Blog

A compliance checklist is an invaluable tool for registered investment advisors to help with your annual testing requirement of your policies and procedures.  Rule 206(4)-7 requires a firm to perform testing on at least an annual basis.  That testing includes risk mitigation, discovery of conflicts of interest, business model changes, cyber security violations, and the list goes on.

At Registered Advisor Services we provide our clients with a compliance checklist, both quarterly and annually, that is straightforward, up to date and very easy to use.  The questions included on the compliance checklist are thoughtful and provoke the advisor to consider each area within their business practice to determine if a change has occurred.  Changes in the practice, very often require an update to documents so that they remain current to the business model.   The checklist is also documentation the advisor can provide to their regulator when the advisory firm is next examined.

Call Registered Advisor Services today and let us help you to remain compliant with this important compliance checklist!

When I am working with a client to register their new investment advisor firm, one of the important documents that I customize for the firm is a Compliance Manual.  This document, sometimes referred to as Written Supervisory Procedures, is a document that outlines all the books and records requirements that a new advisory firm must comply.  It addresses how you will operate your new firm and discusses how your firm will comply with the federal and state rules, as they apply to your business model.

Often, I hear that regulators find investment advisory firms that purchase an ‘off the shelf’ document meaning that the firm has not taken the time to customize the document to how the firm operates.  Your Compliance Manual should be a ‘living and breathing’ document that mirrors how your firm actually operates at all times.

Over the years, I have worked with firms that have subscribed to the ‘off the shelf’ method.  These are the advisors that call saying ‘the regulators are coming in tomorrow can you customize a Compliance Manual for me?’  Unfortunately, it does not work that way.  This is a document that registered investment advisors really need to put some thought into at point of creation and on an ongoing basis.

If you find yourself in the position of having an ‘off the shelf’ document in your office, contact Registered Advisor Services today for assistance before the regulators are knocking on your door!

Yesterday, the SEC proposed a new rule for registered investment advisors to adopt written business continuity and succession planning.  The proposed rule is designed to ensure investment advisors have in place plans to address operational and other risks related to a significant disruption in your operations in order to minimize harm to your clients.

The proposed new rule states that business continuity and transition plans would assist advisors in preserving the continuity of the advisory services you offer in the event of business disruptions, either temporary or permanent, such as:

• Natural Disasters
• Cyber Attack
• Technology Failures
• Departure of Key Personnel

The proposed rule would require an advisor to include within your plan the particular risks associated with your specific business operations and address the following components:

• Maintenance of systems and protection of data
• Pre-arranged alternative physical locations
• Communications plans
• Review of third-party service providers
• Succession planning to include a plan of transition in the event the Advisor is winding down or unable to continue providing advisory services

As of this writing, this Rule is proposed and not yet final.  Currently, the SEC has a 60 day comment period for this Rule.  I would anticipate that we see a final rule either by the end of this year or early next year.  Click here to review the Press Release.

The Securities and Exchange Commission (SEC) issued an order on June 14, 2016 increasing the dollar amount thresholds of the assets under management test and net worth tests used to determine if a client meets the qualified client standard under Rule 205-3 of the Investment Advisers Act of 1940.  That Rule allows investment advisers registered with the SEC to charge their managed account clients and private funds they manage performance-based compensation only if the client meets the qualified client standard.

As of August 15, 2016, in order for a client to meet the qualified client standard, that client has to have either (1) $1,000,000 in assets under management with the investment advisor, or (2) a net worth of more than $2,100,000.  Currently, a qualified client is a person that has at least $1,000,000 in assets under management with the investment advisor or a net worth of $2,000,000.  This new Order increases the threshold of net worth by $100,000.

Although this order was initiated by the SEC, many of the states incorporate this Rule for state registered investment advisors, as well.  Be sure to amend your documents with this important new update!

RIA compliance is important for advisors these days in the area of cybersecurity.  Although the Securities and Exchange Commission (SEC) has not yet formalized specific rules for advisors to follow, they are certainly including cybersecurity as a topic in their examinations of firms.  On that topic, recently, I read a brief email from Drinker Biddle, a Pennsylvania based law firm on the topic of how ransomware is on the rise and firms need to be aware of its implications.  Ransomware can be malware that encrypts or locks your digital files so you no longer have access unless you pay a ransom to the perpetrator to release your own files.

The article presented these key takeaways:

• Implement and follow robust data security practices.
• Train employees to be on the lookout for suspicious emails and websites.
• Establish business continuity plans that include regular system backups.
• Create and implement rigorous data retention policies to ensure that only necessary data is maintained, this minimizing the amount of data subject to ransom.

I encourage you to review this brief article to learn more about this important topic and to put cybersecurity procedures in place to address this important issue.

So you’ve decided to start your own independent registered investment advisor (RIA) firm and now you learn that you have to schedule the Series 65 exam registration before the state regulators will approve your new RIA firm.  How do you do that?  First, the Series 65 exam has a total of 130, multiple choice, scored questions on the topics of Economic Factors and Business Information, Investment Vehicle Characteristics, Client Investment Recommendations and Strategies, Laws, Regulations and Guidelines including prohibition on unethical business practices.  You will have 180 minutes to complete the exam whereby you will need to pass 94 of the 130 questions correctly.  The Series 65 exam is not a broker-dealer test therefore you do not need to be sponsored by a broker-dealer firm to schedule to take the exam.  Rather, you can schedule the exam, one of two ways.  You can log onto www.finra.org and do a search for the Form U10.  Once you complete the Form U10, online, and pay the $165 exam fee, within approximately 2 to 3 days of your submitting that form electronically, you will receive an email with a 120 day window for you to schedule to take the exam.  You can contact any of the Prometric Testing Centers in your area to schedule your exam.  That same website, www.finra.org will provide a listing of Prometric Centers for you as well as a telephone number.  Alternatively, you can open that 120 day window to schedule the Series 65 exam by completing a Form U4 and filing that form on the CRD system.  You will also need to pay the $165 exam fee as well as the state registration fee, for where you will be operating your new investment advisory firm.  The process is straightforward, however, if questions come up contact Registered Advisor Services for assistance.

Often, as individuals are seeking information on starting a new RIA business and considering the requirements for registering their own independent firm one initial question comes up.  That is, if they should register their RIA firm with the Securities and Exchange Commission (SEC) or a state regulator.  Filing with the appropriate regulator is typically dependent upon how you are intending to operate your investment advisor firm on the day you become registered.  For example, if you are confident you will have assets under management of $100 million or more within 120 days of your RIA firm being registered, then you should consider registering with the SEC.  However, if you are not starting out with a large group of clients, then you should consider registering your RIA firm at the state level.  You would register your new investment advisor firm in the state where you will have your principal place of business.  In some instances, you may also need to register your RIA firm in other states where you will have clients shortly after you become registered.  These would be states that follow the national de minimis standard requiring you to register in the state before you take on six clients.  And, as you may expect there are exceptions to that national de minimis standard.

There are many more requirements for consideration when registering with the SEC or individual state regulators.  To learn more about your registration options, contact Registered Advisor Services today and we will provide you with the information needed to register your RIA firm properly!

Don’t wait until the regulators appear at your door with a four page document request list for an exam to focus on your ongoing RIA Compliance Requirements.  I have worked with many RIA firms that unfortunately have not proactively confirmed and reviewed their firm’s documents on an ongoing basis therefore were not prepared in such a circumstance.  It is always better to be proactive and confirm that you have all the documents required under the books and records rules and that your documents are current and up to date.

For example, your policies and procedures manual-when did you last review it?, have changes been made to mirror your business model?; your business continuity plan-does your document explain your firm’s succession plan?; Form ADV Part 1-are all the relevant sections updated within the last 30 days to be current with how your firm operates?; Form U4-is Item 13 Outside Business Activities current and up to date for each of your Investment Advisor Representatives?; Form ADV Part 2A Brochure-similar to your ADV Part 1, is your Brochure current and up to date with how your firm is currently operating?; Form ADV Part 3B Brochure Supplement-is this document current with any new disciplinary matters?; trading blotters-do you have one?; corporate documents-are they up to date with any changes made to your entity?; documentation of your testing of your policies and procedures-have you actually met your testing requirement and documented that you have done so?  This is a brief list of some of the required documents.  As you can see, if you are not proactive with having your required documents up to date, meeting the deadline of the document request list will be daunting.

If you need help with your ongoing RIA compliance requirements, call Registered Advisor Services today for assistance!

As part of the RIA compliance consultant usa services, I am sharing with you a very informative article prepared by Linda Conrad, Director of Strategic Risk Zurich Global Corporate North America on what your stress test should look like as you test your firm’s cyber security policies as well as your business continuity plan.  Click here for the article titled Anatomy of a cyber risks stress test.

The key takeaways from the article are:

• A cyber stress test can identify weak points in business continuity and incident response plans.
• Organized properly, a cyber stress will have a C-Suite “sponsor” who can elevate findings to the board level for action, and drive mitigation changes at the operational level.
• Along with protecting data, bold scenario planning requires the test to include consideration of the broader impacts of a potential business blackout cyber event.
• You’ll find room for improvement in how you respond to cyber risks-and that’s the point of building resilience.

I encourage all registered investment advisors (RIA) to read through each of the points made in this informative article.  It is a great road map for your RIA compliance services in determining if your investment advisory firm is in compliance with your cyber security policies and procedures as well as your business continuity plan.  If you do not have a cyber security or business continuity plan in place, contact Registered Advisor Services today for our assistance!

As a registered investment advisor, your RIA compliance requirements include at least annually that you test your policies and procedures to be certain they are still appropriate and applicable for the size and scope of your investment advisory firm.  Your testing should also help detect any potential conflicts and risks within your business model.  The testing method for this requirement is flexible so that the Advisor may develop a plan that best meets the needs of your firm.  However, I often hear from Advisors that it is somewhat difficult to even start the process of testing without guidance on what to consider, what to document, how do you test, etc.  If you find yourself feeling the same way, consider contacting Registered Advisor Services today and let us help you determine the most appropriate method and documentation for your business model to meet the RIA compliance requirements of Rule 206(4)-7.