Coordinated state exams of 1,130 investment advisory firms conducted by members of the North American Securities Administrators Association (NASAA) found 6,482 compliance deficiencies across 20 registered investment adviser (RIA) compliance categories in 2013. Last week we discussed the deficiencies in contracts, specifically regarding execution, fee’s, and fee formulas.
This week’s segment covers another common RIA compliance deficiency category: Privacy Policies. The 2013 NASAA investment adviser examination report contains results from 1,130 investment advisory firms examined. In the privacy policy category, of all RIA firms examined, 19.6% of audits noted at least one privacy policy-related deficiency. This figure has decreased slightly since the 2011 report which noted deficiencies in 21.2% of investment advisory firms examined.
21.8% of RIA firms with greater than $30 million in assets under management (AUM) had privacy policy-related deficiencies, compared to 16.2% of investment advisory firms with less than $30 million in AUM. About 25% of RIA firms examined for the first time had privacy policy deficiencies compared to around 15% of firms that had previously been examined.
As stated earlier, 19.6% of investment advisory firms examined according to the 2013 NASAA report had privacy policy-related deficiencies. The top privacy policy deficiencies in 2013 were:
- Annual delivery of privacy policy (48.6%)
- Initial delivery of privacy policy (19.9%)
- No privacy policy (13.8%)
- No/Inadequate policy (10.5%)
- Disclosed confidential client information (1.7%)
Over the span of two years, the most common compliance issues only slightly changed. The top privacy-related deficiencies in 2011 were:
- Annual delivery (~40%)
- No privacy policy (~25%)
- Initial delivery (~19%)
- Deficient policy (~8%)
- Other (~6%)
It remains evident that a significant number of investment advisers struggle to fulfill the firm’s annual and initial privacy policy delivery requirements. While many RIA firms are familiar with the requirements to inform all clients of any material changes to the advisory firm’s FORM ADV within 120 days of your firms fiscal year end, many investments advisers overlook the requirement to deliver the firms current privacy policy to all clients on an annual basis. RIA firms need to be prepared to properly distribute privacy policies and disclosure brochures initially and annually. As RIA compliance consultants, we encourage the Chief Compliance Officer (CCO) of every investment advisory firm to take a few minutes to look over the firm’s current privacy policy procedures to ensure the firm is meeting all delivery requirements.