Blog Article

Top 10 best practices for RIA compliance in 2023

Dec 29, 2022

Discover the top 10 best practices for RIA compliance in the new year, including cryptocurrency, social media and CE tips.

A new year can be a busy time for financial advisers – and although the end-of-year rush is in the rearview mirror, tax season is right around the corner. Yet, there are some priorities which just can’t wait, including compliance.

Compliance errors can be costly to your firm and damaging to your reputation. To ensure you avoid deficiencies or even lofty fines, you must take a proactive approach to your compliance practices. To that end, we’ve assembled our top 10 compliance best practices your registered investment adviser (RIA) firm can use in the new year (and beyond) to improve your compliance – let’s dive in.

 

A countdown of the top 10 best practices for RIA compliance in 2023

1. Know your way around the SEC Marketing Rule

Perhaps the biggest Securities and Exchange Commission (SEC) update of 2022 was the updated Marketing Rule, which took full effect on Nov. 4, 2022. Although the rule includes updates to RIA’s books and records, policies and procedures, substantiation requirements and use of testimonials or endorsements, the most notable preclusions apply to performance advertising requirements.

Any performance advertising will now be evaluated to ensure it does not include prohibitions, such as statements of gross performance (unless also providing net performance), performance results which didn’t include specific time periods, performance results of investments extracted from a full portfolio without providing (or offering to provide) results from the total portfolio and hypothetical performance (unless policies and procedures are designed to ensure the performance is relevant to the likely financial situation and investment objectives of the intended audience).

If your RIA has yet to amend its policies and procedures in light of the above restrictions, doing so should be top of mind in the new year.

 

2. Disclose any conflicts of interest

Conflicts of interest are a threat to any compliance program. On Aug. 3, 2022, the SEC issued a staff bulletin addressing investment advisers and broker-dealers with guidance on identifying and handling conflicts of interest with investors.

A few of the top takeaways include:

  • Identifying conflicts of interest.
  • Eliminating and mitigating conflicts of interest.
  • Providing adequate disclosures.

For that last bullet point, an adviser is required to provide a full and fair disclosure, which includes: the nature of the conflict, the incentives created by the conflict, how the conflict could affect the firm’s advice and the source(s) and scale of compensation for the adviser and firm.

Firms should also disclose the nature of compensation (e.g., revenue sharing) and any fees incurred (directly or indirectly) by the retail investor as a result of the conflict.

 

3. Re-evaluate your RIA cybersecurity policies and procedures

On Feb. 9, 2022, the SEC formally proposed new rules related to cybersecurity risk management designed to enhance cybersecurity preparedness and improve the resilience of investment advisers and investment companies against cybersecurity threats.

The proposed rules and amendments are intended to reduce cybersecurity-related risks to clients, improve adviser and fund disclosures about their cybersecurity risks and incidents and enhance the SEC’s ability to assess systemic risks and oversee advisers and funds. You can read the full details in the SEC’s Fact Sheet overviewing the rule.

It’s a good idea to implement a cybersecurity response plan in anticipation of upcoming cybersecurity regulatory changes.

 

4. Archive all RIA communications

The SEC pays close attention to firms’ social media – and so does the public. With social media in the crosshairs, you risk fines or reputational damage if you’re not careful. One of the best ways to stay social media compliant is to stay up to date on your archival methods. All social media posts and activity should be archived, across all platforms your firm uses.

Additionally, RIAs must archive “off-channel” communications, such as text messages and other messaging apps (e.g., WhatsApp or Facebook Messenger). As we saw this past year, the SEC is paying close attention to these types of communications, levying roughly $2 billion in fines against large services firms. This is because SEC Rule 204-2 (also known as the Books and Records rule) requires firms to maintain true, accurate and current records for most types of communications.

Overall, it’s a good idea to document exactly who has access to which apps and accounts, via what devices and for what purposes. Comprehensive documentation can also be helpful in preventing fraudulent activity as well as for compliance purposes.

 

5. Embrace tech for employee trade monitoring

The process of monitoring employee trading can be difficult, and the complexity has only increased with remote employees. But trade monitoring is a key element of the Code of Ethics Rule, and it is no less a requirement now than it was when your entire team was in one place. For firms with several supervised employees, we recommend streamlining processes with automated employee monitoring software.

Although your relationships with clients (and your team of advisers) may be virtual these days, it’s important to implement a process which allows you to properly supervise your team’s trading activities.

 

6. Get your RIA annual compliance review on the calendar ASAP

The compliance review is an annual opportunity for the chief compliance officer (CCO) to assess the adequacy and effectiveness of the RIA firm’s policies and procedures, and therefore minimize risk of compliance deficiencies.

We generally recommend RIA firms consider hosting their annual compliance meeting after the firm’s annual Form ADV amendment period and distribution to clients. This often leads to conducting the meeting in the spring. However, there is no “right” time to conduct the annual meeting, and firms should do what is best to accommodate their unique business practices.

In your meeting, you should:

  • Review regulatory developments and update policies accordingly.
  • Review advisory documents for accuracy and relevance.
  • Complete your risk assessment.
  • Review client holdings and fees charged.
  • Review cybersecurity practices.
  • Document the meeting.
  • Identify and assign action items.

You should also use this opportunity to address any concerns your employees may have surrounding compliance.

 

7. Make sure you have a CCO who can hold your team accountable

Your firm’s CCO has a plethora of responsibilities, from defining your compliance program to tracking and documenting all compliance processes and beyond. Early in the year is a good time to assess whether your CCO has been successful in their duties, as well as in holding your team accountable.

A few of the best qualities a CCO should possess include:

  • A strong fluency related to the Investment Advisor’s Act of 1940.
  • The authority, within the firm, to adopt and implement policies and procedures compliant with the act.
  • A continuous development of knowledge as compliance rules evolve, market conditions fluctuate and technology advances.
  • A full grasp on all risk points for the firm, as well as tracking and analyzing potential compliance challenges for the firm.
  • An understanding of the due diligence activities involved in employee trading, third-party vendor selection and more.
  • An awareness of any tools and technology necessary to perform the requirements of the CCO role.

In addition, good CCOs have excellent analytical and communication skills and a strong sense of ethics and integrity.

 

8. Increase your cryptocurrency knowledge

Cryptocurrency is fairly new on the investing scene, and therefore lacks certain investor protections. The SEC’s recent focus on cryptocurrency means RIAs need to make sure they’re adequately addressing regulatory concerns.

A significant concern is that crypto fees and reporting can’t necessarily be structured in the same way as traditional investments. Since it’s difficult to accurately value cryptocurrency daily, leveraging a traditional investment advisory fee structure and providing accurate, timely reporting can both prove to be problematic.

We recommend firms proceed with caution, educate themselves thoroughly and pay close attention to documentation for any crypto investing.

 

9. Study up on the DOL “Rollover Rule”

The DOL’s “Improving Investment Advice for Workers and Retirees,” colloquially referred to as the Rollover Rule, sets forth new requirements for advisers providing recommendations to retirement plan participants.

The new rule made changes to the existing interpretation of the five-part fiduciary test, stating certain rollover recommendations may be considered an Employee Retirement Income Security Act of 1974 (ERISA) violation.

Understanding the most recent exemption (PTE 2020-02) is crucial to your firm’s compliance success. Essentially, investment advisers recommending rollovers to a retail client and receiving additional compensation are required to meet an exemption under the Rollover Rule.

Since the rule has been in effect since Jul. 1, 2022, it’s a good idea to review your policies and procedures to ensure regulatory compliance.

 

10. Keep up with IAR CE requirements

In November 2020, the North American Securities Administration Association (NASAA) elected to adopt an investment adviser continuing education requirement with the goal of ensuring advisers receive proper and updated training on the securities business relevant to their duties and obligations.

As of 2022, advisers need to complete 12 continuing education credits per year in order to maintain their investment adviser representative (IAR) registration in states which have already adopted the model rule (Maryland, Mississippi and Vermont). The credits are broken down as follows:

1) IAR Ethics and Professional Responsibility Requirement: An IAR must complete six credits of Ethics and Professional Responsibility content offered by an Authorized Provider.

2) IAR Products and Practice Requirement: An IAR must complete six credits of Products and Practice content offered by an Authorized Provider.

It’s easy to put off CE credits until later in the year, but early planning can help advisers stay on track to keep compliant with the educational requirements.

RIA in a Box LLC is not a law firm, investment advisory firm, or CPA firm. RIA in a Box LLC does not provide legal advice or opinions to any party or client. You should always consult your relevant regulatory authorities or legal counsel if applicable.