RIAs: What Does Your Budget Say About Your Compliance?

Apr. 26, 2018

If you operate a registered investment adviser (“RIA”), there are two simple questions you can ask yourself to self-assess your firm’s commitment to compliance: (1) what do you budget on a monthly or yearly basis for compliance-related costs? (2) If asked, would you feel satisfied providing that number to a regulator, and explaining how compliance funds are used?


If the answer to the first question is “zero” or “I don’t know” – or if you have doubts about the second—you likely have a problem. 


The Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank”) shifted regulation of many RIAs to states and away from the Securities and Exchange Commission (“SEC”).  As state regulators have become more experienced and sophisticated in administering registration, examination, and enforcement programs, both the barrier to entry and the bar for remaining registered with states has been raised. That trend is likely to continue.


The Minnesota Department of Commerce (the “Department”) now requires new applicants for registration as an investment adviser to provide—in addition to their Form ADV Parts 1 and 2—detailed information about the firm’s compliance policies and procedures.  For example, the Department now requests a copy of the applicant’s written supervisory procedures (“WSPs”), the applicant’s policy for how it will conduct its (required) annual compliance assessment, and the applicant’s form client contract.  Notably, these requests are made prior to and as a condition of registration. If the firm does not have these documents in place—or if such documents are based heavily on templates and not narrowly tailored to the firm—the applicant’s registration will not be approved.


Further, the Department has now performed desk or onsite examinations of over 1/3 of all state-registered RIAs located in Minnesota.  The Department has performed targeted “sweep” examinations of many more.  As Department examiners continue to work through the list of Minnesota RIAs who have yet to be examined, and continue to conduct periodic sweep exams, the question is not if you will be examined but when.


Are you ready? 


Here are some questions to make that determination:


  • When did you last update your Form ADV Part 1 and Client Brochure?

    • Have you made (required) annual updates?

    • Have you delivered, or offered to deliver, your Client Brochure on at least an annual basis?


  • Do you have written supervisory procedures in place? 

    • Who drafted them?  Are they based on a template?

    • When was the last time you reviewed them?

    • Do they clearly identify who is responsible for specific tasks, when those tasks occur and where performance of the tasks is documented? 

    • Do you follow your written procedures?

    • Do you have a designated chief compliance officer, and is that person adequately performing their duties as such?


  • What information do you collect from clients to inform the services you provide to them?

    • Do you have documentation showing clients’ investment objectives, risk tolerance, goals, sophistication, etc.?

    • How often is this documentation reviewed or revisited with clients?

    • Are you comfortable (and can you demonstrate to an examiner) the services/recommendations you have provided to your clients are suitable and in the clients’ best interests based on the information you have collected?


  • How careful are you in retaining required books and records of the firm?

    • When did you last look at Rule 204-2 of the Investment Advisors Act (which is incorporated by reference in Minnesota Rule 2876.4114)?

    • If an examiner asked you to produce records you are required to maintain pursuant to the above regulations, how quickly could you find them?


  • Are you meeting Minnesota’s net capital and surety bond requirements?  (See here for more information on these requirements.)


  • What have you done about cybersecurity?

    • As cybersecurity continues to be a top priority for state and federal securities regulators, it is likely you will be asked about your cybersecurity policies/practices in an exam.

    • Do you have a plan in place for what you would do if your firm is hacked, or sensitive client information is otherwise inadvertently disclosed?


      If you find that any of the above questions cause you concern, you are not alone.  However, it is on you to take proactive steps to address any gaps in your compliance.  Doing so takes time, resources, and commitment… and, at the very least, a line item on your budget.

Written By:
Brian Edstrom

Brian Edstrom is a Shareholder and Attorney at Avisen Legal, P.A. He brings to Avisen clients the ability to “speak regulator,” having spent several years working for federal and state regulators in Washington D.C. and Saint Paul, MN before entering private practice. Brian assists clients in all aspects of working with securities regulators, whether it be to obtain a license or registration, prepare for an audit, or respond to an enforcement investigation.  Brian also regularly advises clients on their general business needs, particularly surrounding raising money through securities offerings.

E-mail Brian

901 Marquette Ave S.
Suite 1675
Minneapolis, MN 55302

Call Us:

(612) 584-3400