Compliance FAQ: SEC Risk Alert Identifies Most Common RIA Compliance Deficiencies

In this month’s article, Lexington Compliance looks at the most common RIA compliance deficiencies and offers guidance as firms prepare for SEC regulatory examinations.

On Feb. 7, 2017, the Securities and Exchange Commission (SEC) Office of Compliance Inspections and Examinations (OCIE) released a new National Exam Program Risk Alert identifying the five compliance areas most commonly cited in deficiency letters sent to registered investment adviser (RIA) firms registered with the SEC. The OCIE is the SEC division that conducts examinations of RIA firms and this new list of top deficiencies can help investment advisers better prepare for a regulatory examination. The risk alert focuses on deficiency letters from over 1,000 RIA audits conducted over the past two years. This latest SEC OCIE staff guidance follows similar examination deficiency guidance provided by the North American Securities Administrators Association (NASAA) in its 2015 RIA coordinated examination report.

The 5 areas with the most compliance issues identified by the SEC OCIE staff are:

  • Rule 206(4)-7 (the “Compliance Rule”) under the Investment Advisers Act of 1940 (the “Advisers Act”)
  • Required regulatory filings
  • Rule 206(4)-2 under the Advisers Act (the “Custody Rule”)
  • Rule 204A-1 under the Advisers Act (the “Code of Ethics Rule”)
  • Rule 204-2 under the Advisers Act (the “Books and Records Rule”)

In the risk alert, the OCIE staff provides additional guidance and observations related to typical audit deficiencies found in each of the five compliance areas.

Compliance Rule

Our recent blog post titled "Rule 206(4)-7 Continues to Cause Preventable RIA Compliance Issues" discusses many of the areas of weakness cited in the risk alert including:

  • Compliance manuals are not reasonably tailored to the adviser's business practices.
  • Annual reviews are not performed or did not address the adequacy of the adviser's policies and procedures.
  • Adviser does not follow compliance policies and procedures.
  • Compliance manuals are not current.

Regulatory Filings

The Form ADV is the primary filing document for all RIA firms. Despite much guidance provided on the proper completion of the Form ADV and the requirement to file an annual Form ADV amendment[PA1] , it continues to frequently cause compliance issues for investment advisory firms. Such issues are often related to inaccuracies or failure to disclose conflicts. The most common deficiencies related to regulatory filings are:

  • Inaccurate disclosures
  • Untimely amendments to Form ADVs
  • Incorrect and untimely Form PF filings
  • Incorrect and untimely Form D filings

Custody Rule

Many firms fail to recognize that they may be deemed to have custody of client funds. Common scenarios which can lead to an RIA firm having custody include bill-paying services, check-writing authority, online login access to client accounts, serving as trustee, or serving as the general partner of a pooled investment vehicle ("PIV"). The most common deficiencies related to custody are:

  • Advisers did not recognize they may have custody due to online access to client accounts.
  • Advisers with custody obtained surprise examinations that do not meet the requirements of the Custody Rule.
  • Advisers did not recognize they may have custody as a result of certain authority over client accounts.

Code of Ethics Rule

Proper implementation of a Code of Ethics is one of the key foundations of an RIA firm's compliance program. Firms need to ensure that the Code of Ethics is followed and fully implemented and also need to make sure that all relevant persons are properly identified as "access persons." The most common deficiencies related to the Code of Ethics are:

  • Access persons not identified
  • Code of Ethics missing required information
  • Untimely submission of transactions and holdings
  • No description of Code of Ethics in Form ADVs

Books and Records Rule

Every SEC-registered RIA firm is required to keep certain books and records. Investment advisory firms need to ensure that books and records are being regularly reviewed to identify and correct any information that is no longer accurate, contradictory, or may be missing. The most common deficiencies related to books and records are:

  • Did not maintain all required records
  • Books and records are inaccurate or not updated
  • Inconsistent recordkeeping

As RIA compliance consultants, we strongly recommend that the principals and chief compliance officer of all investment advisory firms registered with the SEC, regardless if the firm has been recently examined or not, review the contents of this latest SEC RIA compliance risk alert. The official risk alert includes more detailed information on each of the most common deficiency areas identified during investment adviser audits.

Free Basic Compliance Hotline provided by Lexington Compliance for Scottrade® RIAs

To learn how Lexington Compliance can help you understand compliance issues, please visit* Talk to your advisor service team at 877.726.8741 or about the free basic compliance hotline** provided to Scottrade® advisors by Lexington Compliance.

*By clicking on this link, you understand you will be redirected to, a third-party website operated and maintained by Lexington Compliance. Scottrade and Lexington Compliance are not affiliated. Lexington Compliance’s website contains information that may be of interest or use to the reader. Third-party websites, research and tools are from sources deemed reliable; however, Scottrade does not guarantee accuracy, completeness or timeliness of the information, is not responsible for statements, offers or products issued and makes no assurances with respect to the results to be obtained from their use. No information presented constitutes a recommendation by Scottrade or its affiliates to purchase any product or instrument discussed therein or engage in any specific strategy. Please research any product or service carefully.

**The scope of this service will include basic questions about the operation of a registered investment advisor and related compliance and registration areas. If an inquiry requires extensive research, significant review of materials or drafting of materials, then Lexington will offer its standard compliance consulting packages for a fee. If you choose to retain Lexington for compliance consulting services that are outside the scope of the hotline, you are responsible for making all required payments.