What It Takes to Run an RIA: Compliance Program Must-Haves
According to a recent Investment Adviser Association report, 2021 saw a 6.7 percent rise in the number of SEC-registered investment advisers and a 1.2 percent drop in broker/dealers. While these stats don’t necessarily spell the demise of the FINRA registration, they do reveal a growing interest in the RIA space.
So, are you one of the many who would like to run an RIA? Before taking the leap, there’s much to put into place—including knowing what it takes to ensure a strong compliance program. Step one? Investment adviser compliance.
An Investment Adviser Compliance Primer
Registered investment advisers are subject to a myriad of regulations—most notably, the Investment Advisers Act of 1940 and its associated rules, including the SEC’s Advisers Act Rule 206(4)-7. The 2003 rule requires investment advisers registered with the Commission to “adopt and implement written [compliance] policies and procedures reasonably designed to prevent violation” of the Advisers Act.
These policies and procedures must be reviewed and tested for effectiveness at least once a year. Further, a chief compliance officer (CCO) appointed by the firm must oversee the implementation and oversight of those policies and procedures.
For newly established RIAs, the SEC provides a helpful primer for investment advisers as they build out the structure of their compliance programs. Luckily for your intrepid author, it also provides the framework for this post.
A cursory read of the SEC’s primer may leave some to think that all you have to do is type a few policies in a Word doc, appoint yourself as CCO, and file that document away for an occasional review. As it turns out, the SEC has significant problems with that approach.
How Not to Run an RIA
In a September 2021 action against Soteira Capital, LLC, the SEC temporarily barred the RIA’s founder and CCO from the securities business and issued $567,000 worth of fines and penalties against them and the firm. Among the infractions was the firm’s lack of sufficient written policies and procedures—its compliance manual was just 12 pages in length and didn’t address several material areas of its compliance program. The CCO was clearly not in a position of authority and wasn’t effectively overseeing the investment adviser’s compliance program, if at all.
There are many other deficiencies as well—the entire SEC order is an educational read about how not to run an RIA.
Compliance Program Must-Haves
Policies. Bearing that regulatory nightmare in mind, what does an effective compliance program include? It should, at a minimum, contain policies on the following:
Portfolio management processes: How do you demonstrate allocation of investment opportunities among clients and consistency of portfolios with clients’ investment objectives, your disclosures to clients, and applicable regulatory restrictions?
Disclosures: What disclosures are made to investors, clients, and regulators, such as in account statements and advertisements?
Proprietary trading: What are your and your employees’ personal trading activities?
Safeguards for client assets: How do you prevent conversion or inappropriate use by your personnel?
Accurate creation of required records: How are records created and maintained in such a way that they will not be altered, used, or destroyed without authorization?
Privacy protection: How do you keep client information safe?
Trading practice: Which procedures show how you satisfy your best execution obligation, use client brokerage to obtain research and other services (referred to as “soft dollar arrangements”), and allocate aggregated trades among clients?
Marketing advisory services: Have you included the use of solicitors? Do you have a documented pre-approval process for marketing pieces used by your advisors?
Processes for valuing client holdings: How do you assess fees based on those valuations?
Business continuity plans: How will your firm continue to operate if disaster strikes?
Clearly, this list is a lot to take in. There’s so much involved in each policy, and there may be other areas you’ll need to include based on the particulars of your firm’s business—and those particulars are important. The SEC expects your policies and procedures to be tailored to your firm and not simply be a manual purchased or obtained from a third party with zero customization. So, where should you begin?
Risk matrix. A good place to start is developing a risk matrix for your firm that will serve as the foundation for an effective compliance program. In short, it’s a tool used by most investment advisers to identify both potential risks to the firm and mitigation and testing strategies to address those risks.
For example, let’s say your firm identifies the death or incapacity of the firm’s sole advisory representative as a risk. This is a risk that many firms have not mitigated, even resulting in a yet-to-be-adopted SEC rule proposal in 2016. Have you begun the process of identifying a long-term succession partner? If not, how would your clients receive service if the sole advisory representative of the firm died or was incapacitated? Particularly in times of turbulent markets, leaving a client without the ability to perform transactions in their portfolio would be considered a breach of your firm’s fiduciary duty.
Performing an annual risk analysis forces firms to deal with these sometimes uncomfortable issues and furthers your ability to present a “culture of compliance” to the regulators—not to mention helping to keep your clients safe.
It’s essential to document these items on the matrix. That way, you can help ensure that for every potential risk, there is a policy, procedure, and strategy to help mitigate said risk. Further, the matrix should be reviewed annually, at a minimum, in light of new regulatory developments, new business initiatives, and testing results. Using a well-crafted risk matrix as a baseline can help create procedures to operationalize the new compliance program.
The Role of the CCO
As an investment adviser, you must appoint a CCO to oversee your compliance program. The importance of this position cannot be overstated. The chosen individual is your firm’s best defense against adverse regulatory action. As we saw in the Soteira case discussed earlier and repeatedly when reviewing the ever-growing list of enforcement actions on the SEC’s website, failure to have a knowledgeable and dedicated CCO would be disastrous for your firm.
Indeed, during a 2020 SEC seminar for investment companies and investment advisers, Peter Driscoll, then-director of the SEC’s Office of Compliance Inspections and Examinations, made precisely that point:
“Importantly, the Compliance Rule requires each adviser to designate a CCO to administer its compliance policies and procedures. As the Commission described in the Compliance Rule Adopting Release, an adviser’s CCO should be competent and knowledgeable regarding the Advisers Act and should be empowered with full responsibility and authority to develop, implement, and enforce appropriate policies and procedures for the firm. And a CCO should have a position of sufficient seniority and authority within the organization to compel others to adhere to the compliance policies and procedures.”
Finding the right person for the job. Unfortunately, you’re not going to find a group of outstanding CCO candidates beating down the door of your new RIA firm. Many RIAs choose from their existing staff, often a tenured advisor, to fill this role. While this is a reasonable and often necessary choice in the short term, this person will continue to have client-facing responsibilities, not to mention the day-to-day duties of running a small business.
For that reason, advisors on the RIA track should strongly consider selecting and training a capable individual from within the firm to step into the role of CCO eventually. A good training program for a CCO candidate includes three specific elements:
Reading: Absorb everything that’s out there. Adopting releases for new and old rules, enforcement actions, and speeches by SEC staff are all easily available and a great place to start.
Education: Pay attention to programs like the Investment Adviser Certified Compliance Professional (IACCP), which provides an excellent baseline understanding of the Advisers Act.
Technology: There are multiple vendors that can help you go paperless and streamline your compliance operations. Smartria and Global Relay are some best-in-class tools to consider.
Of course, there is no substitute for experience. Operationalizing, running, and testing a compliance program will always present opportunities for evolution and growth.
Are You Ready to Run an RIA?
As you can see, there are many factors to consider when deciding if it’s the right time to run an RIA. But every firm has to start somewhere, and establishing an effective investment adviser compliance program will be key. By making the compliance investment—from establishing procedures to hiring a CCO—you’ll see positive returns in reducing regulatory, financial, and reputational risks for your firm.
Are you ready to run an RIA but don’t want to go it alone? Learn how the right firm partner can provide the support—and the flexibility—you need.
This material is for educational purposes only and is not intended to provide specific advice.