RIA Compliance Checklist for Your Firm

One of the biggest challenges for registered investment advisors (RIAs) is navigating the many compliance rules they must observe. While there are many regulations to be aware of, tackling compliance doesn’t have to be a headache. Developing an RIA compliance checklist for your firm can make tracking the various requirements easier.

Ready to grow your client base? SmartAsset AMP can simplify your marketing plan.

Understanding RIA Compliance

RIAs are responsible for ensuring compliance from end to end in their business, beginning with their initial registration. Advisors may register with the SEC or state regulatory authorities; which one you choose will depend on your firm’s assets under management (AUM).

Compliance rules exist to ensure that RIAs are:

Avoiding conflicts of interest
Upholding their obligations to their clients, as prescribed by the fiduciary standard
Acting ethically and fairly at all times

As fiduciaries, RIAs must act in their clients’ best interests at all times. Failure to do so could be considered a breach of fiduciary duty, a situation that could have serious consequences.

In that scenario, a client may sue their advisor for damages. A lawsuit could result in damage to the firm’s brand reputation and the loss of other clients who no longer feel comfortable working with them. The advisor’s registering agency can also take disciplinary action against them.

In short, ensuring compliance is critical to the long-term health of your firm.

RIA Compliance Checklist

Creating an RIA compliance checklist is easier to do when you break it down into individual sections. To keep things simple, we suggest using these sections:

Documentation
Regulatory requirements
Operating procedures

Documentation

There are certain documents you’ll need to maintain for your RIA. Here’s what to include in this section of your compliance checklist:

Code of ethics. Rule 204A-1 of the Advisers Act requires advisors to develop, maintain and enforce a written code of ethics for themselves and all supervised persons. Learn how to create an advisor code of ethics.
Policies and procedures. Rule 206(4)-7 of the Advisers Act requires advisors to have written policies and procedures for compliance. In late 2023, the SEC amended the rule to also require advisors to conduct an annual review of their policies and procedures and document it in writing.
Privacy notice. The Gramm-Leach-Bliley Ac t requires financial institutions, including registered advisors, to furnish their customers with a privacy notice. The notice must explain how customers’ date is collected, organized, stored, shared and used. Clients must be allowed to opt out of sharing if they desire to do so.
Brochures. Advisors who register with the SEC must complete Form ADV and provide their clients with a brochure that, in plain English, explains the advisor’s business practices, fees, conflicts of interest and disciplinary history.
Form CRS. The Client Relationship Summary (Form CRS) includes much of the same information that’s included in the brochure. The purpose of Form CRS is to explain the advisor-client relationship so that prospective clients can make more informed decisions when choosing a financial professional to work with.

Regulatory Requirements

Federal and state regulators enforce existing guidelines and routinely implement new ones. Here are some of the most significant regulatory rules to know.

Annual filing. SEC-registered advisors must file an update to Part 1A of their Form ADV annually. This must be done within 90 days of the end of your fiscal year.
Pay to play. Rule 206(4)-5, the Pay to Play rule, prohibits RIAs and their covered associates from providing services to certain political officials or candidates within two years of contributing to their campaign. This rule is designed to prevent advisors from leveraging political donations to receive preferential treatment when angling for government contracts.
Exams and inspections. The SEC reserves the right to conduct examinations and inspections of RIA firms periodically. The Division of Examinations releases an annual list of its priorities for the upcoming year, which can serve as a guide when determining which areas of your compliance protocol you might need to address.
Chief compliance officer. SEC-registered advisors must appoint a chief compliance officer (CCO) to oversee the firm’s compliance procedures and complete annual compliance reviews. If you run a small or one-person firm you might assume this role yourself; in a larger firm, you might employ a CCO on a full- or part-time basis.

Operating Procedures

Compliance rules also extend to your firm’s day-to-day operations. Here are some of the final points to include in your RIA compliance checklist.

Cybersecurity. In 2023, the SEC formally adopted rules requiring RIAs to implement cybersecurity programs and report cybersecurity incidents promptly. Disclosures must be made to the SEC within four business days of determining that a cybersecurity incident is material.
Recordkeeping. Rule 204-2 imposes recordkeeping requirements on investment advisors. To be compliant, you must maintain records of your business finances as well as client accounts.
Client communications. How you communicate with clients matters for compliance, specifically concerning the recordkeeping rule. The SEC is increasingly cracking down on the use of ‘off-channel’ communications, which can result in recordkeeping gaps. Maintaining accurate records of all client communications can help you avoid compliance issues.
Marketing and advertising. The SEC’s marketing rule states what advisors can and can’t do when advertising their firms. For instance, making misleading statements about an investment product would result in noncompliance.
Business continuity planning. The SEC proposed a rule that would require RIAs to have a business continuity plan in place, though it hasn’t been formally adopted yet. While not an explicit compliance requirement, it’s beneficial to consider where business continuity planning fits into your overall operations strategy.

Frequently Asked Questions (FAQs)

Who Needs an RIA Compliance Checklist?

An RIA compliance checklist may benefit advisors who want a streamlined tool for monitoring compliance requirements. A compliance checklist isn’t a substitute for a comprehensive compliance plan, however.

Does FINRA Regulate RIAs?

No, FINRA does not regulate registered investment advisors. Instead, they’re regulated by the SEC or their state regulatory authority, depending on where they’re registered. FINRA does, however, maintain the online portal through which SEC-registered advisors submit their Form ADV.

What Are the Consequences of RIA Noncompliance?

Failure to comply with regulatory guidelines can result in enforcement actions, including steep civil penalties. State regulatory agencies can also impose penalties on firms that fail to adhere to the applicable compliance rules.

Bottom Line

Having an RIA compliance checklist to follow can be helpful.

Compliance is not something you can afford to overlook, and having an RIA compliance checklist to follow is helpful. Using compliance software to manage the various requirements your firm must meet can also help you streamline the planning process.

Tips for Growing Your Advisory Process

Marketing is an essential task when you’re trying to attract new clients. If you don’t have hours each day to commit to marketing, you might consider working with a platform that’s designed with grow-focused advisors in mind. SmartAsset AMP helps you match with leads and gives you the tools you need to follow up. Schedule a demo to learn how you can leverage it to grow your business.
The SEC routinely proposes new rules or amendments to existing ones that may directly or indirectly affect RIA compliance. Keeping an eye on compliance and risk trends can give you an idea of what changes may be forthcoming so you can prepare your firm in advance.