The annual review is a tried-and-true practice for any registered investment adviser (RIA). And guess what? It’s that time of year again. While there is not set schedule for when your RIA firm must conduct its annual review, many firms use this time (December to March) to do such annual review activities, including reviewing their policies and procedures and conducting the annual review meeting with all firm employees.
To help ensure a smooth 2023 annual compliance review, we’ve gathered the top 10 dos and don’ts to remember as your RIA seeks to comply with relevant regulations, be it state or Securities and Exchange Commission (SEC) mandated.
Top 10 dos and don’ts for your RIA annual compliance review
Your RIA’s annual compliance review will likely require time and resources from multiple teams across your firm. Follow these top dos and don’ts to make sure you are allocating the right resources to this task in the most efficient manner.
- Do: Review and update your existing RIA policies and procedures manual to reflect new regulations.
Your RIA policies and procedures manual is anything but set-it-and-forget-it. In fact, according to the SEC an RIA is mandated to regularly review their policies and procedures to ensure its efficacy. Take the time to look back at any new regulations which have passed in the last year and adjust your manual to reflect new requirements for your RIA firm.
- Don’t: Make your annual compliance review a once-a-year endeavor.
While the name, and associated ruling, mandates an RIA firm conduct their review once every calendar year, many firms have come to realize the benefits of breaking up this task into more manageable subtasks throughout the year. By taking the time throughout the year, you not only avoid a mad rush come year end, but you also realize the benefits of an updated compliance program which proactively meets new requirements and heightened risk points.
- Do: Invest in a compliance calendaring technology to help alleviate the tracking and monitoring.
Let’s face it, compliance is a complex facet of the financial industry, requiring huge amounts of knowledge and awareness. Compounding the issue? Hundreds of mundane tasks which eat up the majority of your time. And that’s where technology can help. With an automated calendaring tool, you can ensure you and your RIA firm stay on top of annual compliance review tasks without checking and double-checking countless spreadsheets.
- Don’t: Forget to host your firm-wide annual compliance review meeting.
One of the most critical aspects of your RIA’s annual compliance review is the annual compliance review meeting. This is where you share your findings and any updated policies and procedures with the firm at large. Educating staff on new requirements, potential compliance issues or conflicts of interest and appointing who from each team will lead the charge on updating and addressing such issues.
- Do: Make note of your meeting and document key takeaways and who in your firm is responsible for what.
With the annual compliance review meeting in mind, it is paramount for RIA firms to document the meeting, which includes, the agenda, issues addresses and any changes to your RIA firm’s practices.
As mentioned above, it isn’t enough to simply find issues, they must be addressed…and quickly. At this meeting, your team should assign a point person to lead the charge on specific issues, be it document updating or adding in any missing disclosures. Document who is responsible for which task and when it is expected to be completed.
- Don’t: Simply copy your annual compliance review from last year.
One of the worst things an RIA firm can do is simply copy and paste their annual compliance review. Not only is this a huge red flag to the SEC but it puts your firm and its clients at risk if your compliance program is not adjusted to thoroughly meet new needs and risk points.
- Do: Take cybersecurity matters into account.
Cybersecurity was one of the biggest topics in 2022 and for good reason. With the quantity and sophistication of attacks only increasing, your RIA firm would be wise to use this review period to assess and adjust any cybersecurity measures you currently have in place.
- Don’t: Just check the box.
Your RIA annual compliance review is not a check it and go kind of task. It requires a thorough analysis of both the industry and your firm. Investing your time and resources into this initiative will be well worth the effort when you make it through another calendar year without issues of noncompliance and the potential fines and penalties which often come along with it.
- Do: Prepare for proposed rulings from the SEC and other regulatory bodies.
While you will likely look back at new rulings from the relevant regulatory bodies (see first bullet), we also recommend looking into the future. Assess proposed rulings and how your RIA firm can proactively address such rulings – within reason – during this review period. By adjusting your RIA compliance program to reflect upcoming regulations, you avoid the stress of last-minute changes to ensure compliance.
- Don’t: Forget to complete your RIA annual compliance review.
This might seem like an obvious one, but one of the most common deficiencies is simply not conducting an annual compliance review. Don’t forget, do conduct your RIA annual compliance review this year.
RIA in a Box LLC is not a law firm, investment advisory firm, or CPA firm. RIA in a Box LLC does not provide legal advice or opinions to any party or client. You should always consult your relevant regulatory authorities or legal counsel if applicable.