Every investment adviser registered under section 203 of the Investment Advisers Act of 1940 (15 U.S.C. 80b-3) is required by the Securities and Exchange Commission's (“SEC”) Rule 206(4)-7 to conduct a review of the firm’s compliance program.
The compliance review is an opportunity for the Chief Compliance Officer (“CCO”) to thoroughly assess the adequacy and effectiveness of the RIA firm’s policies and procedures, and therefore minimize risk of compliance deficiencies. The SEC requires the review to take place “no less than annually”. In this blog post, we highlight key considerations to conduct an effective compliance meeting.
The annual compliance meeting is an excellent time to address any policy updates or procedural changes that resulted from the review of the firm’s compliance program.
We generally recommend that RIA firms consider hosting their annual compliance meeting after the firm’s annual Form ADV amendment period and distribution to clients. This often leads to conducting the meeting in the spring. However, there is no "right" time to conduct the annual meeting, and firms should do what is best to accommodate their unique business practices.
As RIA compliance consultants, we often find that RIA firms can face preventable compliance issues by failing to efficiently perform and document the completion of the mandatory annual compliance program review.
Below, we’ve developed a list of steps you can follow for a productive and efficient annual compliance meeting.
1. Review Regulatory Developments and Update Policies Accordingly
The firm’s CCO will need to review the latest regulatory rule changes and risk alerts to consider any tweaks to the policies and procedures manual.
2. Review Advisory Documents for Accuracy and Relevance
Review each of your firm's advisory documents for accuracy and relevance to your current business practices. This includes, but is not limited to, your Form ADV, policies and procedures manual, business continuity plan, succession plan, and information security policy.
When reviewing your policies and procedures in an annual meeting, don’t forget to alert your staff to any relevant changes that affect them, and then train them accordingly.
3. Complete Your Risk Assessment
Conduct a risk assessment to identify the areas of highest risk to your firm based on its unique business practices, and update your compliance program accordingly.
Performing a risk assessment of different areas throughout the year is critical. This allows you to determine whether your firm’s current compliance procedures are sufficient, or if you need to make changes based on your risk profile. The SEC’s risk assessment flowchart and risk inventory guide offer good starting points for your assessment.
4. Review Client Holdings and Fees Charged
A review of client holdings and fees charged ensures that portfolios are properly managed and clients are being charged correctly according to their fee schedule.
Whether your firm charges fees as a percent of assets under management (“AUM”) or a fixed rate subscription, you’ll want to consider regulatory rules as you review your records.
The SEC also recently released a risk alert regarding fee calculations, which your CCO will need to examine.
5. Review Cybersecurity Practices
Since 2015, the SEC has required that cybersecurity be included as part of an annual compliance review. This should include reviewing existing policies, implementing changes where necessary, staff training, and testing.
To reduce your cybersecurity risk and to meet regulatory requirements, you’ll want to take a proactive approach to protecting your firm’s and your clients’ digitally stored information. You can download a copy of our cybersecurity compliance checklist to get started.
6. Document the Meeting
Just as a meeting outline provides structure, meeting minutes can drive action while also offering evidence of your company’s commitment to compliance.
During your firm-wide compliance meeting, ensure you document the meeting agenda, compliance issues addressed, and any changes to your firm’s practices. Keep a copy of your meeting minutes in an organized and easily accessible place for future reference.
7. Identify and Assign Action Items
Once you’ve finished your annual review, it’s important to document all findings and identify action items that will be taken.
Focus first on your firm’s highest-risk areas, but be sure to address each compliance concern you’ve discovered. Identifying which specific employees will take action can also keep you on track for success.
- Who will handle updating policies?
- Who will make changes to outdated documents?
- Who will take the lead in sorting out identified conflicts of interest?
- Who will oversee ensuring missing disclosures are added?
- Who will handle tech-related issues?
Make sure you set a hard timeline and follow up to ensure each item is completed.