Regulatory Trends for Investment Advisors
By Trina L. Glass
“Stay ready, so you don’t have to get ready.” I don’t know the origin of this quote, but it is appropriate if you plan to stay ahead of the regulatory trends affecting your investment advisory business.
In October 2023, the SEC published its 2024 Examination Priorities just eight months after the publication of its 2023 priorities to address what it describes as a “fluid and evolving economic and regulatory landscape.” This report is golden because in it the SEC identifies any new and significant areas it will focus on during the coming year. However, because the exam priorities were published earlier than in previous years, the SEC stated that it has carried over many of the 2023 initiatives and focus areas into 2024. I assist many investment advisors and investment companies through regulatory examinations, and, for the most part, most deficiencies result from the very regulatory failures on which the SEC attempts to focus the advisors’ attention. Below, in no specific order, are my top five regulatory areas of focus, based on my experience and the exam priorities.
Each year is an opportunity for advisors to evaluate the adequacy of their compliance program and any new risks affecting the advisor. It is also an opportunity to determine whether the advisor’s existing policies, processes, and procedures sufficiently address the advisor’s risks and fiduciary obligations and are reasonably designed to ensure compliance with the federal and applicable state securities laws and other applicable regulatory requirements. The advisor’s review will also help determine whether existing policies and procedures are responsive to changing regulations, new firm services and offerings, and any weaknesses detected in its compliance program. The advisor’s review should also determine whether its compliance program adequately addresses conflicts of interest, including conflicts created by the advisor’s business and compensation arrangements or affiliations and conflicts related to the advisor’s or registered investment company’s fees and expenses. A comprehensive compliance program can help the advisor reduce financial, compliance and regulatory, and litigation risks. An adequate compliance review often results in new or enhanced policies and procedures and a stronger compliance program and culture.
While the SEC has always required advisors to complete an annual compliance review, effective Nov. 13, 2023, advisors are required to document the compliance review and any related actions or remediation efforts taken due to the compliance review. I suggest advisors consider a compliance review more than once a year, especially if the review of the advisor’s risks or realized compliance failures warrants a more frequent review or there is a material change in the advisor’s business.
The SEC has also stated that its “review of policies and procedures may include one or more of the following areas: portfolio management processes; disclosures made to investors and regulators; proprietary trading by the adviser and the personal trading activities of supervised advisory personnel; safeguarding of client assets from conversion or inappropriate use by advisory personnel; the accurate creation of the required records and their maintenance in a manner that secures them from unauthorized alteration or use and protects them from untimely destruction; safeguards for the privacy protection of client records and information; trading practices; marketing advisory services; processes to value client holdings and assess fees based on those valuations; and business continuity plans.”
Advisors achieve registration with the SEC and, if required, state securities authorities by filing a Form ADV. Form ADV is integral to the regulators learning more detailed information about an advisor’s business. However, Form ADV is also a valuable disclosure brochure for existing and prospective clients and the regulators.
The failure to adequately and sufficiently disclose information on Form ADV or to update any material changes to Form ADV will result in a deficiency. The advisor must also ensure that the information disclosed on Form ADV is consistent with information disclosed on the advisor’s client relationship summary (Form CRS), required advisor regulatory filings, the advisor’s website, and any other advisor communications with the public.
In my review of advisors’ Forms ADV, one or more of the above-mentioned required disclosures are sometimes missing or inadequate. And, too often, changes made to Form ADV do not flow through to other required regulatory disclosures or filings. This type of regulatory deficiency is avoidable.
One of the most heavily scrutinized disclosures relates to advisory fees and billing practices. Advisors must be sure to sufficiently disclose fees. This disclosure requirement extends beyond the fee schedule. Advisors must also disclose
Additionally, advisors must disclose whether account values used to calculate fees are different from the custodian-stated value due to the advisors’ use of third-party software. Lastly, advisors should confirm that the fee disclosed on the client’s engagement agreement correlates to the fee the client was charged. Advisors should keep records of all negotiated and reduced fees and test to ensure the client was charged appropriately.
According to the 2023 IBM Cost of a Data Breach Report, the financial services industry remains No. 2 in data breach costs. In March 2023, the SEC reopened the comment period for the proposed rules under the Adviser’s Act requiring advisors to address cybersecurity risks. In the interim, advisors have a fiduciary obligation to safeguard client data. This rule requires that advisors implement a cybersecurity strategy that evaluates the advisor’s existing information security safeguards to protect its clients’ material nonpublic information. This strategy should include regular review of the advisor’s technology and its related vulnerabilities; knowing what information the advisor collects, how it collects the information, how it stores the information, and who has access to the information; an assessment of the advisor’s ability to respond to a cyberattack; and whether the advisor has adequate cybersecurity insurance. Advisors must also assess their ability to respond to existing state-level data breach regulations.
In November 2022, advisors were required to comply with the SEC’s new marketing rule, which governs an advisor’s communications with the public, including existing and prospective clients (see “A compliance professional’s take on the new marketing rule” in the September 2022 NAPFA Advisor). While the SEC has released a few FAQs on the marketing rule, on Sept. 11, 2023, the SEC “announced charges against nine advisers for advertising hypothetical performance to the general public on the websites without adopting and/or implementing policies and procedures required by the Marketing Rule.”1 The SEC reminds advisors that it is focused on the following areas:
This list only reflects the most common areas of focus with which I’ve assisted my clients over the few months before drafting this article. It doesn’t include all the issues or areas of focus to which advisors have responded. My advice again is to stay ready, so you don’t have to get ready.
1. See SEC press release, “SEC Sweep into Marketing Rule Violations Results in Charges Against Nine Investment Advisers” (Sept. 11, 2023).
Trina L. Glass practices in the area of corporate law and federal securities law, principally in the areas of investment company, investment advisor, and broker-dealer representation. Her clients include established and emerging fund managers, investment advisors, broker-dealers, and other financial services firms.
image credit: istock.com/Douglas Rissing