These are the basic steps to walkthrough when starting and registering your RIA firm.
Draft the Form Filings & Documents You Need in Order to Register Your RIA Firm
In order to register your registered investment adviser ("RIA") firm with the proper authorities, you’ll want to make sure you have your forms and filings in order. While not all of the forms we’ll review here are required upfront (most are, but as always, there are exceptions and exemptions), authorities will expect to see them if and when they audit your firm.
- Form ADV
- Policies & Procedures Manual
- Investment Advisory Contracts
- Investment Adviser Representative ("IAR") Licensing Requirements
For more information on the Form ADV, check out the SEC’s General Instructions and Glossary for the Form ADV.
Register Your RIA with the Proper Authorities
Once you have your forms in order, you are ready to register. Depending on a few different factors outlined below, you will need to register your RIA at either the SEC or state jurisdiction level.
- When to Register with the State:
Prospective RIA firms with less than $100 million in AUM must register with the relevant state(s), not the SEC. Generally, the advisory firm must register in any state where it:
- has a physical location or office;
- has a representative physically located;
- has five or more clients (or a single client in the states of Texas and Louisiana); or
- is physically soliciting in that state.
- When to Register with the SEC:
Advisers who start an RIA firm with at least $100 million in assets under management ("AUM") must register with the SEC as an RIA.
Some of the more common exceptions that allow investment advisor with less than $100 million in AUM to register with the SEC include:
- Advisory firms with principal office and place of business in New York generally must register with the SEC if their AUM is $25 million or greater
- Firms that serve as adviser to an investment company registered under the Investment Company Act of 1940 must register with the SEC regardless of AUM
- RIAs that are required to register in 15 or more states will generally register with the SEC regardless of AUM
- Internet-only investment advisers may register with the SEC regardless of AUM
For firm's transitioning from state to SEC registration, learn more about the transition process in this blog post.
Choose a Chief Compliance Officer ("CCO")
RIAs of all sizes are required to have an in-house CCO, but it can be someone who handles other duties. In many cases, the adviser-owner maintains that role in the beginning stage of an RIA’s life. As your firm grows, there are two directions you can decide to go in:
- Partner with an Outsourced Compliance Consultant: Compliance consultants can supplement and assist an RIA’s CCO for a fraction of the cost of hiring an in-person CCO, and quality consultants already have the compliance expertise needed to keep your firm compliant. Even with an outsourced consultant, however, the ultimate responsibility to fulfill your firm's compliance responsibilities ultimately lies in the hands of your designated CCO.
- Pair Compliance Technology with a Compliance Consultant: Adopting a compliance technology solution can save a busy CCO or adviser-owner time. By implementing the right compliance technology, CCOs can gain access to necessary tools to support and create a culture of compliance. The right compliance technology solution can reduce the amount of time spent planning, completing, and documenting regulatory activities by streamlining and simplifying the processes. Pairing compliance technology with a compliance consultant can empower RIAs and their CCOs to navigate the increasingly complex regulatory requirements more efficiently.
Protect Your RIA Firm From Cybersecurity Threats
Phishing scams, malware, ransomware, trojans—the list of potential avenues for hackers to access your information seems to grow by the minute. As digital becomes a more and more essential part of running an RIA, the realm of cybersecurity presents increasingly dangerous threats to keeping your firm and your clients safe.
The SEC has outlined six cybersecurity factors for RIA firms to focus on:
- Governance and Risk Assessment
- Access Rights and Controls
- Data Loss Prevention
- Vendor Management
- Incident Reporting
Most RIA firms don’t have the budget (or need) to hire a full-time Chief Information Security Officer (CISO) or other I.T. personnel to maintain their compliance in every one of these areas. One cost-effective alternative is subscribing to a cybersecurity platform built to meet all six of the above focus areas.
Get the Right Insurance for Your RIA Firm
While insurance is not a requirement of starting a new RIA firm, there are two types that most RIA firms should at least consider.
- Errors and Omissions Insurance:
We highly recommend liability insurance to safeguard your firm. Failing to get such a policy leaves your firm vulnerable to a very serious business risk. Keep in mind though, even the best E&O insurance plan won’t cover an inadequate RIA compliance program. For example, regulatory fines and sanctions will generally not be covered by insurance programs. It's critical that your firm implement internal compliance policies and procedures to establish the proper culture of compliance.
- Cybersecurity Insurance: Cyber insurance offers an important, often underrated service to RIA firms. In the case of a cyber attack, many small-to-midsize businesses are at risk of devastating consequences without the proper cyber coverage in place. When selecting cybersecurity insurance, it’s important that you follow the steps you would follow when choosing any other type of insurance—namely, educating yourself, weighing the options and turning to the experts if you need help.
Understand the Fiduciary Duties of an RIA Firm
Fulfilling the role of a fiduciary is a core pillar of the services RIAs provide, so it’s important that you understand what that means. In 2018, the SEC released a document that outlined their views on the fiduciary duties of an RIA, breaking them out into five categories.
- Duty of Care
- Duty to Provide Advice That is in the Client's Best Interest
- Duty to Seek Best Execution
- Duty to Act and Provide Advice and Monitoring over the Course of the Relationship
- Duty of Loyalty
Properly Address Disciplinary Disclosures
The SEC has stated in no uncertain terms that it pays extra attention to firms where individuals with disciplinary disclosures work. If you or someone you work with has a disclosure on their record, there are a few important items to keep in mind.
- You Must Disclose Them: This may seem obvious, but the SEC regularly finds firms have omitted material disclosures regarding disciplinary histories, including incomplete or confusing information on disciplinary events, and/or have not delivered disclosure documents to clients.
- You Must Address the Risks: If you or someone on your team has disclosures, your policies and procedures need to demonstrate that you understand the risk.
Visit our Comprehensive Guide to RIA Compliance for a full breakout of these steps.