More On Legal & Compliancefrom The Advisor's Professional Library
- Privacy Policies and Rules Whether an RIA is SEC or state-registered, the firm must have policies and procedures in effect to protect clients privacy. Policies and procedures should explicitly require an RIA to send out its privacy notice each year.
- How to Avoid Sabotaging Your Compliance Exam There is much more to compliance examination survival than knowing all of the rules. It helps to understand why the rules were put in placeand to recognize that examiners are not the enemy.
Now that the so-called fiscal cliff has been avoided, investment advisors may think they can relax until the next financial crisis draws near. Unfortunately, a compliance examination is always looming, which can lead to disastrous results if an advisor is unprepared. An examination may leave advisors hanging by their fingernails on the edge of the compliance cliff. Once advisors go over the cliff, they will have difficulty recovering from the fall.
When it comes to compliance, past performance almost always guarantees at least one specific result. If an exam uncovers weaknesses in an advisor’s compliance program, examiners may schedule a return visit much sooner than would otherwise be the case. Compliance mistakes may cause securities regulators to view the firm as a higher risk to investors for years to come.
Not having books and records is a sure way to fall off a compliance cliff. Just as taxpayers need receipts to document their tax deductions, an advisor must have books and records to prove the firm has met its compliance obligations, whether an advisor is state- or SEC-registered. Most books and records must be maintained in an easily accessible place for at least five years.
A recent SEC deficiency letter criticized an investment advisor for a number of compliance mistakes. Many of this advisor’s deficiencies and weaknesses related to books and records. It is easy for securities regulators to spot these deficiencies because the records are either there or not there. In many instances, this particular investment advisor appeared to have fulfilled certain compliance obligations but failed to keep the required records.
The SEC’s deficiency letter criticized the advisor for failing to conduct an annual review of the firm’s compliance policies and procedures. Although these reviews were conducted, the advisor failed to maintain documentation to prove they occurred. The SEC recommended that the firm establish procedures to formalize its annual compliance review. The firm was also told to memorialize its risk inventory, which identifies the conflicts and compliance factors that pose a threat to clients.
The risk of a disaster occurring is a significant one for every investment advisor. Unfortunately, the SEC found that the firm failed to perform an annual test of its disaster recovery plan.
In addition, the firm’s portfolio managers did not retain documentation of non-discretionary clients’ verbal trading authorizations. They also did not keep investment policy statements for certain clients. Furthermore, there was no evidence that accounts were reviewed to ensure that they were being managed in accordance with the clients’ investment objectives.
An investment advisor is often required to prove that employees received certain documents. The recipient of this deficiency letter failed to maintain written acknowledgements that employees received a copy of the firm’s information security program. An advisor should also request and log employees’ acknowledgements that they received the firm’s social media policy.
In addition, the investment advisor failed to document that the firm reviewed employees’ outside employment activities. The advisor had a policy and procedure in place requiring the firm to conduct this review.
Too many advisors engage in behavior that will lead them down the slippery slope to the compliance cliff. They use boilerplate policies and procedures and do not tailor them to their firms’ business models. Some firms cut corners and allocate insufficient resources to their compliance programs. In some cases, a firm’s chief compliance officer may delegate too many duties to a designee.
Some advisors tiptoe near the edge of the compliance cliff without fear of the consequences. For example, they utilize advertisements that contain marketing hype and promise too much or they fail to supervise investment advisor representatives’ use of social media. When deficiencies add up, a firm is far more likely to be dragged over the compliance cliff.