CCO Series - Trade Errors

What You Need to Know

In developing policies and procedures for a Registered Investment Advisor ("RIA") a topic that must be addressed is trade errors. To uphold the fiduciary duty owed to clients of your RIA, your policies and procedures must cover how you handle errors that may occur when trading in a client's account. If a trading error occurs in a client's account managed by an RIA there are critical response items to consider in order to uphold your fiduciary duty. Implementing these compliance components can demonstrate to a regulator that you are satisfying your regulatory requirements.

What is a Trade Error?

The most common trade error is buying the wrong security or the wrong amount. Here are a few other examples of events that are considered trade errors:

• Trading in the wrong client account
• Trading in the wrong direction (buy vs. sell)
• Trading at the wrong price (limit orders, etc)
• Incorrect block trade allocation
• Violation of client account restriction (tobacco, oil, military)
• Violation of client account suitability (aggressive vs conservative)
• Delayed execution of trade instructions
• Duplicate execution of trade instructions

How to Handle Trade Errors

Even if the error does not fit into one of these examples you must discuss any potential or actual trade errors with your CCO to ensure compliance. CCOs should document the event within their trade error log and save all related documentation for the RIA's books and records. Consider communicating with the clients as needed to explain events in their statements or other irregular trading activity. Most trade errors can be resolved prior to settlement by the custodian if they are promptly discovered and communicated.

Reviewing Policies and Procedures

Advisors must ensure their policies and procedures require the disclosure of trade errors to the CCO and that trade errors are documented in the Advisor's trade error log. The log must also include any related backup or other documentation, that the trade errors are resolved in a way that makes the client whole and absolves the client of consequences of the Advisor's error. Additionally, trade errors should be reviewed at least annually by the CCO or delegate to ensure that any reasonable changes to the Advisor's business practices that could eliminate future errors are considered for implementation. During this annual review, the CCO or delegate must also update the Advisor's trade error policy as needed to ensure it accurately reflects how trade errors are resolved.

What are the Next Steps for a CCO?

Sample review transactions from your firm’s trading blotter to ensure trades are placed accurately in accordance with documentation and client objectives. Ensure any and all trade errors are documented in your firm's trade error log. Confirm that trade error files maintain documentation related to the specifics of the trade error as well as documentation substantiating the resolution. Consider reasonable changes to business practices that could eliminate the potential for future errors. Finally, remain aware of any changes to trade error policies and procedures that may be imposed by your custodian and ensure your internal policies remain accurate. Ensure proper communication of trade error policies and procedure to supervised persons.

The AdvisorAssist CCO Series is a collection of blog posts that cover each of the elements of your RIA's compliance program. Each post will provide an overview of one compliance topic, including our insights on how regulators view each topic as well as some practical steps to help Chief Compliance Officers address this topic. As always, we would welcome your comments and thoughts.

Read More

CCO Series - Client Suitability

As a fiduciary, an RIA firm is required to make investment decisions in the best interests of its clients. When making decisions regarding the investment options for accounts an RIA firm needs to be able to defend such decisions as being reasonably suitable to the goals and needs of its beneficial owners. Regulators will seek to ensure that decisions made by the firm during the course of providing its services primarily benefit the client and are suitable for a particular account's objectives. Documentation that define a fund's investment objectives or a model portfolio strategy will be compared against the trading history and the decisions made for clients to validate whether or not the firm is making suitable investment decisions when providing its services.

RIA Client Suitability In a Nutshell

Client suitability starts with information about how the RIA firm's investment managers will provide its advisory services and the information about the client or fund that will be relied upon to guide those decisions. For a typical retail RIA situation, this may include your client profile, risk tolerance questionnaire, investment policy statement (IPS), or client notes capturing similar information. For structured investment products this may include the operating agreements, offering documents, and similar information about the funds, parties and entities involved. As these documents are executed, modified, updated or amended the advisor should keep and maintain this additional documentation for their firm's books and records.

Risks related to strategies used by an RIA firm must be disclosed to clients through Form ADV. Specifically in Form ADV Part 2A, the Disclosure Brochure, Item 8 Methods of Analysis, Investment Strategies and Risk of Loss should contain information regarding how the firm's investment management services will be applied to the client's accounts and the potential losses that can occur due to the way the firm will invest the client's assets. It is important for firms to review these disclosures and ensure they accurately reflect the firm's investment methods and cover the risks related to the firm's advisory services.

Confirming Suitability

After collecting a client's information, having them sign an advisory agreement and providing a copy of your ADV and other new client paperwork, suitability becomes a compliance matter for the relationship as you move to digest the information and start making investment decisions for the client's account(s). While your documentation may tell the client to notify your firm of any changes to their profile, goals or objectives, every RIA firm still has an obligation to reach out to the client and confirm the information you have is still accurate and that ultimately to confirm your current understanding of what is suitable for that client.

Confirming suitability can take the shape of having the client complete a new risk questionnaire, sign a new IPS, or to have a meeting with the client where you discuss the management of their account and address suitability matters. Documenting this confirmation is critical to the firm's books and records for compliance purposes on this topic, and can take the form of client notes indicating suitability was discussed and the results of that discussion, or the updated formal documents such as the questionnaire or IPS. For fund managers, this activity means ensuring that the decisions being made for the fund are reasonably accomplishing the objectives of the fund as described in its documentation and ensuring that due diligence documentation is retained for various non-public investments. By having this documentation in your firm's books and records you can demonstrate that your firm has upheld their fiduciary duty when making investment decisions for its various clients.

Through the Regulator's Eyes

Regulators expect RIA firms to maintain documentation on each advisory client to support the investment decisions made for their account(s). During an examination, regulators will typically ask firms to provide their risk questionnaires or similar documents used to obtain information about their clients, and will also request information about trades in client accounts, and will reconcile the two to ensure that decisions made for clients are suitable and that there is a rational basis between the documentation, analysis, and investments. Further, regulators will review the information in your firm's disclosure brochure to reconcile to the types of investments to ensure that the strategies and risks are properly and fully disclosed to clients.

CCO Best Practices

Conduct a random sampling review of client files to verify that suitability is appropriately documented. Run a comparison between the client's trading history and the suitability documented to ensure investment decisions are in line with investment objectives. Validate that the last outreach attempt to each client is within one year. Additionally, review your firm’s client intake/onboarding and ongoing review process to ensure you are capturing adequate information to make, or continue to make, appropriate investment decisions in client accounts and provide advice that is in the client’s best interest.

The AdvisorAssist CCO Series is a collection of blog posts that cover each of the elements of your RIA's compliance program. Each post will provide an overview of one compliance topic, including our insights on how regulators view each topic as well as some practical steps to help Chief Compliance Officers address this topic. As always, we would welcome your comments and thoughts.

Read More

The AdvisorAssist CCO Series: Anti-Money Laundering (AML)

This is one of those subjects that are difficult to imagine until it happens. Fortunately, to date, the regulators have not imposed onerous requirements on RIA firms, like they have with custodians and broker-dealers. AML for investment advisors is one of those regulatory topics that always seems to resurface and we believe that more formal AML procedures will be eventually be expected from RIAs. In the interim, we have produced some best practices so that your RIA firm is aware of the subject and is armed with the basics of identifying suspicious activities.

Anti-Money Laundering (AML) In a Nutshell

Money laundering is the process by which individuals or entities attempt to conceal the true origin and ownership of the proceeds of criminal activities, such as organized crime, drug trafficking or terrorism. Anti-money laundering (AML) is a general term that describes the controls used by financial institutions to prevent, detect and report money laundering activities. AML program requirements for financial institutions are laid out in various laws including the Bank Secrecy Act of 1970, the Money Laundering Control Act of 1986, and the USA Patriot Act.

For a more digestible summary of all AML-related laws can be found here.

Through the Regulator's Eyes

Registered investment advisors do not fall under the definition of "financial institution", so (at this point) they are not subject to extensive anti-money laundering requirements. There have been many overtures by the U.S. Treasury Department's Financial Crimes Enforcement Network ("FINCEN") to bring RIAs under similar requirements. The director of FINCIN reignited these efforts by indicating that Treasury intends to revisit this topic and finalize rules for RIAs. By all indications, advisors will ultimately have increased AML rules at some point in the near future. For the time being, we recommend that RIAs adopt certain best practices related to AML.

CCO Best Practices

• Perform due diligence on each new investor to ensure you can confirm their identity and that the individual or entity is not on the Office of Foreign Asset Control (OFAC) sanctioned list. (This may be delegated to a third party like a custodian.)
• Monitor client transactions for suspicious activity (e.g. reluctance to provide identifying information, frequent deposits of cash, cashier's checks or money orders, or wire transfers slightly under $10,000, or acting on behalf of an undisclosed person or entity.

The AdvisorAssist CCO Series is a collection of blog posts that cover each of the elements of your RIA's compliance program.  Each post will provide an overview of one compliance topic, including our insights on how regulators view each topic as well as some practical steps to help Chief Compliance Officers address this topic. As always, we would welcome your comments and thoughts.

Read More

The AdvisorAssist CCO Series: Books & Records

Books and records compliance for registered investment advisers is one of those activities that can be as simple or as difficult as one chooses to make it.

Admittedly, it does take some time and know-how to understand exactly must be maintained. But if you think about it, each of these records are really just outputted from a well-managed firm (e.g. financial statements, communication tracking, version-controlled document storage). By and large, each requirement has a purpose behind it that will help you manage your firm in a more effective and risk-managed manner.

So if you approach records retention not as a compliance requirement but as a result of sound business management, you will be amazed by how it can be simplified, while at the same time improving the effectiveness of how your firm is run.

Investment Advisor Books and Records In a Nutshell

Investment advisors are expected to make and keep true, accurate and current books and records relating to its investment advisory business. The overarching objective behind these requirements is the protection of your clients and the general public. Regulators expect advisors to be able to produce any information that may be used to substantiate their finances, support the decisions behind all of the decisions they make on behalf of their clients, and validate that they are always adhering to their fiduciary duty.

The records that advisors must maintain fall into these general categories: Compliance Program, Client Management, Trading, Marketing, and Business Management. The majority of these must be maintained by all advisors, but there are a number that depends on your specific business practices (e.g. soft dollar usage, proxy voting, custody, government-related clients, use of solicitors).
For reference, here is a link for the complete books and records requirements for investment advisors. Click Here.

Most records have a prescribed retention duration of five years (the most recent two of which must be on-site or accessible from your office). Some records must be retained for longer periods of time, or indefinitely. For example, an advertisement for a one-time event must be kept for 5 years from the date of the event (it's last use) and a Client Agreement (while the client is active) must be kept as long as you have this client under this agreement. And then you must keep for at least 5 more years.

Thankfully, regulators allow for records to be maintained electronically using cloud-based storage. When doing so, advisors must demonstrate their ability to reasonably safeguard them from loss, alteration or destruction and to prevent unauthorized access from individuals outside your firm. Scanning and storing hard copies is fine as well, as long you can attest that the retrieved record is legible, complete and true.

Through the Regulator's Eyes

It's helpful to keep in mind that the purpose of advisor records retention is to protect the general public, including your clients. Regulators expect you to be able to produce any information that may be used to substantiate your finances, support the decisions made on behalf of your clients, and validate that you are always adhering to your fiduciary duty.

Thinking through an example of a client complaint sometimes helps reveal the regulators' logic. Regulators are obliged to respond to every complaint lodged against an advisor. When doing so, they will likely want to see the documentation of everything that client received from you (historical versions of your ADV, marketing collateral), nature of the relationship (client agreement), any interim communications (client communications log), and any supporting documentation for your investment decisions.

A complete set of records will allow you to produce this history quickly and efficiently so that the regulator can come to a swift resolution.

State regulators have stepped up "books and records" examinations, especially with newly-registered advisors. Their objective is to assess not only the ability to produce these records but also the business practices that surround them. If they perceive sloppiness or indifference, they come back for a more complete examination.

CCO Best Practices

• Create an "inventory list" that includes all books and records requirements. Then, mark off those which pertain to your particular business model and practices. For example, your inventory list will include proxy voting records, but if you don't vote proxies, mark it as "NA". This way you are demonstrating that you understand that proxy voting records should be maintained, but since your agreements and ADV state that you don't, this doesn't apply.
• Don't approach records retention as a "compliance chore". The path of least resistance in the long term is to incorporate these responsibilities into your everyday activities. For instance, your client on-boarding process should include each of the activities and documents needed for compliance retention. If you are using your CRM religiously, you can be confident that all client communications are archived in an easily accessible manner as well.
• Be wary of over-reliance on third-party generated records. Your portfolio management system may not store all of the order ticket and confirmation data you need to pass muster with a regulator.
• Remain mindful of regulatory "hot spots". Hot spots include advertising (review and archiving), email/social media archiving, security of electronic storage, and documented investment decision making.
• Pay particular attention to your firm's "high risk" areas. These may include trade allocation procedures, social media advertising, soft dollars, or any area where there is a disclosed conflict of interest.
• Conduct (and document) annual due diligence on cloud storage vendors to ensure that they have appropriate physical, electronic and procedural safeguards in place to secure your data.

Read More

The AdvisorAssist CCO Series: Privacy & Information Security

A central element of your RIA firm’s fiduciary duty is the protection of clients’ confidential information. These responsibilities are laid out in your firm’s Privacy Policy.

A topic that is closely related to your duty of privacy and confidentiality is information security. Formal information security policy manuals for RIAs, a proposed (but not yet codified) regulatory requirement, offer many best practices that help advisors demonstrate their commitment to protecting client information.

The RIA Firm's Privacy & Information Security Responsibilities In a Nutshell

Supervised Persons of an RIA firm must keep confidential at all times any nonpublic information that they obtain during the course of carrying out their advisory responsibilities.

This includes client or prospective client identities, their identifying information (e.g. addresses, dates of birth, social security numbers), their investments and their account activity. (Some states maintain distinct definitions of identifying information that must be protected)

As a policy, Supervised Persons must not release confidential or nonpublic information without consulting the Chief Compliance Officer (“CCO”) in advance. When disclosure is necessary to conduct business for a client, nonpublic personal information should be limited to the extent necessary or appropriate.

At least annually, RIA firms must provide notice to clients describing the firm’s privacy policies, to the extent required by law. This can be accomplished by delivering a copy of the firm’s Privacy Policy.

Your firm’s Privacy Policy should contain the following:

1. What information you collect from clients
   
2. What sources you collect information from, over and above information provided by the client
   
3. Your firm’s basis for sharing this information
   
4. Any state-specific privacy regulations (Currently CA, MA, and VT have specific privacy laws that extend beyond federally-mandated rules.)
   

Advisors must also ensure that appropriate safeguards are in place to protect client information (i.e. information security practices).

Through the Regulator's Eyes

In 2000, the SEC adopted Regulation S-P, which covers the rules related to the Privacy of Customer Financial Information. In the hyper-networked, digital world we live in, regulators obviously want to continue to ensure the general public that their private information is adequately safeguarded. Regulation S-P requires advisors to adopt and maintain written supervisory procedures to protect the privacy of customer data.

CCO Best Practices for Privacy

• Provide a copy of your firm’s Privacy Policy to new clients along with your investment advisory agreement.
  
• Deliver a copy of your Privacy Policy to all clients at least annually. This is most easily accomplished by including it with your annual ADV delivery in April (October RIA firms with 6/30 fiscal year ends.)
  
• Confirm that your investment advisory agreements contain an acknowledgment of receipt of the privacy notice if required.
  

CCO Best Practices for Information Security

• Identify any reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of personal information and personal information systems. Consider potential options to mitigate or eliminate these risks.
  
• Adopt written policies that address the proper disposal of personal information that is not required to be maintained for Books and Records purposes.
  
• Be judicious about the amount of personal information that you collect and limit it to what is necessary to perform your duties.
  
• Adopt a “clear desk” policy (so that employees don’t leave sensitive information out in the open) and ensure that physical client files are locked when not in use.
  
• Limit systems access to active users (Supervised Persons) only and delete access credentials for departed staff.
  
• Ensure that work computers are set up to require periodic updates of strong passwords. Here’s a great tool to test exactly how strong your passwords are: HowSecureisMyPassword.net.
  
• Encrypt and password protect all portable electronic devices.
  
• Use encryption when sending data electronically.
  
• Secure and password protect wireless networks.
  
• Install (and update!) firewalls and anti-virus protection for all computers that are used to access client data (including personal computers if employees do work from home).
  
• Monitor and limit the information that is brought into your firm by new employees and ensure that this information is in accordance with the privacy policies of their prior employer and does not breach confidentiality agreements.
  
• Take reasonable steps to select and retain service providers that maintain appropriate safeguards for the personal information at issue. Request copies of your service providers’ information security protocols.
  
• Include information security training as part of your annual CCO meeting with Supervised Persons.

Read More

CCO Series - Business Continuity and Succession Planning

Each of us tends to either ignore or underestimate the possibility of disasters occurring in our futures. This has been proven time and again by cognitive science research and often referred to as "normalcy bias."
In our experience, RIA firms place high importance on business continuity planning, yet often (particularly with smaller firms), either postpone or abbreviate the process of creating, testing and maintaining their BCP document.
These tendencies leave them exposed to the risk of disruptions in their ongoing responsibilities to clients.

Advisor Business Continuity Planning (BCP) In a Nutshell

We employ this framework to help RIA firms implement their business continuity planning:

• Business Analysis. Identify the critical business processes that you must perform daily, as well as those that become critical in a typical 10-day period. Think through the possible and likely scenarios that could result in a business disruption (i.e. power outages, weather, systems failures in your office building). Take an inventory of all technologies and external partners that you rely on to run your business.
• Plan Design. Define the scope of your plan. Ensure that the plan covers disaster recovery as well as succession planning (see the “key-man risk section” below). Your BCP must also contain:
  • firm policy/plan expectations, contingency scenarios, critical business functions (Day 1 vs. Day 10),
  • critical business systems and how to access them,
  • contact information for employees, vendors, and partners, alternate work location(s),
  • back-up and restoration of critical information,
  • protection of client information, and
  • protocols for testing, updates, and revisions.
• Implementation. With the buy-in and support of your leadership, socialize and review the plan with your team and provide training (and cross-training) for key activities, data access, and data protection. Ensure that your plan is accessible to everyone from a remote location (e.g. current copy at home, copy on separate secure server or Intranet).
• Testing. Perform a "live" test at least annually by following the BCP as written. Document gaps in the plan and document deviations from the plan. Require full participation (at the same time!) and test all critical functions and systems, including, operations, vendors, and communications.
• Maintenance. Update your plan on a real-time basis for process changes, technology enhancements, regulatory changes, and contact information. Deliver and train your team on changes.

Consider the “Key Person” Risk

It is critical that RIAs integrate succession into their business continuity planning. The unexpected death, incapacitation or departure of key advisory staff is an additional risk that may affect an RIA’s ability to protect client interests and fulfill their fiduciary responsibility, and it is up to advisors to take reasonable steps now to ensure their clients are relatively protected from this risk.
To protect against this risk, RIA’s should adopt management practices that mitigate their reliance on any one individual or to allow for process continuity during planned absences like vacations. These include:

• Establishing and documenting defined roles and responsibilities
• Cross-training of operational processes and controls
• Knowledge sharing (so that more than one person is familiar with the firm’s investment process and clients)

Technology will play a central role here. Active (and universal) use of a CRM will ensure that client information is centrally stored and easily accessible. Likewise, an internal website may be used to store the firm’s operations manual, which documents all critical processes and procedures. In the absence of a formal operations manual, RIAs may post a set of documents that detail their investment process, workflows, and operational procedures.
In addition to these operational controls, RIAs should consider establishing a legal agreement that governs their firm in the event of the death or incapacity of an owner.

Single-Owner RIA

Single-Owner RIAs may wish to establish a “continuity agreement.” A continuity agreement is a legal contract that appoints an “alternate” registered investment adviser to assume client responsibilities in the event of the death or incapacity of an RIA. If this were to occur, the “alternate” adviser would be responsible for offering to assume the advisory role (the client has the ability, of course, to decline). The extent of the alternate adviser’s responsibilities can vary. They may be limited to interim oversight (to give clients the opportunity to seek a new RIA) or the alternate RIA may be charged with overseeing a sale of the business or acquire the advisory business themselves.

Multiple-Owner RIA

Multiple-Owner RIAs may wish to establish a “buy-sell agreement.” Buy-sell agreements establish guidelines for an orderly internal sale of the advisory firm to the other owners. Typically these owners are employees of the firm and should be familiar with the firm’s clients and investment process.

Through the Regulator's Eyes

The SEC has identified business continuity and succession planning as a requirement for RIA firms arising from their fiduciary duty. (See SEC Release IA 2204) While they require policies and procedures to address business continuity, they do not mandate specific requirements for the BCP, other than it must address the procedures to meet the fiduciary responsibility to protect client interests from being at risk as a result of an advisor’s inability to operate. Certain states have adopted formal BCP requirements for state-registered RIA firms. Given this, ensure that you take the time to check your state regulatory requirements regarding your BCP.
Regardless of the implicit or explicit requirements, all RIAs should have a formal BCP in place to demonstrate to regulators and clients that they have planned for the undisrupted performance of their fiduciary duty.

CCO Best Practices

• Plan for the 99.5% and not the 0.5%.
• Ensure buy-in from senior management and owners.
• Test your plan at least annually by selecting one day to conduct business from an alternate location(s).
• Update your plan with new/changing contact information for staff and external partners.
• Ensure that the protection of client information is a priority during business disruptions.
• Leverage your BCP obligations to use as a foundation for a documented operating plan (Operating Manual) for your business.
• Begin to integrate succession planning into business continuity planning preparation.
• Consider establishing legal agreements that govern the firm to mitigate against the “Key Person" risk.

Read More

CCO Series: Custody

What you need to know

In developing policies and procedures for a registered investment advisor ("RIA") a topic that should be addressed is custody. As stated in their release, the SEC created rule 206(4)-2 under the Advisers Act, “to reflect modern custodial practices and clarify circumstances under which a RIA has custody of assets.” The rule requires a RIA that has custody of client securities or funds to implement a set of controls designed to protect those assets from being lost, misused, or misappropriated. The rule provides that, in general, a RIA should maintain funds and securities with a broker-dealer, bank, or other "qualified custodian" to avoid having custody themselves. Then, if the qualified custodian sends account statements directly to the RIA's clients, the RIA is relieved from undergoing an annual surprise custody audit. Many states have also implemented custody rules similar to 206(4)-2.

Definition of Custody

A RIA has custody when it holds, "directly or indirectly, client funds or securities or [has] any authority to obtain possession of them." The SEC created examples to illustrate circumstances under which a RIA has custody of client funds or securities.

• Holding clients' stock certificates or cash, even temporarily, is custody. However, the rule acknowledges that there may be times of inadvertent receipt of funds or securities. Therefore, to avoid custody, any check or security certificate inadvertently received by a RIA must be returned to the sender or placed with the qualified custodian within three business days of receiving them.
• A RIA has custody if it has the authority to withdraw funds or securities from a client's account, such as a power of attorney, possession of account login credentials or an authorization other than discretionary trading.
• Acting in any capacity that gives it legal ownership of, or access to, the client funds or securities, such as acting as both general partner and investment advisor to a limited partnership is custody. As general partner, the RIA generally has authority to dispose of funds and securities in limited partnership account(s) and thus has custody.
• Collecting prepayment of fees in an amount of $1,200 or more for services to be performed six months or more in advance. In this case, the RIA must include an audited balance sheet with its Form ADV deliveries to clients from whom the RIA has received such prepayments.

Avoiding Custody Issues

There are several steps to take in order to avoid custody issues:

• Due Inquiry. A RIA is required to have a reasonable basis to believe that, after due inquiry, the qualified custodian is delivering an account statement to each of your clients at least quarterly. The account statements must identify the amount of funds and of each security in the account at the end of the period and setting forth all transactions in the account during that period. In SEC Release No. IA-2968, the SEC identified common ways to satisfy due inquiry requirement:
1. Request copies of client account statements be sent to them.
2. Request a written confirmation from the custodian that the account statement was sent to each client.
3. The CCO maintains his or her personal accounts at the same qualified custodian that has all of the RIA’s Client accounts and the CCO ensures that he or she receives statements at least quarterly.
• Deduction of Fees. For a SEC registered RIA documentation of “due inquiry” is the primary safeguard for the deduction of fees to not be deemed custody. However, in addition to “due inquiry”, many states also require that in order to deduct fees from a client’s account without creating custody, the RIA must:
1. Have written authorization from the Client to deduct advisory fees from the account;
2. Each time a fee is directly deducted, the RIA concurrently sends the qualified custodian notice of the amount of the fee to be deducted, and client an invoice itemizing the fee including the formula used to calculate the fee, the amount of assets under management upon which the fee is based, and the time period covered by the fee;
3. Ensure the qualified custodian sends statements, on at least a quarterly basis, to Clients showing all disbursements, including the amount of the advisory fees; and
4. Form ADV states that the Advisor intends to use the safeguards provided in regulation, instead of the requirements for custody.
• Linked Accounts. Since May 20, 2010, the SEC has stated in Question II.4, that the limited authority to transfer a assets between the Client's accounts maintained at one or more qualified custodians is not custody, if:
1. the Client has authorized the RIA in writing to make such transfers and
2. a copy of that authorization is provided to the qualified custodian, specifying the Client accounts maintained with qualified custodian.

For transfers outside of the qualified custodian or recurring transfers, the RIA should have an authorization signed by the Client for each transfer specifying the transfer destination and the dollar amount for each transfer.

Maintaining Custody

For RIAs that have custody of funds or securities there are a number of requirements in order to ensure that the RIA is a “qualified custodian” for those assets.

• Annual audited financials. A RIA with custody of Client funds or securities must have its financials audited annually and then report the balances on Part 1 of Form ADV.
• Annual surprise examinations. The independent verification and audit of the custodied funds must occur at at a time that is chosen by the accountant without prior notice or announcement to you and that is irregular from year to year. The accountant must be registered with the Public Company Accounting Oversight Board.
• Internal controls report. Based on the surprise examination, the accountant must issue a written internal control report with opinions as to whether controls have been placed in operation as of a specific date, and are suitably designed and are operating effectively to meet control objectives relating to custodial services, including the safeguarding of funds and securities held during the year.
• The accurate creation of required records and their maintenance in a manner that secures them from unauthorized alteration or use and protects them from untimely destruction;
• In addition, many states also require that RIAs with custody also maintain at least a specific amount of net capital or require a surety bond.

What are the next steps for a CCO?

To ensure that you are properly dealing with custody issues AdvisorAssist recommends the best practices of:

• Perform an assessment to determine whether or not you have custody of client assets or securities, and respond appropriately, depending upon your intention to have custody or not.
• Implement controls to ensure the proper handling of client assets and securities to avoid the abuse of the authority granted by your clients to access and manage their assets and securities.
• Perform "due inquiry" on your custodian to ensure that each of your Clients are receiving statements at least quarterly.
• Review your advisory agreements to ensure that you have proper authorization to deduct fees from Client accounts.
• If your RIA receives deposit checks or stock certificates from Clients, maintain a "checks received log" and institute a policy of remitting these checks within 72 hours of receipt to the qualified custodian.
• If your RIA maintains custody, contract with an independent accounting firm to perform surprise custody audits at least annually on the accounts over which you have custody.
• If you are a state registered RIA, review your fee deduction process to ensure that each time a fee is directly deducted, you concurrently send the qualified custodian notice of the amount of the fee to be deducted, and the Client an invoice itemizing the fee including the formula used to calculate the fee, the amount of assets under management upon which the fee is based, and the time period covered by the fee.

The AdvisorAssist CCO Series is a collection of blog posts that cover each of the elements of your RIA's compliance program. Each post will provide an overview of one compliance topic, including our insights on how regulators view each topic as well as some practical steps to help Chief Compliance Officers address this topic. As always, we would welcome your comments and thoughts.

Contributors:
Brendan Furey
Conor Anderson

Read More

CCO Series: Compliance Program

What you need to know

Rule 206(4)-7 of the Investment Advisers Act of 1940 requires that all SEC registered investment advisors adopt and implement written policies and procedures that are reasonably designed to prevent violations by the Advisor or any of its supervised persons. Almost all states have also adopted a rule similar to Rule 206(4)-7, which requires state registered investment advisors to also adopt and implement written policies and procedures.

Whether you are SEC registered or state registered your policies and procedures must be detailed and customized to your formalized internal process to meet your fiduciary and regulatory obligations. The SEC has stated in its discussion of Rule 206(4)-7 that Advisors are too varied in their operations for the rules to impose of a single set of universally applicable required elements. Therefore, each Advisor should adopt policies and procedures that take into consideration the unique nature of your firm's operations.

Required policies and procedures

Even though policies and procedures are required to be customized to your operations, you will have to make sure that your policies and procedures are also designed to:

• prevent violations of fiduciary and regulatory obligations from occurring,
• detect violations that have occurred, and
• correct promptly any violations that have occurred.

To design adequate policies and procedures, the Advisor should identify all potential conflicts or factors creating risk exposure for the Advisor, supervised persons and its clients. Only then can an Advisor design policies and procedures that address applicable risks to the Advisor.

At a minimum, the scope of the policies and procedures is expected to address the following issues:

• The appointment of a Chief Compliance Officer responsible for administering the policies and procedures;
• Portfolio management processes, including allocation of investment opportunities among clients and consistency of portfolios with clients' investment objectives, disclosures by the adviser, and applicable regulatory restrictions;
• Trading practices, including procedures to satisfy best execution obligation, uses client brokerage to obtain research and other services ("soft dollar arrangements"), and allocates aggregated trades among clients;
• Proprietary trading of the advisor and personal trading activities of supervised persons;
• The accuracy of disclosures made to investors, clients, and regulators, including account statements and advertisements;
• Safeguarding of client assets from conversion or inappropriate use by supervised persons;
• The accurate creation of required records and their maintenance in a manner that secures them from unauthorized alteration or use and protects them from untimely destruction;
• Review of the Client Communications (advertising & marketing), including any solicitors utilized;
• Processes to value client holdings and assess fees based on those valuations;
• Safeguards for the privacy protection of client records and information;
• Code of Ethics; and
• Business continuity plans.

Reviewing policies and procedures

In addition to having written policies and procedures customized to a firm’s operations, Advisors are also required to review the policies and procedures on an at least annual basis. This annual review should be documented in your books and records. Advisors are also required to maintain documentation that all supervised persons of the Advisor have received and reviewed the policies and procedures. This documentation should be kept for a minimum of five fiscal years from the end of the fiscal year during which the last entry was made on such record.

What are the next steps for a CCO?

To ensure that you have an up-to-date compliance program, AdvisorAssist recommends the best practices of:

• Completing risk assessments regularly during the fiscal year to document reviews of policies and procedures
• Conduct periodic testing of processes to ensure that policies and procedures accurately describe your operations
• Conduct annual due diligence reviews of any third party vendor utilized to support the services of the Advisor
• Compose an annual CCO report summarizing the findings from risk assessments and tests completed
• Communicate policies and procedures, and any adhoc amendments, to all of your supervised persons
• Ensure all supervised persons certify that they have received and reviewed your policies and procedures
• Maintain all of your documentation of your compliance program according to your books and records matrix

The AdvisorAssist CCO Series is a collection of blog posts that cover each of the elements of your RIA's compliance program. Each post will provide an overview of one compliance topic, including our insights on how regulators view each topic as well as some practical steps to help Chief Compliance Officers address this topic. As always, we would welcome your comments and thoughts.

Contributors:
Brendan Furey
Michael Conlon

Read More

CCO Series: Top Regulatory Deficiencies for RIAs -- Advisory Agreements

What you need to know

Examiners will review agreements that the advisor uses for its client engagements during an examination as a standard request item. This will include a review of the agreement templates that you use for your prospective clients and a sample of agreements that your firm has executed with existing clients. In reviewing agreements examiners report finding two common deficiencies: 1) the fees are not fully disclosed in the agreement and 2) that firms do not have an executed copy of its client agreements in the advisor’s books and records.

Common Deficiency: Fees fully disclosed

The written advisory agreement must detail the relationship that the client is entering into with the advisor, including how fees are calculated and the payment methodology. The fees section of the agreement must be comprehensive to cover all fees being charged for the services, when the fees are being charged, and how they are to be paid. The information in the client agreement should also align with the general disclosure of fees made in Form ADV Part 2A Disclosure Brochure in Item 5. Any additional compensation that the firm receives in its advisory practice should also be described in Form ADV Part 2A in Item 14.

Common Deficiency: Books and records

Advisors are required to keep and maintain all written agreements (or copies thereof) entered into by the advisor with any client.¹Examiners are reporting to the North American Securities Administrators Association that advisors are not creating written agreements for all of their client relationships. They also noted that when written agreements are created, the agreements are not clearly noting, and adequately explaining, the advisory fees as described above.²

How do we avoid these deficiencies?

To avoid these deficiencies at your firm AdvisorAssist recommends the best practices of:

• Reviewing the language in your Form ADV Part 2A Disclosure Brochure to ensure that it adequately discloses for each type of fee the following:
1. How fees accrue for each service offered.
2. How fees are billed to the clients.
3. Whether the advisory fees include other fees, such as brokerage trading fees.
4. How fees are impacted by contract termination, such as a pro-rata refund if collected in advance.
5. Whether the fees represent any compensation for the sales of securities or other conflicts of interest.
• For each new client onboarded, ensure that a written agreement is executed for the services that the client will receive and the fee is consistent with Form ADV Part 2A.
• Review client agreement[s] templates and Form ADV Part 2A at least annually to ensure that the fees described are consistent and fully disclosed.

<sup>1. See 17 CFR §275.204-2(a)(10). Link. ↩
2. See North American Securities Administrators Association, “2015 Investment Adviser Coordinated Exams,”. Link. ↩</sup>

AdvisorAssist’s CCO Series: Regulatory Deficiencies for RIAs is a series of articles that will help your firm understand and avoid the most common compliance deficiencies found by regulators. Our goal is to help you increase your confidence that your firm remains “exam ready” as well as some practical steps to help Chief Compliance Officers address this topic.

Contributors:
Brendan Furey
Michael Conlon

Read More

CCO Series: Top Regulatory Deficiencies for RIAs -- Books and Records

What you need to know

Registered investment advisors are required to maintain and preserve books and records in an easily accessible place for a period of not less than five years from the end of the fiscal year during which the last entry was made on such record, the first two years in an appropriate office of the investment advisor.¹ We cover books and records compliance in more detail in a previous post.
Annually, the North American Securities Administrators Association (“NASAA”) issues a report about common deficiencies found in state coordinated investment adviser examinations.² The most common books and records deficiencies described by NASAA are lack of documentation of “recommendations made or proposed and any advice given or proposed,”³ which will include 1) the advisor’s analysis of client suitability for an investment product and 2) when acting as a fiduciary why the advice is the client’s “best interest”.

Common Deficiency: Client Suitability Records

Examiners noted the lack of documentation about the suitability of an investment product and lack of documentation that the advice is the client’s “best interest”. The mantra of an examiner is that if it is not documented then it was not done. Since July of 2012 when the FINRA suitability obligations went into effect,⁴ a major focus of the examiner’s books and records review has been on whether suitability is being properly documented in the client profile.

Common Deficiency: Focus on Fiduciaries

In addition, with the new Department of Labor fiduciary rule being published on April 8th, and effective in April 2017, examiners will be focused on reviewing suitability and “best interest” documentation. With the new fiduciary rule advisors serving clients in qualified retirement plans and IRAs will need to document how the advice is in the client’s “best interest” similar to other ERISA clients. Also, in certain cases the advisor’s client agreement may need to satisfy a Best Interest Contract Exemption pursuant to the new rule.

How do we avoid these deficiencies?

To avoid these deficiencies at your firm AdvisorAssist recommends the best practices of:

• Perform an annual review of the advisor’s books and records archive to ensure you are keeping the required documentation for the required duration.
• Preparing and maintaining a comprehensive profile on each client. This profile should be created during the onboarding of the client, confirmed with the client annually and updated as any new accounts or new information is received from the client.
• Ensure your books and records contains all necessary backup documentation in addition to the client profile as needed to support your investment recommendations or advice.
• Create and maintain Best Interest Contracts as needed for DOL-regulated transactions involving retirement plans.
• Document in the client profile why advice regarding rollovers and other major transactions are in client’s best interest. Stay up to date with Fiduciary Rule Changes by clicking this link.

<sup>1. See 17 CFR §275.204-2(e)(1). Link. ↩
2. See North American Securities Administrators Association, “2015 Investment Adviser Coordinated Exams,”. Link. ↩
3. See 17 CFR §275.204-2(a)(7). Link. ↩
4. See FINRA Regulatory Notice 11-02. Link. ↩</sup>

AdvisorAssist’s CCO Series: Regulatory Deficiencies for RIAs is a series of articles that will help your firm understand and avoid the most common compliance deficiencies found by regulators. Our goal is to help you increase your confidence that your firm remains “exam ready” as well as some practical steps to help Chief Compliance Officers address this topic.
Contributors:
Brendan Furey
Michael Conlon

Read More

CCO Series (2015) - Financial Statements

The financial statements that you maintain for your RIA firm, which include income statements, balance sheets, statements of cash flows, are powerful tools. Apart from the fact that they are a required to be maintained for books and records purposes, the data that they contain hold the key many other critical regulatory and practice management activities.

RIA Financial Statements In a Nutshell

Maintaining complete and accurate financials on your business simply makes good business sense. However, our primary purpose here is the maintenance of financial statements for compliance purposes, which may include:

• Balance Sheet and Income Statement
• Cash Journals - Documentation including cash receipts and disbursements, records, and any other records of original entry forming the basis of entries in any ledger
• Banking Information - All checkbooks, bank statements, cancelled checks and cash reconciliations for your firm
• Business Expenses - All bills or statements (paid or unpaid) relating to the business of your firm
• Other Financial Statements - All trial balances, financial statements, and internal audit working papers relating to the business of the firm

While maintaining proper financial statements is required in order to avoid regulatory sanctions, it can also be a useful tool for RIAs. Creating and reviewing financial statements on a regular basis can prove to be an indicator of the health of the firm. The financial statements can demonstrate that the firm is performing as intended and disclosed, or act as a tool to show areas where it can improve. Ensuring financial stability of a firm is an important step in gaining client and regulatory confidence. Proving to be solvent and possess secure financials could be the difference between gaining and losing clients, or spending more time with regulators during an exam.

State Specific Requirements

Many of the regulations regarding financial statements for RIAs are dependent on the advisor’s principal state of business. Along with SEC Regulators requiring specific actions regarding financial statements, each state also has specific requirements on the issue. As an advisor it is important to recognize your specific state’s requirements in order to avoid unnecessary regulatory issues. Currently, there are states that require audited financial statements to be sent to their state regulatory agency each year. This applies only if the firm is registered with the state, and does not apply to SEC firms.

It is important to stay updated on your specific state’s requirements in order to avoid unnecessary regulatory issues. Depending on the state, there may be minimum net worth requirements that are to be demonstrated through the financial statements. Where applicable, your firm’s books and records archive should contain the necessary financial statements and audit results.

Custody’s Additional Burdens

When an advisor claims custody of their clients’ assets, there are additional rules and regulations to be aware of in regards to Financial Statements. Advisors that also act as Custodians may be required to submit an audited balance sheet at the end of the their fiscal year. This balance sheet must be prepared in accordance with generally accepted accounting principles (GAAP), and audited by a certified public accountant (CPA). The audit must also include the accountant’s opinion and other qualified notes regarding the firm’s financials. Custodian advisors must also provide clients with a quarterly account statement that outlines all of the activity of their funds in the given period.

Through the Regulator's Eyes

Regulators expect RIA firms to maintain updated financial statements that are created in accordance with generally accepted accounting principles (GAAP). Regulators have put an emphasis on monitoring the financial statements of newly-registered advisors. If they are not completed correctly, it is a sign that a further examination is needed. Compliant financial statements prove to the regulators that the firm is running effectively. Proper maintenance and submission, if required, of updated financial statements is one key way to avoid regulatory sanctions.

CCO Best Practices

• Do not approach financial statements as just a way to avoid regulatory sanctions. They are important at spotting financial irregularities which might benefit you.
• Utilize financial statements as a powerful tool to indicate advisory effectiveness and compliance.
• Always stay informed of specific state requirements, which may differ from SEC and other states’ regulations, for example:
  • Alabama and New York require audited financial statements regardless of custody.
  • If the firm claims custody, the following states require annual audited financial statements: Arizona, Arkansas, California, Washington D.C, Florida, Hawaii, New Mexico and Oregon.
  • Other states may not require financial statements to be submitted at all.
• Maintain accurate financial statements, in accordance with generally accepted accounting principles (GAAP).
• Claiming custody of clients’ assets will require an audit by an independent public accountant registered with, and subject to regular inspection by, the PCAOB.

The AdvisorAssist CCO Series is a collection of blog posts that cover each of the elements of your RIA's compliance program.  Each post will provide an overview of one compliance topic, including our insights on how regulators view each topic as well as some practical steps to help Chief Compliance Officers address this topic. As always, we would welcome your comments and thoughts.

Michael Conlon

Read More

CCO Series (2015) - Voting Client Proxies

The right to cast votes on certain corporate matters is an important power given to shareholders of publicly traded companies and mutual funds. Your RIA firm is expected to address its role with respect to voting proxies on behalf of clients. You may agree to take on the responsibility to vote proxies on securities they own, or you may elect to not vote their proxies. In each instance, regulators expect you to have clearly defined and communicated policies and procedures related to this vital aspect of corporate governance so clients understand if and how their votes are cast.

Advisor Proxy Voting In a Nutshell

Shareholders of publicly traded companies and mutual funds have the right to express their opinion on certain business matters that impact the value of the securities they own. Board of director elections, mergers and acquisitions and changes in fee schedules (in the case of mutual funds) are examples of decisions that are delegated to shareholders.

Since most shareholders do not attend annual meetings in person, their opinions on these matters are communicated by casting a ballot either electronically or via mail.

Custodians and broker-dealers normally receive and transmit notices of upcoming proxy votes, meeting and record dates and other information on upcoming corporate actions by companies in which their client’s are shareholders.

Accepting this responsibility for your clients is a significant undertaking, so it is important to consider the pros/cons of doing so. On one hand, clients may appreciate that you serve as their voice in significant matters that affect the value of their investments. But agreeing to vote client proxies requires a significant amount of process monitoring and record keeping.

For this reason, most RIA firms elect to not vote proxies.

Your firm’s policies on voting proxies should be disclosed and clearly described in:

• Form ADV Part 2A, Item 17 - Voting Client Securities
• Advisory Agreements, either in the section that describes your investment discretion authority or in a standalone section

Note: If you have discretionary investment authority over client accounts and your ADV and agreements remain silent on this topic, it is assumed that you do vote proxies.

If your firm does not vote proxies

If your firm does not intend to vote proxies, and you do not intend to advise clients on how to vote proxies, you must disclose this in Form ADV and communicate to clients that they retain the authority and responsibility for voting their own proxies.

If a client reaches out with questions regarding a particular proxy vote, you may assist them in understanding the background and intent of the proxy, but your guidance must not influence their voting decision. In doing so, your firm should remind them that they assume the responsibility for ultimately making the voting decision of making the contractual decision of their voting shares, and that you are prohibited from providing the service of that advice.

In this instance, your clients will receive proxy statements directly from the Custodian. They should not be sent to you.

If your firm does vote proxies

If you do intend to vote proxies, you are required to do so in the best interest of your clients. When setting up new client accounts at your custodian, you should request that they forward proxy statements to you directly instead of your client.

In addition, you must:

• Develop and implement policies and procedures that are reasonably designed to ensure that your firm votes proxies in the best interest of its clients,
• Describe your firm’s proxy voting policy to clients (via Form ADV 2A and advisory agreements) and provide copies to clients upon request, and
• Disclose how clients can obtain information on how your firm voted their proxies.

In fact, regulators consider it fraudulent for advisors to exercise proxy voting authority without fulfilling these three requirements.

Through the Regulator's Eyes

When it comes to proxy voting, regulators simply expect that you clearly communicate your policy on voting proxies for your clients. When you do accept this responsibility, you are expected to exercise this duty in the client's best interest, avoid and disclose any conflicts of interest that may come up in these corporate matters and maintain proper books and records that demonstrate that you are fulfilling this duty in accordance with the Advisers Act.

A copy of the SEC’s final rule on advisors voting proxies can be found here.

CCO Best Practices

• Consider whether or not your clients would gain a material benefit by your advising their proxy voting responsibilities, and if that benefit would be worth the related compliance burden.
• If your firm does not vote client proxies:
  • Review client activities to ensure that your firm has not voted proxies for any clients.
  • Review any exceptions made to the proxy voting policy and all supporting documentation and ensure that all were properly documented and approved by the CCO.
  • If you ever choose to begin voting proxies, revise your proxy voting policy to comply with the Adviser's Act.
• If your firm does vote client proxies:
  • Confirm that existing proxy voting policies and procedures are adequately designed to ensure that votes are consistent with client interests.
  • Conduct a forensic test by reviewing a sample of proxies voted during a particular period and confirm that each proxy was voted in accordance with your policy and that each were voted in the best interest of the client.
  • Review any exceptions made to the proxy voting policy and all supporting documentation.
  • Ensure that all exceptions were properly documented and approved by your firm’s CCO.
  • Review your firm’s books and records to confirm that for the previous five years you can produce a copy of each proxy you received, records for all proxies voted (with any related back up), a log of any proxy voting information requests by clients and your firm’s responses to those requests.

The AdvisorAssist CCO Series is a collection of blog posts that cover each of the elements of your RIA's compliance program.  Each post will provide an overview of one compliance topic, including our insights on how regulators view each topic as well as some practical steps to help Chief Compliance Officers address this topic. As always, we would welcome your comments and thoughts.

Michael Conlon

Read More

CCO Series: Top 12 Regulatory Deficiencies for RIAs -- # 6: Advertising

What You Need to Know

Advertising for RIAs is obviously a highly-regulated activity, so it makes sense that it ranks among the most common compliance deficiency for advisors.

When regulating advisor advertising, regulators focus first on disclosures, rather than methodology. While offering little guidance on how to do certain things, they do heavily regulate the disclosures displayed on advertisements. Certain advertisements may be “compliant” per se, however, the omission of proper disclaimers results in a false or misleading message.

Beyond disclosures, regulators tend to focus on certain areas of advertising, including:

• Testimonials
  
• Social Media
  
• Past Specific Recommendations
  
• Recordkeeping/Approval Process
  
• Performance-based Advertising
  

For a complete overview of the "Advertising Rule" for RIAs, click here.

Why You Should Care

The ability to confidently and efficiently advertise your services can be of great benefit in growing your firm. With that said, inaccurate or misleading public-facing content can destroy a firm’s reputation quickly.

Unlike brokers overseen by FINRA, the SEC and state regulators are not responsible for reviewing or approving an RIA’s advertisements prior to use. The responsibility is placed on your firm and your CCO to ensure that all advertisements are compliant with regulations.

With social media becoming an increasingly important advertising channel, it is important to treat this activity with the same care as you would traditional mediums. Because of it’s ease of use, however maintaining control and oversight of social media activity brings a unique set of challenges.

We cover social media compliance in more detail in a previous post.

Our Recommendations

To ensure that your firm is keeping up with regulatory requirements and industry best practices in this area:

• Ensure you have a review process in place to analyze firm advertisements for compliance.
  
• Check your advertisements for proper disclosures.
  
• Coordinate a process with your IARs to review new advertisements and obtain copies for Books and Records requirements.
  
• Review seminar presentation content for appropriate regulatory disclosures and compliance.
  
• Perform checks on your performance calculations to validate accuracy before use.
  
• Understand your firm's social media presence and ensure you and your employees are not directly or indirectly interacting with the public in a way that runs afoul with the Advertising Rule.
  

---

AdvisorAssist’s CCO Series: Top 12 Regulatory Deficiencies for RIAs is a series of articles that will help your firm understand and avoid the most common compliance deficiencies found by regulators. Our goal is to help you increase your confidence that your firm remains “exam ready.” Click here to read more posts from our CCO Series: Top 12 Regulatory Deficiencies for RIAs. We would welcome the chance to learn more about you and your firm. Click here to request an introductory call from one of our consultants.

Read More

CCO Series: Top 12 Regulatory Deficiencies for RIAs -- # 5: Brochure Delivery

What You Need to Know

To our surprise, failure to follow the brochure (aka Form ADV Part 2) delivery rules continues to be one of the most common deficiencies for RIA firms.

Annual distribution of Form ADV Part 2 (along with the privacy policy) is required by all RIA firms. Additionally, an updated version must be delivered to clients when any material changes occur within your business.

A common (and logical) questions we get is “What’s material?” The SEC doesn’t define material, which makes sense since materiality is very much dependent on circumstances. A rule of thumb we use with clients is this: if a knowledgeable client or prospect would expect to be alerted of a change, it’s material. Admittedly, this still leaves a lot open to interpretation (we’ve seen it first hand). Regulators will cast the final vote on this during their next examination, so it usually pays to err on the side of caution.

When material changes do occur, RIAs have the following options:

Option 1: If there have been material changes to your business, they must be described in ADV Part 2, Item 2. Under the current rules, you could provide your clients with a summary of these material changes and an offer to deliver the entire ADV Part 2. In your offer you must include instructions on how clients can obtain a copy from you.

Option 2: Advisors can also opt to deliver a full copy of the entire ADV Part 2. In this instance Item 2 - Material Changes still needs to be updated.

All brochures must be delivered to clients within 120 days of fiscal year end. Electronic delivery will suffice if you are attaching the document to an email. Uploading your ADV to your website and sending a link to clients does not constitute proper delivery. You may lose the ability to show exactly what was delivered to the client.

Why You Should Care

Your brochure informs clients of the details of your firm and any recent material changes that could potentially impact them. You should view your brochure as a publicly-visible sign for your firm, and should be written and updated with this notion of "curb appeal" in mind. Potential and current clients see this brochure as a representation of your firm, and providing them with an up-to-date, accurate brochure signals that you take external communications seriously.

Competitors are reading your firm's brochure as well. A sloppy, outdated, or inaccurate ADV sends a message to competitors that may be damaging when competing for new business.

Our Recommendations

To ensure that your firm is keeping up with regulatory requirements and industry best practices in this area:

• Review your ADV to ensure that it reflects your business, including disclosures for conflicts of interest, outside business activities, advisory services, and advisory fee practices. These are all important issues for regulators.
  
• Deliver brochure to clients within 120 days of your fiscal year end
  
• Maintain records that demonstrate delivery of Form ADV Part 2 to clients (annually or upon material changes) and prospective clients (prior to executing advisory agreement).
  
• Maintain copies of prior versions of your Form ADV Part 1 and 2
  

---

AdvisorAssist’s CCO Series: Top 12 Regulatory Deficiencies for RIAs is a series of articles that will help your firm understand and avoid the most common compliance deficiencies found by regulators. Our goal is to help you increase your confidence that your firm remains “exam ready.” Click here to read more posts from our CCO Series: Top 12 Regulatory Deficiencies for RIAs. We would welcome the chance to learn more about you and your firm. Click here to request an introductory call from one of our consultants.

Read More

CCO Series: Top 12 Regulatory Deficiencies for RIAs -- # 4: Privacy Policies

What You Need to Know

The fourth most common compliance deficiency for RIA firms involves the creation, delivery and enforcement of the firm’s privacy policy.

All RIAs must have a privacy policy in place that outlines how they protect their clients’ confidential information. Advisors are expected to include the following in their privacy policy:

• What information is collected from clients;
  
• What sources that information is collected from (over and above information provided by the client);
  
• The firm’s basis for sharing this information;
  
• What safeguards you have in place to protect client information; and
  
• Any state-specific privacy regulations the firm is subject to.
  

This privacy policy must be distributed to all new clients, as well as all ongoing clients on an annual basis. Any subsequent changes to the privacy policy necessitates an additional delivery to clients as well.

Why You Should Care

Identify theft, cyber fraud and high profile security breaches have become common occurrences. The media attention they receive has undoubtably heightened your clients' sensitivity to protecting their personal information.

Your privacy policy can become a very compelling relationship management tool, as it serves as a proof statement to clients that you respect and guard their information. Likewise, it should be used internally to lay out for your employees some simple protocols to guide their decisions when handling confidential client information.

As a general policy, supervised persons should not release confidential client information without first consulting with the CCO. This mitigates your regulatory risk by ensuring that nonpublic information is disclosed only to the extent it is needed to conduct business for that client.

Our Recommendations

To ensure that your firm is keeping up with regulatory requirements and industry best practices in this area:

• Provide a copy of your firm’s privacy policy to new clients along with your investment advisory agreement and Form ADV Part 2. (Since Form ADV Part 2 and the privacy policy follow similar delivery rules, we usually recommend combining these two documents.)
  
• Deliver a copy of your privacy policy to all clients at least annually.
  
• Confirm that your investment advisory agreements contain an acknowledgement of receipt of your privacy policy.
  
• Train your staff on the content, purpose and importance of your firm’s privacy policy.
  

---

AdvisorAssist’s CCO Series: Top 12 Regulatory Deficiencies for RIAs is a series of articles that will help your firm understand and avoid the most common compliance deficiencies found by regulators. Our goal is to help you increase your confidence that your firm remains “exam ready.” Click here to read more posts from our CCO Series: Top 12 Regulatory Deficiencies for RIAs. We would welcome the chance to learn more about you and your firm. Click here to request an introductory call from one of our consultants.

Read More

CCO Series: Top 12 Regulatory Deficiencies for RIAs -- # 3: Advisory Agreements

What You Need to Know

According to the North American Securities Administrators Association (NASAA), 44% of regulatory exams conducted in 2013 resulted in deficiencies related to the firm’s contracts or advisory agreements.

The most common contract deficiency was not in the content of the contracts, but instead the faulty execution of them. In cases where the actual content of the contracts were deficient, the most common issues were:

• Fees and fee calculation methods not being correctly identified
• Inaccurate or out-dated terms within the agreement
• Use of “hedge clauses” that inappropriately limited the advisor’s role or responsibilities

Why You Should Care

Apart from regulatory issues, inaccurate advisory agreements have the potential to negatively impact your firm or your relationship with your clients by increasing business risk, creating the potential for personal liability and creating confusion among clients.

Improperly executed contracts create both regulatory and legal risk, and in some cases financial risk. Documenting and adhering to the fee terms and calculation methods in your advisory agreements will ensure that you are getting paid the correct amount by your clients. Performing a review of your existing agreements gives you a chance to find discrepancies before a regulator does.

Maintaining an updated version of all contract templates (both current and prior versions) serves as an effective control so that your firm is always using the most recent version with new clients.

Our Recommendations

To ensure that your firm is keeping up with regulatory requirements and industry best practices in this area:

• Don’t “borrow” language from another firm’s advisory agreement. Your agreements must be both internally consistent and in alignment with the language and declarations in your ADV (including the fee calculation methods used).
• Avoid hedge language that conflicts with or absolves you from your duties as a fiduciary
• Use a separate agreement for ongoing advisory services (both discretionary and nondiscretionary) as well as “project-based” services, like financial planning. Your duties differ with each and this should be clear in your agreements.
• Maintain one set of agreements as “production versions” to ensure that the most up-to-date contracts include the current terms.
• Store retired versions in your books and records files and take steps to ensure that IARs are pulling from the production version.
  
• Ensure that you track the delivery and receipt of advisory agreements and maintain a signed agreement for each client. Test the completeness of these files periodically.

---

AdvisorAssist’s CCO Series: Top 12 Regulatory Deficiencies for RIAs is a series of articles that will help your firm understand and avoid the most common compliance deficiencies found by regulators. Our goal is to help you increase your confidence that your firm remains “exam ready.” Click here to read more posts from our CCO Series: Top 12 Regulatory Deficiencies for RIAs. We would welcome the chance to learn more about you and your firm. Click here to request an introductory call from one of our consultants.

Read More

CCO Series: Top 12 Regulatory Deficiencies for RIAs -- #2: Registration

What You Need to Know

The second most common compliance deficiency for RIA firms is omissions or inaccuracies in the firm’s Form ADV. Some of these result from inconsistent upkeep of the ADV as the firm evolves. But in most cases we see, the deficiencies occur when firms use cookie cutter ADVs or borrow some/all of the content from another firm’s ADV.

On at least a yearly basis, RIAs are required to review and update their Form ADV so that it accurately describes the nature of their business to clients and prospects. (This occurs within 90 days of the firm’s fiscal year end.)

Advisors are also expected to immediately update their Form ADV to reflect any material changes that occur throughout the year. These updates include, but are not limited to:

• An accurate description of their fee structure
• Full and accurate description of their business and services
• Disclosure of any conflicts of interest or affiliations
• Significant changes in their business (e.g. meaningful changes in AUM)
• Changes in how clients may contact the firm (e.g. Address, Phone Number)

Why You Should Care

While it may seem like a hassle to maintain an accurate Form ADV, these documents will not only make a difference from a regulator’s perspective, but also from the point of view of clients and prospects. While not always apparent, your Form ADV creates an initial (sometimes lasting) impression on prospects, clients and competitors. Ensuring the accuracy of your Form ADV can lead to to more productive and efficient relationships by removing (or at least not creating) any potential ambiguity in the early stages of your relationships.

It is not only important that the information contained in Form ADV is comprehensive and accurate, but you must also be able to evidence its timely delivery to all clients and prospects, keeping in mind that regulators must take a stance that if it’s not documented, it didn’t happen.

Our Recommendations

To ensure that your firm is keeping up with regulatory requirements and industry best practices in this area:

• Avoid using a “one size fits all” approach to creating your Form ADV so that you can be sure that it accurately reflects your firm’s business practices, conflicts of interest, fee schedule, etc.
• Update both Parts 1 and 2 of the Form ADV at least annually, keeping in mind that it must be updated more frequently if there have been material changes in your RIA.
• Deliver Form ADV to clients in a timely fashion (within 120 days following your fiscal year end or upon any material update of the document).
• Deliver Form ADV to all prospects prior to them signing your investment advisory agreement.
• Maintain records of these distributions to ensure proper documentation for regulators.

---

AdvisorAssist’s CCO Series: Top 12 Regulatory Deficiencies for RIAs is a series of articles that will help your firm understand and avoid the most common compliance deficiencies found by regulators. Our goal is to help you increase your confidence that your firm remains “exam ready.” Click here to read more posts from our CCO Series: Top 12 Regulatory Deficiencies for RIAs. We would welcome the chance to learn more about you and your firm. Click here to request an introductory call from one of our consultants.

Read More