This is the first installment of our BCCP Summer Compliance Series.
You’ve been busy. Maybe too busy for compliance. With tax season behind us and the summer lull setting in, this might be a good time to get compliance back on track with a “Compliance Kickstarter.” Take a few minutes a day for five days to refocus on compliance. Below are five tasks that require no special compliance knowledge but may pay big dividends during your next regulatory exam.
Day 1 – Review Prior Exams
The task: Review prior regulatory and mock exams. Whether your exam was done by an examiner from a regulatory agency or a consultant from a compliance consulting company, you likely received a deficiency letter.
Deficiency letters, while not particularly fun to read, serve as excellent guides to business improvement. This letter You should also review your response and corrective measures. Ensure that any deficiencies noted have been corrected.
The payoff: Recidivism is a pet peeve of regulators. When a corrective action is noted and nothing is done, regulators and/or consultants will naturally question your commitment to compliance. Do not get cited for the same thing twice. For this reason, deficiency letters and responses are among the first things a competent consultant will ask to see.
Day 2 – Review ADV Part 1
Too often ADV Part 1 is amended in response to a specific change in business practices or as part of the annual updating amendment process. Amending specific sections is important, especially as your business changes. However, a comprehensive review ensures that ADV Part 1 is genuinely reflective of current business practices.
The task: Log in to IARD and download a copy of ADV Part 1 in its entirety. Go over each section of ADV Part 1 carefully for accuracy. Sections that are commonly missed include:
Schedule A – Changes in personnel titles and ownership
Item 5.A and 5.B – Changes in number and type of employees
Item 5.C and 5.D – Changes in types of clients
Item 5.E – Non-applicable compensation arrangements
Item 5.G – Changes in advisory activities offered
Item 5.H – Number of financial planning customers
Item 9.C – Changes to custody practices
Schedule D, 1.F – Other offices (This has become especially problematic with many people now working from home.)
The payoff: Too often disclosures on ADV Part 1 are inaccurate. This is a simple and common finding for an examiner. All disclosures are important and must be accurate. Year after year, many advisers update the assets under management and that’s it. An accurate and up-to-date ADV Part 1 shows good control over the details of your compliance program.
Day 3 – Review ADV Part 2
The task: Review your ADV 2A. Three sections of ADV Part 2 are commonly out of sync with actual adviser practices: Item 4, Item 5, and Item 8.
Item 4 describes your advisory services. Make sure you offer all services disclosed exactly as they are disclosed. Over time, advisory practices may change. Services may have been added or removed in response to changes in your client niche, changes in markets, or new efficiencies from software.
Item 5 describes your fees and billing practices. Make sure your billing practices are precisely disclosed. Billing practices can change as software or staff are changed. For example, many advisors are unaware how their portfolio management software calculates fees (month-end or average daily balance).
Item 8 describes your investment methods. Make sure you still manage assets as described. Your methods and process may have changed over time.
The payoff: Over time, business practices can drift from ADV 2A disclosures (which may have been written years ago). As with ADV Part 1, the same sections (AUM in Item 4!) tend to get updated every year and much of ADV Part 2 is ignored. Make sure you accurately and fairly disclose your methods for building client portfolios.
Day 4 – Account Review
The task: Select ten accounts to review. The mundane processing of new account forms leads to complacency. Familiarity with clients may lead to a loose process with regard to forms. Humans are creatures of habit. Check for the following:
Required account documentation (Client questionnaire/profile, legal documents, etc.).
Current client agreement and account application for third-party custodian.
Make sure the fees charged match the client agreement. (A surprisingly common audit finding with dire financial and regulatory consequences.)
Review the portfolio for consistency with client objectives and mandates.
Ensure all contracted services are provided.
If any account fails any test, you may want to increase your sample size. Repeat violations of the same issue indicate a broken process that requires serious attention.
The payoff: Services and portfolios may drift from the original client agreement and/or firm policies. This review will let you know if you’re abiding by contracts and firm policies. This type of review will also improve your administrative processes and give you better control over your firm.
Day 5 – Review Data Security
The task: Review your client data security. The data security review starts at your front door (literally) and ends at your data servers. Review the following:
The physical security of your office
Door and window locks
Inventory people with keys, including staff, vendors, and building management
Locking or not locking
Inventory staff members with access
Staff offices and desks
Doors and cabinets secured
Documents left on desks
Inventory staff and vendors with network access
Inventory devices and computers that access your network
Strong passwords required and password security
Use of 2-factor authentication whenever possible
The payoff: Your clients have entrusted you with priceless personal information. Protecting this information is more than a regulatory obligation; it is a moral imperative.
This review will help you keep your privacy promise.
Five days to kickstart your compliance program. To be sure there’s a lot more work to be done on an ongoing basis to make sure your compliance program does what it’s supposed to do: Aligning your business practices, disclosure documents, and operations consistent with the regulatory rules and guidance. Compliance is easier if you do a little each week.
If after doing this review you feel your firm still has significant compliance issues, it may be worthwhile to bring in a third party. Please contact us for details about how we can help you get your compliance program in order so that you're ready in the event of a surprise exam by your regulator.
Dane Grouell is a Senior Advisory Board Member at BCCP and a 25-year veteran of the financial services industry. He has worked in executive management and compliance roles at various broker-dealers and investment advisors. Dane has previously been the Chief Compliance Officer of a $19 billion investment advisor and private fund manager and $80 million independent investment advisor. He has been responsible for nationwide supervision of national broker-dealers. Dane has done onsite audits of broker-dealers and investment advisors, registered new entities with the SEC and states, and responded to regulatory inquiries from nearly every regulatory body in the United States. He has rendered advice to firms domiciled in the United States, Europe, and Asia. Dane currently holds the Series 65 license and is a former Series 7, 24, 9, 10, and 52 holder.