Tuesday, July 28, 2020, at 4 P.M. Eastern
Advisors4Advisors Webinar Series

2020 Compliance For RIAs

Cathy Vasilev
Red Oak Compliance Solutions

Andrew Gluck, Moderator

WEBINARS

Compliance for RIAs in 2020

Cathy Vasilev
Red Oak Compliance Solutions

Compliance Mission

• Compliance is a Culture, Not a Policy
• Compliance tone set at the top and expected of everyone.
• Compliance is everyone's business.

Reg BI / Form CRS

• Reg BI is the new SEC Rule for broker dealers
• Form CRS is a new SEC rule for advisers
• These new rules do not impose any new requirements for investment advisors, but reaffirms that investment advisers owe a fiduciary duty to its clients under the Advisers Act. Investment advisers have fiduciary duties of care and loyalty, must serve the best interest of its clients and not subordinate its client's interest to its own.
• The adviser must also eliminate or make full and fair disclosure of all conflicts of interest which might cause the adviser to give advice that is not disinterested.

Form CRS Continued

• Adviser must deliver an initial Form CRS to each new or prospective customer who is a retail investor before or at the time of entering into an investment advisory contract.
• Adviser must deliver an updated Form CRS to an existing client before or at the time of:
  • Opening a new account that is different from retail investor's existing account(s); or
  • Recommending that the retail investor roll over assets from a retirement account into a new or existing account or investment; or
  • Recommending or providing a new advisory service or investment that does not necessarily involve the opening of a new account and would not be in an existing account;
• Dual registrants are required to deliver a Form CRS at the earlier of the requirements for investment advisers or broker-dealers.

Advisor Duty of Care

• The Adviser duty of care comprises three components:
• Adviser must deliver an updated Form CRS to an existing client before or at the time of:
  • The duty to provide advice in the best interest of clients;
  • The duty to seek best execution of client transactions; and
  • The duty to provide advice and monitoring over the course of the advisory relationship.
• The duty applies to all investment advice, including advice about retirement plan roll overs, advice regarding investment strategy, advice to engage a subadvisor and advice about account type (commission-based or fee-based).

Disclosures

• Investment advisers must eliminate or expose through full and fair disclosure all conflicts which might cause them to render advice that is not disinterested.
• Disclosures must be sufficiently specific so that clients can understand material facts or conflicts of interest and make informed decisions regarding consent.
• Investment advisers are not required to make affirmative determinations that clients understood the disclosure and that the client's consent to the conflict was informed. Nor must disclosures be in writing.
• SEC has cautioned that some conflicts may be incapable of full and fair disclosure and consent. In those cases, conflict elimination or mitigation is required.

Similar Requirements

• While placing both BD and RIA firms under similar requirements, there will still be two separate sets of regulations that govern dealings with members of the public. In addition, firms that are dually registered will need to disclose the "hat" they are wearing in the offering of any given product or service, and will be required to follow whichever set of regulations that would be applicable.

Cybersecurity

• Communication tools present challenges when used for business purposes
• Keep passwords and accounts secure and do not share them with anyone. Authorized users are responsible for the security of their passwords and accounts.
• Need to properly safeguard non-public client information and other business information ("confidential information") Confidential information may be at risk for a security breach if:
  • Device is lost or stolen
  • Messages are not encrypted
  • Computers are not password-protected to prevent unauthorized access
• Other devices must be encrypted and password-protected according to Firm standards

More Cyber

• All computers, laptops and workstations should be secured with a password protected screen saver with the automatic activation feature set at 15 minutes or less, or by logging-off when the host will be unattended.
• To help maintain the security and confidentiality of clients' information in the electronic age:
  • Hide Wi-Fi networks
  • Securely send information via email (i.e. password protecting documents, encryption, etc.)
  • Using password managers or programs to store confidential passwords
  • Electronic tracking programs for lost mobile computing equipment

Risks

• Top Threats Include:
  • Hackers Penetrating Firm Systems
  • Insiders Compromising Firm or Client Data
  • Operational Risks
• Two Kinds of Firms:
  • Those that have been Hacked and Know It
  • Those who have been Hacked and Don't know it
• Most Common Way to Hack Your System:
  • Spear Fishing
  • User Clicks email and then attachment
  • Malware now enabled

Weakest Link

• YOU
• Clicking on Emails and Attachments
• Sending Unprotected Data to Clients
• Client Data in Wrong Hands is:
• Used to Perpetrate Fraud
• Sold to Perpetrate Fraud
• Wire Fraud
• Request to transfer funds will come from customer's actual email address or one nearly identical. Request will be to wire funds to a third party.
• Requestor may state that they can't answer phone due to meetings
• Reason for wire will often be an emergency

Phishing

• Social engineering or "phishing" attacks are one of the most common cybersecurity threats
• Phishing attacks may take a variety of forms, but all of them try to convince the recipient to provide information or take an action.
• Some phishing emails are researched and carefully customized to reach one or more selected individuals (e.g., an individual who is likely to have administrator privileges or senior personnel.

Phishing Continued

• In a phishing event, the attackers try to disguise themselves as a trustworthy entity or individual via email, instant message, phone call or other communication, where they request PII (such as Social Security numbers, usernames or passwords), direct the recipient to click on a malicious link, open an infected attachment or application or attempt to initiate a fraudulent wire transfer. Such "phishes" can appear to come from a variety of sources.

Things to Look At

• Discrepancy between the name and email address or "reply to" address of the sender
• New individual with whom you do not regularly correspond, such as IT manager, senior manager or CEO of the organization
• Generic Salutations
• Unexpected timing, type or style of communication from a known sender, such as a friend, co-worker or boss

More

• Problems with grammar or spelling, including subtle character substitutions, such as 0 (zero) in place of O (the letter O), or 1 (the digit one) in place of l (lower-case letter L)
• Request for highly sensitive information, such as customer account lists, Social Security numbers, credit card numbers, user names or passwords
• Sense of urgency with a request to access links or attachments, provide personal information or initiate a transaction

More

• Content that is designed to induce an emotional reaction in the recipient, such as political messages, personal attacks or untrue accusations
• Discrepancy between the written address of a link and its true destination (determined by hovering over the link)
• Suspicious URL patterns where the name of the intended web site appears anywhere other than at the very beginning of the URL
• Upon visiting the site, a message that indicates a problem with the "certificate".

Process

• Perpetrator obtains access to information through Malware or phishing scheme
• LOAs are used against the client
• Mules often completely unaware of scheme
• Advisors want to be perceived as easy to work with
• Single, most effective step is phone call!
• When fraud attempt is discovered, action should be taken internally first

• Firmwide notification
• Assets movement blocks placed on all related accounts
• Review all asset movement and trading activity
• Make the client whole
• Advise client to alert others to compromise of information
• Clients need to changes password on all accounts with same password

Fee Calculations

• ADV Part 2 must describe how you charge fees.
• Advisory agreement must describe how you charge fees.
• ADV Part I must indicate what fees you charge
• Form CRS must define how you charge fees
• These four documents must match.

Common Errors in Charging Fees

Fee-Billing Based on Incorrect Account Valuations

• Because advisers generally assess fees as a percentage of the value of assets they manage in each client's account, an incorrect account valuation will lead to an incorrect advisory fee being assessed to that client. Examples include:
  • Valuing assets using a different metric than what is in client's advisory agreement, i.e. using the asset's original cost to value an illiquid asset rather than valuing the asset based on its fair market value.
  • If agreement calls for fees to be based on fair market value of assets as valued by the custodian, then should not bill fees based on the fair market value of assets as valued by its portfolio accounting/management system.
    • Various factors may contribute to a difference between the market values provided by a custodian and the market values provided by a portfolio accounting system, including, among other things, differences due to unsettled trades, accrued income, the pricing of securities, and the dividends earned but not received.

• Valuing client's account using a process that differs from the process specified in client's advisory agreement, i.e. using the market value of the account's assets at the end of the billing cycle, instead of using the average daily balance of that account over the entire billing cycle as specified in agreement.
• With respect to private fund investments, if client agreement calls for assets to be valued by custodian, adviser should not be using the valuation provided by the fund sponsor.
• An adviser that observes that its practices differ from the disclosures in the client agreement must either amend its practices or amend the client agreement to reflect its actual practice.

Fees Charged on None Managed Assets

• Adviser charges fees on assets for which the client agreement did not contemplate fee billing.
  • Advisers provide some limited services for certain assets for which advisory fees are not contemplated. For instance, advisers may not charge fees on assets held away from the primary custodian because the adviser may not be able to implement its recommendations.
  • Similarly, an adviser may not charge fees on cash and cash equivalents

Billing Fees with Improper Frequency/Not Pro-rating

• Billing advisory fees on a monthly basis, instead of on a quarterly basis as stated in the advisory agreement or disclosed in Form ADV Part 2.
• Billing advisory fees in advance, when agreement specifying shows in arrears.
• Billing a new client for advisory fees in advance for an entire billing cycle, instead of pro-rating charges to reflect that the advisory services began mid-billing cycle.
• Not reimbursing a client a pro-rated portion of the advisory fees when the client terminated the advisory services mid-billing cycle, despite disclosing that they would do so in Form ADV Part 2.

Applying Incorrect Fee Rate

• Using an incorrect fee rate when calculating the advisory fees charged to clients.
• Applying a rate higher than what was agreed upon in the advisory agreement or double-billed a client.
• Charging a non-qualified client performance fees based on a percentage of their capital gains inconsistent with Section 205(a)(1)of the Advisers Act. (Not qualified clients)
• Applying Discounts Incorrectly as specified in the advisory agreements, causing the clients to be overcharged

• Did not aggregate client account values for members of the same household for fee-billing purposes, which would have qualified such clients for discounted fees according to the adviser's Form ADV or advisory agreement.
• Advisers fail to properly calculate performance fees. The calculation of performance fees can become complicated, particularly where the use of high watermarks and hurdle rates are used.

Excess Fees

• Did not reduce a client's fee rate when the value of that client's account reached a prearranged breakpoint level, which entitled that client to a lower fee rate according to the adviser's Form ADV or advisory agreement.
• Charged a client additional fees, such as brokerage fees, when such client was in the adviser's wrap fee program and the transactions qualified for the program's bundled fee.
• Disclosure Issues Involving Advisory Fees such as made a disclosure in the Form ADV that was inconsistent with their actual practices, such as advisers that disclosed in the Form ADV a maximum advisory fee rate, but nevertheless had an agreement with a certain client to charge a fee rate exceeding that disclosed maximum rate.

• Not disclose certain additional fees or markups in addition to advisory fees, such as advisers that did not disclose that they:
  • Collected expenses from a client for third-party execution and clearing services that exceeded the actual fee charged for those services by the outside clearing broker.
  • Earned additional compensation on certain asset purchases for client accounts or that they had fee sharing arrangements with affiliates.

• Advisers do not properly account for breakpoint discounts when billing clients. Many advisers provide breakpoint discounts to clients, depending on the amount of assets a client authorizes an adviser to manage. However, calculating fees where breakpoint discounts are involved can complicate fee billing, particularly where there are additions and withdrawals from the account over time. An adviser that relies on its custodian or portfolio accounting system to calculate fees should ensure that these breakpoints are being properly calculated.
• Not properly accounting use of margin in calculating fees. If the client agreement says that fees should be charged on assets net of margin, the client should not be charged fees on assets gross of margin. If the client agreement is silent on whether assets are charged gross or net of margin, the adviser should not charge fees based on assets gross of margin unless there are specific disclosures (including any pertinent conflicts of interest) that have been made to the client beforehand.

Fees Billing Process

• • Fee calculations can be calculated by adviser, custodian of software.
  • Fees are sent to the Custodian for debiting fees from client accounts.
  • The amount of fees charged must be reconciled against the amount paid.
  • This must be documented. Not enough just to match debits from clients to fees paid to adviser
  • Some states require advisers to send invoices to clients explaining what the fee was and how it was calculated.

Cash Management

• If you bill on cash in client accounts the SEC has certain expectations.
• You must manage the cash in order to be able to bill on it.
• If cash is being held in the account due to a recommendation to hold for potential opportunities, you must document this.
• If cash is being held at the client's request for a future purpose you may not charge a fee on that amount.
• Should perform quarterly analysis of what accounts have more than 15% cash and document why.

Remember

• If you do not charge a fee on cash, you cannot include these assets in your RAUM figure

Outside Brokerage Accounts

• All supervised persons are required to disclose any personal securities accounts for the individuals, their immediate family, any other adult members of their household and any trust of which they are trustee or beneficiary.
• Supervised employees are officers, partners, directors (or persons occupying a similar status or performing similar functions), or employees, or any person who provides investment advice on your behalf and is subject to your supervision.
• New brokerage accounts must be requested and approved, in writing, prior to opening the account.

Personal Trading

• Must either provide or arrange for duplicate account statements. (You are presumed to control the accounts of members of your family living in your household.)
• Must provide:
  • Initial Holdings Reports- due to CCO within 45 days of hire
  • Quarterly Holdings Reports- due to CCO within 30 days of quarter end
  • End of year PSTR- due to CCO within 45 days of year end

Personal Trading Accounts

• Do not have to provide if just trade mutual funds
• Do not have to provide if have another adviser manage your accounts on discretionary basis
• Do not have to provide if just invest in Direct obligations of the United States Government
• Do not have to disclose transactions effected pursuant to an automatic investment plan
• You cannot conduct personal trading activities in a way that is inconsistent with the duties owed to your clients.

Review Statements For Following Issues

• Securities currently on the firm's Restricted List;
• Securities currently on the firm's Watch List;
• Initial public offerings;
• Private placements;
• Any securities that may be potentially affected by inside information that the firm or access person may possess (Insider Trading);
• Market timing (if prohibited);
• Front running;
• Participating in block trades to the disadvantage of Clients;
• Trading activity in contravention to advice given to Clients.

Requires Pre-Approval

• Direct or indirect beneficial ownership of any security in an initial public offering (IPO) or in a limited offering
• Decision must be documented
• If work is not documented, it did not happen.

Complaints

• A complaint is a communication in any form that primarily expresses a grievance or dissatisfaction with the Firm, its products, or its associates
• Do not attempt to resolve complaints or errors on your own, or offer to make any payment to resolve a complaint/error
• Report any complaint you receive (written or verbal) to Compliance within 24 hours (or Consultant and/or attorney)
• In the event that you are also affiliated with a broker-dealer as a registered representative, you will need to share this communication with your broker-dealer's compliance department

• Log all complaints
• If you have errors and omissions professional liability insurance ("E&O") coverage, any complaint will need to be promptly submitted to your E&O carrier
• CCO will promptly acknowledge receipt of the complaint to the customer.
• CCO will investigate and determine resolution
• Document all resolutions