how to prepare for an ria regulatory audit to prepare for an ria regulatory audit wednesday, october...

How to Prepare for an RIA Regulatory Audit

Wednesday, October 19, 2016

FPA of Michigan

Chad HartwickDirector of Compliance

Prior to joining RIA in a Box, Chad worked 8 years for the State of Michigan as the Securities Examination Manager where he oversaw the examination program. While working for the state, Chad was also very active with the North American Securities Administrators Association (NASAA), as a member of multiple project groups including Investment Adviser Operations and presenting at many conferences including Investment Adviser Examiner Training. Prior to working for the state, Chad spent 8 years in the private sector working for various broker‐dealers and investment advisers across the nation. In his 16+ years in the industry, Chad has successfully conducted hundreds of examinations and investigations.

Disclosures•RIA in a Box is not a law firm, CPA firm, or registered investment advisory firm.

•None of the information presented, advice given, or services rendered should be considered legal, tax, accounting, or investment advice.

•We do not provide legal services. If you require the services of an attorney, we recommend that you seek out an independent attorney with securities law experience.

• Establishing an effective compliance program• Elements of a regulatory exam

Today’s Topics

While the above statement is a sometimes overused phrase in the RIA compliance world, as a former regulator, I can assure you that it is taken very seriously by every regulator in every jurisdiction.

If you are successful in portraying you have a “culture of compliance” at your firm and willingly cooperate with the examiners, your exam will have better results.

Establishing a Firm’s Culture of Compliance

• Makes a difference!• Know your rules

• SEC Rule 204‐2• Applicable state rule

• Are you aware of your jurisdiction’s Books & Records requirements?• Are you aware of “other” jurisdiction specific requirements?

Culture of Compliance

• Written Compliance Policies and Procedures• Code of Ethics• Training / Attestations• Implementation ‐ Risk Assessment / Compliance Calendar – Monitoring & Testing

• Annual Review

Elements of Effective Compliance Program

SEC has stated:

Even small advisers may have arrangements, such as soft dollar agreements, that create conflicts… Advisers of all sizes, in designing and updating their compliance programs, must identify these arrangements and provide for the effective control of the resulting conflicts...We would expect smaller advisory firms without conflicting business interests to require much simpler policies and procedures than larger firms.

Policies & Procedures

Rule 206(4)‐7 under the Investment Advisers Act of 1940 requires SEC registered investment advisers to:1) adopt and implement written policies and procedures reasonably

designed to prevent violation, by you and your supervised persons, of the Act and rules under the Act.

2) conduct a review, no less than annually, of the adequacy of the policies and procedures and the effectiveness of their implementation.

3) designate a Chief Compliance Officer (CCO) to administer the policies and procedures.

State laws have the same or similar requirement for state registered IAs.


At a minimum, the SEC has stated the policies and procedures should address the following (if applicable to investment adviser’s business):

1. Portfolio management processes – allocation of investment opportunities among clients, consistency of investments with investor goals, disclosures

2. Trading practices – procedures to determine best execution, allocation of aggregated trades among clients

3. Proprietary trading of the adviser and personal trading of supervised persons (Code of Ethics)

4. Accuracy of disclosures to clients and regulators – brochure, advertising

5. Accurate creation and secure maintenance of required records


6. Marketing – use of solicitors

7. Processes to value client holdings and assess fees based on those valuations

8. Safeguards to protect client assets from conversion or inappropriate use by advisory personnel

9. Safeguards to protect client information

10. Business continuity plans


• Standard of Conduct• Requirement to have language that all supervised persons will comply with

security laws.• Requirements for reporting of access persons’ personal securities

transactions and holdings and pre‐approval of IPO investments and limited offerings.

• Procedures to report violations of the Code and sanctions for violations.• Requirement to provide copy and obtain annual acknowledgments.

Code of Ethics

1. Provide investment adviser personnel with copies of Policies and Procedures, Code of Ethics, and Privacy Policy.

2. Do they understand them?

3. Individual’s attestation that they have read, review and understand.

4. Initially and Annually

Training/Attestations

A Risk Assessment & Compliance Calendar are valuable tools to help you implement your compliance program.

Implementation

Neither Rule 206(4)‐7 nor similar state rules require a risk assessment; but, the SEC’s initial request for information during an exam asks for:

• Inventory of compliance risks that forms the basis for policies and procedures

• Documents mapping the inventory of risks to written policies and procedures

Risk Assessment

Four Step Process:1) Prepare risk inventory.

2) Assign a “rating” to each risk identified in your inventory.

3) “Map” risks to specific procedures.

4) Review and update, as needed.

Risk Assessment

Use a compliance calendar to monitor and test your policies and procedures.

The Calendar should indicate:

1) What is the specific task to be performed2) When and how often will the specific task be performed3) Who will be responsible for performing the task

Compliance Calendar

Your Calendar will have tasks designed to monitor and test your policies and procedures.

Monitoring – Keeping track of and checking your procedures on a continuing basis.

Testing – Submitting your procedures to evaluation to determine their ability, or inability, to detect and prevent compliance violations.

Compliance Monitoring & Testing

Policy: The firm’s Chief Compliance Officer (CCO) shall be responsible for approving all company advertising and ensuring it is in compliance with jurisdictional regulations. No advertisement shall be distributed without the CCO’s approval.

Task: Review and approve advertising.

When: Review and note approval when advertisement placed; Quarterly/Annually – spot check records of all advertisements to make sure prior approval was obtained; general Internet search for “unapproved” advertising


Policy: The Firm shall invest and reinvest the securities, cash or other property held in the client’s account in accordance with the client’s stated investment objectives.

Task: Review trades for consistency with client objectives.

When: Review daily or as trades are made; Quarterly or Annually –review all holdings in a sampling of client files to make sure consistent with client objective and any restrictions in their account.


Policy: The Firm shall bill clients accounts on a quarterly basis and deduct the fees directly from clients accounts.

Task: Review client accounts for billing errors.

When: Review sample client files every quarter after the most recent billing cycle.


CCO or person designated to conduct a review must assess the ADEQUACY and EFFECTIVENESS of the compliance program at least annually.• Adequacy

• Has firm updated its policies and procedures in response to changes in business practices or regulatory requirements?

• Has firm conducted risk assessment in response to any changes?

• Effectiveness: Is firm implementing policies and procedures as designed? Keep a Compliance Calendar to stay on top of responsibilities.

• Document the annual review and make changes as necessary.

Annual Review

• Initial Notification • Interview• Tour of the office• Identify principal contact person(s)• Work space for examiners

• Access to a copy machine / Access to Files and Records• Exit interview• Written summary of examination (i.e. Deficiency Letter)• Close examination or refer to enforcement

Exam Process

• Rules, Rules, Rules• SEC and State of MI enforcement• Form ADV changes• Privacy policy• Business Continuity / Succession Planning• Cybersecurity• Social Media

Hot Topics

• Accurate Form ADV documents• Know your requirements• Periodic review of client files

• Required documents (contracts, investment policy statement, etc.)• Billing

• Review all marketing pieces from client and regulator perspective• Realistic and accurate policies and procedures• Document, Document, Document

Best Practices

We support RIA firms with industry‐leading registration and compliance services Experience & Expertise

25+ employees including former regulators, advisors, and technologists

Have helped register over 2,500 new RIA firms

MyRIAComplianceTM

Proprietary RIA registration and compliance management software

Provide compliance software and ongoing consulting support to over 1,400 RIA firms

About RIA in a Box

www.riainabox.com

@riainabox