Skip to content Skip to navigation menu
Your browser is not supported by this site.
Please update to the latest version, or use a different browser for the best experience.

Building an RIA
Compliance Program

Building an RIA Compliance Program

The Registered Investment Advisor (RIA) market has swelled to 12,000 firms, posting a rapid 17 percent increase over the last two years1 and attracting the undesired attention of the Securities and Exchange Commission along the way. In response to this trend, and the approximately $70 trillion that RIAs now manage by the end of 2016, the SEC has hired and deployed 20 percent more examiners to supervise wealth managers and investment companies.

In this climate of regulatory vigilance, the Investment Advisers Act of 1940 remains the top priority for RIA compliance teams. But in 2017, RIAs must also contend with looming Financial Crimes Enforcement Network2 reforms that impose the same anti-money laundering AML requirements upon RIAs as other financial institutions, including banks, broker-dealers, and pooled investment companies.

A formal AML program for RIAs entails detailed currency transaction reports for cash movements of $10,000 or more, suspicious activity reporting that is in line with the adviser’s risk profile, and accurate regulatory technologies (regtech) for verifying the ultimate beneficial owners of client accounts. Further compounding RIA compliance are the complex data-reporting mandates of the Dodd-Frank Act and new Department of Labor laws that impose strict fiduciary limits on advisers managing retirement account investments.

You are one step away from your FREE Person or Business Investigations Search.

Thomson Reuters CLEAR® investigations software delivers easy-to-use, real-time data to
help you find who or what you need.

Request your FREE person or business investigations search

This new wave of investment advisor regulations demands that RIAs across the board implement risk-based and comprehensive compliance programs. While the scope of legislative disruption may seem daunting and hard to navigate, there are several best practices that, with a high degree of certainty, mitigate the threat of enforcement action. For RIAs seeking to create and implement a top-flight compliance program, the following five initiatives are foundational:

  • Delegate broad and sweeping supervisory controls to their chief compliance officers
  • Diagnose the highest probabilities for error and tailor a comprehensive, risk-based solution
  • Ensure that policies and procedures cover the full scope of the IAA, along with other relevant legislation
  • Ensure that annual audits and regulatory technology are adequate
  • Digitize all record-keeping systems and practices to confirm that violations are being dealt with appropriately and in a timely manner

The following article will examine these compliance guidelines and provide best practices for the execution of each initiative.

Empower Your Chief Compliance Officer

Due to the growth of the RIA sector, the SEC and state regulators have allocated more supervisory resources to monitor independent investment advisers. In today’s regulatory regime, RIAs are facing the same type of scrutiny generally reserved for more systemically significant financial institutions. As a result, the designation of a CCO and the delegation of sweeping authority and supervisory controls to this C-Suite role have never been more essential for RIA organizations.

While the SEC’s final rule3 mandating that RIAs designate a CCO has been in effect since 2004, the emphasis for today’s enforcement landscape is more focused on the technological fluency this officer possesses, along with the decision-making power it wields over the organization. It follows that RIAs must offer their CCOs a seat at the boardroom table and empower their compliance leaders with equal, if not more senior, stature to other C-Suite executives. The transformation is a cultural one – RIAs must enable their CCOs to set the organizational tone for compliance from the top.

This reorganization sends a clear and unequivocal message to firm personnel, investors, and outside regulators that risk management and compliance are taken seriously by the organization. Also, by engaging the CCO in all boardroom decisions of significance, RIAs promote transparency, which makes regulators more likely to conclude that the firm is willfully attempting to comply. Finally, it follows that enhanced responsibility for CCOs merits compensation incentives that better reflect the role’s rising value proposition.

Implement a Risk-Based Strategy

RIAs conducting business in today’s capital markets cannot afford to assume that their risk exposures will reflect the generic regulatory list delineated by SEC release IA-2204. The sprawling regulatory octopus compels the RIA ecosystem to abandon checkbox compliance and adopt risk-based models, tailored to the specific operational threats that each investment adviser faces. RIAs face a wide range of risk exposures, including:

  • Operational disruptions
  • Anti-money laundering requirements
  • Proprietary trading
  • Insider trading
  • Retirement account management
  • Counterparty vulnerabilities
  • Investment product offerings
  • Transition planning
  • Cybersecurity
  • Marketing & advertising

The myriad complex reporting, record-keeping, and disclosure requirements only serve to complicate this risk matrix. It follows that different RIAs will have varying distributions of risk, depending on their customer base, investment product offerings, IT systems, operating geographies, and vendors they engage in business.

The myriad complex reporting, record-keeping, and disclosure requirements only serve to complicate this risk matrix. It follows that different RIAs will have varying distributions of risk, depending on their customer base, investment product offerings, IT systems, operating geographies, and vendors they engage in business.

Enact Comprehensive Policies

In what may seem the most obvious best practice, RIA compliance teams must draft and enforce internal policies that reflect the regulatory standards delineated by the IAA, Dodd-Frank, the Bank Secrecy Act, and other relevant laws. The primary challenges that arise are:

  • Rapidly evolving scope of legislation
  • Narrow time constraints for the implementation of regulatory reforms
  • Sweeping data-reporting demands
  • Potential ambiguities surrounding rules and exemptions

Nevertheless, it is the duty of the CCO and their compliance lieutenants to keep abreast of regulatory reforms in order to transition to new policies and laws on schedule and without penalty.

Digitize Record-Keeping Systems to Enhance Transparency

Investment in modern technology systems is crucial for RIAs seeking regulatory approval. The vast data-reporting obligations of Dodd-Frank and BSA legislation compel investment advisers to upgrade regtech assets and network security systems. Two key considerations for regtech and network security are data integrity, which measures information accuracy, and data quality, which measures information consistency and timeliness.

The volume, velocity, and variety of market data demanded fluid technology solutions that can recognize adverse threats in real time. Instead of breaking the bank with costly R&D to create proprietary firm solutions, RIAs will realize greater value by outsourcing these functions to specialized vendors.

For regtech applications, RIAs should partner with vendors that use direct data feeds, ensuring more secure, robust, and high-quality information. On the network security side, RIAs should seek out machine-learning specialists that can detect malicious attacks and data breaches before they cause significant operational harm.

Ensure that Record-Keeping Systems Are Adequate

Record keeping forms the core of transparency for financial institutions. However, an unethical employee or group of employees may subvert firm compliance by omitting information or producing misleading documentation in an effort to sweep a violation under the rug. For this reason, it is imperative that all compliance recordkeeping be filed, stored, and curated digitally. A clear digital record provides metadata history that records:

  • Creation of Data
  • Purpose
  • Timestamp
  • Author
  • Computer used
  • Standards
  • File size

By implementing a transparent, digital-only record-keeping system, RIAs promote accountability and track violations, incident reports, recommendations, and revisions more accurately and effectively.

Smarter Compliance through Regtech

While a strong CCO forms the core of a high-performing compliance program, this leader will only be as effective as the technology they have at their disposal and their ability to use it appropriately. The expansion of FinCEN’s AML regime into the RIA space, along with heightened SEC oversight, necessitates a sophisticated response from investment advisers.

To mitigate AML risks and avoid punitive enforcement actions, RIAs should seek out a modern investigative technology solution that identifies adverse counterparties before they sabotage operations and undermine profit. By partnering with a best-in-class regtech vendor, RIAs can transform compliance from a cost center and regulatory lightning rod into a catalyst for asset capture and bottom-line growth.

How Thomson Reuters Can Help

CLEAR online investigation software for AML/KYC provides a solution to your compliance and regulatory needs. By providing consistent, comprehensive, and defensible investigative results, CLEAR enables organizations like yours to stay up to date on an ever-changing regulatory landscape. With CLEAR, you can:

  • Access key proprietary and public records in one intuitive environment
  • Enable batch searching to run one search for a large number of people and businesses
  • Receive real-time records such as arrests, watch lists, and social media
  • Instantaneously analyze search results to shorten investigation time and uncover hidden unknowns
Request your FREE person or business investigations search

Thomson Reuters is not a consumer reporting agency and none of its services or the data contained therein constitute a ‘consumer report’ as such term is defined in the Federal Fair Credit Reporting Act (FCRA), 15 U.S.C. sec. 1681 et seq. The data provided to you may not be used as a factor in consumer debt collection decisioning, establishing a consumer’s eligibility for credit, insurance, employment, government benefits, or housing, or for any other purpose authorized under the FCRA. By accessing one of our services, you agree not to use the service or data for any purpose authorized under the FCRA or in relation to taking an adverse action relating to a consumer application.