In March of 2013, the SEC issued a risk alert related to significant deficiencies that the agency's national RIA examination program discovered related to investment adviser custody and safety of client assets. The SEC's investment adviser examination program noted that approximately one-third of registered investment adviser (RIA) compliance deficiencies discovered during RIA audits were related to custody issues. As RIA compliance consultants, we frequently find that registered investment advisory firms do not fully understand the many scenarios that can lead an RIA firm to be deemed to have custody.
Given that we are currently in the midst of the RIA registration renewal season, now is a good time for the RIA firm's Chief Compliance Officer (CCO) to review the advisory firm's business practices to ensure that the RIA does or does not have custody of client funds. Often, RIA firms assume that they do not have custody if they are utilizing a traditional RIA custodian to manage all client accounts separately. However, there are a number of common scenarios that the SEC has identified in which the RIA firm may fail to identify that it is deemed to have custody. Some of these scenarios include:
- Bill-Paying Services: Many RIA firms that cater to the high or ultra-high net worth client segments have been looking to offer additional "high-touch" services to their clients. One such common service is bill-pay. An RIA firm is not restricted from providing bill-paying services, but it is likely that offering this new service will mean that the RIA firm is now deemed to have custody given that the firm now has the ability to withdraw funds from client accounts.
- Check-Writing Authority: Similar to bill-paying services, if an advisory firm that has the ability to write checks on behalf of its clients, it will likely be deemed to have custody.
- Online Login Access to Client Accounts: RIA firms should never possess a client's individual username and password in order to access the client's account to manage it. If an RIA firm does possess this login information, it will likely be deemed to have custody given that it now has direct access to the client's accounts to make withdrawals, etc. A better RIA compliance practice would be for the investment adviser to be granted a separate login account which only gives the adviser the ability to execute trades and not transfer funds in any manner.
- Trustee or Power of Attorney: If an adviser or related person of the RIA firm serves as the trustee or has power of attorney over any client account, the RIA firm will likely be deemed to have custody.
- General Partner of a Pooled Investment Vehicle: If the RIA firm is looking to expand into alternative assets and perhaps offer clients access to limited partnerships managed by the RIA firm, the advisory firm will likely be serving as the general partner of the investment vehicle and may be deemed to have custody.
By no means are these five scenarios an exhaustive list of all the circumstances which may trigger an RIA firm to be deemed to have custody by the SEC, but these are some common scenarios which have been known to trip up RIA firms when it comes to RIA custody compliance requirements. It should also be noted that each state has its own individual investment adviser custody compliance requirements. While some states' RIA custody rules may closely mirror those of the SEC, there are also states which have their own unique regulatory requirements. Thus, as RIA compliance consultants, we recommend that all RIA firms review the custody requirements in their relevant jurisdictions to determine if the firm may be deemed to have custody.