Kelli Haugh of National Compliance Services says the stepped-up communication and examination from the Securities and Exchange Commission and state regulators constitutes a “double-edged sword” for RIAs, making “the risk of noncompliance greater” these days.
Speaking at the Shareholders Service Group national conference in San Diego on Thursday, Haugh, vice president of Investment Adviser Services at NCS, also had a warning for those advisors who have so far dodged a visit from examiners. If you’re an advisor who’s never been examined, “you can expect to be so.” While the initial exam may be “limited,” the better you do on said exam, the less likely you’ll be audited in the future. However, if you don’t do well on that first exam, “you can expect to be audited every three years,” she said.
So what are the high-risk areas that SEC auditors and state regulators will be examining at RIA firms?
Based on the SEC’s stated 2016 exam priorities, and on her advisor clients’ exam experiences, Haugh said retirement plan rollovers take first place. Based party on the SEC’s ReTIRE initiative last June, she said examiners want to know if there is “a reasonable basis for recommendations” on rollovers, both the initial recommendations and ongoing recommendations. Examiners will want to see “written disclosures or scripts” on the distribution, tax and other options presented to clients on whether they should keep their 401(k) plans with their old employer, rolling over to a new employer or taking a lump sum, she said.
The examiners are “focused on conflicts of interest — how are you identifying and mitigating them,” she said, and that includes both “actual and potential conflicts — there’s no such thing as ‘potential’ conflict.” She presented an example of an RIA who’s also an insurance broker. “Is he getting dually compensated by referring” the insurance sale to his own firm? If so, examiners will want to see if “he’s mitigated the conflict by rebating the commissions,” for example.
The important point is that any such conflict be clearly documented. Then there’s documenting that an end client’s risk tolerance has been assessed.
She told of an RIA client of hers who got a deficiency letter from state examiners for not updating his clients’ risk tolerances for two to three years. The examiners “said they needed to do so every year; they’re looking to see that you have a process in place” for accurately assessing clients’ risk profiles.
So what to do, an advisor in the audience asked, with clients who don’t respond when asked to take a new risk tolerance questionnaire? Haugh said the advisor should simply document that you sent a note to the client a note about filling out the questionnaire.”
Outside Business Activities and Cybersecurity
When it comes to other issues that SEC and state examiners are focused on, Haugh said that in the supervision and compliance arena, identifying and mitigating conflicts of interest are a top priority. In particular, “they want to know who has an outside business activity and whether that creates a conflict.”
- 83% have adopted written information security policies
- 57% had conducted audits on their own processes
- 79% had risk assesments in place
- 74% said they had experienced cyberattacks
- 43% had received fraudulent emails
- 21% have purchased cybersecurity insurance, which she noted is different than advisors’ standard E&O insurance, or is an add-on to E&O policies
This year, the SEC said it will conduct its second round of cyber exams, with a focus on whether advisors firms have conducted “penetration testing” of their systems and what changes firms implemented in response to that testing.
And a warning on products. The SEC and the states are also concerned about “excessive exposure” in the form of client portfolios concentrated on inverse and leveraged ETFs, wanting to ensure that with those products that advisors follow — and document — a separate suitability process for end clients.
--- Check out DOL Rule Headache Solved? Dalbar Rolling Out Fee Calculator for Advisors on ThinkAdvisor.