Understanding RIA Compliance

By Rod Kresge

Launching a solo advisory firm can be intimidating due to compliance management. Since you must complete many compliance tasks each year, we’ll walk through the ins and outs of creating your compliance calendar. This calendar can help you systematize and manage compliance tasks, requirements, and deadlines.

As a solo Registered Investment Adviser (RIA) owner, you’ll be the chief compliance officer in your investment advisory business. You will be responsible for maintaining registration, establishing policies and procedures, and maintaining books and records. Please keep in mind that these regulations vary at the state level, so check with your state to see what additional compliance obligations may exist in your state.

Also, please remember that just because you can manage your own compliance does not necessarily mean that you should – we’ll explore some different options at the end of this article if you decide that managing your own compliance isn’t for you. you.

How to stay compliant?

Let’s start by defining what we mean when we say “compliant.” In a broad sense, “compliance” denotes the assurance that the firm and its personnel follow all relevant Federal and state regulations (under the Investment Advisers Act of 1940 for SEC-registered advisors and corresponding state laws for state registered entities).

But in practice, staying in compliance involves a series of ongoing tasks designed to ensure that all of the firm’s employees carry out these rules and regulations and that you’re upholding your fiduciary duty to your clients.

Unlike most laws, where the state has the burden of proof to show that a person has broken the law (e.g., the police need to catch someone misbehaving to write a ticket), Registered Investment Advisers generally need to prove that they are following the law proactively. This gives rise to a host of filing, reporting, and record-keeping obligations that make up the compliance to-do list for advisers.

Unfortunately, the Securities and Exchange Commission (SEC) and state regulators don’t just provide a list of compliance tasks for you to follow. Regulators want to ensure that you’re tailoring your compliance program to be customized to your own operation rather than simply checking boxes on a compliance checklist.

The SEC and state regulators state that you should “adopt and implement written policies and procedures reasonably designed to prevent violation of the Advisers Act.” However, they don’t provide much guidance on how to do that.

So, how to stay in compliance? First, you must understand which compliance tasks are required of you and create a calendar for keeping up with them. The RIA compliance burdens can be broken down into these three groups: maintaining your registration, policies & procedures, and books & records.m and its personnel follow all relevant Federal and state regulations (under the Investment Advisers Act of 1940 for SEC-registered advisors and corresponding state laws for state- registered entities).

If offloading compliance tasks sounds appealing to you, schedule a meeting today.

The three groups of compliance responsibilities

One quick note: This list gets much more complicated if you have multiple employees since there are additional compliance requirements about supervising employees. We won’t get into that in this article, but please know your compliance burden will grow as your team grows.

Renewing Your Registration

The first group of responsibilities that firms must manage includes updating their registration annually in the relevant state(s) where they operate. This process usually requires submitting specific documents such as financial reports and contract templates and paying an annual renewal fee towards the year’s end.

Following the year’s conclusion, firms generally have until March 31 to file an annual amendment for their Form ADV Part 1 and Part 2A/2B. They also have until April 30 to provide their clients with an updated version of their Form ADV.

Checklist for renewing your Annual Registration

• Update and sign the balance sheet
• Renew your surety bond
• Gather client contract templates
• Pay Your Renewal Fee
• Any additional tasks required by your state regulators

Checklist for ADV Annual Amendment

• Complete annual amendment to Form ADV Part 1
• Complete annual amendments to Form ADV Part 2a and 2b
• File Form ADV annual amendments
• Deliver updated Part 2a brochure to clients.

Policies & Procedures

The second group of responsibilities that demand attention deals with policies and procedures. This group encompasses developing a comprehensive set of written policies and procedures governing crucial areas such as proxy voting, cybersecurity management, employee personal trading, handling nonpublic information, and executing the firm’s business continuity plan.
Here is a list of compliance policies and procedures you should create and regularly update.

Compliance & Supervisory Policies and Procedures

You must document the firm’s compliance policies and procedures into a written ‘compliance manual’, which is the foundation of the firm’s compliance program. This manual should be reviewed annually and updated to ensure alignment with current laws and practices while also describing the supervision and enforcement of these policies across the firm. Solo advisors’ supervisory responsibilities may remain consistent unless they hire employees, necessitating additional oversight.

Proxy Voting Policies and Procedures

Advisors must disclose their proxy voting authority and maintain policies to uphold clients’ best interests. While many advisors don’t engage in proxy voting to avoid the additional compliance burden, some advisors utilize proxy voting to align with clients’ values. This requires ongoing compliance tasks like record-keeping and annual review of practices against written policies.

Physical and Cyber Security Policies and Procedures

In recent years, regulators have emphasized the importance of cybersecurity and privacy practices to protect clients’ personal information. Firms should follow a 5-part “Identify-Protect-Detect-Respond- Recover” framework to safeguard clients’ data. NASAA provides a cybersecurity checklist to help RIAs develop and evaluate their policies, but solo RIAs must find the right balance of tools and services to stay compliant (and to keep their client’s data safe!) and effectively run their business.
Critical ongoing cybersecurity and privacy compliance responsibilities for solo advisors include annual reviews, vendor assessments, regular password changes, automatic virus scans, system updates, and a yearly delivery of the Privacy Policy to clients.

Code of Ethics

RIAs must maintain a written Code of Ethics outlining minimum conduct standards for employees, reflecting their fiduciary obligations as investment advisors. This primarily concerns policies for personal account trading to avoid conflicts of interest, insider trading, or profiting from the advisor’s position of trust. Advisors with employees typically require annual reporting of personal securities holdings, quarterly reporting of transactions, and possible pre-approval for certain trades.

Solo advisors are not exempt from recording personal holdings or transactions, but the process may be more streamlined. States adopting NASAA’s Model Rule permit solo advisors to maintain records of private holdings and transactions without quarterly or annual reporting and exempt them from pre- approving their own trades, allowing them to download and save statements from personal accounts.

Material Nonpublic Information Policies and Procedures

Advisors should implement written policies to prevent the misuse of material, nonpublic information. Essentially, this means employees cannot trade on insider information. Solo advisors need only ensure compliance with this rule, as their personal transactions are already archived under previous sections and can be reviewed during the overall assessment of the firm’s compliance policies.

Business Continuity And Succession Plan

The final major document required is the Business Continuity Plan, outlining how the business will operate during major disruptions or unforeseen circumstances affecting key personnel. This plan is a crucial risk management tool, especially for solo advisors without partners or employees to support their firm’s continued operation.

The plan must specify the process for an orderly wind-down and termination of the business if the solo owner cannot run it. Ensuring the plan is up-to-date with locations of records, contact information for clients, vendors, and regulators, and relevant details like buy-sell agreements or life insurance policies is the primary ongoing task for this section.

Annual Review Requirements

You should conduct an annual review and update these policies to ensure their continued effectiveness. If you are a solo advisor, consider addressing each topic separately throughout the year because of the extensive scope of these subjects.

Record Keeping

Thirdly, regulatory authorities mandate RIAs to uphold a comprehensive collection of books and records about the firm’s business and advisory practices. This encompasses business and financial documentation (such as bank statements and invoices), client-related materials (including written client correspondence, client contracts, and the foundational information behind any advisor recommendations), promotional content (encompassing newsletters, blogs, and social media posts), and textual copies of the firm’s policies and procedures (covering records of holdings and transactions in the advisor’s personal accounts).

We’ve explored the compliance requirements for your RIA, aiming to clarify and simplify the many essential annual compliance activities. However, the crucial question is whether you should manage compliance for your business at all.

As an advisor, your primary goal is likely assisting people, not navigating complex state and federal regulations. Many of our clients have found that by partnering with Sowell Management, they can offload many of their compliance tasks, spend more time helping people, and still enjoy the freedom of owning their own advisory firm.

If offloading compliance tasks sounds appealing to you, schedule a meeting today.

Advisory services offered through Sowell Management, a registered investment advisor with the Securities and Exchange Commission; being registered with the SEC does not imply a certain level of skill or training. Past performance is no guarantee of future results. All returns are presented on a time‐weighted basis and presented net of fees. Returns are annualized for periods greater than one year. Asset class, stock sector, bond sector, and geographic breakdowns are based on Bridge’s security classifications, who in turn relies on asset classifications from ICE and Fiserv and may not be identical to classifications from other sources. The change in investment value of your holdings reflects the appreciation or depreciation of your holdings due to price changes, plus any distributions and income earned during the report period, less any transaction costs, sales charges, or fees. Gain/loss and holding period information may not reflect adjustments required for your tax reporting purposes. You should verify such information when calculating reportable gain or loss. Sowell Management specifically disclaims any liability arising out of a customer’s use of, or any tax position taken, in reliance upon such information

BLOG DISCLOSURE: This website blog is published and provided for informational and entertainment purposes only.  The information in the blog constitutes the content creator or guest blogger’s own and it should not be regarded as a description of services provided by Sowell Management. The opinions expressed in the blog are for general informational purposes only and are not intended to provide specific advice or recommendations for any individual or on any specific security or investment product. It is only intended to provide education about the financial industry.  The views reflected in the commentary are subject to change at any time without notice.

Sign up for the Week Ahead Market Commentary

Download the Journey Roadmap

Download the Journey Roadmap

Sign up for the
Sowell Summit Event

(Please be sure to click the link on the web page to book your room)

Thank you for registering!

You should receive a confirmation email shortly. Don’t forget to reserve your room through the unique Sowell hotel reservation page. You can extend your stay at the Sowell Summit reduced room rate.