According to a recent Investment Advisor Association reportIn 2021, the number of SEC-registered investment advisors increased 6.7 percent and the number of broker/dealers decreased 1.2 percent. While these statistics don’t necessarily spell the demise of FINRA’s registry, they do show a growing interest in the RIA space.
So are you one of many who would like to do an RIA? Before you take that step, there’s a lot you need to do, including understanding what it takes to ensure a strong compliance program. Step one? Investment Advisor Compliance.
An introduction to compliance for investment advisers
Registered investment advisers are subject to a variety of regulations – most notably the Investment Advisers Act of 1940 and related regulations, including the SEC Advisors Act Rule 206(4)-7. The 2003 rule requires investment advisers registered with the Commission to “accept and implement written documents”. [compliance] Policies and procedures reasonably designed to prevent violations” of the Counselors Act.
These policies and procedures must be reviewed and tested for effectiveness at least annually. In addition, a Company-appointed Chief Compliance Officer (CCO) must oversee the implementation and oversight of these policies and procedures.
For newly established RIAs, the SEC provides the following: helpful introduction for investment advisors in building the structure of their compliance programs. Fortunately for your intrepid author, it also provides the framework for this post.
A cursory reading of the SEC Foundation might make some believe that all you have to do is type a few policies into a Word document, appoint yourself as CCO, and file the document for occasional perusal. As it turns out, the SEC has significant problems with this approach.
How Not to perform an RIA
in one Lawsuit in September 2021 against Soteira Capital, LLCThe SEC temporarily suspended the RIA’s founder and CCO from the securities business and imposed fines and penalties of $567,000 on him and the company. Violations included the company’s lack of adequate written policies and procedures – its compliance manual was only 12 pages long and failed to address several key areas of its compliance program. The CCO clearly had no authority and did not effectively oversee the Investment Adviser’s compliance program, if at all.
There are plenty of other shortcomings, too — the entire SEC order is instructive reading on how to do that not perform an RIA.
A must for the compliance program
guidelines. What does an effective compliance program entail in the face of this regulatory nightmare? At a minimum, it should include guidelines on:
-
Portfolio management processes: How do you demonstrate the allocation of investment opportunities to clients and the alignment of portfolios with clients’ investment objectives, your disclosures to clients and applicable regulatory constraints?
-
Disclosure: What disclosures are made to investors, customers and regulators, such as in bank statements and advertising?
-
proprietary trading: What are your personal trading activities and those of your employees?
-
Safeguards for client assets: How do you prevent conversion or misuse by your staff?
-
Precise creation of the required data sets: How are records created and managed so that they are not altered, used, or destroyed without permission?
-
Data protection: How do you protect customer information?
-
Trading practice: What procedures show how you meet your commitment to best execution, use client brokerage to obtain research and other services (so-called “soft dollar arrangements”), and allocate aggregated trades to clients?
-
Marketing Consulting Services: Have you included the use of lawyers? Do you have a documented pre-approval process for marketing items used by your consultants?
-
Processes for evaluating customer inventories: How do you rate the fees based on these reviews?
-
Business Continuity Plans: How will your company continue to operate in the event of a disaster?
It’s clear that this list has a lot to offer. There is so much to cover in each policy, and the specifics of your company’s business may require you to cover more areas – and those details are important. The SEC expects your policies and procedures to be tailored to your organization and not simply an uncustomized manual purchased or obtained from a third party. So where should you start?
risk matrix. A good place to start is to develop a risk matrix for your organization that will serve as the basis for an effective compliance program. In short, it is a tool used by most investment advisors to identify both potential risks to the business and mitigation and testing strategies to manage those risks.
Suppose your company recognizes the death or incapacity of the company’s sole consultant as a risk. This is a risk that many companies have failed to mitigate and has even led to a pending adoption SEC Rule Proposal in 2016. Have you started looking for a long-term successor partner? If not, how would your clients be served if the company’s sole advisor died or became incapacitated? Particularly in times of turbulent markets, it would be considered a breach of your company’s fiduciary duties to render a client unable to transact in their portfolio.
Conducting an annual risk assessment forces organizations to grapple with these sometimes troubling issues and boosts your ability to present a “culture of compliance” to regulators — not to mention helping to keep your customers safe.
It is important to document these elements in the matrix. This allows you to ensure that for every potential risk, there is a policy, process, and strategy to mitigate that risk. In addition, the matrix should be reviewed at least annually in light of new regulatory developments, new business initiatives and test results. Using a well-designed risk matrix as a basis can help create procedures to operationalize the new compliance program.
The role of the CCO
As an investment adviser, you must appoint a CCO to oversee your compliance program. The importance of this position cannot be overstated. The person selected is your company’s best defense against adverse regulatory action. As we have seen in Soteira The case previously and repeatedly discussed was discussed in reviewing the ever-growing list of enforcement actions on the website SEC websiteIf you don’t have a knowledgeable and dedicated CCO, it would be disastrous for your business.
In fact, during an SEC seminar for investment companies and investment advisers in 2020, Peter Driscoll, then director of the SEC’s Office of Compliance Inspections and Examinations, said: pointed it out exactly:
“Importantly, the compliance rule requires each consultant to designate a CCO to manage their compliance policies and procedures. As outlined by the Commission in the Compliance Rule Adopting Release, a consultant’s CCO should be competent and knowledgeable of the Consultants Act and be vested with full responsibility and authority to develop, implement and enforce appropriate policies and procedures for the business. And a CCO should have a position within the organization of sufficient rank and authority to compel others to comply with compliance policies and procedures.”
Find the right person for the job. Unfortunately, you won’t find a group of outstanding CCO candidates kicking down the door of your new RIA company. Many RIAs select this role from their existing staff, often a tenured consultant. While this is a sensible and often necessary decision in the short term, this person will continue to assume responsibility for the client, not to mention the day-to-day duties of running a small business.
For this reason, consultants in the RIA area should definitely consider selecting and training a capable individual from within the company to eventually assume the role of CCO. A good training program for a CCO candidate includes three specific elements:
Of course, there is no substitute for experience. The operationalization, implementation and testing of a compliance program always offers opportunities for further development and growth.
Ready to do an RIA?
As you can see, there are many factors to consider when deciding whether it is the right time to perform an RIA. But every business has to start somewhere, and establishing an effective investment advisor compliance program will be critical. When you make compliance investments—from establishing procedures to hiring a CCO—you will see positive returns by reducing regulatory, financial, and reputational risks to your organization.
Ready to do an RIA but don’t want to do it alone? Learn how the right corporate partner can give you the support — and flexibility — you need.
