Compliance 101: Ensure Your Compliance Technology is Up to Date

by | Oct 7, 2021

By Sarah Rasmuss, Chief Product Officer, CircleBlack

Moving from being a captive advisor to an independent Registered Investment Adviser is exciting but can also be complex. One of the most critical steps to complete while registering your new firm with form ADV is writing the narrative about your firm’s processes, services, fees, etc. This step must consider the technology you’ll use to manage your day-to-day operations for advisor experience, client portals, risk analysis, trading and rebalancing, reporting and auditing, and everything else that goes with the regulation in the wealth management industry.

The one tech stack component and essential tool to do your job efficiently is compliance technology. In this article, we provide a broad overview of what you need to know to ensure your RIA firm is fully compliant with all the relevant authorities, thanks to our compliance partner RIA in a Box:

In November 2020, NASAA adopted a new model rule that clarified the essential policies and procedures documents an RIA firm must-have. According to the new rule, investment advisors must provide the following: 

1. Compliance Policies and Procedures: RIAs must establish, maintain, and enforce written compliance policies and procedures reasonably designed to prevent violations by the RIA of the Uniform Securities Act of 1956 and the rules that the securities administrator has adopted under the Act.

2. Supervisory Policies and Procedures: RIAs must establish, maintain, and enforce written supervisory policies and procedures reasonably designed to prevent violations by the RIA’s supervised persons of the Uniform Securities Act of 1956 and the rules that the securities administrator has adopted under the Act. 

3. Proxy Voting Policies and Procedures: If an RIA has the authority to vote client securities, then they must explain the process follow the written policies and procedures. If the firm does not have the authority to vote on client securities, then this information must be disclosed to clients. 

4. Physical Security and Cybersecurity Policies and Procedures: RIAs must establish, implement, update, and enforce written physical security and cybersecurity policies and procedures reasonably designed to ensure the confidentiality, integrity, and availability of physical and electronic records and information. The policies and procedures must be tailored to the RIA’s business model, taking into account the firm’s size, types of services provided, and the number of locations. 

5. Code of Ethics: RIAs must establish, maintain, and enforce a written code of ethics that outlines how employees are expected to conduct business, as well as the course of action if an employee violates the Code of Ethics. 

6. Material Non-Public Information Policy and Procedures: RIAs must establish, maintain, and enforce written policies and procedures reasonably designed to prevent the misuse of material, non-public information by the RIA or any person associated with the firm. 

7. Business Continuity and Succession Plan: RIAs must establish, maintain, and enforce written policies and procedures relating to business continuity and succession planning.

Source: RIA in a Box

Firms have three choices to enforce compliance in these seven areas: choose a compliance officer, partner with an outsourced compliance consultant, or pair compliance technology with a compliance consultant. 

Adopting a compliance technology solution can save time and provide access to tools that create a culture of compliance. Additionally, the right compliance technology helps reduce time spent documenting regulatory activities by streamlining and simplifying the processes. Last, utilizing compliance technology empowers RIAs and their CCOs to navigate the complex regulatory requirements of today and the future.

Sarah Rasmuss is Chief Product Officer for CircleBlack, a unified best-of-breed wealth management platform that consolidates data from multiple custodians and allows advisors to choose the best solutions to fit their tech stack.