As the regulatory landscape for Registered Investment Advisers (Firms ) continues to evolve, staying ahead of proposed rules is crucial for compliance and operational efficiency. Several proposed rules that could significantly impact how firms manage their business have been introduced, particularly in areas like outsourcing, cybersecurity, and anti-money laundering (AML) compliance. While these rules are still pending and subject to change, firms should begin preparing now to ensure they are ready to meet new requirements. The article outlines actionable steps firms can take in anticipation of these proposed regulations.
The SEC's proposed rule 206(4)-11 would require firms to conduct thorough due diligence and ongoing monitoring of third-party service providers that perform functions essential to advisory services. The rule aims to ensure that firms maintain oversight of outsourced services to avoid potential harm to clients.
Actionable Steps:
Identify Covered Functions: Assess which functions outsourced are critical to your advisory services.
Conduct Due Diligence: Implement a rigorous process to evaluate the competence and reliability of service providers.
Monitor Service Providers: Regularly review and document the performance of your third-party providers.
Amend Contracts: Ensure contracts with service providers include clauses for compliance and performance standards.
Develop Contingency Plans: Prepare for the orderly termination of service providers if they fail to meet obligations.
Concerns:
This rule may increase operational costs, particularly for smaller Firms, by imposing stringent due diligence and monitoring requirements. Smaller firms may also struggle with negotiating leverage over larger service providers.
Proposed Rule S7-12-23: AML Program for Firms  (Proposed Date: July 2023)
The SEC and FinCEN have proposed a rule that requires firms to establish anti-money laundering (AML) programs. This rule is designed to bring firms in line with other financial institutions to help combat money laundering and terrorist financing.
Actionable Steps if the Rule is finalized as proposed:
Â
Establish an AML Program: Develop a comprehensive AML program tailored to your firm's operations.
Train Staff: Regularly train your team on AML compliance and recognizing suspicious activities.
Set Up Reporting Mechanisms: Ensure you have a system in place to file Suspicious Activity Reports (SARs) as required.
Review and Update Policies: Periodically review and update your AML policies to reflect regulatory changes and new risks.
Engage Third-Party Audits: Consider having third-party auditors review your AML program to ensure compliance.
Concerns:
This rule may impose a significant compliance burden, especially on smaller firms that may lack the resources to establish and maintain robust AML programs. Additionally, there could be challenges in identifying suspicious activities, particularly for firms with limited AML experience.
Alongside the AML program requirements, the SEC and FinCEN have proposed a rule mandating firms to implement customer identification programs (CIPs). This is part of broader efforts to enhance the financial system's defenses against money laundering and terrorist financing.
Actionable Steps if the Rule is finalized as proposed:
Implement a CIP: Set up procedures to verify the identity of all clients before establishing a business relationship.
Document Verification Processes: Ensure all verification processes are documented and compliant with regulatory standards.
Incorporate Risk-Based Procedures: Adjust verification procedures based on the risk profile of different clients.
Review Existing Client Files: Audit existing client files to ensure they meet the new identification standards.
Update Recordkeeping Practices: Ensure that all client identification records are stored securely and are easily accessible for audits.
Concerns:
Similar to the AML requirements, the CIP rule could place a heavy compliance burden on smaller firms. The need for rigorous client verification may also introduce challenges in balancing client experience with regulatory compliance.
The proposed Enhanced Safeguarding Rule introduces significant changes to how "custody" is defined and interpreted for Registered Investment Advisers (RIAs). Under the current rule, custody already includes any scenario where an adviser has control or authority over client assets, whether physical possession or the ability to direct asset movement. However, the proposed rule expands this definition in several critical ways:
Inclusion of Discretionary Authority: The proposed rule broadens the definition of custody to include scenarios where an adviser has discretionary authority to make decisions regarding client assets, even if they do not physically control those assets. This could include situations where the adviser has the power to direct trades, transfer assets between accounts, or even decide on how assets are allocated, without needing direct client authorization for each action.
Â
Third-Party Arrangements: The rule also considers arrangements where third parties are involved. For example, if an adviser delegates certain functions to a third party but retains some form of authority over how those functions are executed, the adviser may still be deemed to have custody under the proposed rule. This expansion is particularly relevant for advisers who use external managers or sub-advisers but maintain oversight or final decision-making authority.
Â
Digital and Crypto Assets: Another significant expansion under the proposed rule is the explicit inclusion of digital assets, such as cryptocurrencies. The rule acknowledges the unique challenges and risks associated with safeguarding these assets and requires advisers to implement specific controls to protect them. This broadens the scope of custody to include not just traditional financial assets but also digital and crypto assets that have become increasingly common in client portfolios.
Â
Enhanced Recordkeeping and Reporting: The proposed rule requires more detailed recordkeeping and reporting practices related to custodial arrangements. Advisers must maintain comprehensive records of all actions taken concerning client assets under their custody, including those involving third-party custodians or digital asset platforms.
Â
Authority Over Client Contracts: The rule also expands custody to include situations where an adviser has the authority to amend or modify client contracts, particularly regarding asset management or custodial arrangements. This could apply to advisers who have the power to negotiate or change terms on behalf of clients without needing additional client consent.
Â
Actionable Steps if the rule is finalized as proposed:
Â
Review Custody Arrangements: Evaluate and document how client assets are custodied, ensuring they meet the new requirements, especially in light of expanded discretionary authority.
Update Policies: Modify existing custody policies to cover all asset types, including those managed through third-party arrangements or digital platforms.
Implement Strong Controls: Establish and enforce internal controls for the safeguarding of client assets, particularly in scenarios involving discretionary authority or third-party oversight.
Engage with Custodians: Work closely with custodians to ensure they comply with the SEC’s enhanced safeguarding standards, especially regarding digital and crypto assets.
Educate Clients: Inform clients about how their assets are protected under the new rule, including the implications of expanded custody definitions.
Concerns:
The broadened definition of custody may significantly impact operational practices, particularly for firms that engage in discretionary management or utilize third-party service providers. To meet the new requirements, firms may need to enhance their compliance infrastructure, adopt new technologies, and implement stricter oversight. The inclusion of digital assets in the custody definition also raises concerns about the adequacy of existing safeguards and the need for specialized expertise in managing and securing these assets.
The SEC’s proposed rule requires Firms to adopt and implement written cybersecurity policies and procedures to mitigate cybersecurity risks, and to report significant cybersecurity incidents to the SEC.
Â
Actionable Steps if the Rule is finalized as proposed:
Develop Cybersecurity Policies: Create comprehensive cybersecurity policies that address risk assessment, threat mitigation, and incident response.
Conduct Regular Risk Assessments: Regularly evaluate the cybersecurity risks your firm faces and update your policies accordingly.
Train Employees: Ensure that all staff are trained on cybersecurity protocols and aware of the firm’s cybersecurity policies.
Monitor and Log Activity: Implement continuous monitoring and logging of network activity to detect and respond to threats.
Prepare for Incident Reporting: Establish a protocol for reporting significant cybersecurity incidents to the SEC within the required timeframe.
Concerns:
The rule could impose additional costs on firms to develop, implement, and maintain cybersecurity policies. Smaller Firms may struggle with the technical and financial resources required to meet these obligations, and the requirement to report incidents could expose firms to reputational risks.
Â
Â
If you would like specific compliance education, training, and services to help with your compliance program or project, please contact Coulter Strategic Services.Â
Check out Coulter Strategic Services' growing collection of training resources, including IARCE. Visit today and stay tuned for new training resources.
All information provided is for educational purposes and shall not be construed as specific advice. The information does not reflect the view of any regulatory body, State or Federal Agency or Association. All efforts have been made to report true and accurate information. However, the information could become materially inaccurate without warning. Not all information from third-party sources can be thoroughly vetted. Coulter Strategic Services and its staff do NOT provide legal opinions or legal recommendations. Nothing in this material should be considered as legal advice or opinion.Â
#RIA #FinancialAdvisors #RegisteredInvestmentAdvisor #SECcompliance #Advisor #regulation #compliance #investmentmanagement #wealthmanagement #regulatoryeducation #compliancereview #annualreview #conflictsofinterest #proposed rules
Â
Comments