Internal Audit Director

The Securities and Exchange Commission does not mince words about its goals. In its 2019 Examination Priorities, the SEC boasts of scrutinizing 17% of all RIAs in fiscal 2018 through their Office of Compliance Inspections and Examinations. This is up from a 9% coverage rate just five years ago. In fact, the rate of OCIE examinations has begun to outstrip the rate at which new RIAs are created.

Their message is not subtle: “We’re coming for you.” And when they come, you might not be as ready as you think you are. You may have established a code of ethics, per the mandate of Section 275.204A-1 of the Investment Advisers Act, and staffed your firm with a team of unimpeachable moral character. But take it from someone who has been a chief compliance officer sitting across the table from the SEC: that’s not good enough.

When the SEC puts your firm under the microscope, what they care about most is how you know you’re in compliance with your code of ethics and other compliance policies. For example, if you have a policy to require pre-approval of your employees’ personal brokerage transactions and a policy against insider trading, simply presenting those policies won’t get you there no matter how much you paid a compliance expert to draft them for you.

The SEC is going to want to see evidence of your compliance and your ability to detect violations of these policies. Saying and demonstrating are two different things.

Let’s also say the SEC wants proof that you are managing your clients’ accounts in line with your fiduciary requirements. How will you show them this?

Ideally, you can demonstrate that a client’s investment objectives, restrictions, risk tolerance, etc. are all being complied with at any point in time. That starts with snapshots — or documentation — of client account settings and can go as deep as sifting through your trading algorithms to show trading restrictions were implemented for each client, as appropriate.

If you think this kind of scrutiny would bring your business to a screeching halt, then, well, you’re probably right.

And think about all the testing you’re doing to confirm compliance with your compliance program and to identify violations of your policies. If you’re asked to produce some of these tests promptly for the SEC, is that possible? Being able to retrieve an archived report — within your compliance tool, better yet — is the verifiable proof that’s crucial to staying on the right side of compliance.

The Right Tools

As more RIAs face this kind of rigorous examination, we’ve seen a growing and enthusiastic adoption of compliance tools from our users.

The ongoing consolidation and high-stakes M&A activity in the RIA space may also drive the use of technological compliance services. The workload of a compliance team can magnify with the sudden increase of clients, advisors, and complex investment and trading strategies that come from a merger or acquisition.

No matter where you work in the industry, ensuring regulatory compliance is a process that will only grow more complex and resource-intensive. Good intentions alone won’t satisfy regulators without proof of execution.

When you’re able to quickly show the steps your firm takes every day to ensure compliance, the alerts sent and received, the tests that were conducted internally, all backed with independently verifiable proof, you can satisfy examiners and quickly get back to work (assuming the tools you choose actually save time without introducing new complexities of their own).

On the other hand, if you rely on manual verification, you may have cause to wonder, “What could be slipping through the cracks?”


Kylee Beach is general counsel of Orion Advisor Services.