10 Most Common Compliance Questions We Hear from Financial Advisors

Navigating the labyrinth of regulatory compliance can often feel daunting for independent financial advisors. Whether you’re just starting out or are a seasoned professional, understanding the nuances of compliance is crucial for protecting your practice and your clients.

 

In this blog, we’ve pulled together the 10 most common regulatory compliance questions we hear from independent financial advisors. From how you market your practice online to staying up to date with SEC’s evolving rules, we provide clear and actionable insights to help you stay compliant and confident in your advisory role. Let’s dive in and demystify the world of regulatory compliance together.

1. Should my firm be registered with my state or the SEC?:

 

The simple rule of thumb is this: If your assets under management (AUM) are less than $100 million, you will need to register with the relevant state(s). If your AUM is $100 million or more, you should register with the SEC. However, that’s just the tip of the iceberg. To figure out the exact states where you need to be registered, consider these factors:

 

  • Where is your office located?
  • In which states do you have representatives physically present?
  • Do you have five or more clients in specific states (or even just one client in Texas and Louisiana)?
  • Are you actively soliciting in certain states?

 

When dealing with SEC registration, a few additional points come into play:

 

  • If your principal office is in New York, you generally need to register with the SEC if your AUM is $25 million or more.
  • Firms advising a registered investment company under the Investment Company Act of 1940 must register with the SEC regardless of their AUM.
  • If you need to register in 15 or more states, you will typically register with the SEC regardless of your AUM.
  • Internet-only advisors can register with the SEC regardless of AUM.

 

It’s worth noting that there are exceptions to these guidelines, so always double-check to ensure full compliance.

 

2. How can I protect my firm if someone hacks into my firm’s network?:

 

Cyber security has become an incredibly important topic of conversation among businesses of all industries and sizes – especially the financial industry. For that reason, the SEC’s rule called the “Cybersecurity Risk Management, Strategy, Governance and Incident Disclosure” was proposed in 2022 to address the growing concern about online data safety by requiring registrants to report cybersecurity incidents within four business days, among other changes.

 

To comply with this rule, your firm should:

 

  • Implement policies and procedures designed to detect and prevent cybersecurity incidents.
  • Provide periodic reports that include disclosures of past incidents.
  • Report on ongoing cyberattack measures.

 

Advisors looking to uphold strong cybersecurity practices should consider these steps:

 

  • Offer continuous team training on cybersecurity practices.
  • Implement a virtual desktop infrastructure to maintain data security and compliance while allowing employees to work from anywhere.
  • Prepare periodic reports that showcase the strengths of your cybersecurity procedures and identify potential vulnerabilities.
  • Regularly review your firm’s cybersecurity policies.
  • Test your systems by conducting authorized simulated cyberattacks.

 

3. What should I include in my firm’s policies and procedures?:

 

The SEC has identified several critical areas where independent financial advisors must have robust policies and procedures. If you’re looking for guidance, here are some key elements to prioritize in your compliance program:

 

  • Portfolio Management Process: Include aspects like asset allocation and disclosures to clients.
  • Accuracy of Disclosures: Ensure all communications to clients, regulators, and investors are accurate.
  • Proprietary Trading: Develop policies around proprietary trading activities.
  • Client Asset Safeguarding: Implement procedures to protect your clients’ assets.
  • Record Keeping: Maintain secure and accurate records, protecting them from unauthorized access or destruction.
  • Client Information Privacy: Safeguard your clients’ personal information.
  • Trading Practices: Have clear policies on trading practices.
  • Marketing Practices: Ensure your marketing efforts comply with regulations.
  • Client Holdings Valuation and Fees: Establish processes for valuing client holdings and assessing fees.
  • Business Continuity Plans: Prepare for disruptions with a solid business continuity plan.

 

Make these elements the backbone of your firm’s policies and procedures to stay compliant and efficient.

The Ultimate Advisor SEO Checklist

Steps to properly optimise your website and get more traffic.

4. Can I outsource my Chief Compliance Officer (CCO)?:

 

This is a common question, and our advice is consistent: it is vital to have a dedicated person or team to manage your compliance – someone responsible for overseeing all compliance policies, procedures and processes. The SEC’s stance states the CCO should be someone within your firm who holds authority, participates in decision-making, and has the power to enforce compliance measures.

 

However, the cost of hiring a CCO full-time isn’t always feasible for an independent financial advisor. That’s where partnering with a collaborative firm like Integrated Financial Group (IFG) can prove invaluable. IFG offers support to help you stay compliant while saving money, reducing stress, and conserving time.

 

5. What’s the best way to market my firm’s performance?:

 

This is a tricky one. The short answer is, be very cautious. The SEC’s Marketing Rule has introduced some flexibility, but you should still avoid any statements that could be seen as misleading or implying guaranteed results.

 

Context is key, and stripping it away can land you in hot water. And remember, steer clear of sharing hypothetical performance data on public platforms like your website or social media.

 

6. Do I need to archive my communications on communication platforms?:


The short answer is yes. If you’re communicating with clients or prospects via any platform—email, social media, messaging apps, etc.—you should archive all interactions.

 

Issues often arise when advisors start conversing with clients through personal accounts on platforms like Facebook. If you’re giving financial advice in any form, you likely need to archive that communication.

 

7. How do I ask clients for online reviews and testimonials in a compliant manner?:


Advisors have long been cautious about soliciting reviews and testimonials, but the new SEC Marketing Rule changes that landscape. A key regulation to be mindful of is the “cherry-picking” rule, which prohibits selectively asking only your favorite clients for feedback.

 

To comply, send a testimonial request to your entire email list. It’s a simple, cost-free way to ensure you reach out to all clients uniformly. Here at IFG, we offer our advisors help creating templated testimonial request emails to streamline the process.

8. My team is fully remote – how can I ensure the security of sensitive client and firm information?:

 

In today’s post-pandemic world, remote work has become the norm. While having a decentralized team can complicate security for sensitive information, it’s definitely manageable. To ensure security, firms must first understand the risks and then implement strong policies and procedures.

 

Here are some additional recommended steps, along with guidance from the SEC:

 

    1. Supervise your team – Advisor firms are mandated to oversee their personnel, including monitoring investment and trading activities. Implementing monitoring software is crucial.
    2. Address cybersecurity with your team – Employees transitioning to remote work need training on appropriate cybersecurity practices, such as using secure internet connections, tracking devices, and guarding against phishing emails and wire fraud schemes.
    3. Establish password protection protocols – Ensure that solid security measures, such as password protection, are in place for all devices. This includes locking computers when not in use and shutting them down properly at the end of the day.

 

9. Who on my team is responsible for compliance?:

 

The short answer: “Everyone.”

 

Building a culture of compliance is crucial, and it should be ingrained in every team member’s responsibilities. While the Chief Compliance Officer (CCO) often leads the charge, maintaining compliance is a shared duty across the firm. The CCO’s role is to oversee this compliance landscape, watch for red flags, and stay updated on the latest regulations.

 

10. How can Integrated Financial Group help? :

 

Leveraging our deep industry knowledge, our in-house professionals and members are dedicated to offering strategic advice tailored to meet the unique needs of RIA firms. Central to our approach is the Brain Trust, a collaborative culture that fosters knowledge sharing and continuous learning.

 

The Brain Trust enables firm-wide discussions on best practices, regulatory updates, and innovative compliance strategies, ensuring that every member is well-equipped to navigate the complex regulatory landscape. Partnering with IFG means gaining access to a wealth of expertise and a supportive community, dedicated to fostering a strong culture of compliance.

Share on facebook
Share on twitter
Share on email

Ready to Set Your Future Free?

Apply to join our consortium today to see if you qualify. The independence you’ve been seeking is just a conversation away.

Subscribe to get the latest posts straight to your inbox 👇

Please enable JavaScript in your browser to complete this form.