Each week, we are giving you our weekly report highlighting the top compliance news articles from various industry news publications. We have selected the most relevant and important news articles related to registered investment adviser (RIA) compliance and regulatory issues. This week’s recap focuses on the Securities and Exchange Commission’s (SEC) RIA audits, the LinkedIn and RIA in a Box compliance partnership, compliance with the Department of Labor’s (DOL) PTE 2020-02, and recommended cybersecurity protocols for RIAs.
Here are our top investment adviser compliance articles for the week of August 5th, 2022:
1. SEC Audit Does Not Have To Be Scary, RIA In A Box Says (Author – Karen Demasters, Financial Advisor)
In a recent interview, Karen Demasters and RIA in a Box director of compliance Jason Vinsonhaler discuss the SEC audit process for RIAs. Vinsonhaler shares that it is now common for firms to be audited every eight years, and it’s key to proactively prepare to have all the firm’s documents in order. He details what the senior management team, including the chief compliance officer, should expect after they receive the SEC’s initial audit notice. Firms can look at the audit process as an opportunity to improve, and should be aware that around 70% to 80% of reviews result in a deficiency letter of some sort. It’s important to respond to the deficiency letter and resolve the issues in a timely manner.
2. Social Media is a Compliance Minefield for Advisors. LinkedIn and RIA in a Box Want to Help. (Author – Kenneth Corbin, Barron’s)
Kenneth Corbin discusses how financial services companies can comply with the SEC’s marketing rule new requirements for social media marketing practices. RIA in a Box has become LinkedIn’s latest compliance partner to help financial services companies meet regulatory requirements related to marketing on social media. Firms and their advisors use RIA in a Box’s Communications Archiving and Review solution to streamline the process to capture, store, and review webpages, social media and email communications. With the new partnership, users can now connect their LinkedIn profiles to RIA in a Box’s solution, automating the retention and monitoring of published content.
3. Firms Warned To Quickly Correct Any DOL Rollover-Rule Violations (Author – Tracey Longo, Investment News)
This article discusses common violations of DOL’s PTE 2020-02 and how firms should self-correct within 90 days to receive the exemption from prohibited conflicts of interest. If the DOL identifies failures in meeting the PTE requirements and finds a loss has occurred to investors, a firm will be required to make the investor whole. The most common issues include the following: 1) a failure to provide a fiduciary acknowledgement to investors, 2) failure to apply new rules to recommendations to transfer IRAs from other firms to the advisor’s firm, 3) failure to have policies and procedures designed to mitigate conflicts and 4) failure to disclose conflicts for plan-to-IRA rollovers and IRA-to-IRA transfers.
4. What to Know About the 5 Stages of an SEC Audit (Author – Ed McCarthy, Think Advisor)
In light of the rising number of SEC audits, Think Advisor provides a slideshow to help RIAs navigate and prepare for inevitable federal examinations. RIA in a Box director of compliance Jason Vinsonhaler recommends RIAs review the SEC’s 2022 examinations priorities to understand the specific areas of their business the SEC will focus on. Document preparation should be a proactive effort versus reactive. RIAs can expect the audit to last from one to five days, and to prepare their office and staff for an on-site visit. While the pandemic caused the examinations to occur remotely, there has been a recent shift back to on-site audits. The SEC has up to six months to send a deficiency letter, and expects the RIA to respond within 90 days.
5. Return-To-The-Office Mandates Will Require Cybersecurity Adjustments For Advisors (Author – Sid Yenamendra, Financial Advisor)
Sid Yenamendra explores the implications of return-to-office mandates in terms of cybersecurity risk management. While some firms may choose to offer flexibility to their employees, including office and remote days, the cybersecurity protocols must be adjusted accordingly. It is recommended that firms implement multifactor authentication and continue cybersecurity training for all employees. The article suggests the hybrid approach can be particularly risky, considering employees may turn to co-working spaces with vulnerable network connections. An efficient cybersecurity solution should monitor endpoints on client networks and automatically remediate vulnerabilities to can mitigate business disruptions. Firms can also increase transparency with reporting capabilities to keep track of different users and vendors as they work remotely.
Don’t forget to check out last week’s top RIA compliance news articles that focus on the importance of technology in a firm’s compliance program, the SEC’s staff bulletin on conflicts of interest, and tips for advisors to identify suspected financial exploitation of elderly clients