FIN Family of Companies

Compliance - Forms, Documents, and Audit Prep

By Cory Roberson, Principal at FIN Compliance and FIN Community


Caption: Visit store: https://riareview.com/  or here: https://sellfy.com/riareview

August 17, 2018.  As mentioned in a previous blog, RIA Exam - Preparing for an Audit in 2018, we’ve seen an uptick in the number of advisory examination requests this year.  A pending audit may present an unwelcome addition to an advisor’s busy schedule, but there is a window of time to prepare.  In addition, to the relief of many advisors, examiners are known to offer extensions for scheduling the examination.  Let’s review some ways that firm’s can update documentation for audit prep purposes.   

The Audit Process revisited

Typically, firms are greeted with an email from an examiner that includes a document request list outlining the audit processes and requirements (ref. SEC Form 2389).  The list will specify the dates for records requested to review (e.g. last quarter or last fiscal year).

The actual exam may include a series of phone calls and/or visits to the office.  During in-person visits, which may last over a few days, examiners will review firm documents to ensure its guidelines are met (e.g. Advisors act or similar state securities acts).  A sample testing of fees, accounting, client files, and trading is usually performed during this period.  

Next, comes the waiting period as examiners compile their results.

Afterwards, examiners will send a summary of results, that will include a discrepancy letter (or guidance) for making corrections.  The process of fixing discrepancies might feel like a punch in the stomach to a firm, but examiners often grant extensions to make changes. 

With that said, any further delays beyond an extension in responding to an examiner or fixing discrepancies, can incur a heavy fine or other censure.  In addition, significant gaps in filings or unlicensed activity can incur a fine(s) or other censure(s). 

Advisors can contact a compliance person and/or attorney familiar with guidelines to review its risk areas.

We advise that firms prepare ahead of time as discrepancies are a common occurrence amongst advisors registered with the SEC, FINRA, and/or state securities regulators.  Within this framework, advisors can mitigate potential issues by updating documentation on a periodic basis. 

As a general practice, firms should review/update: Client documentation (at the time of client visits); Trading/Cybersecurity records (on an ongoing basis), Fees/accounting (on a monthly/quarterly basis), and Procedures manual (at least once a year).

The following is not an exhaustive list of items to review.  Firms can use sample document request lists to prepare.  Further reviews may be needed depending on the firm and its business model.

What are Common Discrepancies? 
   
There is guidance for determining the most common discrepancies amongst firms.  Every year, usually around the month of September, the North American Securities Administrators Association (“NASAA”) issues their examination findings of more than 1000 firms (see 2017: NASAA Examinations report ). 

Reasons for documentation before (after) an audit

Many compliance procedures, including trade monitoring, must be packaged into documentation as proof of a review for an examiner.  Do not expect your regulator to rely on your FinTech or RegTech solution without the process of an actual person explaining the review process and generating an audit trail.  Online solutions, including RIA Review, can be used in tandem with producing the documentation needed for examiners.  

Our Forms and Documents Store

Our forms and templates store consist of sample audit request lists, checklists, manuals, and agreement templates to manage a portion of your firm’s audit prep.   




Sample Audit – Document Request Lists (complimentary)*

SEC Examination Request List (based on an actual review in 2018) provides a comprehensive list of the following areas: (1) Organization/Business Activities, (2) Client/Firm Documentation, (3) Compliance Program, Risk Management and Internal Controls Compliance (e.g. Compliance manual, Risk Assessment Annual Review), (4) Financial Records (e.g. GAAP, bank, loans), (5) Client account (e.g. list summarized on a spreadsheet), (6) Trading/Brokerage forms (e.g. blotter, brokerage arrangements), (7) Custody information (when applicable), (8) Conflicts of Interests (e.g. Code of Ethics, other business activities), (9) Advertisements/Presentations, (10) Pooled Investment Vehicles (e.g. PPM, partnership agreements, investor list, financials).  complimentary.

The California Department of Business Oversight Examination Request List (based on an actual review in 2018) includes a list for: (1) Accounting records (e.g. GAAP Format, financial requirements); (2) Agreements/contracts (e.g. advisory, Financial Planning Contracts, Investment Policy Statements), (3) Client Documentation (e.g. Client lists), (4) Corporate Records (e.g. LLC/LP, etc.), (5) Advisory Administration (e.g. Business Continuity, Advertising), and (5) Firm Personnel documents (e.g. Advisors, employees, access persons).  complimentary.

Generally, all examiners will investigate updates of client documentation (e.g. agreements, investment policy statements), accounting (financials, fees), procedural reviews, and general documentation (e.g. ADV, advertising, registration).  Regulators, such as the California Department of Business Oversight, expect for firms to update investment policy statements at least every three years.

Q. What about request lists for other states?

A. The North American Securities Administrators Association (“NASAA”) enacted the Uniform Securities Act (ref. 1956) as a regulatory framework for state examiners.  In addition, states legislatures also base most of its advisory regulations on the SEC Investment Advisors Act.  As such, the state examination process is similar to the guidelines referenced in California.  

With that said, states do exercise their own authority in amending the act to its own preferences from time to time (some rules differ).  Many state websites will post their audit request lists on their websites, but advisors can contact us to put together a state-specific examination list for a fee. 

*SEC Books and Records Rule 204-2 (and similar state rules)

Documentation – Agreements and Manuals (Fee)

Advisory firms, who pass a “de-minimis” threshold of a number of clients in a state outside of its home office, are required to register the practice and at least one investment advisor representative in that jurisdiction.  Firm can use our State Di-Minimis Checklist which includes a summary of registration thresholds in other states for a fee

Who is an Investment Advisor Representative (“IAR”)?

Under SEC Rule 203(a) and similar state guidelines, an investment advisor representative (“IAR”) is defined as any (persons) who:

Makes securities-based recommendations;
Manages accounts or portfolios of clients;
Oversees recommendations or advice;
Solicits or offers sales of securities; ***.
Supervises employees.

Firms can use this Di-minimis checklist in addition to working with solicitors (“persons offering referral services”).  Some states may/may not require IAR registration for the solicitor. If a solicitor is required to file with your firm, the practice will also be responsible for making sure they are registered in appropriate jurisdictions. Fee

Our Investment Advisory agreement** template contains the general terms, services, and stipulations for entering into advisory services.  Advisors can customize this agreement based on the actual services/fees offered by their firm.  Clients must sign the agreement and receive a copy of the firm’ brochure (ref. Brochure Rule), privacy policy, and if required, a summary of the business continuity plan (ref. CA DBO CCR 260.238.3).

For:  Advisory and Portfolio management services

An Investment Consulting agreement template features general terms, services, and an overview for entering into a fixed, flat, or hourly arrangement.  Firms can tailor as needed.  Fee 

For:  Consulting, research, and other related services.

The Financial Planning Agreement template also features general terms, services, and an overview for entering into a fixed, flat, or hourly financial planning arrangement.  Firms can tailor as needed.  Fee.

For:  Financial Planning services (CFP ref. Rule 1.3 of CFP Board’s Rules of Conduct)

A Solicitor agreement*** template features general terms, an overview of referral services, and a disclosure statement for entering into a referral arrangement with an investment advisor.  Clients must receive a: (1) Disclosure statement and (2) Firms should tailor as needed.  Fee.

For:  Referrals, third-party sale persons

Typical Steps Include:

Firm: providing services should be licensed with either state, SEC, or FINRA.
IAR/Principal:  working with the client should be licensed with the firm.
Solicitor:  May or may not need to be licensed or qualify to be an IAR.
Firm: Enters into a written agreement with solicitor.
Firm: provides the solicitor with a copy of the solicitor disclosure document.
Solicitor: sends required documents to prospective or “solicited” client.
Firm: discloses solicitor arrangement on ADV.
Firm: enters into a signed arrangement during client onboarding.  

Both the firm and solicitor can be fined if they conduct referral-based activities without required procedures in place.

Policies and Procedures manual (state) features a general overview of policies and procedures, including a list of State Securities Laws to tailor based on the jurisdiction of your “home office” location. Fee.

Policies and Procedures manual (SEC) features a general overview of policies and procedures, including a list of regulatory updates released by the SEC Office of Compliance Inspections and Examinations and the SEC Division of Investment Management.  Fee

Compliance Management System (ongoing review)

Need more?  In case you need a system for conducting your review, there is compliance management protocol for audit-prep purposes at RIA Review.  All of the forms aforementioned are available to Premium and Premium Plus Users.


There are three versions available including:

Free Version - for those who want to try out a limited version.
Premium Version ($995/yr) - for state-registrants with basic reporting needs.
Premium Plus Version ($1195/yr) - for SEC and State Registrants that also require an annual review.

There are also short training videos featured on the platform to premium/premium plus users.  

Review our blog RIA Review – Compliance Management System for a full overview of features.


Introducing RegTech, FinTech, Blockchain and Crypto issues.

To get our network up to speed on new technologies, we will be announcing public regulatory webinars that will feature service providers in the FinTech, RegTech, Crypto and Blockchain communities.  Stay tuned for announcements as we prepare the launch of an upcoming platform.

Fin Community is a member rewards and business listing network featuring providers in the FinTech, RegTech, Crypto and Blockchain communities.  Members can view offers from our network of vendors. Coming Soon.

Vendors can contact us for information of listing their business on our site. 

**Note:  We are not a law practice.  Advisors looking for advice on legalities discussed in an agreement should contact an attorney for additional interpretations or we can refer you as needed. The following steps should be used for illustrative purposes that must be tailored to your firm’s business model.  




Our Mission: “Serving the Investment Community to Make a Social Impact”

Compliance

FIN Compliance (FinCompliance.io) is a consortium of compliance services including: RIA Consults-Roberson Consults Group, a compliance consulting firm, RIA Review, a compliance-management software tool (SaaS), RegTech Products is a product notification portal for product offerings in financial service markets.

Business Listings

FIN Community (FINcommunity.io) is a business listing and network for providers in the Financial Services, FinTech, RegTech, Crypto and Blockchain communities.  We believe in supporting the gig economy through building business opportunities.

Impact

SoCap Missions (socapmissions.com) provides business support group sessions.  In addition, Cory has volunteered for more than fifteen youth programs in locations such as like S. Korea, China, S. Africa, Thailand, and India.


No comments:

Powered by Blogger.