As part of a firm’s annual compliance tasks, every registered investment adviser (“RIA”) firm should host an annual compliance meeting for all supervised persons of the firm. This is an opportunity to obtain annual attestation statements, deliver all documents relevant to the attestation statements, discuss any relevant regulatory changes, reinforce the firm’s “culture of compliance,” and provide an overview of the compliance responsibilities that impact each individual staff member of the firm. This posts provides a few tips on how to best conduct an annual compliance meeting.
In general, an RIA firm’s policies and procedures manual should outline the process for the firm’s Chief Compliance Officer (“CCO”) to conduct a series of review activities including an annual compliance program review as mandated by Rule 206(4)-7 of the Investment Advisers Act of 1940. In addition, the CCO is generally tasked with training company staff on a variety of relevant regulatory topics that impact the firm and each individual at the firm. The annual compliance meeting can serve as the platform to address many of the compliance training responsibilities. While setting the agenda for the annual compliance meeting may feel a bit daunting at first, below are some tips for the firm’s CCO to consider.
Regardless, if the RIA firm is federally registered with the Securities and Exchange Commission (“SEC”) or with the relevant state(s), the CCO should 1) review the firm’s policies and procedures manual to ensure all training requirements are met and 2) review the firm’s most recently completed “risk assessment” document. For firms that utilize our
MyRIACompliance RIA compliance software, the risk assessment documentation can be completed in a fully automated and digital manner. However, regardless of how the annual risk assessment is completed, the assessment’s documented results can go a long way in identifying the risks that might befall a firm and what policies and procedures should be put into place to help detect and mitigate their occurrence.
In general, the firm’s CCO should consider focusing on the firm’s highest compliance risk areas revealed by the annual risk assessment. In addition, here is a sampling of some current RIA regulatory hot topics and associated training focus areas to consider including among other topics relevant to the firm:
- Cybersecurity
- Is your firm’s staff familiar with your firm’s information security policy?
- Does your firm’s staff know how to identify a potential hacking or phishing event?
- Business continuity
- Is you firm’s staff familiar with your firm’s business continuity plan?
- Is your firm’s staff properly prepared to handle a business disruption?
- Social media usage
- Is your firm’s staff familiar with your firm’s social media policy?
- If social media usage is allowed, is your firm’s staff aware of the review policy?
- Client transfer of money requests
- Is your firm’s staff aware of your firm’s policy for properly confirming all money transfer or wire requests?
- Does you firm’s staff know who at the firm to contact in the event of a suspicious request?
There is no requirement for the firm to conduct an annual compliance meeting at the end of the calendar year. Instead, as RIA compliance consultants, we generally recommend that firms consider hosting their annual compliance meeting after the firm’s annual Form ADV amendment period and distribution to clients. This generally leads to conducting the meeting in the spring. However, there is no “right” time to conduct the annual meeting and firms should do what best accommodates their specific situations. In addition, firms should keep a copy of the meeting agenda and any associated handouts on file. This documentation will help to further reinforce the firm’s culture of compliance and commitment to staff compliance training.