Complete Guide to RIA Compliance: Best Practices for Navigating Regulatory Changes
Learn actionable tips and advice about navigating regulatory changes and updates for independent financial planners to stay within RIA compliance.
As the financial industry undergoes continuous regulatory developments and regulators intensify their scrutiny, the responsibilities of financial advisors and broker dealers in terms of compliance have become increasingly crucial.
Financial compliance encompasses a framework of regulations that govern the operations of the financial industry, aiming to protect various stakeholders such as investors, shareholders, and banking customers.
Although compliance may sometimes seem like an unnecessary weight, presenting itself as a complex labyrinth of regulations that advisors and broker dealers must skillfully maneuver to avoid consequences, it can be viewed as an opportunity for strategic advancement.
By adopting this perspective, advisors can effectively navigate the intricacies of compliance, avoid compliance headaches and establish a more robust and trustworthy practice that ultimately benefits both themselves and their clients. Consider this your RIA compliance guide for everything you need to know as a financial professional.
What is RIA Compliance?
Simply put, RIA compliance refers to the adherence to regulatory requirements laid out in the Investment Advisers Act of 1940 (referred to as the “Advisers Act”). These requirements mandate that Registered Investment Advisors (RIAs) establish comprehensive policies and procedures to prevent legal violations. The Securities and Exchange Commission (SEC) plays a vital role in this landscape by formulating rules, providing interpretations, and offering guidance to RIAs for better comprehension of their fiduciary responsibilities as outlined by the Advisers Act.
While the Advisers Act itself has undergone minimal changes since its inception, the SEC’s rules have continually evolved to match the advancements in technology and evolving business and trading practices. Each policy and procedure outlined by the SEC aims to safeguard investors while providing guidance to advisors on their fiduciary duties.
RIA compliance signifies your firm’s unwavering commitment to upholding the highest ethical and professional standards, placing the interests of investors at the forefront. It serves as a testament to your dedication to prioritizing clients’ best interests, without allowing personal agendas to obstruct the way. It is, without a doubt, a critical factor in achieving success within our industry.
7 Primary Components of RIA Compliance
1. Office of Supervisory Jurisdiction (OSJ)
The Office of Supervisory Jurisdiction (OSJ) plays a pivotal role in the universe of Registered Investment Advisors (RIAs). It’s a crucial component of financial industry supervisory systems, particularly within broker-dealer operations. Understanding the function and responsibility of the OSJ is crucial for any financial advisor looking to maintain a high standard of compliance in their practice.
Essentially, the OSJ is responsible for a broad range of compliance, oversight, and supervision duties within a broker-dealer firm. These duties include reviewing and endorsing customer orders, maintaining customer accounts, and supervising the activities of non-OSJ branch offices. Therefore, the OSJ plays a critical role in ensuring that all activities are carried out within regulatory guidelines, thereby maintaining the integrity of the financial marketplace.
For independent financial advisors, a strong understanding of the role of the OSJ can provide valuable insights into the regulatory environment. It can assist you to remain compliant, reduce risks, and maintain the trust of your clients. By aligning your operations with the OSJ’s expectations, you can ensure that your practice stands up to scrutiny and operates within the legal and ethical framework of the industry.
2. Investment Advisers Act of 1940
The Investment Advisers Act of 1940 is a significant federal law in the United States that outlines and defines the responsibilities of investment advisors. It provides the Securities and Exchange Commission (SEC) with authority to monitor and regulate financial representatives and advisors, with the primary goal of protecting investors and maintaining fair, efficient markets while promoting capital formation.
This act precisely defines what constitutes investment advice and establishes the requirements for registration with state and federal regulators before offering such advice.
3. SEC Office of Compliance Inspections and Examinations (OCIE)
The SEC’s Office of Compliance Inspections and Examinations (OCIE) annually identifies specific practices, products, or services that pose higher risks to investors or markets. This serves as a means to promote transparency and educate the public. The published list enables registered investment advisors (RIAs) to gain insights into the areas SEC examiners will focus on during their examinations.
The SEC publicly announces its examination priorities at the beginning of each year through press releases, and the full details are available online as a PDF document, reinforcing their commitment to transparency. While these priorities are primarily directed at SEC-registered firms, state regulators often address similar issues during their own exams. Therefore, advisors are advised to attentively consider the SEC’s Examination Priorities.
4. Form ADV
Form ADV is a crucial component of Registered Investment Advisor (RIA) operations. Its importance in RIA compliance is akin to that of Form 1040 for individual income taxes. While you may already be familiar with it, it’s worth revisiting (as confusion surrounding Form ADV can be unexpectedly common).
Firstly, this form necessitates annual completion and resubmission to ensure your firm’s ongoing compliance. In addition to the annual update, you will be required to update Form ADV whenever changes occur in your contact information, fee schedule, ownership, and other pertinent details. Notably, changes in assets under management (AUM) resulting from market fluctuations do not require filing an amendment outside of the annual update.
Secondly, Form ADV comprises various sections. The initial part involves providing information about your firm, including AUM and related details. Similar to completing personal income tax forms, your firm must answer the form’s questions and provide all requested information.
It’s vital to understand that the Securities and Exchange Commission (SEC) and state regulators utilize this information to assess and enforce regulations. Moreover, they employ an algorithm to determine the risk level associated with your business model, impacting the frequency of regulatory examinations.
The second part of Form ADV involves creating a brochure, which must be annually provided to prospective and existing clients. This brochure should comprehensively outline your services, AUM, fee schedule, conflicts of interest, and other relevant information in a manner that is easily accessible and comprehensible to clients and potential clients.
5. Chief Compliance Officers (CCOs)
Compliance officers, also known as CCOs, play a vital role in ensuring firms adhere to the SEC’s regulations. These individuals are responsible for overseeing all compliance policies, procedures, and processes within Registered Investment Advisors (RIAs).
While some RIAs initially assign the owner as the CCO to save costs, this approach may prove detrimental in the long run, potentially leading to deficiencies and fines imposed by regulators.
Many firms do go the route of hiring a CCO, in order to allow the owner to focus on revenue-generating activities while entrusting compliance management to an expert. By having an experienced professional overseeing the compliance program, the already complex process becomes more streamlined, ensuring efficient operations and meeting regulatory requirements.
However, for many financial advisors, the expense of hiring a CCO is not feasible. That’s where working with a collaborative partner, like Integrated Financial Group, comes into play and can offer support in staying compliant while saving money, stress and time.
Moreover, dedicating someone to maintaining compliance fosters a culture of adherence within the firm. This proactive approach helps prevent crucial tasks, documents, and processes from slipping through the cracks and creating compliance issues. By prioritizing compliance, your firm can safeguard its reputation and minimize regulatory risks.
6. Assets Under Management (AUM)
When determining a firm or advisor’s Assets Under Management (AUM), various factors must be considered, including bank deposits, mutual funds, cash, funds under discretionary management, and more. In addition to AUM, a firm’s management performance and experience also play a crucial role in evaluation.
It is important to note the significance of AUM in RIA compliance. Any discrepancies, such as failure to regularly update AUM, can potentially trigger an audit. Therefore, it is essential to continuously reassess and update any mentions of AUM in marketing or sales materials to ensure accuracy and reflect the most up-to-date value. While frequent updates are not necessary, it is important to take action when AUM becomes significantly outdated.
7. Maintaining Ethical Integrity and Resolving Conflicts of Interest
As a financial advisor, it is paramount to act in the best interests of your clients and represent them with utmost competence and loyalty. However, while recognizing that advisory services are business-oriented, it is essential to acknowledge that self-interest may exist. Operating as a for-profit enterprise does not exempt you from disclosing conflicts of interest. The objective is to disclose these conflicts and demonstrate how you are effectively managing them to prioritize your clients’ needs.
It is crucial to emphasize that the SEC strongly disapproves of advisors disregarding their fiduciary duty. While having a conflict of interest is not inherently against SEC regulations, failing to disclose it when it arises is considered a violation. Your clients deserve to be well-informed about potential conflicts, enabling them to make informed decisions regarding their assets.
Furthermore, it is important to note that this fiduciary responsibility extends beyond individual financial advisors to encompass your entire firm. Regularly checking in with the members of your team, including the Chief Compliance Officer, ensures vigilant conflict monitoring and immediate disclosure if needed.
To establish a culture that prioritizes compliance and minimizes regulatory disciplinary actions, implementing a comprehensive code of ethics within your firm is essential. Training your advisors on behavioral expectations, ongoing monitoring, and the consequences of violations fosters an environment that promotes ethical conduct. Consider adopting a code of ethics system to swiftly identify and address any improper trading activities, safeguarding your firm and clients.
RIA Compliance Checklist
Below is a comprehensive checklist of the essential information that you must familiarize yourself with to ensure full compliance of your new RIA firm with the appropriate governing bodies. Regardless of where you’re at in the process, the following are the seven key factors that warrant careful examination throughout the journey.
1. Draft your form filings and documentation
To effectively register your Registered Investment Advisor (RIA) firm with the appropriate regulatory bodies, it is crucial to prepare and organize the necessary form filings and documents.
While not all the forms listed below are required at the initial stage (although most are), it is important to note that exceptions and exemptions exist. However, it is imperative to have these forms readily available in case of an audit by the authorities.
- Form ADV (discussed above)
- Policies and procedures manual: In November 2020, the North American Securities Administrators Association (NASAA) introduced a new model rule aimed at providing clarity on the necessary policies and procedures that RIA firms must have in place. According to this rule, investment advisors are required to address the following key areas:
Compliance Policies and Procedures: RIAs must establish, maintain, and enforce written policies and procedures that are reasonably designed to prevent any violations of the Uniform Securities Act of 1956 and the related rules adopted by the securities administrator.
Supervisory Policies and Procedures: RIAs must develop, implement, and enforce written supervisory policies and procedures that are reasonably designed to prevent any violations of the Uniform Securities Act of 1956 and the related rules by their supervised individuals.
Proxy Voting Policies and Procedures: If an RIA has the authority to vote on behalf of clients, they must clearly outline the process and adhere to written policies and procedures. In cases where the firm lacks authority to vote on client securities, this should be disclosed to clients.
Physical Security and Cybersecurity Policies and Procedures: RIAs must establish, implement, update, and enforce written policies and procedures that ensure the confidentiality, integrity, and availability of both physical and electronic records and information. The design of these policies and procedures should be tailored to the specific business model of the RIA, considering the firm’s size, services offered, and number of locations.
Code of Ethics: As mentioned above, RIAs must maintain a comprehensive written code of ethics that outlines expected employee conduct and outlines the appropriate actions to be taken in the event of a Code of Ethics violation.
Material Non-Public Information Policy and Procedures: RIAs must establish, maintain, and enforce written policies and procedures that are reasonably designed to prevent the misuse of material, non-public information by the RIA or any individuals associated with the firm.
Business Continuity and Succession Plan: RIAs must create, maintain, and enforce written policies and procedures that address business continuity and succession planning.
Investment Advisory Contracts: It is crucial to carefully consider the creation and maintenance of investment advisory agreements. Although this is not explicitly required for an SEC RIA application, most states scrutinize client contracts during the registration process.
To ensure the integrity of your contracts, reflect on the following queries:
Does your firm possess appropriately executed written client agreements for each client relationship?
Do the fees, fee calculation methods, and billing frequency align with the client’s invoicing?
Are the firm’s current services and discretionary authority correctly outlined in the executed agreement?
Does the contract contain any hedge clauses that may conflict with your firm’s fiduciary responsibility?
Licensing Requirements for Investment Advisor Representatives (IARs): If you are establishing your own Registered Investment Advisor (RIA), it is likely that you already possess a Series 7, 65, or 66 license (or an equivalent professional credential). This is an opportune moment to ensure the currency and compliance of all your credentials, aligning with the regulations of the governing bodies under which you plan to register.
2. Register Your RIA with the Proper Authorities
To ensure compliance with regulatory requirements, it is necessary to register your Registered Investment Advisor (RIA) with the appropriate authorities. Registration procedures may vary depending on different factors as detailed below.
- Registration with the U.S. Securities and Exchange Commission (SEC):
- Registration with the U.S. Securities and Exchange Commission (SEC):
Typically, advisory firms starting an RIA with assets under management (AUM) of $100 million or more are required to register with the SEC as an RIA. However, there are exceptions to this rule.
For instance, advisory firms based in New York must register with the SEC if their AUM exceeds $25 million. Additionally, firms that serve as advisors to investment companies registered under the Investment Company Act of 1940 must register with the SEC regardless of the AUM.
Moreover, RIAs required to register in 15 or more states are generally required to register with the SEC, irrespective of AUM. For further detailed information, refer to the SEC’s comprehensive document titled, “Regulation of Investment Advisers by the U.S. Securities & Exchange Commission.“
- Registration with the State:
- With exceptions considered, prospective RIA firms with less than $100 million in AUM should register with the relevant state authority rather than the SEC. Generally, an advisory firm must register in any state where it meets one or more of the following criteria:
- Has a physical location or office.
- Has a representative physically located.
- Has five or more clients (or a single client in Texas and Louisiana).
- Is physically soliciting in that state.
It is important to note that registration requirements and processes may vary from state to state, and there may be exceptions to the general guidelines.
It is worth mentioning that Registered Investment Advisors (RIAs) are not required to register with the Financial Industry Regulatory Authority (FINRA), as FINRA does not have regulatory authority over RIAs. However, FINRA does facilitate the online filing system for the registration of RIAs and their Investment Advisor Representatives (IARs).
3. Choose Your CCO
As experts in RIA compliance consulting, we frequently encounter the question, “Is it necessary for my firm to recruit a dedicated CCO?” The response, much like many facets of RIA compliance, is contingent upon various factors.
All RIAs, regardless of size, are obliged to have an internal CCO, although it may be someone who also handles additional responsibilities. In many instances, the advisor-owner assumes this role during the early stages of the RIA’s establishment, which comes with its own advantages and disadvantages.
- Advantage: It eliminates the expenses associated with hiring a full-time CCO.
- Disadvantage: The CCO may not possess extensive knowledge and expertise in RIA compliance.
As mentioned above, working with a partner like Integrated Financial Group can help curb the costs and concerns of maintaining compliance. Among other services, IFG advisors gain access to experts that specialize in compliance support. For more information, check out our financial planning services.
4. Safeguard your firm from cybersecurity threats
With the ever-expanding array of threats, like phishing scams, malware, ransomware, and trojans, it’s crucial to protect your RIA firm’s sensitive information. As digital technologies become increasingly integral to running an RIA, cybersecurity poses a more dangerous challenge.
Ensuring the safety of your firm and clients is no longer just a best practice but a necessary step, as failure to implement basic security measures may lead to substantial penalties.
Do you handle online payments or collect personally identifiable information (PII) and financial records? Even if you simply rely on technology for everyday operations, you remain vulnerable to ransomware attacks.
Carefully assess your business practices to identify potential vulnerabilities and implement suitable protective measures.
To assist you in this process, we offer a complimentary Cybersecurity RIA Compliance Checklist, available for download.
In a press release issued in July 2023, the SEC announced that it has adopted rules requiring registrants to disclose information about their cybersecurity risk management and governance on an annual basis. The new rules require registrants to disclose material cybersecurity incidents on Form 8-K within four business days, unless the United States Attorney General deems otherwise.
Registrants are also now required to disclose any and all processes related to cybersecurity risks in their annual Form 10-K report, including board oversight of risks and management’s role in assessing and managing them.
All registrants must provide Form 10-K, 20-F, 8-K and 6-K disclosures beginning December 15, 2023 with smaller reporting companies receiving an additional 180 days before they must begin providing the Form 8-K disclosure, and all registrants must tag disclosures in Inline XBRL one year after initial compliance.
5. Make sure your RIA is properly insured
While insurance may not be mandatory for starting a new RIA firm, it is prudent for most RIA firms to consider two specific types:
- Errors and Omissions Insurance:
We highly recommend acquiring liability insurance to protect your firm. Neglecting to obtain such coverage exposes your firm to significant business risks.
However, it is crucial to note that even the most comprehensive E&O insurance plan will not provide coverage for an inadequate RIA compliance program. For instance, insurance programs generally do not cover regulatory fines and sanctions. Therefore, it is imperative for your firm to establish internal compliance policies and procedures to foster a culture of compliance.
- Cybersecurity Insurance:
Cyber insurance offers a vital and often underestimated service to RIA firms. Without proper cyber coverage, many small and midsize businesses are vulnerable to the severe consequences of a cyber attack.
When choosing cybersecurity insurance, it is important to follow the same steps as you would for any other type of insurance. Educate yourself, carefully weigh the options, and seek expert assistance if needed.
- Errors and Omissions Insurance:
6. Understand and adhere to your fiduciary duties
The SEC outlines two fundamental principles that govern the fiduciary duty of investment advisors: Duty of Care and Duty of Loyalty. Let’s delve deeper into each of these principles.
- Duty of Care encompasses three key obligations:
- Duty to Provide Advice in the Client’s Best Interest: Investment advisors are obligated to offer advice that aligns with the best interests of their clients. This entails understanding and considering their unique financial situations, goals, and risk tolerance.
- Duty to Seek Best Execution: Advisors must diligently strive to execute trades on behalf of their clients in a manner that achieves the most favorable terms reasonably available under the circumstances.
Duty to Act and Provide Ongoing Advice and Monitoring: Fiduciaries are responsible for continually acting in the best interests of their clients and maintaining regular communication. This includes offering advice and monitoring the progress of the client’s financial plan throughout the duration of the relationship.
- Duty of Care encompasses three key obligations:
Furthermore, fiduciaries must implement ongoing monitoring procedures to ensure that financial plans remain on track, even in the face of changing market conditions. Open and clear communication regarding risks and costs is crucial.
Adhering to the principles of the Duty of Care enables fiduciary advisors to cultivate trust, promote transparency, and strive for optimal financial outcomes on behalf of their clients.
The Duty of Loyalty is another fundamental requirement for investment advisors as outlined by the SEC:
According to the SEC, investment advisors have a primary responsibility to prioritize their clients’ best interests. This means that advisors must not favor their own interests over those of their clients, nor unfairly favor one client over another. In order to fulfill this duty, advisors are obligated to provide full and fair disclosure of all material facts pertaining to the advisory relationship.
Furthermore, maintaining transparency and fulfilling the Duty of Loyalty requires investment advisors to disclose any conflicts of interest that may arise. A conflicts of interest can occur when an advisor’s personal or financial interests have the potential to influence their advice, recommendations, or actions on behalf of a client. To adequately address conflicts of interest, advisors must provide clear and detailed disclosures to clients. These disclosures should enable clients to make informed decisions regarding their consent or rejection of such conflicts and practices.
Adhering to fiduciary responsibilities presents both opportunities and challenges for advisors. By prioritizing client interests above their own, fiduciaries can attract new prospects and build trust with existing clients. It is crucial, however, for advisors to remain vigilant and consistently uphold their fiduciary obligations.
7. Effectively Address Disciplinary Disclosures
Firms need to pay careful attention to individuals who have disciplinary disclosures, as emphasized by the SEC. If you or any of your colleagues have such disclosures, it is crucial to consider a few key points.
Mandatory Disclosure: It should go without saying that when it comes to disclosures, one must adhere to the SEC’s requirements. However, during their routine audits, the SEC has discovered instances where firms:
Failed to disclose material information related to disciplinary histories of specific supervised individuals or even the advisory firm itself.
Included incomplete, unclear, or misleading details regarding disciplinary events.
Did not promptly update and deliver disclosure documents to clients, such as updating Form ADV for new disciplinary events of supervised individuals reported on the Central Registration Depository (CRD), such as Form U5s.
Risk Mitigation is Essential: If you or any member of your team has disciplinary disclosures, your firm’s policies and procedures should effectively address the associated risks. The SEC has identified numerous firms that have failed to do so.
How Integrated Financial Group Can Help
As independent financial planners, it can be challenging to stay on top of RIA compliance regulations, especially as they continue to evolve. Thankfully, with the support of Integrated Financial Group (IFG), staying compliant has never been easier. IFG offers a variety of resources and tools that can prove invaluable to financial planners looking to navigate the complexities of RIA compliance.
From ongoing compliance reviews to manuals and more, IFG proves an invaluable ally in helping independent planners stay up-to-date and compliant with all regulatory requirements. With IFG support, financial planners can focus on delivering exceptional service to their clients without worrying about the latest compliance mandates.