March 5, 2013

The AdvisorAssist CCO Series: Custody

Custody. It's one of those words that can silence a room of advisors when you bring it up. While it has always been one of the core components of RIA regulation, the release of the Custody Rule in 2009 both refined and shed more light on this incredibly important subject. An SEC Risk Alert issued on March 4, 2013 confirms that regulators are concerned about advisor's understanding and recognition of custody.

Advisor Custody Rule In a Nutshell

According to the Adviser's Act of 1940, a registered investment advisor is deemed to have custody of client assets or funds if it:
  1. directly or indirectly holds client assets or funds;
  2. has authority to obtain possession of client assets or funds; or
  3. has the ability to appropriate client assets or funds.
Apart from having physical custody of client assets, there are a number of common circumstances that you may find yourself in that would be construed as custody. Some common examples include:
  • Possessing credentials and passwords for client accounts that would allow you to change (without their knowledge) their mailing address, email address or banking information
  • Having the ability to change client account registration details or transfer funds between client accounts with different registrations.
  • Being able to to initiate payment of advisory fees from the client's account to the advisor
  • Having the ability to affect the timing of deposit or withdrawals from client accounts

Advisors that have custody of client assets must be subject to surprise "custody audits" at least annually from an independent auditor.

Among RIAs, the most common circumstance that triggers custody issues is the ability to initiate payment of advisory fees. When you calculate your own advisory fees and transmit this information to your custodian for processing, this is considered custody.

Regulators recognize that this practice is prevalent among RIA firms and that it is one that does not trigger the need for surprise custody audits, so long as long as you adopt certain procedures. These procedures are:
  1. Segregate client assets at a qualified custodian
  2. Notify clients in writing the custodian's name, address and the manner in which the funds and securities are maintained
  3. Ensure that clients receive statements (at least quarterly) that identify their holdings as well as (for most state-registered advisors) the method used to calculate advisory fees

Through the Regulator's Eyes

Like many regulatory topics, there is nothing wrong with having custody or possession of client assets. The key is to understand if/when you may be deemed to have custody and to disclose this to clients and regulators.

Regulators want to ensure that all parties (registered investment advisors, clients, and regulators) understand when and to what extent advisors have "possession" of client securities or funds.  This includes fee deductions, client account access (where you could change account information in a way that could allow for misappropriation of funds) or the timing of deposits or withdrawals.

CCO Best Practices

  • Be sure that you understand the concept of custody so that you remain aware of any practices that may be construed as custody.
  • Perform "due inquiry" (annually) on your custodian to ensure that each of your clients are receiving statements at least quarterly. This can be accomplished by either requesting copies of client statements or asking your custodian for written confirmation that statements were sent to each client.
  • Most state-registered RIA firms must invoice clients directly each time you initiate advisory fee deductions.  This invoice must include a simple explanation of how client fees were calculated.
  • If your firm receives deposit checks directly from clients, maintain a "check log" and institute a policy of remitting these checks within 48 hours of receipt
  • If your firm does have custody, contract with an independent accounting firm to perform surprise custody audits at least annually

The AdvisorAssist CCO Series is a collection of blog posts that cover each of the elements of your RIA's compliance program.  Each post will provide an overview of one compliance topic, including our insights on how regulators view each topic as well as some practical steps to help Chief Compliance Officers address this topic. As always, we would welcome your comments and thoughts.
Brian Lauzon


Brian, your blogs are filled with invaluable information. Thank you!

Post a Comment