Compliance FAQ: Rule 206(4)-7 Continues to Cause Preventable RIA Compliance Issues

This month, Lexington Compliance looks at one SEC rule that continues to plague RIA firms:

While the Securities and Exchange Commission (SEC) continues to release new rules and examination risk alerts that impact registered investment adviser (RIA) firms, one simple rule continues to trip up SEC-registered RIA firms of all sizes. Rule 206(4)-7 requires an investment advisory firm to adopt and implement written compliance policies and procedures, perform an annual review, and designate a Chief Compliance Officer (“CCO”). While at first glance this long-standing rule appears rather straight-forward, it continues to trip up investment advisers leading to enforcement actions.

"Rule 206(4)-7 - Compliance procedures and practices" reads as follows:

If you are an investment adviser registered or required to be registered under section 203 of the Investment Advisers Act of 1940 (15 U.S.C. 80b-3), it shall be unlawful within the meaning of section 206 of the Act (15 U.S.C. 80b-6) for you to provide investment advice to clients unless you:

(a) Policies and procedures. Adopt and implement written policies and procedures reasonably designed to prevent violation, by you and your supervised persons, of the Act and the rules that the Commission has adopted under the Act;

(b) Annual review. Review, no less frequently than annually, the adequacy of the policies and procedures established pursuant to this section and the effectiveness of their implementation; and

(c) Chief compliance officer. Designate an individual (who is a supervised person) responsible for administering the policies and procedures that you adopt under paragraph (a) of this section.

As RIA compliance consultants, we see these common mistakes related to Rule 206(4)-7 that often lead to serious compliance issues:

1.  A newly registered firm creates a policies and procedures manual at the time of initial RIA registration, but fails to actually implement or follow it. Simply having a compliance manual is not enough. The firm needs to do what it says it's going to do.

2.  A newly registered firm creates a policies and procedures manual at the time of initial RIA registration, however it's generic and not tailored and does not accurately apply to the particular firm's business practices and potential risks. In this scenario, the policies and procedures unfortunately are insufficient to prevent violations.

3.  A firm does a sufficient job of updating its Form ADV and other filings but fails to establish an actual compliance program. Properly maintaining and updating the Form ADV is critical, but is only one part of implementing a robust compliance program.

4.  New and long-established firms fail to conduct and document an annual compliance review. Even if the firm has implemented a strong compliance program, the annual review is a requirement that cannot be overlooked. It must be conducted thoughtfully and documented by performing an annual risk assessment, staff training, testing, and other reviews.

5.  A firm conducts an annual compliance review each year in theory, but has little in practice to show for it. The firm's policies and procedures manual is a living document that should be regularly updated to match a firm's business model evolution and to ensure that any new regulatory requirements are being properly addressed.

6.  A firm designates a Chief Compliance Officer, but the CCO is insufficiently qualified and does not receive proper training. Appointing an administrative assistant with no prior experience that is not properly empowered and is preoccupied with his or her existing responsibilities can lead to serious problems.

We strongly encourage the principals of all SEC and state-registered RIA firms to review these common mistakes to ensure that none are present. While Rule 206(4)-7 is less than 150 words in length, it is frequently cited in enforcement actions and forms the building blocks of establishing the proper culture of compliance.

Free Basic Compliance Hotline provided by Lexington Compliance for Scottrade® RIAs

To learn how Lexington Compliance can help you understand compliance issues, please visit* Talk to your advisor service team at 877.726.8741 or about the free basic compliance hotline** provided to Scottrade® advisors by Lexington Compliance.


*By clicking on this link, you understand you will be redirected to, a third-party website operated and maintained by Lexington Compliance. Scottrade and Lexington Compliance are not affiliated. Lexington Compliance’s website contains information that may be of interest or use to the reader. Third-party websites, research and tools are from sources deemed reliable; however, Scottrade does not guarantee accuracy, completeness or timeliness of the information, is not responsible for statements, offers or products issued and makes no assurances with respect to the results to be obtained from their use. No information presented constitutes a recommendation by Scottrade or its affiliates to purchase any product or instrument discussed therein or engage in any specific strategy. Please research any product or service carefully.

**The scope of this service will include basic questions about the operation of a registered investment advisor and related compliance and registration areas. If an inquiry requires extensive research, significant review of materials or drafting of materials, then Lexington will offer its standard compliance consulting packages for a fee. If you choose to retain Lexington for compliance consulting services that are outside the scope of the hotline, you are responsible for making all required payments.