Since compliance is so closely entwined with regulation, it’s often thought of as the “red tape” of financial planning. However, the most harmonious RIA compliance programs are positioned more as partners and less as authority figures (even if they do have ultimate “veto” power).
That’s because compliance isn’t there just to tell advisers “no” – they operate to ensure that firms are providing their best possible services without risking regulatory fines or fiduciary duty.
And while compliance can look different depending on your firm’s size, culture, book of clients and other factors, there are a few key tenets to compliance that are key to your success.
The Investment Advisers Act of 1940, also known as the Advisers Act, outlines investment advisor regulatory compliance requirements for SEC-registered RIA firms and for many state-registered RIA firms.
Today, we’re exploring the five pillars of RIA compliance, from written policies and procedures to archiving and beyond – let’s dive in.
The five pillars of a successful RIA compliance program
1. A tailored policies and procedures manual
A policies and procedures manual makes sure everyone within your firm knows best practices and is up to date with regulatory laws affecting your work. It also outlines the specific processes in place at your firm. The overarching goal here is to prevent, recognize and right any potential or real infringements to the above-mentioned Advisers Act.
Some of the things your manual should address include:
- The portfolio management process (including asset allocation and disclosures to clients).
- The accuracy of disclosures made available to clients, regulators and investors.
- Proprietary trading.
- Safeguarding your clients’ assets.
- Required record keeping (including security and protection from unauthorized use or destruction).
- Protecting the privacy of your clients’ information.
- Trading practices.
- Marketing of your RIA firm.
- Processes to value client holdings and assess fees.
- Plans for business continuity.
It’s best to schedule time to review and/or update your policies and procedures each year. However, if there is a significant change to regulation or your firm’s operations, an extra review will likely be needed. Additionally, ongoing training for employees is key to ensuring each member of your team has a thorough understanding of your policies and procedures.
2. A Chief Compliance Officer
All RIAs are also required to appoint a Chief Compliance Officer (CCO) – someone within your firm who sets the tone, direction and overall strategy of your compliance program. For smaller firms, this person often holds multiple job titles, while larger firms may have a dedicated in-house CCO without extraneous duties.
The CCO should have a strong grasp of the Advisers Act, as well as a complete understanding of your RIA’s operations, technology and third-party vendors. They will use this knowledge to complete a variety of compliance tasks, such as:
- Defining your policies and procedures manual
- Implementing ongoing training
- Assessing and mitigating firm-specific risks
- Staying up to date with all SEC and/or state requirements
- Tracking and documenting compliance activities
- And more
Legally, anyone within your organization can be appointed CCO, as there is no standard of experience or background defined by the SEC. However, it’s crucial that your CCO be a trustworthy, diligent individual who values compliance and is committed to ensuring your RIA’s success.
3. Archive, archive, archive
Both the SEC and state regulators require true, accurate and current records spanning several categories:
- Records pertaining to business and financial accounts
- Investment advice and transactions in client accounts
- Client communications
- Your authority to conduct business in client accounts
- Advertising and performance
- Disclosures and code of ethics documents (see below for more information on these categories)
- Solicitor arrangements
- Political contributions
- Custody of client assets
- And more
When in doubt, it’s always better to have accurate copies of all documents within your firm. In the event of an audit, regulators will appreciate thorough archival over missing information – and it could even save you from incurring hefty fines.
Related: Five best practices for compliance program management at investment firms
4. Disclosures
Rule 204-2(a)(14) of the Advisors Act states that:
“RIAs are required to maintain a copy of each disclosure document and each amendment or revision to it that was given or sent to clients or prospective clients, along with a record reflecting the dates on which such disclosure was given or offered to be given to any client or prospective client who subsequently became a client.”
In addition to copies of each disclosure, you’ll also need to record when and how it was published or distributed to clients.
Note: The recent Marketing Rule update has disclosure requirements related to client testimonials that may also be relevant to your firm’s advertising and operations. You can find more guidance from the SEC on marketing disclosures here.
5. A Code of Ethics
Lastly, advisers must comply with the Code of Ethics rule, which aims to reduce conflicts of interest and keep your firm’s operations within fiduciary law by detecting trade violations. Your firm’s Code of Ethics must also outline how your firm will respond in the event of an ethical breach.
As part of the rule, all “access persons” of an advisory firm must submit securities holdings and transaction reports – in some cases, immediate family members of such individuals are also required to submit reports.
The SEC provides further guidance on what constitutes an “access person” thusly:
“Access persons will include portfolio management personnel and, in some organizations, client service representatives who communicate investment advice to clients. These employees have information about investment recommendations whose effect may not yet be felt in the marketplace; as such, they may be in a position to take advantage of their inside knowledge. Administrative, technical, and clerical personnel may also be access persons if their functions or duties give them access to nonpublic information. Organizations in which employees have broad responsibilities, and where information barriers are few, may see a larger percentage of their staff subject to the reporting requirements. In contrast, organizations that keep strict controls on sensitive information may have fewer access persons.”
Related: Employee Trade Monitoring and Reporting
While this list is far from comprehensive of all RIA compliance requirements, it offers a great starting point for firms wishing to build or redefine their compliance programs.
Learn more with RIA in a Box
When it comes to covering all your regulatory needs, compliance software can be key to streamlining operations, reducing error and finding efficiency. Click here to explore RIA in a Box’s comprehensive compliance solutions today.