Ongoing RIA Compliance Requirements. The Office of Compliance Inspections and Examinations (“OCIE”) issued a risk alert on May 23rd concerning the security risks with storage of electronic customer information on network cloud service providers.
The Summary of Examination Observations includes the following:
- Misconfigured network storage solutions: Registered Investment Advisors and Broker Dealers did not adequately configure the security setting on their network storage solution to protect against unauthorized access.
- Inadequate oversight of vendor-provided network storage solutions: Firms did not ensure that the security settings on vendor-provided network storage solutions were configured to coincide with the RIA or Broker Dealer’s standards.
- Insufficient data classification policies and procedures. Firms policies and procedures did not identify the different types of data stored electronically by the firm and the appropriate controls for each type of data.
How to meet your Ongoing RIA Compliance Requirements?
Review your security settings with your network storage solution to confirm the service is configured in accordance with your firm’s standards. Review your RIA firm’s policy and procedures to ensure they cover data classification, vendor oversight and security features are being met by your cloud based service provider. These steps will help your firm meet its requirements.
Investment Advisor Policy and Procedures. On April 16, the Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert related to compliance issues with Regulation S-P as identified in recent examinations of SEC registered investment advisors and broker dealer firms.
The Risk Alert outlines these common deficiencies or weaknesses:
- Failure to provide Initial Privacy Notice, Annual Privacy Notice and Opt-Out Notices;
- Inadequate Privacy Notices not reflecting the firm’s current policies and procedures;
- Privacy Notices that did not provide customers with an opt-out provision;
- No written investment advisor policy and procedures to address the administrative, technical and physical safeguards in place to protect customer information;
- Inadequate policies that did not ensure the security and confidentiality of customer records and information; protect against anticipated threats or hazards to the security or integrity of customer records and information; and, protect against unauthorized access to or use of customer records or information that could result in substantial harm or inconvenience to customers.
OCIE strongly recommends that RIA firms review and strengthen their data privacy policies, update their data privacy notification and ensure adherence to SEC data privacy regulations.
- Confirm initial and annual Privacy Notices have been provided to your customers;
- Review and update (as needed) your Privacy Notice and procedures and Opt-Out notice;
- Review and update (as needed) your investment advisor policy and procedures for how you safeguard customer’s records and information;
- Provide trading to all staff regarding data privacy regulations and your investment advisor policy and procedures.
Contact Registered Advisor Services today for assistance with your investment advisor policy and procedures!
RIA Compliance Requirements. Now that most firms have completed their Annual Amendment filing this is the perfect time to review your RIA compliance requirements. One of those requirements is to perform a thorough review of your firm’s RIA policy and procedures manual to confirm if your firm has had a change to how it operates, added new relationships that may create a conflict of interest or more generally to confirm that the procedures your RIA firm has in place are still appropriate for the size and scope of your firm.
Recently, I was doing research on the SEC website and came across a series of questions that the SEC published for investment advisor firms to consider when reviewing their policy and procedures. It is a terrific list of questions but more importantly provides guidance to firms on what to think about in terms of their testing requirements.
Here is the link to: Questions to ask from the SEC when reviewing your policies and procedures-see attachment.
RIA Compliance Advisor. Now that we are better than half way through the first quarter of 2019, many registered investment advisor (RIA) firms are reviewing their Form ADV Part 1 Annual Amendment. This review is in preparation of updating several sections within that document and submitting it by the deadline of March 31, 2019. These are RIA firms that have a December fiscal year end.
Last year, several new questions appeared on the Form ADV Part 1 Annual Amendment that are worth repeating here. As a reminder: Section 5, Information about your Advisory Business – Employees, Clients and Compensation. Specifically, Question 5K (1) Separately Managed Account Clients. For purposes of the Form ADV, “Separately Managed Account clients” are generally defined as all of your clients who investment advisors provide investment advice to EXCEPT, private funds, business development company and mutual funds. Outside of private funds, business development company and mutual funds, all other types of ‘clients’ come under this term. (i.e., individuals, High Net Worth client, corporations, pension plans, etc.).
The next question that is Question 5K (4). This is the question that is asking the advisor to provide the name of the custodian(s) that holds 10% or more of your client’s regulatory assets under management. The reporting on the corresponding schedule for Question 5K (4) is to include the name of the custodian/address, CRD/SEC number and the corresponding assets held by that custodian(s).
If you need assistance with your Form ADV Part 1 Annual Amendment filing or any other investment advisor compliance needs, contact Registered Advisor Services, your RIA Compliance Advisor, today for a free consultation!
RIA registration exemptions. As you consider your new business model for your investment advisory firm, questions will arise around which regulator are you supposed to register your new independent investment advisory firm? That is, either with the state or federal regulators. Most new RIA firms will register with their state regulator, in the state where they maintain their principal place of business.
Other new RIA firms, may avail themselves of a federal exemption and register with the Securities and Exchange Commission (SEC). The federal exemptions exist and are applicable to investment advisory firms depending upon how your business model will operate and/or the services that will be provided.
This is not a complete list of all the federal exemptions, but some of the more common to consider when thinking about your RIA registration exemptions:
- Your principal office and place of business is outside the United States;
- You are a pension consultant with respect to assets of plans having an aggregate value of at least $200,000,000;
- You are a related advisor that controls, is controlled by, or is under common control with an investment adviser registered with the SEC;
- You are a multi-state adviser that is required to register in 15 or more states;
- You are an Internet Adviser relying on Rule 203A-2(e).
Contact Registered Advisor Services today for more information concerning RIA registration exemptions!
RIA Compliance. The Office of Compliance Inspections and Examinations (OCIE) of the Securities and Exchange Commission (SEC) has now published its examination priorities for 2019. Their five themes are included here and below is the detail:
- Compliance and Risks in Critical Market Infrastructure
- Retail Investors
- FINRA and MSRB
- Cybersecurity; and
- Anti-Money Laundering programs.
Here are the details:
Compliance and Risks in Critical Market Infrastructure – OCIE will continue to examine entities that provide services critical to the proper functioning of capital markets. They will conduct examinations of these firms which include, among others, clearing agencies, national securities exchanges, and transfer agents, focusing on certain aspects of their operations and compliance with recently effective rules.
Retail Investors, Including Seniors and Those Saving for Retirement –OCIE will focus examinations on the disclosure and calculation of fees, expenses, and other charges investors pay, the supervision of representatives selling products and services to investors, broker-dealers entrusted with customer assets, and portfolio management and trading.
FINRA and MSRB – OCIE will continue its oversight of FINRA by focusing examinations on FINRA’s operations and regulatory programs and the quality of FINRA’s examinations of broker-dealers and municipal advisors.
Cybersecurity– Each of OCIE’s examination programs will prioritize cybersecurity with an emphasis on, among other things, proper configuration of network storage devices, information security governance, and policies and procedures related to retail trading information security.
Anti-Money Laundering Programs – Examiners will review for broker-dealer compliance with applicable anti-money laundering requirements, including whether firms are appropriately adapting their AML programs to address their regulatory obligations.
For all the important details and information, click here, for the 2019 Exam Priorities.
Ongoing RIA Compliance Requirements. Recently, the Office of Compliance Inspections and Examinations (“OCIE”) performed a limited-scope exam initiative of RIA firms to gain an understanding of the various forms of electronic messaging used by investment advisors and their Investment Advisor Representatives.
Their review focused on “electronic messaging” or “electronic communication” which includes written business communications conveyed electronically using, text/SMS messaging, instant messaging, personal email, and personal or private messaging.
They reviewed communications when conducted on the investment advisor’s systems. Use of “apps”, platforms or when Investment Advisor Representatives use computers or mobile devices issued by the RIA firm; or personally owned computers or mobile devices used by the Investment Advisor Representative for RIA firm business.
OCIE’s examination initiative focused on whether and to what extent advisers complied with the Books and Records Rule and adopted and implemented policies and procedures as required by the Compliance Rule.
They observed a range of practices with respect to electronic communications, including investment advisors that did not conduct any testing or monitoring to ensure ongoing RIA compliance requirements were in compliance with the RIA firm’s policies and procedures.
In this risk alert, OCIE identified several areas, including Policies and Procedures, Employee Training and Attestations, Supervisory Review, Control over Devices where RIA firms can best meet their RIA ongoing compliance requirements.
To stay compliant your ongoing RIA compliance requirements, contact Registered Advisor Services for a free consultation!
Experienced RIA Compliance Consultants. As year-end approaches RIA firms are working through their year-end compliance reviews to confirm they have meet their annual requirements.
Once such a compliance review is completed I believe it is helpful for registered investment advisors to then create a ‘summary report’ outlining the areas of review as well as any ‘findings.’
The level of detail in a summary report may vary and is up to the RIA firm to determine. Some investment advisors may choose to include a high level of detail and others may only reference the areas covered and material issues. Working with an experienced RIA Compliance Consultant can help RIA firms determine which is best for the size and scope of their advisory firm.
RIA compliance areas to consider when creating such a report could include:
Outlining new rules and regulations that came about during the year and how your investment advisory firm is prepared to respond.
If the new rules and regulations are not applicable to your investment advisory firm, document that with an explanation as to why.
Identify significant events and material changes and how they may have impacted the investment advisory firm’s policies and/or risks.
Reference the testing documentation and any exceptions.
Finally, note any focus areas for the following year, based on the results of the annual review.
Let Registered Advisor Services be your Experienced RIA Compliance Consultant. Contact us today for assistance!