More On Legal & Compliancefrom The Advisor's Professional Library
- How to Avoid Sabotaging Your Compliance Exam There is much more to compliance examination survival than knowing all of the rules. It helps to understand why the rules were put in placeand to recognize that examiners are not the enemy.
- Whistleblowers A whistleblower is any individual providing the SEC with original information related to a possible violation of federal securities law. The Dodd-Frank Act established a whistleblower program that enables the SEC to reward individuals who voluntarily provide such information.
Speaking at the debut Junxure Advisor Conference on Monday, noted securities attorney (and Investment Advisor columnist) Tom Giachetti warned the 180 attendees that since Bernie Madoff and the Dodd-Frank Act, “the SEC has gotten better on asking smart questions” in its exams of RIAs.
The questions asked of advisors and the areas of concern to the examiners is “much different than in 2008, 2009, even 2011,” he said, suggesting that RIA firms that have not updated their internal recordkeeping and documents could be in for a very nasty surprise when the examiners come to call.
The attendees at the first Junxure users conference included RIAs, dually registered advisors and independent broker-dealer reps, and they crowded into the main auditorium at the Hilton Anatole in Dallas to be alternately lectured and cajoled by Giachetti (right). Junxure co-founder and CEO Greg Friedman introduced Giachetti by saying that while he has been traveling with Giachetti on a multi-city compliance roadshow this year, and that he is Friedman’s own securities attorney at his Private Ocean wealth management firm, Friedman always learns something new when Giachetti speaks, even if what he hears can be scary.
There have been three main areas of concern for the SEC post-Madoff and DFA, Giachetti reported: custody, due diligence, and privacy/confidentiality. However, the SEC now has added a fourth area: business continuity plans (BCPs) and disaster recovery (it’s not just the Feds who are worried about BCP, as Giachetti wrote in his August column for Investment Advisor, the states are concerned as well.)
Giachetti doesn’t suffer fools gladly, especially those in the compliance consulting business: “some are good, some are terrible,” he said. Beyond whether he thinks his firm, Stark & Stark, is the ne plus ultra of compliance (which he does), Giachetti’s main point was that advisors’ documents not only be up-to-date, but that they match their actual practice.
For example, Giachetti said that your firm’s business continuity plan “can’t be dated four or five years ago; old ones won’t cut it anymore.” With BCPs as well as your policies and procedures manual, you have to “show the government you look at your documents every year.”
The biggest problem with “canned” compliance packages is not only that they may not reflect current regulatory concerns, he said, but that they don’t match either what an advisory firm is required to do, or what the firm actually does. One other thing on compliance consultants: if they hand you a policies and procedures manual in PDF format, “fire them,” because to take control of your practice’s compliance, you must have the ability to edit and customize the manual to match your firm’s specific activities.
Here’s one example of where canned documents are “terrible.” As he does during all his speeches (at least those that this writer has attended over the years), Giachetti first asked the Junxure audience how many were RIAs. He then asked those attendees how many had a money laundering policy. When several hands stayed up, he delivered his customary zinger: “You don’t need a money laundering policy! Get rid of it.”
On the question of due diligence, Giachetti said “you can’t count on your custodian’s own due diligence” to satisfy examiners; “if you hire your own managers, you have to have written” proof that you conducted due diligence on those managers. For larger firms with multiple offices, Giachetti said the SEC has adopted the “FINRA model on branches.” Too many advisors are also running afoul of the SEC by failing to file Form 13F, the quarterly report of equity holdings by RIAs who have discretionary authority over $100 million or more of exchange-listed equity securities (Giachetti goes into more detail on who should file 13F in his September column.)
He warned that in the current atmosphere, SEC examiners are “looking to set examples for the advisor community, so make sure your policies jibe with your ADV and your disclosure statements; take control of your documents.” Further, if you have a “two-, three- or four- year-old policies and procedures manual,” you won’t be able to demonstrate to the examiners that “you have a ‘culture of compliance.’”
Giachetti warned against inflating your assets under management, which some RIA firms do in order to be SEC-regulated rather than by the states (which he said is not always a desirable goal to begin with). “If you say you have a bazillion dollars under advisement, you’ll get an enforcement action,” he predicted, since “there is no such thing as ‘assets under advisement’ for the SEC, only ‘assets under management.’”
Admitting that he’s not exactly an early adopter of technology, nevertheless Giachetti said that when it comes to compliance for advisors, “social media scares me to hell,” in large measure because “you’re creating a track record for yourself.” Ever thinking of possible litigation and what can be brought up in discovery, the attorney said that “clients keep that stuff; it can pop up when you get sued.”
His other recommendations on social media: Don’t communicate with clients using Facebook or LinkedIn, “no LinkedIn endorsements — goose egg!” and that if you must have a Facebook page, don’t put on that page anything more “than you have on your web site.”
As for email, he suggested that advisors “use it as a tool for you,” i.e., for the advisor’s convenience, not for your clients. “Sometimes your clients will be trying to trap you in an email,” he warned, and said that when a client raises a complex or potentially troublesome issue in an email, respond instead by saying "I’ll give you a call."
In addition, “you need a whistleblower statement,” in your policies and procedures manual, saying “there are two questions on the exam about whistleblowers.” There are also two questions on the exam relating to outside business activities.
Finally, he warned the attendees about saying, or writing on any client documents, that the firm “provides comprehensive financial planning,” since that is such a murky term. “Marketing people are scary,” Giachetti said, “they use adjectives.”
His final warning: “if you say something you can’t prove” when it comes to the services you offer clients, “don’t say it.” No fan of investment policy statements or risk assessment questionnaires, Giachetti did say that “the most important information you should get from a client” when it comes to your investing is “Are there any restrictions?”
Check out Making Sense of Form 13F by Tom Giachetti on ThinkAdvisor.