Since going into effect in the early 20th century, the state and federal securities laws and regulations have constantly undergone revision and updating to address emerging risks and changing business practices.

As a result, Registered Investment Advisor (RIA) firms are held to an extraordinarily high regulatory standard eclipsed only by industries required to preserve the safety of humans and the environment (i.e., transportation, medicine, and oil and gas exploration). With high regulatory standards comes greater regulatory scrutiny, and thus the importance of building a rock solid compliance program from the start cannot be overstated.

The SEC typically seeks to audit RIAs within 24 months after initial registration, and assuming a normal risk profile any follow-on audits may be conducted up to every 10 years thereafter. State securities regulators typically seek to audit new RIAs within 24 months of registration, and every three to five years thereafter. The results of an RIA’s perfunctory attempt at building a compliance program often results in an audit report overflowing with findings, deficiencies, and the actions required to achieve compliance. In some cases, egregious violations are referred to enforcement, which may result in the RIA paying a penalty, having its registration suspended, or being barred from the industry.

Key Components of a RIA Firm Compliance Program

A rock-solid compliance program designed by a highly qualified securities compliance and regulatory consultant will save a new or existing RIA time, stress, and money in the long run. At the very least, all RIAs must or should have the following:

Other policies and procedures an RIA might keep include, but are not limited to:

Maintaining a Culture of Compliance

A rock-solid compliance program will get a new RIA through its first year. But if an RIA doesn’t have a top-down culture of compliance the rock-solid compliance program will languish. RIAs can avoid this problem by outsourcing their compliance program to a consultant who will take charge and ensure the RIA will operate within the boundaries of the federal and state securities laws and rules, even as those laws and rules change over time.

The cost of outsourced compliance varies, but in general, an RIA will get what it pays for. Some RIAs prefer software as a service (SaaS) compliance because of the ease with which quarterly and annual compliance reviews are conducted in a “click to verify” format. But the downside of SaaS is that it can be expensive and prone to misuse by incompetent Chief Compliance Officers who simply click through the compliance questions without conducting a meaningful compliance review. This is something the federal and state securities regulators will pick up on during an audit.

Bespoke compliance consultants who manage an RIA’s compliance calendar and quarterly and annual compliance reviews are generally worth the expense. It is highly recommended that RIAs seek out a highly qualified compliance consultant to consult on or manage the firm’s compliance program.

At a minimum, a compliance consultant should be hired to build and implement an RIA’s compliance program, manage registrations and renewals, and file the annual updating amendments. Doing these three things will typically bolster the RIA’s culture of compliance and expand the life of the rock-solid compliance program.

If you would like to learn more about the RIA compliance program requirements, or if you need help with your registration or ongoing investment advisor compliance needs, please contact us at Info@AdvisorGuidance.com.