. As general partner, the RIA generally has authority to dispose of funds and securities in limited partnership account(s) and thus has custody.
- Collecting prepayment of fees in an amount of $1,200 or more for services to be performed six months or more in advance. In this case, the RIA must include an audited balance sheet with its Form ADV deliveries to clients from whom the RIA has received such prepayments.
Avoiding Custody Issues
There are several steps to take in order to avoid custody issues:
- Due Inquiry. A RIA is required to have a reasonable basis to believe that, after due inquiry, the qualified custodian is delivering an account statement to each of your clients at least quarterly. The account statements must identify the amount of funds and of each security in the account at the end of the period and setting forth all transactions in the account during that period. In SEC Release No. IA-2968, the SEC identified common ways to satisfy due inquiry requirement:
- Request copies of client account statements be sent to them.
- Request a written confirmation from the custodian that the account statement was sent to each client.
- The CCO maintains his or her personal accounts at the same qualified custodian that has all of the RIA’s Client accounts and the CCO ensures that he or she receives statements at least quarterly.
- Have written authorization from the Client to deduct advisory fees from the account;
- Each time a fee is directly deducted, the RIA concurrently sends the qualified custodian notice of the amount of the fee to be deducted, and client an invoice itemizing the fee including the formula used to calculate the fee, the amount of assets under management upon which the fee is based, and the time period covered by the fee;
- Ensure the qualified custodian sends statements, on at least a quarterly basis, to Clients showing all disbursements, including the amount of the advisory fees; and
- Form ADV states that the Advisor intends to use the safeguards provided in regulation, instead of the requirements for custody.
- the Client has authorized the RIA in writing to make such transfers and
- a copy of that authorization is provided to the qualified custodian, specifying the Client accounts maintained with qualified custodian.
For transfers outside of the qualified custodian or recurring transfers, the RIA should have an authorization signed by the Client for each transfer specifying the transfer destination and the dollar amount for each transfer.
For RIAs that have custody of funds or securities there are a number of requirements in order to ensure that the RIA is a “qualified custodian” for those assets.
- Annual audited financials. A RIA with custody of Client funds or securities must have its financials audited annually and then report the balances on Part 1 of Form ADV.
- Annual surprise examinations. The independent verification and audit of the custodied funds must occur at at a time that is chosen by the accountant without prior notice or announcement to you and that is irregular from year to year. The accountant must be registered with the Public Company Accounting Oversight Board.
- Internal controls report. Based on the surprise examination, the accountant must issue a written internal control report with opinions as to whether controls have been placed in operation as of a specific date, and are suitably designed and are operating effectively to meet control objectives relating to custodial services, including the safeguarding of funds and securities held during the year.
- The accurate creation of required records and their maintenance in a manner that secures them from unauthorized alteration or use and protects them from untimely destruction;
- In addition, many states also require that RIAs with custody also maintain at least a specific amount of net capital or require a surety bond.
What are the next steps for a CCO?
To ensure that you are properly dealing with custody issues AdvisorAssist recommends the best practices of:
- Perform an assessment to determine whether or not you have custody of client assets or securities, and respond appropriately, depending upon your intention to have custody or not.
- Implement controls to ensure the proper handling of client assets and securities to avoid the abuse of the authority granted by your clients to access and manage their assets and securities.
- Perform "due inquiry" on your custodian to ensure that each of your Clients are receiving statements at least quarterly.
- Review your advisory agreements to ensure that you have proper authorization to deduct fees from Client accounts.
- If your RIA receives deposit checks or stock certificates from Clients, maintain a "checks received log" and institute a policy of remitting these checks within 72 hours of receipt to the qualified custodian.
- If your RIA maintains custody, contract with an independent accounting firm to perform surprise custody audits at least annually on the accounts over which you have custody.
- If you are a state registered RIA, review your fee deduction process to ensure that each time a fee is directly deducted, you concurrently send the qualified custodian notice of the amount of the fee to be deducted, and the Client an invoice itemizing the fee including the formula used to calculate the fee, the amount of assets under management upon which the fee is based, and the time period covered by the fee.
The AdvisorAssist CCO Series is a collection of blog posts that cover each of the elements of your RIA's compliance program. Each post will provide an overview of one compliance topic, including our insights on how regulators view each topic as well as some practical steps to help Chief Compliance Officers address this topic. As always, we would welcome your comments and thoughts.