Recently, the North American Securities Administrators Association (“NASAA”) released its 2017 Investment Adviser Coordinated Examinations Report. The biannual report is a can’t miss registered investment adviser (“RIA”) compliance resource. As RIA compliance consultants, we recommend that the Chief Compliance Officer (“CCO”) of all investment advisory firms review the regulatory exam summary report to determine if any compliance changes need to be implemented at their firm.
For this year’s report, 38 jurisdictions (the majority of states across the country) provided data for RIA examinations performed from January through June 2017. The characteristics of the 1,227 investment advisory firms which were audited break down as follows:
- 946 firms had regulatory assets under management (“AUM”) greater than $0
- 336 of the firms had AUM of greater than $30 million
- 610 of the firms had AUM of less than $30 million
- 331 of the firms were examined for the first time
- 535 were examined in last 5 years
- 741 of firms were solo advisors with 1 individual investment adviser representative (“IAR”)
- 220 of firms had 2 IARs
- 101 affiliated with a broker dealer firm
- 74 advised a pooled investment vehicle (e.g. hedge fund or private equity fund)
- 572 offered financial planning services
- 78 acted as solicitors for other RIAs
- 27 payed solicitors for referrals
The table below breaks down the number of regulatory compliance deficiencies found per RIA audit over the five most recent NASAA examination reports:
Source: 2009, 2011, 2013, 2015, and 2017 NASAA Investment Adviser Coordinated Examinations Reports
The table above shows that the average number of regulatory deficiencies found during audits spiked this year to 6.57 per examination. In its release, NASAA states, “the majority of increases in deficiencies reported in 2017 can be attributed to the addition this year of three new compliance areas for examination, including cybersecurity, and enhanced efficiencies in the state examination process.”
The chart below depicts the percentage of RIA firms that had at least one regulatory deficiency from 2007 to 2015 across this year’s ten most common categories:
Source: 2007, 2009, 2011, 2013, 2015, and 2017 NASAA Investment Adviser Coordinated Examinations Reports. Note that some past reports do not contain the categories as depicted in the 2017 report (e.g. cybersecurity, contracts, and brochure delivery).
As shown above, the top three categories for regulatory deficiencies in the newly released 2017 report are:
- Books and Records (64.6% of firms with AUM)
- Registration (54.3% of firms with AUM)
- Contracts (45.4% of firms with AUM)
The top regulatory trouble areas for 2017 closely mirror the 2015 results with one slight difference in that contract issues were more common than registration issues in 2015. Historically, registration issues have been even more common as the registration category topped all other categories in 2007, 2009, and 2011.
Overall, the total number of deficiencies per audit has increased by 54.3% since the 2015 report. It’s evident that the new introduction of the cybersecurity deficiency category helped to drive up the deficiency figures as 23.4% of firms examined had at least one cybersecurity-related deficiency with the lack of adequate cybersecurity insurance being the top such deficiency. As in past years, NASAA has once again provided an updated set of best practices which they recommend RIA firms use as a guide for developing and improving their compliance programs.
Be sure to check back soon for more detailed information as we will be breaking down each compliance category with additional blog posts in the coming weeks.