Email FacebookTwitterMenu burgerClose thin

RIA Compliance Requirements


In order to work with clients, registered investment advisors (RIAs) must register with the Securities and Exchange Commission (SEC) or state securities regulatory agencies. Regardless of where they’re registered, RIAs are subject to compliance rules which are designed to ensure that they’re operating legally and ethically. It’s essential for new advisors to understand how RIA compliance requirements work.

SmartAsset’s Advisor Marketing Platform offers financial advisors services like client lead generation, automated marketing and more. Learn about SmartAsset AMP today.

RIA Compliance Rules Overview

The Investment Advisers Act of 1940 governs the activities of investment advisors in the United States. Advisors with $110 million or more in assets under management must register with the SEC unless an exemption is available. Smaller RIA firms may register with the SEC or their state regulatory agency, depending on their total AUM.

Under the Act, RIAs must meet compliance requirements. This provision is intended to prevent RIAs from violating the law and ensure that they uphold their fiduciary responsibilities. As fiduciaries, RIAs are obligated to act in the best interests of their clients at all times.

The SEC can penalize RIAs that don’t adhere to compliance requirements. State regulatory agencies can also impose sanctions on RIAs that are in violation of regulatory guidelines. RIAs that are found to be non-compliant can be fined. Individual advisors can be censured or even barred from holding certain positions or roles within the financial services industry.

RIA Compliance Requirements

There are several SEC rules governing compliance for RIAs. Here are some of the most important ones to know when putting together a compliance program.

Form ADV

Form ADV is required for RIAs to register with the SEC and state regulatory agencies. This form includes identifying information about an RIA, including its business structure, assets under management and fee structure. Sections 203 and 204 of the Investment Advisers Act authorize the SEC to collect information for Form ADV.

SEC Rule 204-1

Rule 204-1 outlines the requirements for updating Form ADV. An updated Form ADV must be submitted annually through the Investment Advisers Registration Depository (IARD) website. Amendments must be filed within 90 days of the end of your fiscal year.

SEC Rule 204A-1

Under this rule, RIAs are required to establish and enforce a written code of ethics. All supervised persons must receive a written copy of this code. The rule also specifies that access persons must submit securities holdings and transaction reports to the CCO.

An access person is a supervised person who has access to nonpublic information about client accounts or fund holdings or who’s involved in making securities recommendations to clients. If an RIA firm’s primary business is offering investment advice, then all officers, partners and directors are classified as access persons automatically under this rule.

SEC Rule 204-2

SEC Rule 204-2 governs bookkeeping and recordkeeping for RIAs. Following this rule, registered advisors are required to maintain accurate and up-to-date records for their businesses.

The list of records RIAs must keep is extensive and includes:

  • Originals of all written communications that are sent and received
  • Policies and procedures adopted by the firm under Rule 206(4)-7
  • Ledgers showing cash disbursements and receipts
  • Copies of bills or statements, paid or unpaid, relating to the advisory business
  • Check books, bank statements, canceled checks and cash reconciliations
  • Trial balances, financial statements and internal audit working papers
  • Power of attorney documents
  • Advertising and marketing documentation
  • A copy of the firm’s code of ethics, along with documentation of any ethics violations
  • Copies of each brochure, brochure supplement and Form CRS and amendments or revisions to these documents, that satisfied the requirements of Part 2 or Part 3 of Form ADV

The SEC issued revised rules allowing RIAs to maintain records electronically when certain requirements are met. Specifically, RIAs must take steps to protect records from alterations, loss or destruction and control access to them. Additionally, any electronic copies of paper documents must be complete and legible.

SEC Rule 206(4)-1

The SEC regulates RIA marketing and advertising under Rule 206(4)-1. Under this rule, RIAs are prohibited from using testimonials or endorsements in their marketing or advertising plans unless certain compliance conditions are met. The use of third-party advertising ratings is also prohibited without meeting requirements. RIAs must outline their advertising and marketing strategy in Form ADV.

SEC Rule 206(4)-2

The SEC custody rule requires RIAs to maintain client assets and securities with a qualified custodian. Additionally, RIAs must tell clients who the custodian is and how their assets are maintained, with the expectation that custodians will send out statements on a regular basis. The rule also allows for surprise inspections of firm records by a certified public accountant.

SEC Rule 206(4)-4

Rule 206(4)-4 requires disclosure of disciplinary proceedings, including any criminal or civil actions that an advisor has been or is subject to and administrative proceedings conducted by state or federal regulators. These disclosures are required to ensure that clients are able to make informed decisions about who they’re working with.

SEC Rule 206(4)-7

SEC Rule 206(4)-7 outlines three things that RIAs are required to do in order to be fully compliant. Under this rule, RIAs must:

  • Establish written policies and procedures for compliance.
  • Conduct an annual review of established policies and procedures.
  • Appoint a Chief Compliance Officer (CCO) to develop and enforce proper procedures.

Written policies must be designed to prevent, detect and correct violations of the Investment Advisers Act. Reviews of written policies must be scheduled annually.

New Cybersecurity Rules

In July 2023, the SEC adopted new rules requiring RIAs to disclose cybersecurity incidents and submit an annual disclosure detailing their cybersecurity risk management, strategy and governance policies. The new rules are designed to enhance transparency surrounding cybersecurity and incidents that may materially affect a firm’s clients.

If you need to spend more time on addressing your cybersecurity needs then that could mean less time marketing. You can save time by finding a solution that can help you with other aspects of your firm. SmartAsset’s Advisor Marketing Platform (AMP) offers financial advisors services like client lead generation, automated marketing and more. Learn about SmartAsset AMP today.

How to Ensure Your RIA Firm Is Compliant

A female advisor keeping her RIA compliant

RIA compliance rules are something to take seriously as you don’t want to jeopardize your business operations. With that in mind, here’s a checklist of things you can do to ensure compliance.

  • Meet all registration requirements as outlined by the SEC or your state regulatory agency, including filing Form ADV.
  • Establish written procedures for business operations.
  • Hire a chief compliance officer if you have not done so already.
  • Comply with anti-money laundering (AML) and know-your-client (KYC) regulations.
  • Maintain accurate records of all communications and financial transactions related to the business.
  • Choose a reputable custodian to hold client assets.
  • Maintain accurate and up-to-date records for client accounts.
  • Review your marketing strategy to ensure that you’re making the necessary disclosures.
  • Disclose all fees accurately and transparently.
  • Disclose any potential conflicts of interest in a timely manner.
  • Conduct annual reviews as scheduled and update your Form ADV annually.

Using automated software can be an effective way to track compliance and identify any potential violations or weak spots in your plan. There are a number of RIA software solutions that can help you streamline business operations while ensuring that your firm is compliant at all times.

Bottom Line

A man learning about RIA compliance rules

RIA compliance requirements exist to protect investors and minimize the potential for fraudulent or illegal activity. Developing a compliance plan can take time but it’s important to make sure you’re checking off all of the relevant boxes. It’s wise to review your plan regularly to ensure that you remain compliant in all areas as you scale your business.

Tips for Growing Your Advisory Business

  • The more time you spend keeping up with compliance, the less time you may have for other things like marketing. SmartAsset AMP (Advisor Marketing Platform) is a holistic marketing service financial advisors can use for client lead generation and automated marketing. Sign up for a free demo to explore how SmartAsset AMP can help you expand your practice’s marketing operation. Get started today.
  • Starting an RIA firm isn’t for the faint of heart and it’s helpful to fully understand what’s involved with regard to registration requirements and startup capital. You may find that it makes more sense to work with an RIA aggregator instead. RIA aggregators work in partnership with advisors to help them better serve their clients without having to start a new advisory firm from scratch.

Photo credit: ©, ©, © Onyshchuk