RIA Compliance and Practice Management Blog

Rule 206(4)-7 Continues to Cause Preventable RIA Compliance Issues

Posted by RIA in a Box

Oct 24, 2016 9:15:00 AM

RIA Firms need to establish and implement a compliance programWhile the Securities and Exchange  Commission (SEC) continues to release  new rules and examination risk alerts that impact registered investment  adviser (RIA) firms, there is still a simple  rule that continues to trip up SEC-registered RIA firms of all sizes. Rule 206(4)-7 requires an investment advisory firm to adopt and implement written compliance policies and procedures, perform an annual review, and designate a Chief Compliance Officer (CCO). While at first glance, this long-standing rule appears rather straight forward, it continues to trip up investment advisers leading to enforcement actions.

Download Our Free How to Prepare for an RIA Regulatory Exam Checklist

"Rule 206(4)-7 - Compliance procedures and practices" reads as follows:

If you are an investment adviser registered or required to be registered under section 203 of the Investment Advisers Act of 1940 (15 U.S.C. 80b-3), it shall be unlawful within the meaning of section 206 of the Act (15 U.S.C. 80b-6) for you to provide investment advice to clients unless you:

(a) Policies and procedures. Adopt and implement written policies and procedures reasonably designed to prevent violation, by you and your supervised persons, of the Act and the rules that the Commission has adopted under the Act;

(b) Annual review. Review, no less frequently than annually, the adequacy of the policies and procedures established pursuant to this section and the effectiveness of their implementation; and

(c) Chief compliance officer. Designate an individual (who is a supervised person) responsible for administering the policies and procedures that you adopt under paragraph (a) of this section.

As RIA compliance consultants, we see these common mistakes related to Rule 206(4)-7 that often lead to serious compliance issues:

  1. A newly-registered firm creates a policies and procedures manual at the time of initial RIA registration, but fails to actually implement or follow it. Simply having a compliance manual is not enough, the firm needs to do what it says it's going to do.
  2. A newly-registered firm creates a policies and procedures manual at the time of initial RIA registration, however it's generic and not tailored and does not accurately apply to the particular firm's business practices and potential risks. In this scenario, the policies and procedures unfortunately are insufficient to prevent violations.
  3. A firm does a sufficient job of updating its Form ADV and other filings but fails to establish an actual compliance program. Properly maintaining and updating the Form ADV is critical, but only one part of implementing a robust compliance program.
  4. New and long-established firms fail to conduct and document an annual compliance review. Even if the firm has implemented a strong compliance program, the annual review is a requirement that cannot be overlooked. It must be conducted thoughtfully and documented by performing an annual risk assessment, staff training, testing, and other reviews.
  5. A firm conducts an annual compliance review each year in theory, but has little in practice to show for it. The firm's policies and procedures manual is a living document that should be regularly updated to match a firm's business model evolution and to ensure that any new regulatory requirements are being properly addressed.
  6. A firm designates a Chief Compliance Officer, but the CCO is insufficiently qualified and does not receive proper training. Appointing an administrative assistant with no prior experience that is not properly empowered and is preoccupied with his or her existing responsibilities can lead to serious problems.

We strongly encourage the principals of all SEC and state-registered RIA firms to review these common mistakes to ensure that none are present. While Rule 206(4)-7 is less than 150 words in length, it is frequently cited in enforcement actions and forms the building blocks of establishing the proper culture of compliance.

How an RIA Firm Can Create a Culture of Compliance Checklist


Topics: RIA Compliance

RIA in a Box LLC is not a law firm, investment advisory firm, or CPA firm. RIA in a Box LLC does not provide legal advice or opinions to any party or client. You should always consult your relevant regulatory authorities or legal counsel if applicable.

RIA Compliance & Practice Management

Stay up to date on the latest RIA compliance, operations, and technology topics.

Hear from industry experts as they keep you up to date on the latest regulatory developments and practice management topics.

Subscribe to Email Updates

Recent Posts