More On Legal & Compliancefrom The Advisor's Professional Library
- The New and Improved Form ADV Whether an RIA is describing its investment strategy in advertisements or in the new Form ADV Part 2, it is important the firm articulates material risks faced by advisory clients and avoids language that might be construed as a guarantee.
- Privacy Policies and Rules Whether an RIA is SEC or state-registered, the firm must have policies and procedures in effect to protect clients privacy. Policies and procedures should explicitly require an RIA to send out its privacy notice each year.
Unfortunately, despite my protestations to the contrary, regulators never seem to understand that increased regulations do not prevent criminal or unscrupulous activity. Rather, they just add to the compliance burden of already-overwhelmed small businesses.
With this as a premise, advisors need to appreciate that compliance efforts should be focused on successfully completing a regulatory examination. Compliance is not a series of folders or files—don’t drink that Kool-Aid! If you do, it will only provide a temporary—and false—sense of security. When the exam comes, you will be woefully underprepared. Rather, successful compliance is dependent upon just a few key factors:
Knowing what is on the exam. The majority of my travels involve sitting down with advisory firms to review the exam and discuss how to demonstrate compliance with the issues set forth thereon. Once that is completed, the advisor is prepared (or knows what he must do to prepare) to successfully complete an exam without any unnecessary panic or fear of the unknown. Unfortunately, the majority of firms continue to engage in compliance exercises that are neither required nor applicable to their business operations.
Having the right chief compliance officer. The CCO should be an individual who understands the examination requirements and the underlying laws and rules. With this understanding, the CCO will be able to discern between regulatory requirements versus best practices, which are much too often—and quite inconsistently—bandied about by regulators during exams. Best practices are not rule violations. A best practice for Firm A is an awful practice for Firm B. In addition, the CCO must be vested with the authority required of the position. In order to do so, there needs to be an appropriate “tone at the top,” whereby senior management leads by example as to the importance of cooperating with the CCO. During the exam, it is the CCO who will be the one interacting with the SEC. The SEC will learn quickly whether or not the CCO is qualified for the position and has been provided with the tools and support necessary to succeed.
Ongoing processes for preparation. Firms can prepare for much of the exam content ahead of time, reviewing their responses on a quarterly basis to make sure they do not require updates or revisions. Once the framework is established, barring substantive exam changes, the time necessary to complete the ongoing quarterly preparation should diminish significantly.
Maintaining appropriate documents. The two key threshold documents (risk assessment and annual CCO review) should be completed on an annual basis. If done properly, they should act as the roadmap for successfully completing the exam. I complete these for firms during a compliance review, knowing that when my job is done, they will have the necessary framework to succeed.
In my upcoming columns, I will discuss the above issues in greater detail, including issues that tend to substantially raise the risk level for advisors, especially if not appropriately understood or, even if understood, not appropriately addressed. Advisory firms work much too hard to permit a disastrous compliance experience to jeopardize their franchise. First, though, the firm needs to understand what is necessary to successfully complete the exam relative to content, the right CCO and preparedness.