Blog

Renewals-Ongoing Compliance RIA firms. Time has passed quickly in 2017 and as we enter the fourth quarter, Renewals-ongoing compliance RIA firms, is upon us again!

Registered Investment Advisors, both state and federally registered, are required every year during the fourth quarter to pay the firms FINRA Renewal fees in order to maintain the registration in the upcoming year.  That is, both the registration of your investment advisory firm and that of your Investment Advisor Representatives (IARs).

Not paying the FINRA Renewal fees for 2018 timely will result in your investment advisor firm and IARs not being properly registered for 2018.  No one wants to face going through the registration process again so be sure you timely pay your FINRA Renewals for 2018!

Click here for the important timeline for payment.

If you need assistance with the Renewal process, contact Registered Advisor Services today for a free consultation!

State registered Investment Advisor Exam Deficiencies.  The North American Securities Administrators Association (NASAA) issued its 2017 Investment Adviser coordinated exam results.  The exams occurred between January – June 2017, including 38 jurisdictions and Ontario, Canada for a total of 1227 routine examinations.

Of the registered investment advisors examined here are additional stats:

• 741 advisors with 1 Investment Advisor Representative (IAR);
• 220 advisors with 2 IARs;
• 101 advisors affiliated with a broker dealer firm;
• 74 registered investment advisors advised a pooled investment vehicle;
• 572 offered financial planning services;
• 78 acted as solicitors for other advisors;
• 27 payed solicitors for referrals.

The top state registered investment advisor exam deficiencies were:

• 64.6% Books & Records;
• 54.3% Registration;
• 45.4% Contracts;
• 27.2% Fees;
• 27.2% Custody;
• 23.4% Cybersecurity;
• 20.8% Financials;
• 19.1% Advertising;
• 14.4% Supervision;
• 14.1% Brochure Delivery;
• 13.0% Privacy;
• 7.4% Investment Activities;
• 5.9% Unethical Practices

Generally, NASAA found that investment advisors had not updated their written policy & procedures; timely postings to financial records was lacking and firms did not have a Cybersecurity policy.

The Form ADV and Brochure were outdated with address and contact information and there were undisclosed judgments/liens and outside business activities not reported within the documents.

For a more in-depth review of the statistics, click here for the link to the NASAA information.

Registered Advisor Services offers registered investment advisors ongoing compliance services that can help with the deficiencies found by the state regulators.  Contact us today for a free consultation!

Delaware issued new Cybersecurity requirements to take effect in April 2018.  The amendment that was signed on August 17, 2017, is a change to Delaware’s data breach notification law that was originally enacted in 2005.  The amended law requires:

• Companies to notify affected Delaware residents of a breach involving their personal information within 60 days after determination of a breach;
• Now there is a requirement to notify Delaware’s attorney general of any breach affecting more than 500 residents;
• Companies will now have to provide a year of free credit monitoring services for any resident whose Social Security number was breached.

The change to Delaware’s Cybersecurity requirements is similar to what other states are requiring for their notification laws.  Several states already set specific time limits for notification, several of which are shorter than Delaware’s new 60-day deadline.  Also, more than 20 states already require notice to the state attorney general or other state regulator in the event of a breach.

What is interesting is Delaware’s new requirement to provide credit monitoring services to affected individuals.  Previously, only California and Connecticut had requirements addressing the provision of credit monitoring services.

The Delaware issued new Cybersecurity requirements are important changes for state registered investment advisor firms to consider as you review your own Cybersecurity policies and procedures.

Registered Investment Advisor-Internet Advisor Exemption.  SEC rule 203A-2(e) of the Investment Advisers Act of 1940 creates an eligibility to operate as a registered investment advisor under the Internet Advisor Exemption, provided the elements of that rule are met.  The elements of that rule include the following:

• A registered investment advisor provides investment advice to advisory clients through an interactive website. An interactive website means a site in which computer software-based models or applications provide investment advice based on personal information each client submits through the website.
• The registered investment advisor provides advice to all of its clients exclusively through the interactive website;
• And, finally, the RIA firm maintains documentation demonstrating that it provides investment advice to clients exclusively through an interactive website.

Meeting all of these elements will allow you to proceed as a registered investment advisor under the Internet Advisor exemption.  Call Registered Advisor Services today for additional information for this type of investment advisor registration.

RIA Advertising Rule Compliance.  Recently, the SEC’s Office of Compliance Inspections and Examinations (OCIE) announced the most frequent advertising rule compliance issues identified as a result of its examinations of registered investment advisors.

Here are some examples of the deficiencies OCIE found:

• Submitting potentially false or misleading information in the applications for these awards, rankings or designations;
• Publishing marketing materials that referenced stale ranking or evaluation information or potentially misleading advertisements that did not disclose the relevant selection criteria for the awards or rankings, or the fact that advisers paid a fee to participate in or distribute the results of the survey;
• Making misleading references to employee professional designations that had lapsed or that did not explain the minimum qualifications required to attain these designations; and
• Publishing client endorsements on firm websites, social media pages, reprints of third-party articles, or pitch books.
• Submitting potentially false or misleading information in the applications for these awards, rankings or designations;
• Publishing marketing materials that referenced stale ranking or evaluation information or potentially misleading advertisements that did not disclose the relevant selection criteria for the awards or rankings, or the fact that advisers paid a fee to participate in or distribute the results of the survey;
• Making misleading references to employee professional designations that had lapsed or that did not explain the minimum qualifications required to attain these designations; and
• Publishing client endorsements on firm websites, social media pages, reprints of third-party articles, or pitch books.

For a complete copy of OCIE’s RIA Advertising Rule Compliance Risk Alert issued by OCIE, CLICK HERE!

Need help with your Advertising review, contract Registered Advisor Services today for a free consultation!

Solicitor Disclosure Documents.  Often times, registered investment advisors enter into an engagement with an outside firm or individual who will refer potential investment advisory clients to the RIA firm and in consideration for that referral, the RIA firm will pay the outside firm or individual for the client referral.

In this type of arrangement, under the state and federal securities rules, the outside firm or individual is considered a “Solicitor.” Meaning that the outside firm or individual is operating as a Solicitor on behalf of the RIA firm and receiving payment for referring clients.

What most RIA firms may not be aware is that when operating in that capacity, the outside firm or individual will be subject to individual state licensing requirements and the RIA firm will be required to have in place the appropriate Solicitor Disclosure documents to help document the arrangement as well as to notify the prospective investment advisory client that the arrangement exists. The payment made by the RIA firm to the Solicitor for the referral does not impact the prospective investment advisory client, in terms of fees they may pay to the RIA firm in the future.  However, proper notification needs to be provided to the prospective investment advisory client.

For more information on the appropriate solicitor disclosure documents required for this arrangement and the individual state licensing requirements, contact Registered Advisor Services today for a free consultation!

RIA Compliance Custody.  In February, 2017 the SEC issued new guidance on Rule 206(4)-2 (the Custody Rule) in three separate communications.

• SEC no action letter dated February 21, 2017, this clarifies that registered investment advisors have custody when acting in accordance with a client’s standing letter of authorization (SLOA) to transfer funds to third parties when the investment advisor has discretion to determine the timing, amount or designated recipient when requesting the transfer;
• SEC IM Guidance Update (February 22, 2017), clarifies that in certain custodial account agreements, the client provides the investment advisor with broad authority to withdraw funds and securities that can result in “inadvertent” custody by the investment advisor;
• SEC Custody Rule FAQs Update (Question II.4) published February 21, 2017, clarifies the SEC does not view an investment adviser’s authority to make limited transfers of client assets between the client’s accounts at one or more qualified custodians to result in custody, subject to certain conditions:

1. The client provides the custodian signed instructions that include the third-party’s name and the third-party’s address or account number at the custodian receiving the funds.
2. The client provides written instructions to the investment advisor to direct transfers to the third-party on a specified schedule or from time to time.
3. The client’s account custodian has a verification process such as signature review (or other reasonable method) to confirm the client’s authorization and sends the client a funds transfer notice after each transfer.
4. The client can change or terminate the instructions with the account custodian at any time.
5. The investment advisor has no ability or authorization to change the identity of the third party recipient, its address or any other information about the third party contained in the client’s authorization.
6. The investment advisor keeps records that document the third-party is not a related party of the advisor or location at the same address.
7. The account custodian sends a written notice to the client initially upon receiving the SLOA and then an annual notice reconfirming the instructions.

The SEC did not set a hard date for compliance with the new guidance, instead “suggested” that 6 to 12 months would be a reasonable period for most advisors to implement any changes it chooses to make.

Contact Registered Advisor Services today for more information on RIA compliance custody to meet your ongoing compliance needs!

Individuals who are considering starting their own, independent RIA firm will need to have the Series 66 license for registered investment advisors.  The Series 66 license is accepted by the state regulators provided the individual has a valid Series 7 license.  A valid Series 7 license means that the license has been registered with a broker dealer firm within the last two years.

The Series 7 license is a broker dealer license and cannot be registered with the independent registered investment advisor firm.  Rather, the state regulators will confirm that the Series 7 license is still valid at the time the individual is registering their Series 66 license with the independent registered investment advisor firm.

An individual can schedule to take the Series 66 license by either completing a Form U10 on the FINRA.org website; or, alternatively a Form U4 can be filed on the CRD system.  Either way, a 120-day window will be opened for the individual to schedule to take this exam.

The Series 66 exam fee is $155 and consists of 100 multiple choice questions and 10 pretest questions.  In order to pass the Series 66 exam, the individual must correctly answer at least 73 of the 100 scored questions.  The individual is allowed 150 minutes to complete the exam.

For additional information about the Series 66 license for registered investment advisors, click here for the Series 66 Study Guide offered by the North American Securities Administrators Association (nasaa.org).

Call Registered Advisor Services today to help with your licensing needs!

I have been asked if outsourced compliance for RIA firms is a good thing to do.  My short answer to that question is, it depends?

By that I mean, for larger, multi-employee RIA firms outsourcing some, or all of the compliance functions, may not be the most efficient and prudent thing to do if the firm has both an in-house legal and compliance department.

But, if your advisory firm is small, for example, ten employees or less, then outsourced compliance is going to be very beneficial for your firm. A good outsourced compliance firm will be able to partner with your RIA firm, understand your business model, confirm that your Form ADV Part 1 and Brochure are all in good order and in compliance with both the federal and state requirements (as applicable), and make sure your firm’s compliance manual is current and up to date with all the books and records requirements at both the state and federal level.

Ongoing, your outsourced compliance for RIA firms consultant can help your investment advisory firm with:

• Compliance with all the books and records requirements of either the individual states where the firm is registered, or in compliance with the Investment Advisers Act of 1940 for federally registered firms;
• Information and guidance concerning new rules from either the state or federal regulators;
• Annual amendment filing due to be filed within 90 days of your firm’s fiscal year end;
• Annual re-registration of the firm and its Investment Advisor Representatives (IAR);
• Provide testing documents to help your firm meet the testing requirements of your policies and procedures;
• Advertising review of your website and marketing materials;
• Amend your Form ADV Part 1 and Brochure/Brochure Supplement, as needed, throughout the year;
• Prepare and file Form U4 and Form U5 filings when the firm hires an IAR or an IAR leaves the RIA firm;
• Assist the investment advisor when examined by either the state or federal regulators;
• And, your consultant should be available to you for compliance questions during the course of a year. At Registered Advisor Services, we partner with registered investment advisor firms for ongoing compliance services to help with all of these important requirements.  Call us today for a free consultation!

  

Cybersecurity for RIA firms – The Office of Compliance Inspections and Examinations (OCIE) recently announced the results of its second cybersecurity examination initiative for regulated entities, including RIA firms.  This initiative followed onto the SEC’s 2014 cybersecurity examination initiative except that it involved more validation and testing of procedures and controls around cybersecurity preparedness.  Cybersecurity for RIA firms has been an important aspect of a firm’s policy and procedures in an effort to protect client information.

OCIE identified six broad elements that it recommends regulated entities, such as RIA firms, consider adopting as part of their compliance programs:

1. Maintenance of an inventory of data, information and vendors: A complete inventory of data and information and classification of the related risks and vulnerabilities.
2. Detailed policies and procedures for penetration testing, security monitoring, system auditing, access rights and data breach reporting: Specific documentation addressing the scope, methodology, timing and responsible parties for an entity’s cybersecurity activities.
3. Maintenance of schedules and processes for activities such as vulnerability scanning and patch management: Defined schedules and prioritization for activities related to testing and risk-assessing patches and identifying system vulnerabilities.
4. Effective access controls and access monitoring: Implementation of acceptable use and mobile device policies, review of third-party vendor logs and very prompt termination of former employee systems access.
5. Mandatory enterprise-wide information security training: Training covering cybersecurity for RIA firms for all employees at on-boarding and periodically thereafter.
6. Engagement of senior management in the review and approval of cyber-related policies and procedures.