News Analysis: The Real Story Behind The SEC Warning That It Has Found “Widespread” Violations By RIAs Of The Custody Rule Hot
“The NEP (National Examination Program) reviewed recent examinations that contained significant deficiencies,” says the alert issued by OCIE. “Approximately one-third of them (over 140) included custody related issues.”
Simultaneous to issuing the warning to RIAs, the SEC issued an “investor bulletin” explaining the custody rule to consumers.
The deficiencies NEP staff are finding can be grouped into four categories:
- failure to comply with the rule’s “surprise exam” requirement
- failure by an adviser to recognize that it has “custody” as defined under the custody rule
- failure to comply with the “qualified custodian” requirement
- failure to comply with the audit approach for pooled investment vehicles
As a reporter who has covered the RIA business for over 25 years, here’s my assessment of what’s happening.
About 90% or 95% of RIAs do not take custody of client assets. They outsource the job to escape the onerous requirements of serving as a custodian. If an RIA does not outsource the job of the custodian, the RIA must comply with rules that protect investors, costing them a lot of money and are an enormous hassle.
Requirements Of RIAs Taking Custody
RIAs in custody of client assets can elect to hold the assets at a “qualified custodian,” a broker-dealer or bank. The custody rule requires these RIAs to provide clients prompt written notification of the QC’s name and address and information about how his assets are being held. The RIA must also have an assurance from the QC that it will send the RIA’s clients their account statements at least quarterly.
In addition, RIAs taking custody of client assets and holding the assets at a qualified custodian must hire an independent accountant to conduct a surprise exam of the custodial arrangement at least annually to verify that client assets are indeed where they’re supposed to be.
Moreover, if the custodian is related to the RIA, the accounting firm that conducts your surprise audit must be registered with the Public Accounting Oversight Board, an accounting industry self-regulatory organization overseeing CPAs that audits public companies, and the RIA also must annually get a report from its auditor saying controls are in place to verify client assets are accounted for properly.
RIAs acting as a general partner in pool of client assets face even stiffer requirements, including the expensive task of annually providing clients with an audited financial statement. Obtaining an independent audit excuses an RIA from the surprise audit and QC statement requirements, however.
The Accidental Custodian
Of course, the vast majority of RIAs want to avoid all of the requirements associated with the custody rule and don’t take custody of client assets—at least not intentionally. They let qualified custodians (QCs) like Charles Schwab or TD Ameritrade serve as custodian of client assets under their management.
Apparently, however, RIAs are taking custody of client assets inadvertently. They’re accidental custodians, guilty of being sloppy or ignorant of the custody rule requirements. How can an RIA be an accidental custodian? Let’s count the ways.
1. Your client gives you the password and user ID for his 401(k) or other accounts. It’s not uncommon for an RIA to ask clients for their passwords to their 401(k)s and other accounts. RIAs want to manage the 401(k) assets one day and have an incentive to monitor held away assets. But if you gain access to an online account where you can trade, you’re a custodian of those assets.
2. You pay bills for your clients.
3. You have power of attorney over a client’s assets.
4. You have the client’s checkbook and he has told you to feel free to write checks and sign his name.
5. You are a successor trustee on a client’s account and after the client’s death become a trustee and are understandably deemed to be a custodian
Intentional Custodians
Then there’s the small number of RIAs that are intentionally acting as custodians. The 5% to 10% of RIAs intentionally acting as custodians are running pooled investment accounts or acting as general partners in a privately-held venture.
These investment advisors are making a deliberate decision to be dealmakers in private ventures or are essentially running their own private mutual funds. Because the activities of these RIAs are far more opaque than the business of the vast majority of RIAs, the custody rule imposes special requirements on them. These RIAs must either outsource to a qualified custodian or hire an independent CPA firm to audit the pooled assets or partnership deals and provide a financial statement opining on the condition of each investment entity.
The Real Story Behind Today’s SEC Alert
Many, if not most, of the RIAs regulated by the SEC—all of which are firms with more than $100 million AUM—are small businesses run by one or two principals and a few support staffers. They’re mom and pop shops. They’re not run by professional managers and the director of operations is often an office manager who gets promoted when the firms gets successful.
While it is obvious that holding a client’s physical assets—stock certificates, bonds, deeds, partnership agreements, and other valuables—would make you a custodian and trigger the custody and all its requirements, the less obvious ways enumerated above can make an RIA a custodian accidentally, and that’s where RIAs are probably falling short.
In a way, this is good news. These deficiencies highlights in the SEC warning to RIAs are mistakes and not criminal violations. There’s no pattern of fraud that the SEC is saying it is concerned about.
But the real story here is that the SEC is proactively doing something about the custody rule. The SEC for as long as I’ve been covering this business has always tolerated widespread deficiencies in RIA compliance with the custody rule.
Fraud by RIAs was probably not enough of a problem to merit enforcement of the custody rule. The SEC had bigger fish to fry. That all changed after the market crash of 2008 revealed a small number of RIAs as Ponzi schemes, including the Bernie Madoff fraud.
The custody rule has been in place since 1962, according to the SEC’s alert today. While the details of the rule have been updated, including some changes made as recently as 2010, the rule has been on the books for over 50 years. The real story is that the SEC is actually doing something to enforce it now.
Related reading:
SEC Staff Responses to Questions About the Custody Rule
This Website Is For Financial Professionals Only
- Plain-English Translation Of SEC Official's Speech To RIA CCOs
- RIA Data Security Webinar By Compliance Whiz Chris Winn Receives A 4.7 Rating From Attendees
- 2014 RIA Compliance: 23 Questions From Advisors And Answers
- Questions About ByAllAccounts And When Account Aggregation Of 401(k) Assets Triggers Onerous Custody Rules Become Focus Of Webinar About 2014 SEC Examination Priorities For RIAs