If you run a registered investment advisory (or work for an RIA as an investment advisor representative) and haven’t been paid a visit by the SEC in a while, here is a fun fact to know and tell: Forty percent of RIAs examined in 2006 received a deficiency letter on their compliance procedures by the SEC.
As any RIA would know (but our FAs at broker/dealers might not), RIAs must conduct compliance reviews annually under the “compliance program rule” of the Investment Advisers Act of 1940. In short, RIAs must analyze their compliance programs to be sure they conform to the law, and to make sure their FAs are hewing to rules on personal trading, gifts and entertainment, political and charitable contributions, soft dollars, business continuity, and books and records, among others.
The SEC’s compliance rule also calls for RIAs to adopt and implement compliance policies, of course, but to also appoint a chief compliance officer (CCO). If RIAs don’t have a CCO, the RIA is deemed the compliance officer. Over a quarter (28 percent) of advisory firms have no one in a full-time compliance role, while nearly a third (35 percent) have only one employee in a compliance role, according to a recent survey. The survey included 457 RIA participants, and was conducted by ACA Compliance Group, an investment management compliance testing survey company; the Investment Advisor Association, the RIA lobby; IM Insight, a weekly newsletter focusing on regulatory trends; and, Old Mutual Asset Management, the U.S. unit of the London-based financial services firm, Old Mutual plc. Old Mutual Asset Management has more than $315 billion in assets under management.
The survey found that nearly three-quarters of the respondents (73 percent) reported only minor compliance issues, 8 percent reported finding significant issues and 19 percent reported no issues.
RIAs are inspected every two to three years if they are deemed “high-risk,” and indefinitely if they are considered to be “low risk” by the SEC. But the Advisers Act of 1940 requires firms to conduct their own internal review annually. The survey found that 57 percent do in fact conduct compliance testing on an ongoing, rolling basis: Eleven percent test quarterly, 2 percent monthly and 30 percent annually.
RIAs believe that the SEC is preparing to increase their own investigations in the future. For busy wealth managers, meeting compliance requirements sucks time away from clients, so creating a strong compliance procedures is important to continued success, experts say.
A Visit From The SEC
When the SEC stopped in to audit Gary Rathbun’s office at the end of August, the president of Private Wealth Consultants, Ltd., a Toledo-based RIA, says his office was ready. Rathbun has been in the business 27 years, and an SEC-registered advisor for nine. Until that August day, he hadn’t ever been audited by the SEC. Rathbun says the SEC’s visit wasn’t a traumatic experience by any means; he has a full-time, in-house compliance officer, who devotes her time to making sure the practice is up to speed on all compliance mandates.
“Where I think most people fail is their policies and procedures manual. From my experience, and also talking to the SEC guys, most people are very ill- prepared for the audit,” Rathbun says. “The SEC guys said to me, ‘I want to have a policies and procedures manual, such that a stranger could walk in here, you hire them, and on their first day they could do anything that needs to be done here from the policies and procedures manual.’” (Rathbun’s manual is several hundred pages long.)
One thing that really ticks off the SEC is a policies and procedures manual that is merely based on a downloaded template. It is a tempting practice for busy advisors who don’t have—or can’t afford to have—a CCO on staff. In fact, on October 4, the regulatory watchdogs issued an administrative proceeding against an advisor and CCO based in Memphis for failure to customize a procedures manual, as the firm allegedly used a pre-packaged compliance manual, among other allegations. “I would say 70 percent or more of what RIAs need to do is probably built into their systems, and they do it everyday; it’s the 30 percent that hangs you, and that’s the very detailed and accurate policies and procedures manual that needs to be updated constantly, and requires documentation of those updates,” Rathbun says.
“I think that what the SEC is saying is that [increased] compliance is here to stay,” says Tracy De Wald, senior vice president and general counsel at Securities America. “The advisors have got to get over the thought that compliance is something that they do off the side of their desk. You can’t have an ‘I’ll get around to it’ philosophy; it has to be this is as important to running my business as my accounts receivables are. And it has to be part of my daily checklist of running a business.” If the advisor doesn’t have the time or the knowledge to devote to compliance, DeWald says, he should hire someone in house or outsource—and there are many organizations to choose from.