Staying compliant as a Registered Investment Advisor (RIA) feels like trying to hit a moving target. The rules seem to change every time you blink. And you’re not just aiming at one bullseye—you’re surrounded by targets representing federal regulations, state laws, SEC requirements, fiduciary duties, and more. It’s easy to get overwhelmed.
Where do you even start?
For many RIAs, the answer is a compliance checklist. This tried and true tool provides a clear roadmap of the key compliance tasks you need to complete each year. But like any good roadmap, it’s only helpful if it reflects the current landscape. Read on to learn more about keeping your RIA compliance checklist up-to-date in 2024.
Do Your Written Policies Reflect the Current Regulatory Environment?
The SEC requires RIAs to establish, maintain, and enforce written policies and procedures reasonably designed to prevent violations of the Investment Advisers Act. But when was the last time you updated yours?
Outdated manuals expose your firm to fines, sanctions, and reputational damage. Regularly reviewing policies and procedures ensures you address new regulations and business practices.
Update Manuals to Reflect Evolving RIA Regulations
Incorporating recent rules around advertising, fees, custody, and more shows regulators you’re serious about compliance. Don’t wait for an SEC deficiency letter—act now.
Tailor Policies to Your Firm’s Structure and Activities
One-size-fits-all policies from third-party vendors won’t cut it. The generic language suggests you’re checking a box, not creating real change.
Make Sure Employees Understand the Rules
Simply having written policies isn’t enough. Employees need to know how to apply them. Ongoing training prevents noncompliance and promotes a culture of ethics.
Are You Conducting an Annual Compliance Review?
Under Rule 206(4)-7, RIAs must review their compliance policies and procedures annually for adequacy and effectiveness. This isn’t optional—it’s explicitly required.
Performing an annual risk assessment allows you to identify and address regulatory gaps before they become problems. Don’t wait for the SEC to point out what’s missing.
Assess Risks Based on Your Firm’s Unique Operations
Evaluate compliance through the lens of your firm’s structure, services, clients, vendors, and more. A generic checklist from a third party won’t highlight your specific risks. Consider factors like:
- Number of clients and types of clients served
- Services and products offered
- Use of social media for business purposes
- Involvement in custody of client assets
- Oversight of third-party service providers
Review Previous Exams, Complaints, and Incidents
Look back at prior years’ regulatory interactions, client issues, and internal problems. These often indicate areas needing improvement. Analyze deficiency letters from regulators, complaints received, and any internal violations or incidents. Identify patterns and high-risk areas.
Document the Review Process
Memorialize your annual review with reports showing the review’s scope, assessments made, deficiencies found, and changes implemented. The SEC may request to see records of your process, so keep detailed documentation.
Is Your RIA Registration Up to Date?
Thinking of handling a new asset class? Opening an office in another state? Bringing on representatives? These seemingly small changes can impact your registration.
Verify Registration Status with the SEC or State
Confirm your firm and all associated persons are properly registered to conduct current business activities in all jurisdictions. No gaps can exist. Check public registration databases to ensure all information is current.
Disclose All Business Locations
RIAs must list every office where advisory services are offered on registration forms. Unreported branches raise red flags. Keep addresses updated as you open or close locations.
Keep Licenses and Designations Current
Let registrants know if any representatives gained or lost relevant professional credentials requiring disclosure. This includes any disciplinary actions against licenses or lapses in continuing education requirements.
Target These Focus Areas in Your RIA Review
Evolving regulations heighten risks in critical areas like technology, marketing, and compensation. Give these topics special attention.
Evaluate Cybersecurity Policies and Protections
- Assess whether current controls match updated NIST standards
- Test security measures like multi-factor authentication and endpoint detection
- Provide cybersecurity training to new hires and refresher courses to existing employees
- Confirm any third-party vendors meet your security standards
Review Marketing Materials and Advertisements
- Verify marketing pieces don’t include misleading performance claims
- Check for adequate disclosure of risks, fees, and conflicts of interest
- Review social media posts and websites for any regulatory issues
Assess Fees and Compensation Structures
- Compare fees charged to peers to ensure they are reasonable
- Revisit any performance-based compensation arrangements under updated SEC guidance
- Confirm fee schedules match Form ADV disclosures
Confirm Books and Records are Complete and Accurate
Verify all transactions, communications, and client information are properly documented per recordkeeping rules.
Keep Your Compliance Checklist Current
In the fast-paced world of RIA compliance, standing still means falling behind. Be proactive by conducting thorough annual reviews of your compliance program with the help of checklists tailored to your firm. This will give you confidence that your compliance procedures are up-to-date as you head into 2024.
The compliance attorneys at My RIA Lawyer provide RIAs with customized tools and guidance to simplify compliance. Contact their team today to learn more about their compliance resources and services.
