RIA Compliance and Practice Management Blog

SEC 3rd party RIA compliance exams or a shift to state regulation?

Posted by RIA in a Box

Jan 8, 2015 5:00:00 AM

It was only a few short months ago that industry and congressional momentum was building in support of SEC investment adviser user exam fees. However, as of earlier this month, it now appears that any hope of RIA user-fee exam legislation being passed in the near future is unlikely.

As such, we believe it's now worth taking a deeper look into the potential costs and implementation challenges if the SEC was to begin a third party compliance review program of registered investment adviser (RIA) firms. However, we believe that there may be a more attractive alternative to third party compliance examinations that to date not been actively discussed by the investment adviser industry: transitioning more firms from SEC to state registration.

Download our free white paper: RIA Systems and Operational Best Practices

First, it's important to note, that the implementation of a third party compliance review program would presently only impact SEC-registered RIA firms. State-registered investment advisory firms would continue to be audited by the relevant states. Thus, of the overall ~30,000+ RIA firms, such a program would only impact the ~11,800 firms currently registered with the SEC.

One of the key reasons that the third party compliance review concept has continued to be discussed for over a decade now is that Congress has generally showed a reluctance to pass any new legislation to increase SEC funding to help examine a higher percentage of RIA firms. It's generally viewed that the SEC already has the ability to implement a third party compliance review program without the passing of a new Congressional bill. As such, the SEC has a lot more flexibility in regards to creating such a program.

The general arguments in support of a third party audit program are:

  1. In the 2014 fiscal year, the SEC audited 10% of registered investment adviser firms. The industry and SEC both agree that this is an insufficient total and exposes the broader industry to bad-actors tarnishing the industry's reputation.
  2. While the SEC's total annual budget has generally increased over the years from (+8.66% compound annual growth rate from 1995 to 2015), so has the SEC's regulatory responsibilities and thus other regulatory priorities continue to restrict the SEC's ability to allocate additional significant resources to investment adviser examinations.
  3. Congress has made it clear that no new bill will be passed any time soon to allot additional funding to investment adviser exams and thus the SEC may have no other alternative to meaningfully increase the number of advisory firms audited.
  4. There are a number of qualified compliance consulting firms in the industry that have the expertise to conduct exams.
  5. It wouldn't be that hard to roll out and could be done quickly.
  6. Such a program is an efficient way for the SEC to better allocate resources by delegating to third parties to conduct an initial exam to identify general regulatory areas or particular firms that require more attention.
  7. The SEC could shift more resources to the largest SEC-registered RIA firms that may pose a greater risk to the public given the size of their operations.
  8. A "free market" competitive system would keep the price of third party exams at a reasonable level.

On the other hand, the general arguments in opposition of a third party audit program are:

  1. It would be very difficult to control the standards of third party firms conducing these exams.
  2. The program would still require dedicated staff and resources at the SEC to oversee and manage its operations leading to less overall efficiency.
  3. This could create an opening for a self-regulatory organization (SRO) such as the Financial Industry Regulatory Authority (FINRA) to get directly involved with the regulation of RIA firms.
  4. The cost to smaller SEC-registered firms could be quite burdensome.
  5. There are potential conflicts of interest for third party compliance firms that have a pre-existing relationship or hope to establish a future relationship with the firm being audited.
  6. The operations of RIA firms are quite varied and complex and trying to apply a one-size fits all approach may prove problematic.
  7. This concept was explored in detail in 2003 and the industry generally seem opposed to it as demonstrated by the comment letters submitted in opposition.

Our Thoughts on Third Party Compliance Examinations

We generally believe the implementation of third party compliance examinations across all SEC-registered firms would be challenging and inefficient given the huge array of the size and complexity of firms registered with the SEC. To elaborate further, let's dive deeper into some figures:

  1. Yes, the percentage of RIA firms audited by the SEC annually is too low. However, it can be a bit misleading given the size range of firms that the SEC is tasked with regulating. According to SEC historical budget proposals and Meridian-IQ, SEC-registered firms in total manage approximately $62.4 trillion. However, the combined assets under management (AUM) of the 100 largest firms is approximately $31.1 trillion. Thus, a deeper dive into audit statistics reveals that the SEC has allocated more resources towards auditing larger firms as demonstrated by the fact that the SEC's Office of Compliance Inspections and Examinations (OCIE) examined around 30% of the total AUM of SEC-registered firms in the 2014 fiscal year. That figure has been on the rise compared to 25% of total AUM in the 2013 fiscal year and it seems reasonable to assume that the figure will continue to improve as the SEC continues to show its ability to better utilize existing staff and resources.
  2. Thus, it would appear that the SEC's true challenge is more frequent examinations of smaller SEC-registered firms. According to Meridian-IQ, there are approximately 8,650 firms registered with the SEC that manage $1 billion in AUM or less and around 7,250 of those firms manage $500 million or less in AUM. While it's generally true that these smaller SEC-registered RIAs have a bit simpler operations when compared to industry titans such as Vanguard (~$2.35 trillion of AUM) or PIMCO (~$1.95 trillion of AUM), around 2,500 of these smaller firms advise private funds and/or mutual funds which creates additional risk and complexity. As such, it appears that there around 6,150 RIA firms (8,650-2,500) presently registered with the SEC that likely look and feel a bit more like classic small-business RIAs serving a local community or region. This is not to say that these smaller local businesses do not pose a risk to investors or the market, but the general risk given their smaller size does not carry the same relative magnitude of the much larger firms.

Is There Another Solution the Industry Isn't Recognizing?

It's been said that the easiest way to make the right decision is to choose from a list of great alternatives. In other words, instead of focusing all resources on the decision, time is often better spent exploring additional alternatives that may not at first reveal themselves. In many ways, it feels like this third party examination alternative may be regaining momentum because right now it seems like the last remaining alternative. That strikes us as a potentially dangerous decision-making scenario that the industry should strive to avoid if possible.

As part of the Dodd-Frank legislation, the majority of SEC-registered RIA firms with less than $100 million in AUM were required to transition from SEC to state registration. In total, this led to around 2,100 investment advisory firms switching to state registration. Initially, there were quite a few concerns around the industry if the states were properly equipped to handle this large influx of firms. While every state is unique and some states have undoubtedly handled this transition better than others, most industry observers would argue that the states as a whole have done a very good job. While it can vary, most states operate on at least a 4 year audit cycle (every RIA firm is examined at least once every 4 years). In comparison, the SEC has historically audited RIA firms once every 10-12 years. However, as noted above, this comparative figure can be a bit misleading and unfair given the SEC's traditional focus on larger firms. 

In particular, the Dodd-Frank switch process also further highlighted the value that the North American Securities Administrators Association (NASAA) can bring when it comes to the regulation of RIA firms. Through NASAA, the states showed their ability to coordinate efforts and to communicate effectively to ease the burden on RIA firms required to transition to state registration.

Yet, unfortunately the Dodd-Frank transition did little to reduce the RIA regulatory burden of the SEC. At the beginning of 2010, the SEC oversaw around 11,500 investment advisory firms which is nearly identical to the current number of firms it oversees. So how is it possible that 2,100 firms switched from SEC to state registration, but the SEC was still left with the same number of firms under its purview? Well, the primary reason is that Dodd-Frank also required advisers to private funds to register for the first time. For nearly every firm that the SEC passed down to the states, the agency instead inherited a new firm registering with the SEC for the first time. Presently, there around 2,000 firms registered with the SEC that advise private funds. Thus, in the SEC's defense, Dodd-Frank did little to help the SEC and if anything actually increased the regulatory complexity for the SEC as it traded its smallest, most local RIA firms for often much more complex private fund advisers.

The Most Cost Efficient Solution For Small, $500 million or less AUM RIA firms

Furthermore, many states operate rather nimble examination and enforcement agencies and were able to staff up and train new examiners in fairly quick order to help handle the increase of firms. According to NASAA, just over half of states hired additional examiners. In addition, a portion of the staffing increase costs were funded by the new stream of annual registration fees that the states inherited. And just as importantly, while these annual registration fees were often a slight increase over the annual SEC filing fees that the RIA firms were previously paying, they were by no means overly daunting.

To quantify the potential costs a bit, we have analyzed all the current annual state registration and notice filing fees. For reference, notice filing fees are the fees that SEC-registered RIA firms pay to the relevant states in which the firm for example has a physical office location or has exceeded the de minimis number of clients. Excluding Wyoming which charges no state registration or notice filing fees, the average fees charged by states and US territories are as follows:

  Firm Fee
Initial State Registration $216.92
Renewal of State Registration $202.02
Initial Notice Filing $207.12
Renewal of Notice Filing $197.50

As shown above, the average initial state registration is ~$10 above the average initial notice filing fee and the average state registration renewal fee is only ~$5 above the average notice filing renewal fee. If we assume the average $500 million or less AUM SEC-registered RIA firm is required to notice file in 8 states, then the incremental increase in average annual filing fees is less than $80 on annual basis (8 states multiple by $5-10 of increased costs per year). However, these slight increases in annual state filing fees would be more than offset by the savings from no longer paying the annual SEC updating amendment fees of $225 charged to SEC-registered firms with $100 million or more in AUM. It should also be noted that during the previous SEC to state registration transition due to Dodd-Frank, the states did not increase the annual filing fees for the firms transitioning to the state level. Thus, it seems fair to assume that annual regulatory filing fees are a wash and that as it stands today, most transitioning RIA firms would pay around the same in annual regulatory filing fees. 

To be fair, we should also budget a one-time expense for the SEC-registered RIA firm to hire an outside compliance consultant or allocate an internal resource to assist with the transition to state registration. While it could cost considerably less, let's assume a one-time cost of $5,000 in additional labor or consulting fees. Therefore in year 1, the average transitioning SEC firm would be looking at increased compliance expenses of around $5,000 and in years 2 and beyond would be looking at very similar expenses to what they presently experience.

Why Shifting More RIA Regulation to the States Makes Sense

Thus, we'd argue that a more viable solution to increasing the frequency of RIA firms is to utilize another transition of smaller SEC-registered RIA firms to state registration. In particular, we would recommend that the vast majority of RIA firms with $500 million or less in AUM should be required to switch to state registration.

The below table, using data from Meridian-IQ as of Jan 1, 2015, helps to quantify what the RIA regulatory landscape might look at different AUM thresholds above the current $100 million level for firms to register with the SEC:

Number of SEC RIA audits and examinations

* According to Meridian-IQ, total number of state-registered firms is 18,444 and total AUM of state-registered firms is $580,201,916,717. The new total number of state-registered firms is calculated by adding the number of non NY/WY-based SEC-registered firms and adding that total to the present total of 18,444 state-registered RIA firms. The new total AUM of state-registered firms is calculated in the same manner. 

** We assume that the SEC will audit ~10% of SEC-registered firms this year. This equates to ~1,861 firms.

For purposes of the above analysis, we have separated out all RIA firms in the state of New York with $25 million or more in AUM and all firms in Wyoming regardless of AUM with the assumption that those firms will stay registered with the SEC. We have not broken out the number of firms with other qualifying exemptions that allow those firms to currently register with the SEC. As such, this analysis may slightly over estimate the number of firms that would transition down to the state level at different AUM thresholds given that it's likely that the SEC would still allow some, if not all of the current non-AUM registration exemptions.

The table above highlights some interesting findings including:

  1. To allow the SEC to make a significant improvement in the audit frequency of SEC-registered firms, the AUM threshold needs to be increased upwards toward $500 million. This could allow the SEC to double its examination frequency (~10% to 20.1%) by cutting the number of firms registered with the SEC by one-half.
  2. This would undoubtedly greatly increase the total AUM that states would be tasked with overseeing. However, even at a $500 million threshold, the total AUM of all the firms regulated at the state level would still be less than 3% of the total AUM of all firms regulated by the SEC. 
  3. At a $500 million registration threshold, the total number of RIA firms registered with the SEC would be approximately halved, however the decrease in the total AUM of firms regulated by the SEC would only decrease by around 1.64%. 
  4. Unfortunately, this would not immediately allow the SEC to significantly increase the total AUM that it examines annually but over time by better focusing its resources on larger firms it should continue to become more efficient.

While this would undeniably be a significant shift in the paradigm of SEC vs. state RIA regulation, we believe it's a transition that would best align the capabilities of the different regulatory agencies and create a model that could persist for many decades to come.

Some of the detailed rationale for this proposal is:

  1. If implemented properly, this is not the SEC just handing off its regulatory exam challenge to the states that will now have the same struggles. As discussed above, the states showed themselves to be willing and able to handle a large influx of new RIA firms as required by the Dodd-Frank legislation.
  2. While not always the case, we'd argue that the average $500 million RIA firm looks and feels more like an $80 million advisory firm from a regulatory standpoint than it does a multi-national, multi-billion dollar, or even trillion dollar RIA operation.
  3. It would allow the SEC to better allocate resources to larger and particular high-risk firms which require much more sophisticated and longer audit processes which is the SEC is the most equipped to handle.
  4. It would pose the lowest financial business risk to small-business RIA firms currently registered with the SEC while the costs to register and be regulated at the state level would likely be marginally higher, the costs would be manageable in the few hundred to the few thousand dollar annual range.
  5. Most RIA firms with $500 million or less in AUM tend to have a more locally concentrated business and this would better align the risks these firms pose with local regulators given the concentration of risk that these RIA firms tend to pose to a local region (e.g. a particular state).
  6. The states are often better equipped to establish and implement rules for smaller, local RIA firms in contrast to the SEC that is tasked with trying to apply a standard set of rules and requirements across a greatly varied set of firms. While such rules may be necessary for larger firms, they can at times be an unfortunate burden on smaller SEC-registered firms.
  7. Even if the additional annual registration fees received by the states do not fully offset the additional examination costs, the benefits of local, skilled job creation help align state budget allocations.

What makes this option also particularly enticing is that it would appear that, similar to the implementation of 3rd party audits, it may not require a new bill to pass in Congress. The National Securities Markets Improvement Act of 1996 (NSMIA) already has empowered the SEC to raise the AUM threshold required to register with the SEC. However, it's important to note that it is unclear what the states' appetite to take this on may be. Clearly, this would be asking a lot of the states. Yet, if the states were to ultimately embrace this solution, even at a lower than $500 million AUM threshold, we do believe such a solution could help address the core problem of increasing the frequency of RIA audits while mitigating the potential increased costs to small-business RIA firms scattered across the country. In particular, the previously proposed SRO and user fee pieces of legislation have both struggled to receive bipartisan support in Congress due largely to the perceived risk of increased costs on small businesses which compose the vast majority of the fragmented RIA industry. Furthermore, as it stands today, the SEC has been hesitant to allocate additional resources to investment adviser examinations as it feels it does not have the resources under its current annual budget.

However if Left with No Alternative Besides Third Party Examinations...

We believe the implementation should be utilized as a way to better bifurcate the regulation of SEC-registered RIA firms much like we believe an additional transition of more firms to state registration would accomplish. Therefore, we'd advocate for the following:

  1. Any third party compliance firm hoping to perform these examinations would need to be certified annually by the SEC to ensure it has the proper qualifications, experience, and resources.
  2. The SEC needs to very clearly outline and create a third party examination module provided to all certified firms so there is uniformity to the examination process.
  3. To ease the implementation, the SEC would need to invest in an online system which allows for the following:
    1. RIA firms to go online and select from a group of certified third party compliance firms to bid on and schedule the audit.
    2. Third party compliance firms to submit audit results online in a standardized format.
  4. No third party compliance firm can conduct an examination of a firm that it has or has previously served as a compliance consultant for or previously conducted a 3rd party compliance exam for in the past 3 years.
  5. Any third party compliance firm conducting an examination of a firm should be prohibited from serving as a compliance consultant to that firm for a minimum period of 3 years after the exam.
  6. The SEC should continue to exclusively perform all for-cause examinations in-house.
  7. The third party compliance firm can only be held to limited liability by the SEC or RIA firm it is examining. In particular, this liability should be restricted to: "Did the auditing firm perform the audit according to the defined SEC third party examination module?" 

Given that we ourselves are a compliance consulting firm, #7 above discussing liability may at first glance seem like a very self-serving wish. However, we believe that limited liability is one of the most important factors in keeping the cost of these third party examinations affordable to smaller SEC-registered RIA firms. Otherwise, there is significant risk that the costs of these exams could rise significantly. We also should clarify that limited liability does not mean that the SEC should not be able to rescind the certification or take action against third party compliance firms that are not performing to the highest professional and ethical standards.

The Cost of Third Party RIA Compliance Examinations

As it stands today, it's challenging to project what the potential annual cost to an RIA firm subject to such an audit might be. The key factors would be:

  1. Frequency of Exams: This could range from annual to once every four years. For reference, around 1/2 of broker-dealer firms are examined on annual basis which is often cited as a comparison.
  2. Scope of Exams: This is a complete unknown. Will these be full multi-day audits or initial exams intended to flag firms for follow-up, more detailed audits to be conducted by SEC staff?
  3. Number of SEC-certified Third Party Examination Firms: The SEC would need to delicately balance giving firms access to a competitive marketplace of many audit firms against ensuring that only high-caliber and qualified firms are conducting the exams.
  4. Location of the RIA firm: Firms located in major, accessible cities are easier to access in person leading to reduced travel costs compared to firms in more hard to access, rural locations.
  5. Size of the RIA firm: In general, more assets under management leads to more work required due to a higher number of clients, more geographic locations, etc.
  6. Administration Fee charged by the SEC: To do this right, the SEC will need to dedicate staff and technology resources to a group that would oversee this program. It's reasonable to assume that some administrative fee per exam would be passed through to RIAs.
  7. Liability assumed by the Third Party Examination Firms: This was discussed at length above.

Next, let's make the following assumptions:

  1. The scope is somewhat basic and limited and the average exam is completed in 1-2 days at the RIA firm's office.
  2. There are a reasonable, but select number of perhaps 6-8 audits firms for a given investment advisory firm to choose from.
  3. The firm is located near or in a major city.
  4. There is limited, minor liability assumed by the third party audit firm.

With the above assumptions and given our experience conducting many mock examinations over the years, we can make some rough estimates on the projected annual cost to an individual RIA firm given a firm's AUM and exam frequency:

  $100M $250M $500M $750M $1B
Every Year $12,000/yr $20,000/yr $30,000/yr $35,000/yr $40,000/yr
Every 2 Years $6,000/yr $10,000/yr $15,000/yr $17,500/yr $20,000/yr
Every 3 Years $4,000/yr $6,667/yr $10,000/yr $11,667/yr $13,333/yr
Every 4 Years $3,000/yr $5,000/yr $7,500/yr $8,750/yr $10,000/yr

At first glance, these costs may appear a little high but what is driving these projections is the fact that there is a lot more work required to conduct a proper regulatory examination than simply showing up at the firm's office. Often, tens if not hundreds of hours of work can go into preparation prior to the office visit and subsequently completing the findings report. Add that to the travel time to and from the office visit itself and the labor costs quickly become significant. Thus, even for smaller SEC-registered firms, there is a minimum cost associated with conducting an examination of any size.

It should also be noted that this analysis compared to our previous analysis of the cost of annual user fees shows that the cost of third party compliance examinations would likely be significantly higher. For reference, we previously estimated that the annual user fee cost to a $100 million AUM firm would range from ~$400 to ~$2,000 depending on the frequency of exams. While predicting the cost of the third party examinations is more of an art than a science given the large number of present unknowns, it's clear that the RIA industry needs to proceed with caution and get a better grasp on the potential costs.

Much like one of the key risks to the user fee approach, smaller SEC-registered firms need to be concerned with potential minimum annual costs that could be significant to them. However, it does appear that there may be less of such a risk within the construct of a third party audit system given that the actual cost to perform the exam will be more directly applied to the RIA firm itself.

Of course, the SEC could potentially reduce the costs to RIA firms of 3rd party audits by relaxing the certification requirements and scope of the exams, but we fear such a lax program may ultimately not provide adequate monitoring to protect investors and would be a band-aid solution that would appear to, but not actually, increase the number of true SEC RIA examinations.

Our somewhat bearish view on not only user fees, but particularly third party compliance exams, may surprise some industry observers that have until now assumed that a firm like ours would of course favor third party audits given the direct business opportunity for us. While it's true this may lead to a nice commercial opportunity for many compliance consulting firms, we generally believe that the regulation and supervision of RIA firms is best left to federal and state regulators. When outsourced to third parties or the likes of an SRO, inherent conflicts may irreversibly muddy the waters.

So What's Next?

Perhaps we are painting an overly rosy picture of the benefits of moving more currently SEC-registered RIA firms to the states but we do believe it's an alternative that at a minimum needs to be explored in more depth. Even if the states were to charge higher annual registration fees to firms with over $100 million in AUM to help subsidize the need to hire additional examiners, it's still likely that the increased annual costs to RIA firms would be significantly less than the implementation of third party compliance exams given the demonstrated prior experience and local presence of state examiners.

This new proposal is also likely to catch a smaller SEC-registered investment advisory firms a bit off-guard and lead to the impulse reaction that relinquishing SEC registration may imply a loss of legitimacy or credibility. For many advisers in the industry, reaching the asset minimum to allow for SEC registration has  served as a rite of passage of sorts. However, as advocates for the 7,250 or so firms with $500 million or less in AUM that are currently federally registered, we'd argue that while there will likely be some regulatory growing pains associated with being the new big fish in the state regulatory pond, it's a justified nuisance. This is because the alternative is being a small fish that may be fighting for survival in an ocean that will soon see a number of new regulations passed which are perhaps rightfully designed to rein in the handful of whales, but as a by-product will lead to increased regulatory challenges for smaller firms.


Topics: RIA Operations, RIA Compliance

RIA in a Box LLC is not a law firm, investment advisory firm, or CPA firm. RIA in a Box LLC does not provide legal advice or opinions to any party or client. You should always consult your relevant regulatory authorities or legal counsel if applicable.

RIA Compliance & Practice Management

Stay up to date on the latest RIA compliance, operations, and technology topics.

Hear from industry experts as they keep you up to date on the latest regulatory developments and practice management topics.

Subscribe to Email Updates

Recent Posts