How New Technology and Regulations Will Impact the Future of RIA Compliance - PowerPoint Presentation

How New Technology and Regulations Will Impact the Future of RIA Compliance May 24, 2017 FPA of Georgia

GJ King President, RIA in a Box GJ is the President of RIA in a Box® which provides compliance and operations support to over 1,500 registered investment adviser (RIA) firms. He is a frequent industry speaker on the topics of RIA compliance, operations, and technology best practices. GJ previously worked in the investment management division of Goldman Sachs serving as a trusted advisor to a select group of high net worth entrepreneurs, families, and foundations. King holds an MBA from the Graduate School of Business at Stanford University and a BA from Brown University.

Disclosures RIA in a Box is not a law firm, CPA firm, or registered investment advisory firm. None of the information presented, advice given, or services rendered should be considered legal, tax, accounting, or investment advice.

Today’s Topics

Today’s RIA Technology Landscape

Integrated RIA Compliance Technology

Your CRM System 48% of RIA firms use a CRM system today* 2015 AUM growth rate: 4.6% vs. 2.0% average Most popular solutions are Redtail and Salesforce General client information and notes Good business practice that is crucial during any regulatory issue Integrated calendar and tasks Documentation of compliance program implementation Client suitability information Top deficiency cited during regulatory exams Client location Is your firm registered in all proper jurisdictions? Documented processes via workflows Internal review and approval processes for investment recommendations Source: 2016 RIA in a Box Technology Survey

Your Portfolio Management & Reporting System 48% of RIA firms use a portfolio management and reporting system today* 2015 AUM growth rate: 3.8% vs. 2.0% average Most popular solutions are Morningstar Office and Orion Form ADV filing information Automatically aggregate and normalizes data across multiple custodians Calculate total regulatory assets under management (“AUM”) Discretionary vs. Non-discretionary AUM by client type Systemized advisory fee billing Manual fee calculation is a major compliance risk Opportunity to determine a “reasonable fee” Systemized review of client portfolio performance Are there any outliers? Source: 2016 RIA in a Box Technology Survey

Your Document Storage System 46% of RIA firms use a document storage system today* 2015 AUM growth rate: 4.8 % vs. 2.0% average Most popular solutions are DropBox and Box Official books and records Foundation of your firm’s compliance program Organized client documentation Ability to produce required client files Business continuity Ability to access files and continue operations during a business disruption Source: 2016 RIA in a Box Technology Survey

Your Archiving System ~50% of RIA firms use an archiving system today Some systems focus exclusively on email Some systems archive across all channels (social media, text, etc.) Requirement to keep correspondence and advertising records Can lead to serious regulatory issues Easier compliance monitoring Centralizes capture of all information to allow for easier review Demonstrate “Culture of Compliance” Ability to demonstrate program implementation during an exam

Your Compliance Software Platform 39% of RIA firms use compliance software today Some systems focus exclusively on employee trade monitoring Some systems serve more broadly as your firm’s compliance hub Implement a comprehensive yet efficient program Perform only relevant tasks based on your firm’s profile Centralized compliance program documentation Organize all competed activities in a digital compliance log Supervise staff Track and document all staff attestations and activities Automatically capture all employee trad e data More efficiently review employee trades vs. client trades Source: 2017 InvestmentNews Adviser Technology Study

This rule does impact RIA firms but it is manageable June 9, 2017: Comply with the Impartial Conduct Standards Example impacted investment recommendation scenarios: IRA rollover from a Qualified Retirement Plan IRA rollover from another IRA Switch from commission-based to fee-based IRA DOL Fiduciary Rule

Impartial Conduct Standards

Qualify for streamlined Level Fee Exemption Educate and train all staff members Create an “IRA Investment Recommendation Checklist” Implement a process to review recommendations Establish additional procedures to ensure compliance Five Steps to Comply

This rule impacts all state and SEC-registered RIA firms October 1, 2017: New Form ADV becomes effective Significant changes include: Disclose company social media pages Disclose use of outsourced Chief Compliance Officer More detailed AUM information by client type More detailed information on Separately Managed Accounts More detailed information on Wrap Fee Programs Form ADV Changes

Begin to organize portfolio management and reporting information to mirror Form ADV data fields Ensure that all social media pages are properly archived Document all new required information by October 1, 2017 Three Steps to Comply

While the above statement is a sometimes overused phrase in the RIA compliance world, our team of former regulators can assure you that it is taken very seriously by every regulator in every jurisdiction. If you are successful in demonstrating a “culture of compliance” at your firm and willingly cooperate with the examiners, your exam is more likely to have better results. Establishing the Culture of Compliance

Know the rules applicable to your firm SEC Rule 204-2 Georgia Rule 590-4-4-.14 Are you aware of your jurisdiction’s Books & Records requirements ? Inspection of the firm’s books and records is a key audit focus Don’t wait to prepare these until requested by the examiner Unique Georgia requirements S pecific supervision rules including annual office inspection Keep the Proper Books & Records

Elements of Effective Compliance Program

SEC has stated : Even small advisers may have arrangements, such as soft dollar agreements, that create conflicts… Advisers of all sizes, in designing and updating their compliance programs, must identify these arrangements and provide for the effective control of the resulting conflicts...We would expect smaller advisory firms without conflicting business interests to require much simpler policies and procedures than larger firms. Policies & Procedures

Rule 206(4)-7 under the Investment Advisers Act of 1940 requires SEC registered investment advisers to: adopt and implement written policies and procedures reasonably designed to prevent violation, by you and your supervised persons, of the Act and rules under the Act. conduct a review, no less than annually, of the adequacy of the policies and procedures and the effectiveness of their implementation. designate a Chief Compliance Officer (CCO) to administer the policies and procedures. Policies & Procedures

At a minimum, the SEC has stated the policies and procedures should address the following (if applicable to an investment adviser’s business ): Portfolio m anagement processes – allocation of investment opportunities among clients, consistency of investments with investor goals, disclosures T rading p ractices – procedures to determine best execution, allocation of aggregated trades among clients P roprietary trading of the adviser and personal trading of supervised persons (Code of Ethics ) A ccuracy of disclosures to clients and regulators – brochure, advertising A ccurate creation and secure maintenance of required records Policies & Procedures (Cont.)

Marketing – use of solicitors Processes to value client holdings and assess fees based on those valuations Safeguards to protect client assets from conversion or inappropriate use by advisory personnel Safeguards to protect client information Business continuity plans Policies & Procedures (Cont.)

Requirement to have language that all supervised persons will comply with security laws. Requirements for reporting of access persons’ personal securities transactions and holdings and pre-approval of IPO investments and limited offerings. Procedures to report violations of the Code and sanctions for violations. Requirement to provide copy and obtain annual acknowledgments. Code of Ethics

Provide investment adviser personnel with copies of Policies and Procedures, Code of Ethics, and Privacy Policy. Do they understand them? Individual’s attestation that they have read, reviewed, and understand Initially, annually, or when modified Staff Training & Attestations

Neither Rule 206(4)-7 nor similar state rules require a risk assessment; but, the SEC’s initial request for information during an exam asks for: Inventory of compliance risks that forms the basis for policies and procedures Documents mapping the inventory of risks to written policies and procedures Risk Assessment

Four Step Process: Prepare risk inventory Assign a “rating” to each risk identified in your inventory “Map” risks to specific procedures and/or disclosures Review and update, as needed Risk Assessment

Use a compliance calendar to monitor and test your policies and procedures . The calendar should indicate : What is the specific task to be performed When and how often will the specific task be performed Who will be responsible for performing the taskCompliance Calendar

Your c alendar will have tasks designed to monitor and test your policies and procedures. Monitoring: Keeping track of and checking your procedures on a continuing basis. Testing: Submitting your procedures to evaluation to determine their ability, or inability, to detect and prevent compliance violations. Compliance Monitoring & Testing

Policy: The firm’s Chief Compliance Officer (CCO) shall be responsible for approving all company advertising and ensuring it is in compliance with jurisdictional regulations. No advertisement shall be distributed without the CCO’s approval. Task: Review and approve advertising. When: As needed: Review and note approval when advertisement placed; Quarterly / Annually: Spot check advertisement records to ensure prior approval was obtained and perform a general i nternet search for “unapproved” advertising Compliance Monitoring & Testing

Policy: The Firm shall bill clients accounts on a quarterly basis and deduct the fees directly from clients accounts. Task: Review client accounts for billing errors. When: Review sample client files every quarter after the most recent billing cycle. Compliance Monitoring & Testing

CCO or person designated to conduct a review must assess the adequacy and effectiveness of the compliance program at least annually. Adequacy Has the firm updated its policies and procedures in response to changes in business practices or regulatory requirements? Has the firm conducted risk assessment in response to any changes? Effectiveness Is the firm implementing policies and procedures as designed ? Document the annual review and make changes as necessary. Annual Review

What percentage of SEC-registered RIA firms are audited on an annual basis? 11% 18% 27% 43% RIA Examination Frequency

SEC Audit Statistics RIA Examination Frequency Examined 30% of total assets under management (“AUM”) in 2014 From 2001 to 2015, total aggregate SEC-registered RIA AUM increased approximately 210% from $21.5 trillion to approximately $66.8 trillion As of February 28, 2017, there are 12,286 SEC-registered RIA firms with a median AUM of $302 million and an average of $5.459 billion AUM SEC exam volume is up 25% in 2017 vs. 2016 Sources: 2014, 2015, 2016, and 2017 SEC Fiscal Year Congressional Budget Justifications

Exam Document Preparation Overview slide deck Org chart Joint ventures Client account information Type Custodian E-delivery authorization Custody Value for advisory fees

Lost advisory clients Registration justification Service provider list Policies and Procedures Non-compliance records Review documentation Code of Ethics Trade errors Risk assessment Employee trade records Exam Document Preparation

Litigation records Security list Soft dollar arrangements Custodial agreements Financial statements Trade blotter Advertising materials Advisory agreement Exam Document Preparation

What percentage of SEC RIA audits result in a deficiency being cited? 34% 42% 63% 77% Exam Deficiencies

What percentage of SEC RIA audits result in a referral to Enforcement? 7% 11% 26% 32% Referrals to Enforcement Division

Possible Referral to Enforcement SEC Enforcement Statistics Sources: 2014, 2015, 2016, and 2017 SEC Fiscal Year Congressional Budget Justifications

Deficiencies Source: 2015 North American Securities Administrators Association RIA Coordinated Examination Report

Evolving Audit Scope

Better Data and More Focus The Form ADV Part 1 changes taking effect October 1, 2017 further demonstrate this.

Best Practices

3 rd party self regulatory organization (SRO) Congressional bill introduced by Spencer Bachus (formerly R-AL) in April 2012 User fees Congressional bill introduced by Maxine Waters (D-CA) in April 2013 3 rd party audits Introduced in May 2014 by former SEC Commissioner Daniel Gallagher at a Financial Industry Regulatory Authority (FINRA) event Increased SEC focus on RIA firms Shift of 100 broker-dealers to adviser exams Hiring more adviser examiners Changing AUM registration threshold Previously raised from $30 to $100 million as part of Dodd-Frank Raising to $300 million would shift around ½ of SEC-registered firms to state level Efforts to Increase Audit Frequency

About RIA in a Box We support RIA firms with industry-leading registration and compliance services Experience & Expertise 30+ employees including former regulators, advisors, and technologists Have helped register over 3,000 new RIA firms MyRIACompliance TM Proprietary RIA compliance management software Provide compliance software and ongoing consulting support to over 1,500 RIA firms www.riainabox.com @ riainabox