Ethics Center: Sales & Marketing

Advisor Alert: Five Ways to NOT Run Afoul of the SEC

Remember your high school days . . . a time when your teachers told you what you needed to know and then tested you on it? Unfortunately, real life has a way of testing us without giving us a warning first—unless you’re an SEC- or state-regulated investment advisor.

That’s because the SEC’s Office of Compliance Inspections and Examination (OCIE) is good enough to periodically release study guides—“Risk Alerts” in SEC parlance—in order to help advisors avoid the compliance lapses that commonly arise during field inspections. Its most recent alert, published on 2/7/17, detailed the most common deficiencies that arose during 1,000 investment advisor examinations over the past two years. If you operate under a state or federal investment-advisor license, you’d be wise to review this document to help you ace the exam if and when the SEC arrives to inspect your operation.

According to OCIE, the most common compliance lapses fall into these five areas:

  • Compliance: Rule 206(4)-7 of the Investment Advisers Act of 1940,

  • Required regulatory filings,

  • Custody: Rule 206(4)-2 under the Advisors Act,

  • Code of Ethics: Rule 204A-1 under the Advisors Act, and

  • Books and Records: Rule 201-2 under the Advisors Act.

Let’s take a quick look at some of the common failings under each item so you can be sure not to make the same mistakes. Ready?

Compliance: The SEC found that in many cases, registered investment advisors (RIAs) often violated various aspects of the Compliance Rule. For example, RIAs often had compliance manuals on the shelf that did not reflect their firm’s actual business practices or that were out of date. Some failed to review their compliance program on an annual basis or to verify that their investment advisor representatives were actually following the rules.

Takeaway: Refresh your memory on what the Compliance Rule requires and then make sure to review and revise a customized compliance program at least once a year to make sure it is working properly.

Regulatory Filings: These are the heart of compliance with the Advisors Act. Not surprisingly, the SEC is hard-nosed about RIAs filing correct and timely Form ADV Part 1A and Part 2A, along with Form D and Form PF regarding their private fund activities. Unfortunately, the SEC found across-the-board problems with these filings, including inaccurate information about custody, assets under management, disciplinary actions, conflicts of interest, and client types.

Takeaway: Hit the books hard in terms of the three major required filings: FORM ADV (both parts), Form PF, and Form D. Know exactly each form’s data requirements and plan in advance to collect and file the information before the SEC’s due dates.

Custody: Violations of the so-called “Custody Rule” are a flash point for the SEC because they can put client assets at risk. Two things trigger SEC concerns. First, when RIAs fail to realize that having online access to customer accounts in effect gives them custody. Second, that having legal authority over a client account has essentially the same outcome. In both cases, RIAs must comply with various custody requirements, including arranging for a surprise examination of all of the accounts in question by an independent accountant. The SEC’s OCIE revealed that advisors commonly failed to realize they had custody, to provide all custodial accounts to their independent auditor, and to make sure that person’s audit occurred on a “surprise” basis.

Takeaway: Review all accounts to identify those for which you possess user IDs and passwords, thereby giving you custody. Also identify those accounts for which you have legal authority to act on your clients’ behalf. In both cases, make sure to comply with all relevant SEC requirements, including “surprise” auditing.

Code of Ethics: The SEC’s Code of Ethics Rule requires all advisors to adopt and maintain a code of ethics, which imposes a standard of business conduct for all supervised individuals. What’s more, the rule requires certain “access persons” to report their securities transactions and holdings to the firm’s chief compliance officer or other designated person, while securing firm approval prior to investing in initial public offerings or private placements. Firms must also give each representative a copy of their ethics code and collect a written acknowledgement. Finally, all representatives must reference the code of ethics in their Form ADV Part 2A brochure and offer to share the code with clients upon request. On all the prior points, the SEC found significant non-compliance among the examined advisors.

Takeaway: Review the Code of Ethics Rule and make sure to comply fully with it. Also, don’t just treat this as a pro-forma exercise. Think about the precepts in the code and make sure your business practices are consistent with them.

Books and Records:  Maintaining adequate books and records is a crucial aspect of SEC compliance. In its review of recent RIA inspections, the SEC’s OCIE uncovered multiple problems involving failure to maintain required records, to update books and records or to keep them accurate, and make sure all information is consistent across separate record sets.

Takeaway: Understand that being able to present the SEC with a full set of complete, accurate, and updated records will help to convince them you are committed to full compliance. However, if your records are spotty, outdated, or inaccurate, then you will, in effect, wave a red flag asking for even greater SEC scrutiny.

In summary, the National Ethics Association recommends you carefully review all SEC Risk Alerts prior to your exam and then address deficiencies well in advance. By becoming a diligent student of RIA compliance, you’ll likely emerge from your inspection with top grades. Good luck!

For information on affordable E&O insurance for low-risk insurance agents, investment advisors, and real estate broker/owners, please visit For information on ethical sales practices, please visit the National Ethics Association’s Ethics Center.