The article below appeared as Tom Giachetti’s Compliance Coach column for Investment Advisor’s February 2013 issue. But speaking at the TD Ameritrade annual conference Jan. 31 in San Diego, Mr. Giachetti provided some additional color on how advisors—specifically RIAs—can stay compliant. “Compliance is all about getting you through the exams” of SEC and state examiners, and to do so, Giachetti said, “you have to know what questions” those examiners will be asking.

What are they asking now? Three new, post-Madoff questions are on the SEC exam, he reported: on an advisor’s pay-to-play policy, on outside business activities (three questions) and on an advisor’s whistleblower policy—“you’d better have one.” Other items that may come up in the exams and which advisors should have a written policy on are referral fees, directed brokerage, social media, and 13F and 13H filings.

Giachetti said there is a growing incidence of email fraud being perpetrated on advisors by fraudsters masquerading as clients, so he urged RIAs to “robustly” protect any client identifying data. He also urged CEOs of advisory firms to step out of the way in favor of the firm’s chief compliance officer when an examiner pays a visit.

Saying that “the SEC is getting smarter; they’re hiring good people,” Giachetti also warned of the dangers of advisory firms “puffing up”  assets under management to go under or remain under SEC regulation rather than the states. Regarding client assets, “if you can’t touch it or trade it, don’t count it.”

Along those lines, he also argued that an advisory firm should never use the term “assets under advisement,” since there “is no such thing” as far as the SEC is concerned.—James J. Green, editor)

Let’s make 2013 the year that advisory firms finally take internal control of their compliance obligations, rather than relying on unrelated parties to do so. That is not to say that outside consultants, including attorneys, do not offer a wide range of assistance, but these providers are not on premises. Someone at the firm must take supervisory responsibility. (Certain tasks may be delegated to others throughout the firm, so long as one qualified individual has the supervisory role).

Firms that have compliance programs designed for their operations (not a one-size-fits-none) will be surprised by how much easier and less time consuming compliance can be. For years, I have been saying that compliance is not hard; advisory firms make it hard. It is only with a compliance program designed for the firm, based on its operations and supervised internally by a qualified individual—the individual who the firm believes can lead it through a regulatory examination—that a firm can succeed. After all, but not for a regulatory examination, would the firm undergo all of the required (and much too often incorrectly “presumed” required) compliance tasks? So, in 2013, stop drinking the kool-aid and take control. I have compiled some top considerations below:

Is the firm adequately prepared for a regulatory exam? The scope of the regulatory examination process continues to become increasingly more complex. However, if the firm is adequately prepared to answer all of the issues that will be raised by the SEC during the examination process, the exam shouldn’t be a painful or worrisome experience. I continue to spend a great deal of my time visiting advisory firms throughout the United States and Canada to make sure they are prepared. Please continue to be mindful that issues uncovered during mock exams conducted by non-law firms are discoverable by regulators and plaintiff’s lawyers, especially any written reports.

Has the firm updated its policies and procedures to reflect substantive regulatory or internal changes? Do the firm’s policies and procedures reflect the firm’s operations? The SEC is becoming adversarial toward advisors who fail to update their written policies on an ongoing basis (at least annually). From the Commission’s perspective, failure to do so is evidence of a lack of strong compliance culture within the firm.

Has the firm reviewed and updated its advisory agreements, including, to the extent applicable to the firm’s operations, recently required ERISA disclosures? Do they adequately reflect the firm’s practices? Generally, one size cannot fit all client engagements, especially if the firm’s client base or service offerings are diverse (e.g., financial planning, discretionary vs. non-discretionary investment management, participant directed retirement plan consulting, tax preparation).

Has the firm continued to reconfirm client investment objectives on an ongoing basis? Does the firm use an investment policy statement? If so, has it been updated to reflect any changes? Correspondingly, does the firm use a “canned” initial client questionnaire? Does it contain potential minefields? Clients rarely respond to questionnaires by indicating they can withstand or tolerate large fluctuations or losses. Such questions should be reconsidered, because most advisors never go back and review such statements subsequent to the client engagement.

Do the firm’s regulatory filings and marketing materials incorrectly reflect “assets under management” (a current aggressive area for SEC enforcement)? “Assets under management” is a defined term—and one that too many firms substantially overstate.

Remember, compliance is not difficult if you understand the rules and how they apply to your firm. Compliance is not a box, a kit or a series of forms; it is knowing what is required, how to successfully address it and demonstrating your mastery of such obligations during a regulatory examination. Make 2013 the year that you undertake a real review of the adequacy of your compliance processes, disclosure statement, advisory agreements and preparedness for a regulatory examination.