Are You One SEC Audit Away from Being Out of Business?

Are You One SEC Audit Away from Being Out of Business?

SEC audit

By: Kevin Sullivan, Guest Blogger and Director of Compliance
Published August 9, 2017

It seems like everyone wants to be an RIA these days. With the bureaucratic mindset and regulatory overreach at many wirehouses and broker-dealers, I get it. More and more gets piled on to the advisor. Why not break away and go it alone? Independence at last, DOL be damned. If you are thinking of becoming a Hybrid RIA with the goal of attracting other like-minded advisors and growing your business, you need to be prepared for an SEC audit. Let’s discuss just a few of the things you need to take into consideration.

Are you prepared to have the technology and support in place to ensure that continuous investment management of advisory accounts is taking place? How about cash concentration, structured products and VAs in advisory accounts? If you don’t monitor and manage, you’ll have to expect to rebate client fees when the SEC comes around.

Are you prepared to have technology and personnel in place to review outside investment accounts held by advisors, as well as licensed and non-licensed assistants? Add it to your technology budget. You’ll have to do it.

Who will do advertising review? Even if you affiliate with a broker-dealer, you will have to conduct your own RIA reviews.

Who will be conducting due diligence of investment products and service providers? Someone has to do it, and do it every year.

One of our advisors did what? Is that OBA covered in our E&O insurance? Better hire another compliance officer.

Who will review new account openings? Someone needs to review those? Yes, you do. On a timely basis, when they are opened.

Is the goal to have multiple offices in multiple states? Be prepared to have someone on staff to examine those offices, because the SEC will expect you to do it, not your BD. Add it to overhead and the travel budget.

Have you thought about cybersecurity? It is the latest of the SEC’s initiatives, and with good reason. The risks are extensive, and cyber fraud grows every day.

Are you prepared to pay for a vulnerability scan and conduct a comprehensive penetration test, along with daily constant monitoring of your systems? That will set you back $50k or more for sure, every year.

When ransomware freezes up one of your advisor’s computers, will you know where to turn? Oh, you’re going to rely on your broker-dealer’s system and some computer firewalls? Guess again, because that’s not going to fly with the SEC. Fail to comply with SEC guidelines, and you’ll face significant fines as high as $250k. Customer loss of PII and the reputational damage alone could very well put you out of business.

If you’re looking to attract new advisors, will you be prepared to answer questions on how you are addressing cybersecurity? You should be, because the smart ones moving to the independent space will be asking you.

Anti-money laundering? We haven’t even touched on it, but yes, AML is coming to RIAs with AUM greater than $100mm. It’s just a matter of time and one more thing to comply with on your checklist.

What do you know about block chain technology and DCOs? Not much? Me neither, but you better start studying up on it, because it’s the latest press release from the SEC.

Do You Really Want to Put Your Financial Firm at Risk?

I know what you’re thinking: Will the SEC really examine me? Certainly they have bigger fish to fry. They’re stretched thin. It’ll take five or six years before they get around to examining me. Maybe they never will. To tell you the truth, in all this excitement around the DOL, I’ve kind of lost track of the SEC myself. But the SEC is an agency of the most powerful government in the world, so you’ve got to ask yourself one question: Do you feel lucky?

Don’t press your luck. The regulators’ data analytics and personnel are getting better and better every year. Big isn’t always better, but the one place I wouldn’t want to be when FINRA or the SEC come knocking is at a small, weakly capitalized broker-dealer or an RIA ill-equipped to deal with the regulatory requirements. This somewhat explains why we’ve seen huge activity in RIA mergers over the past 12 months.

Before you go off on your own, examine who you are with, where you are going and why. You may be better off with an RIA already equipped to deal with the current compliance environment, and one with the infrastructure to take on future regulatory challenges. That way you can just focus on growing your business in an environment that allows it and promotes it. After all, isn’t that the ultimate goal?