RIA Compliance and Practice Management Blog

Since 2015, the U.S. Securities and Exchange Commission ("SEC") Office of Compliance Inspections and Examinations ("OCIE") has specifically listed cybersecurity as a registered investment adviser ("RIA") annual examination priority. Most recently, the SEC once again highlighted cybersecurity as a regulatory examination priority for 2019. In particular, the SEC OCIE staff noted, "Specific to investment advisers, SEC OCIE will… continue to focus on, among other areas, governance and risk assessment, access rights and controls, data loss prevention, vendor management, training, and incident response.” These six areas of focus for information security were first enumerated in a September 15, 2015 SEC RIA risk alert and have remain unchanged since.

To stay on top of the latest industry trends and education topics, advisors at registered investment adviser ("RIA") firms have many options to turn to online. You can read blogs, view webinars, and listen to podcasts just to name a few. So why should should an advisor spend the time and money to attend an industry conference? While it likely does not make sense to attend every industry event out there, finding the right conference for you to attend can have a meaningful impact on your firm and individual professional development! 

In general, a registered investment adviser ("RIA") firm's policies and procedures manual should outline the process for the firm's Chief Compliance Officer ("CCO") to conduct a series of review activities including an annual compliance program review as mandated by Rule 206(4)-7 of the Investment Advisers Act of 1940. In addition, the CCO is generally tasked with training company staff on a variety of relevant regulatory topics that impact the firm and each individual at the firm. The annual compliance meeting can serve as the platform to address many compliance training responsibilities including cybersecurity which remains a top federal and state RIA regulatory compliance examination focus area.

Registered investment adviser ("RIA") firms utilizing our MyRIACompliance RIA compliance software platform benefit from our integration with Salesforce which is the leading customer relationship manager ("CRM) software provider to investment advisers. The integration allows a joint Salesforce and RIA in Box MyRIACompliance subscriber to view and complete tailored regulatory compliance tasks all within the Salesforce task and calendar system. MyRIACompliance helps to programmatically deliver firm-specific compliance tasks utilizing the firm’s Form ADV and other proprietary data directly into the Salesforce system. 

Beginning in 2014, the Securities and Exchange Commission ("SEC") has issued a series of registered investment adviser ("RIA") risk alerts highlighting cybersecurity as a key compliance concern. In particular, on September 15, 2015, the SEC Office of Compliance Inspections and Examinations ("OCIE") issued a risk alert flagging vendor management as one of six critical cybersecurity focus areas. Subsequent SEC OCIE risk alerts and guidance have also continued to identify third party vendor management as a critical cybersecurity risk area. As more RIA firms migrate to cloud-based technology and vendors, proper vendor management and due diligence is becoming an even more important element of every investment advisory firm's cybersecurity compliance program. In today's world, investment advisers need to actively mitigate the risk of indirect information security breaches via a third party vendor that leads to the exposure of the RIA firm's nonpublic personal information ("NPI") or other sensitive information.

In 2018, we published over 110 blog posts on a variety of registered investment adviser ("RIA") practice management and regulatory compliance topics. We received over 165,000 visits to our blog in 2018 and a number of the most popular posts relate to practice management and regulatory topics ranging from technology adoption to cybersecurity. Over 1,700 RIA firms rely on us not only for regulatory compliance consulting support and software, but also for guidance on how to best grow and scale an advisory firm. 

With increased sophistication around phishing emails, it is more important than ever to make sure your staff is properly trained on how to identify a potential fraudulent phishing email. Even for advanced users, targeted phishing emails are becoming harder to detect. To start, it is important for registered investment adviser ("RIA") firms have a cybersecurity policy in place. However, not only should a proper policy be in place, but It is imperative firms are training all staff on how to identify a phishing email to protect sensitive internal information and client data.

Registered investment adviser ("RIA") firms utilizing our MyRIACompliance RIA compliance software platform benefit from our integration with Orion which is one of the leading portfolio management and reporting software providers according to our most recent industry study. The integration allows a joint Orion and RIA in Box MyRIACompliance client to automate compliance and registration requirements to help ensure consistent and accurate registration and Form ADV information is filed.

Registered investment adviser ("RIA") firms utilizing our MyRIACompliance RIA compliance software platform benefit from our integration with Morningstar Office which is the leading portfolio management and reporting software provider according to our most recent industry study. The integration allows a joint Morningstar and RIA in Box MyRIACompliance client to automate compliance and registration requirements to help ensure consistent and accurate registration and Form ADV information is filed.