Question: If an examiner knocked on your firm’s door today, would you be prepared?
While it’s likely your firm will be examined every seven to 10 years, if your risk profile heightens, you could be facing a regulatory examination much sooner.
Fortunately, we have insight into what regulators – namely the Securities and Exchange Commission (SEC) – are looking for during these exams. Some of the SEC’s top exam priorities include the SEC’s new marketing rule, environmental, social and governance (ESG), crypto-assets and cybersecurity.
With the SEC focusing in on these areas, RIA firms like yours must take proactive steps to strengthen their compliance programs, therein building trust among clients and fostering sustainable growth.
So, is your RIA firm prepared for an SEC exam? Let’s find out! Here are seven regulatory compliance practices your RIA firm can implement to prepare for a regulatory exam and ensure compliance with the evolving regulatory landscape.
Seven regulatory compliance best practices for your RIA firm
Here are a few best practices your RIA firm can implement to prepare for an SEC regulatory exam in 2023:
- Understand the SEC’s new Marketing Rule.
While the SEC’s new Marketing Rule, SEC Rule 206(4)-1, offers your RIA firm more opportunities for your firm to get creative with its marketing materials, this rule implemented new and specific restrictions and disclosure requirements. RIA firms like yours should carefully review their marketing materials, ensure compliance with the rule’s provisions and update disclosure practices to align with the SEC’s expectations.
2. Implement best practices for cybersecurity risk management.
RIA firms must adopt and implement written policies and procedures designed to address cybersecurity risks that could harm advisory clients and fund investors. These policies should cover areas such as data protection, incident response planning and employee training. Firms should consider engaging third-party experts to conduct cybersecurity audits and ensure their systems and practices align with industry standards.
3. Establish proactive vendor due diligence and oversight.
If your RIA firm engages with third-party vendors, it is especially important that it establishes a robust vendor due diligence process, conduct periodic monitoring of service provider performance and maintain comprehensive records to demonstrate compliance with oversight obligations. This proactive approach will demonstrate to regulators that the firm takes responsibility for its outsourcing decisions and mitigates potential risks.
4. Adhere to environmental, social and governance (ESG) requirements.
To ensure compliance with the SEC’s examination priorities regarding ESG, RIA firms should implement robust measures. They should conduct comprehensive reviews of their ESG-related advisory services and fund offerings, ensuring that funds operate in accordance with their disclosed strategies. RIA firms should also focus on appropriate labeling of ESG products and ensure that recommendations to retail investors are made in the investors’ best interests. These practices reflect an RIA firm’s commitment to compliance and the responsible integration of ESG factors.
5. Examine how your firm addresses crypto-assets.
RIA firms should review and enhance their compliance, disclosure and risk management practices regularly. This includes meeting the respective standards of care when making recommendations or providing investment advice on crypto-assets. Staying updated with regulatory requirements, conducting comprehensive due diligence and implementing robust compliance measures, reflects an RIA firm’s commitment to regulatory adherence and client protection in the evolving landscape of emerging technologies and crypto-assets.
6. Stay informed and embrace compliance.
The key to successfully navigating the regulatory landscape is to stay well-informed. RIA firms should actively monitor updates from the SEC, industry publications and professional networks to keep abreast of regulatory changes, proposed rules and amendments. Staying informed will enable your compliance team to start thinking ahead and anticipate how it can adapt its compliance program if any changes do occur – setting your RIA firm apart from others that might be scrambling last minute to meet regulation requirements.
7. Enhance recordkeeping practices.
Many of the rules the SEC is focusing on during this year’s exams emphasize the importance of comprehensive recordkeeping. RIA firms should review their recordkeeping practices, ensure the proper storage and accessibility of relevant documents and establish protocols for timely reporting of significant incidents. Maintaining accurate and up-to-date records will streamline the examination process and demonstrate a commitment to compliance.
While not a comprehensive list of all focus areas for regulatory examinations in 2023, these seven best practices will enable your firm to more effectively prepare for a potential regulatory examination. What else can you do? Stay informed, embrace compliance and seize the opportunities to thrive as a trusted registered investment adviser.
But we know that’s sometimes easier said that done. After all, navigating the rapid pace of regulatory change can be challenging. But with the right strategies and resources, investment firms can adapt successfully. Need further assistance navigating these new challenges and setting yourself apart from the competition? Download the COMPLY CCO Playbook today!