The North American Securities Administrators Association (NASAA) conducted its 2023 Investment Adviser Coordinated Exams, providing valuable insights into the regulatory landscape for investment advisers. The exams covered a range of key areas and identified common compliance deficiencies and best practices.
Key Findings & Recommendations:
Registration & Licensing:
Findings: The examinations uncovered that many investment advisers faced challenges related to registration and licensing, primarily stemming from a failure to update their firms’ Form ADV and their IARs’ Form U4s promptly. In some cases, outdated or inaccurate information hindered regulatory compliance.
Recommendations: Investment advisers should establish a proactive approach to regulatory filings. Regularly reviewing and updating Form ADV is paramount to making sure that it accurately reflects the firm’s current business activities, conflicts of interest, and any other pertinent information. Staying on top of these updates fosters compliance while demonstrating a commitment to transparency and accuracy in client dealings. Learn more about our extensive RIA Registration and Setup services.
Cybersecurity:
Findings: A recurring theme of cybersecurity deficiencies among investment advisers was revealed. Weak or infrequently changed passwords, the absence of written supervisory procedures (WSPs) for cybersecurity, and instances of transmitting sensitive data by unsecured means illuminated potential vulnerabilities in data protection practices.
Recommendations: In light of these cybersecurity violations, investment advisers should prioritize the security of sensitive client data, especially in anticipation of the SEC’s forthcoming cybersecurity rule change. To address these concerns effectively, firms must invest in robust security measures, including the implementation of strong encryption protocols and secure networks. Regular and comprehensive employee training programs should be instituted to educate staff on identifying and mitigating cybersecurity threats. Furthermore, developing a well-defined incident response plan is crucial to enabling swift and effective action in the event of a breach and thereby minimizing potential damage. For comprehensive cybersecurity solutions, consider exploring our RIA CyberProtection program.
Fee & Expense Disclosures:
Findings: The exams unveiled several instances in which investment advisers failed to provide adequate fee and expense disclosures to clients. These deficiencies included fees that did not match those on the contract or ADV, the charging of miscalculated fees, and the imposing of undisclosed fees for asset management services. Such shortcomings can potentially create conflicts of interest and misunderstandings about the true cost of advisory services.
Recommendations: To address these issues and enhance transparency, investment advisers must prioritize comprehensive fee and expense disclosures. It’s imperative to provide clients with clear, detailed, and easily understandable information about the fees associated with your services. Such transparency builds trust while empowering clients to make informed decisions. Advisers should make it a practice to regularly review and update these disclosures, to confirm that they accurately reflect any changes in fee structures or expense allocations. This commitment to transparency and accuracy will help advisers maintain compliance while strengthening client relationships.
Advertising & Marketing:
Findings: During the examinations, several regulatory deficiencies came to light concerning advertisements and marketing materials utilized by specific investment advisers. These deficiencies encompassed a range of issues, including untrue or misleading statements related to qualifications, services offered, and fees. Additionally, some advisers improperly used industry terminology, such as the terms “RIA” or “IAR,” potentially leading to misrepresentations in their marketing materials. Certain advisers lacked sufficient website disclaimers, which are crucial for providing clarity about the services they offer and the associated risks. Violations related to the use of testimonials in promotional materials were also identified. The examinations identified instances in which websites remained active, despite regulatory concerns, potentially leaving clients and prospects exposed to misleading or outdated information.
Recommendations: To address these advertising violations effectively, investment advisers should proactively review and update marketing materials regularly. This can keep your RIA in compliance with applicable regulations and accuracy in all promotional materials — avoiding any misleading information. Collaboration between compliance teams and the marketing department is crucial for maintaining consistency with regulatory requirements and mitigating the risk of regulatory violations. By implementing these recommendations, investment advisers can uphold their commitment to transparency, maintain regulatory compliance, and protect their professional reputation. Learn more about AdvisorLaw’s extensive compliance services, including consulting regarding the SEC’s marketing and advertising rules.
Books & Records:
Findings: The examinations uncovered several instances where investment advisers struggled to maintain adequate books and records, particularly in areas such as client suitability information, ADV Part 2 (Brochures) amendments and revisions, and all written agreements, including client contracts and various business agreements. These deficiencies raised concerns about their ability to meet the necessary record retention requirements effectively.
Recommendations: To address these books and records violations, investment advisers should prioritize the establishment and maintenance of comprehensive recordkeeping procedures. This involves diligent maintenance of records related to client transactions, agreements, financial statements, and other relevant documents. By making sure records are organized, complete, and readily accessible, investment advisers can demonstrate compliance with regulatory obligations and streamline future examinations. Robust recordkeeping helps to maintain regulatory compliance, which contributes to smoother operations and mitigating the risk of regulatory violations.
Supervision & Compliance:
Findings: Instances of inadequate or no protection of vulnerable clients were identified. These shortcomings raise concerns about the ability of some investment advisers to protect the well-being and financial security of their most vulnerable clients. In addition, several advisers displayed deficiencies related to the currency and timeliness of their supervisory and compliance procedures. This lack of up-to-date practices can leave investment advisers vulnerable to regulatory violations and hinder their ability to adapt to evolving industry standards.
Recommendations: Investment advisers must prioritize the protection of vulnerable clients. This entails implementing robust safeguards and protocols tailored to the unique needs of these clients. Both adequate training for staff in identifying the signs of financial exploitation and clear procedures for reporting suspicions to the proper authorities are essential. By establishing protective measures, advisers can demonstrate their commitment to the welfare of vulnerable clients and mitigate regulatory risks. To address concerns related to the currency and effectiveness of supervisory and compliance procedures, advisers should conduct regular reviews and updates. This includes maintaining current procedures, conducting periodic testing or reviews, and ensuring compliance with evolving regulatory requirements. Investment advisers should also establish and regularly review business continuity plans to guarantee their ability to operate seamlessly during unforeseen disruptions. A commitment to following established procedures is crucial to maintaining regulatory compliance and safeguarding the integrity of the advisory business.
Contracts:
Findings: Among the issues identified during the exams were instances where contracts were not properly executed, including errors related to signatures and dates, which could lead to disputes and regulatory concerns. Additionally, certain contracts contained impermissible hedge clauses, which may violate regulatory requirements and compromise the fairness of contractual terms.
Recommendations: Investment advisers should prioritize the proper execution of contracts to avoid potential disputes and regulatory scrutiny. This means that all contracts should be correctly signed and dated by all parties involved. By maintaining accurate records of contract execution, advisers can demonstrate their commitment to transparency and professionalism. To address issues related to impermissible hedge clauses, advisers should carefully review their contracts and remove any clauses that may contravene regulatory standards. Contracts should adhere to regulatory requirements while providing clear and fair terms to all parties. Additionally, advisers should make sure that all contracts are in writing and that fee formulas and structures are clearly stated. Clarity and adherence to regulatory guidelines are essential to maintaining compliance and the integrity of contractual agreements.
Custody:
Findings: Several investment advisers faced issues related to custody, including cases of improper client invoices, where errors in fees, time periods, formulas, or assets in the formula raised concerns about compliance and accuracy. In addition, there were instances in which advisers failed to dually invoice clients and custodians where required — potentially impacting transparency and regulatory compliance. Various other custody issues and concerns were noted, underscoring the need for vigilance in safeguarding client assets and maintaining compliance.
Recommendations: To address the issues related to improper client invoices, advisers should implement robust procedures to ensure the accuracy of fee calculations, timeframes, and formulas. Regular reconciliation and validation of invoices can help prevent errors that could compromise client trust and regulatory compliance. To enhance transparency and regulatory compliance, advisers who are required to do so should adopt dual invoicing practices for both clients and custodians. This approach guarantees that all parties involved are aware of fee deductions, minimizing potential disputes and regulatory concerns. Investment advisers should also conduct a thorough review of their custody practices and policies to identify and rectify any other custody issues or concerns. This includes confirming that proper notices are provided to administrators when required, and that account statements from advisers undergo independent CPA annual surprise audits, as mandated by regulations. Maintaining comprehensive and compliant custody procedures is essential to protect client assets and uphold regulatory standards.
Financial Matters:
Findings: Several advisers were found to have inadequate net capital, particularly when they had discretion over client accounts. This raised concerns about their financial stability and ability to meet regulatory requirements. In some instances, advisers failed to provide audited financial statements as required by regulations, indicating potential noncompliance with financial reporting obligations. Additionally, several advisers were observed commingling outside business or personal business funds with their investment advisory business accounts, creating a significant compliance risk. Lastly, instances of poor financial condition, including insolvency or potential inability to continue operations, were identified among certain advisers, highlighting financial vulnerabilities.
Recommendations: Advisers should promptly provide required audited financial statements for transparency and compliance. RIAs must maintain adequate net worth by assessing and enhancing the business’s financial stability. To prevent commingling funds, firms must implement strict segregation practices. In cases of financial challenges, seek guidance, evaluate solvency, and plan to meet regulatory obligations and protect clients’ interests.
Information Security:
Findings: During exams, various information security violations came to light. These included the absence of written information security policies, inadequate procedures for contacting authorities and clients in the event of security incidents, insufficient protection policies for device usage, and a notable lack of business continuity plans related to information security.
Recommendations: In light of these findings, investment advisers must place a strong emphasis on information security to protect client data and sensitive information. Advisers should take proactive steps, such as developing and implementing comprehensive information security policies that encompass procedures for contacting authorities and clients during security incidents. Additionally, they should address protection protocols for device use and establish a robust business continuity plan that specifically addresses information security concerns. Regularly updating and rigorously testing these policies is essential to their effectiveness in preventing and responding to potential security breaches. Learn more about AdvisorLaw’s CyberProtection services.
Privacy:
Findings: Several privacy violations were uncovered during the exams. These included instances where there was no evidence of the annual delivery of privacy policies, no evidence of the initial delivery of privacy policies, inadequate privacy policies, the complete absence of privacy policies, and the failure to provide clients with the option to opt into information sharing, where required by the relevant jurisdiction.
Recommendations: These privacy lapses mean that investment advisers must prioritize compliance with privacy regulations. They should meticulously document both the initial and annual delivery of privacy policies to clients. Moreover, advisers should review and enhance their privacy policies to make sure that they’re meeting regulatory standards and adequately safeguarding client data. In cases where privacy policies are absent, they should be promptly developed and implemented. Finally, advisers should diligently adhere to jurisdiction-specific requirements, ensuring that their clients have the option to opt into information sharing, where necessary, thereby demonstrating a commitment to privacy compliance and client data protection.
Closing Thoughts On NASAA’s 2023 Investment Adviser Coordinated Exams
The 2023 Investment Adviser Coordinated Exams, conducted by the North American Securities Administrators Association (NASAA), shed light on critical areas of compliance and best practices for investment advisers. These examinations identified common regulatory deficiencies, providing valuable recommendations to strengthen regulatory adherence and enhance the quality of client services.
As investment advisers reflect on these findings and recommendations, they should recognize the opportunity to enhance their compliance practices, protect client interests, and fortify their positions in a dynamic industry. By addressing these areas of improvement, advisers can strengthen their regulatory standing and promote the continued trust and satisfaction of their clients — ultimately paving the way for a prosperous future in the financial advisory landscape.
AdvisorLaw: Your Partner In Regulatory Compliance & Success
At AdvisorLaw, our commitment extends beyond addressing the findings and recommendations from NASAA’s examinations. We’re dedicated to helping you navigate and thrive in the ever-evolving financial advisory industry. By partnering with us, you can strengthen your regulatory standing, elevate client satisfaction, and pave the way for a prosperous future in the financial advisory industry.
Our tailored solutions are designed to cover all aspects of ongoing compliance, effectively meeting your specific needs. With our marketing and advertising consulting services, we’ll guide you through the intricate regulatory landscape, consistently aligning your promotional materials with the latest rules and regulations.
Further, we offer the option to leverage our expertise as your outsourced chief compliance officer (CCO). Our team provides expert guidance and vigilant oversight so that your compliance practices remain robust and up to date. Recognizing the critical role of cybersecurity in protecting sensitive client data, we deliver top-notch cybersecurity protection services to shield your business from digital threats.
At AdvisorLaw, we are here to support you comprehensively — offering a suite of services to maintain compliance and uphold regulatory standards.