Executive Summary
One of the most intimidating aspects of launching a solo advisory firm is the question of how to manage compliance. Advisors coming from a background of working as an employee at a larger firm may be familiar with some of the rules for complying with state or Federal securities regulations from the perspective of an individual advisor, but handling compliance for an entire firm – even when there is just 1 employee – entails a whole additional set of responsibilities to be aware of. Fortunately, the annually recurring nature of ongoing RIA compliance tasks makes it highly conducive to create a compliance calendar for a solo RIA (particularly because they must manage it all themselves) which helps to systematize and manage compliance tasks, requirements, and deadlines by breaking them up into discrete steps to complete incrementally throughout the year.
A good baseline for creating an annual Compliance Calendar comes from the North American Securities Administrators Association (NASAA), which publishes Model Rules for investment advisers that many states base their own requirements on, and can give an overall sense of the types of tasks RIAs can build into their own annual compliance calendar (with the caveat that specific compliance requirements for RIAs vary at the state level, where most solo advisors are registered).
The 1st category of tasks that advisory firms must handle involves renewing their registration with the applicable state(s) in which they do business each year, which typically involves submitting select documents (e.g., accounting reports, client contract templates, and a surety bond) and filing an annual renewal fee near the end of the year. After year-end, firms typically have until March 31 to submit an annual amendment to their Form ADV Part 1 and Part 2A/2B, and until April 30 to offer a copy of their updated Form ADV to their clients.
Second, firms are generally required to adopt and implement a set of written policies and procedures governing the firm’s actions in areas including proxy voting, cybersecurity, personal trading of the firm’s employees, material nonpublic information, and the firm’s business continuity plan. Firm policies and procedures in each of these areas need to be reviewed and updated on an annual basis; however, given how wide-ranging each of these topics can be, solo advisors might want to consider tackling each topic separately at a different time each year (for example, addressing 1 major area each quarter).
Third, regulators require RIAs to maintain an extensive set of books and records of the firm’s business and advisory practices, including business and financial records (like bank statements and invoices), client-related documents (like written client communications, client agreements, and written information forming the basis of any recommendation made by the advisor), advertisements (including newsletters, blogs, and social media posts), and written copies of the firm’s policies and procedures (including records of holdings and trades in the advisor’s own personal accounts).
Putting all of this information together, it’s possible to create a compliance calendar that accounts for each task required, its frequency, and the due date for each. Because even though most compliance tasks (save for annual registration renewal and annual ADV updates) don’t have specific due dates during the year, setting a date for each task to be done – and blocking out specific time in the advisor’s calendar to do so – can ensure that it gets done. Which can be especially helpful for RIA founders who are also their own Chief Compliance Officers, and still have a duty to oversee (and document that they are overseeing) themselves.
Ultimately, the key point is that turning a litany of annual RIA compliance tasks into a compliance calendar helps to systematize the process of managing compliance (especially for a solo RIA) in order to stay on top of all of the firm's compliance requirements, even when there are other matters like client-facing work that can seem more urgent at any given time. Because once compliance tasks are systematized into time blocks on a calendar basis – approximately 1 hour for monthly tasks, 4 hours for quarterly tasks, and 8 hours for annual tasks, at least for a solo advisor – it’s feasible for the RIA to keep their compliance house in order with barely 2% of their annual working hours… leaving the other 98% of their time to serve their clients effectively (and get new ones, too!)!
"What am I going to do about compliance?" For many advisors thinking about launching a solo RIA firm, this is the question that stops them dead in their tracks. Employee advisors at RIAs, and registered representatives at broker-dealers usually have access to a compliance department or home office that sets and implements firmwide compliance procedures, which means that although the advisor still needs to fulfill their own personal compliance duties (e.g., properly documenting investment recommendations and reporting on personal securities transactions each quarter), they don’t need to worry about administering compliance for the entire company.
But that all changes for an advisor running their own firm: Alongside the titles of Advisor and Founder comes that of Chief Compliance Officer, a.k.a. the person responsible for setting the firm’s compliance policies and procedures (and ensuring they are followed, and that it is documented that they are followed). They are also the person whom the SEC or state examiners will contact when (and it is when, not if) they conduct a periodic examination to dig into the firm’s practices. Which means that one of the key responsibilities for solo advisors – along with marketing, bookkeeping, managing technology and vendors, financial planning and analysis, and oh yeah also meeting with clients and bringing in new ones – is keeping on top of compliance for their firm.
Compliance Responsibilities For (Solo) RIA Owners
At a high level, "compliance" simply means ensuring that the firm and its employees follow all Federal and state regulations (under the Investment Advisers Act of 1940 for SEC-registered advisers, and the equivalent state laws for those that are state-registered) that are applicable to registered investment advisers. But in practice, staying in compliance involves a series of ongoing tasks designed to ensure that the rules and regulations are carried out by all of the firm’s employees. Because unlike most laws, where the state has the burden of proof to show that a person has broken the law (e.g., the police need to actually catch a person driving over the speed limit in order to give them a speeding ticket), RIAs generally need to prove that they are following the law – which gives rise to a host of filing, reporting, and recordkeeping obligations that make up the compliance to-do list for advisers.
Nerd Note:
Astute readers will note that this article uses both the words advisor (with an 'o') and adviser (with an 'e'). This isn't a typo! In this context, advisor refers to the individual running an advisory firm (as in solo advisor), while adviser refers to the advisory firm itself (as in Registered Investment Adviser).
If the SEC and state securities regulators published a list of all the various compliance tasks for RIAs to complete, it would be a lot easier to come up with a plan to stay on top of them. That’s unfortunately not how it works – likely at least in part by design – because regulators generally want to ensure that each RIA’s compliance program is tailored to its own firm’s operations, and follows the underlying principles of adhering to a fiduciary duty (however it would be best applied for that firm), rather than a standardized set of check-the-box rules-based compliance requirements. Instead, regulators publish rules for the types of documents and information that RIAs need to file or maintain (e.g., SEC and state requirements for advisers to "adopt and implement written policies and procedures reasonably designed to prevent violation of the Advisers Act") without much guidance on the specifics of how to do so.
One of the key responsibilities of advisors, then - especially solo advisors – is to understand which compliance tasks are required of them, and design a plan for keeping up with them. Because while compliance likely isn't the favorite part of many advisors' jobs, it is necessary for being able to continue doing the work that they do enjoy – namely, advising clients on their investments and other financial topics.
In general, RIA compliance requirements break down into 3 categories:
- Maintaining the adviser’s registration at the SEC or state level(including annual registration renewal and updating Form ADV);
- Establishing, maintaining, and enforcing written policies and procedures; and
- Maintaining books and records.
Nerd Note:
The list above is specific to solo advisory firms where the owner/advisor is the sole person doing the firm’s work. Firms with employees or contractors have an additional layer of supervisory responsibilities that are outside the scope of this article. Notably, though, this also means that RIA compliance for solo RIAs really is “simpler” than it is for larger firms, because an additional layer of supervising-other-employees requirements simply don’t exist when the RIA owner is the only participant in the business!
The specific obligations under these categories can vary based on whether the RIA is SEC- or state-registered and, if the latter, which individual state(s) they are registered in. Since many solo RIAs have less than the $100 million in assets under management that would require them to register with the SEC, this article will focus on complying with state-level laws and regulations.
The North American Securities Administrators Association (NASAA) adopts Model Rules for state securities regulators to base their own regulations on, and we’ll use those Model Rules for a general overview of the compliance obligations of solo RIAs (adding in any particularly notable state-specific nuances).
Ongoing Registration Tasks (And Form ADV)
Before they can start working with clients and giving advice for compensation, investment advisers with less than $100 million in assets under management must first register at the state level (typically with the state in which their business is based, though occasionally in other states as well, depending on where their clients are located). This can be done by individual advisors directly, by following the rules published by their individual state regulator, although in practice most advisors use some 3rd-party compliance consulting firm that knows (and can expedite the execution of) the process.
After the initial registration, advisers then must typically renew their registration before the end of each calendar year. Being so crucial to staying in the business of advising clients, registration renewal could be the single most important task in the ongoing compliance calendar.
Typically, registration renewal has 2 parts:
- Gathering and submitting required documentation to state regulators; and
- Paying the state registration fee for the RIA firm and its Investment Adviser Representatives (IARs).
Individual states have their own requirements dictating the types of documents that RIAs must submit for registration renewal. In my home state of Nebraska, firms are required to submit either an audited financial statement (if the firm has custody of client assets) or a signed balance sheet (if it doesn’t have custody), a copy of the firm’s surety bond if the RIA doesn’t maintain at least $25,000 in net capital, and a copy of each type of client agreement that the RIA uses (e.g., investment management agreements, financial planning agreements, sub-advisor agreements, etc.), redlined to highlight any changes from the previous year. Other states, like New York, also require an income statement for the previous fiscal year.
In states with similar documentation requirements, the time budgeted for registration renewal may include the following:
- Keeping up-to-date on bookkeeping in order to produce an accurate balance sheet and/or income statement;
- Renewing the firm's surety bond, if needed;
- Reviewing and marking any changes made to the firm’s standard client agreements; and
- Paying the firm fee on the FINRA Gateway site.
If there are no major changes to the firm’s advisory agreements, most of the renewal process can be done in under an hour (with the exception of bookkeeping, which can take more time but can also be outsourced to an external vendor to reduce the ongoing time burden) – meaning that while it is one of the most important tasks of the year, registration renewal can also be among the easiest to accomplish.
Form ADV
In addition to registration renewal, the other major annual requirement for RIAs is to submit an annual amendment to their Form ADV, which, in practice, has 2 parts:
- Updating Form ADV Part 1 on the Investment Adviser Registration Directory (IARD)via the FINRA Gateway; and
- Updating the Form ADV Part 2A brochure (and Part 2B brochure supplement)and providing it to clients.
The deadline for submitting the annual amendments to both forms is 90 days after the end of the RIA’s fiscal year – for firms that go on a calendar year, that makes for a March 31 deadline.
For solo advisors, the Part 1 update can be a fairly easy process after navigating some of the nuances of the form’s language since there are typically no additional employees or owners to disclose. The most challenging part may be determining the amount of the firm’s Regulatory Assets Under Management (although billing and custodial software often comes with ways to calculate that number), but even then, the Part 1 update can often be done in less than an hour.
For Part 2A, the firm brochure, the amount of time required depends on whether the firm has made any substantial changes to its fees or services. In a ‘normal’ year, the only part of Form ADV Part 2A that may need to be updated is the amount of the firm’s assets under management under Item 4. But if a firm has implemented bigger changes, it would need to budget time to fill in those changes. For example, since my RIA outsources its investment management to Betterment for Advisors, my firm’s ADV Part 2A must include a description of the services available through Betterment, Betterment’s trading policies, and any fees that would be charged to clients by Betterment (in addition to my own advisory fees). And although Betterment provides some template language to advisers to help fulfill these requirements, I still needed to review and adapt it to fit with the way my firm operates.
Form ADV Part 2B is a supplemental form to Part 2A that firms must file for each of their advisors and any other 'supervised persons', containing information about the advisor’s educational background and business experience, credentials they hold, any other business activities or additional forms of compensation they receive, and any disclosures of disciplinary proceedings, arbitration claims, and the like. Solo advisors need only file Form 2B for themselves, and unless there are changes to any of the above items, the form rarely requires substantial updates (though it’s still best to review each year in case there are items to update).
Once the adviser updates Form ADV Parts 2A and 2B, they are typically required to file the form electronically with their state securities regulators through IARD at the same time they file Part 1. But after filing the forms, there’s one more step in the process: Each year, per the instructions to Form ADV Part 2, RIAs must deliver the form, or a summary of any material changes plus an offer to provide a copy of Part 2A, to each client within 120 days of fiscal year-end (which is April 30 for firms that go by the calendar year). This doesn’t have to take much time – it can usually be a simple template emailed to each client with a PDF of the Form ADV Part 2A link to the form kept on the firm’s website (oh yeah, which should also be updated once the annual amendment is filed) – but can be easy to forget after getting the amendment filed amidst the bustle of tax season.
Nerd Note:
While the SEC’s instructions to Form ADV Part 2A require Federally registered RIAs to deliver the brochure or a summary of material changes to clients each year, NASAA’s Model Rule 203(b)-1 regarding Part 2A explicitly does not require state-registered advisers to deliver the brochure if no material changes have taken place since the last brochure delivery.
However, not all states choose to adopt NASAA’s model rule; instead, some states align with the SEC’s version of the rule, so it’s important for advisers to check with the specific requirements of the state(s) in which they’re registered to know when they need to deliver annual brochure updates to clients – or they can just default to delivering the updates every year to be on the safe side, given the fairly minimal time requirements for doing so!
To summarize the compliance tasks for solo advisors to complete on an annual basis:
Ongoing Compliance Policies And Procedures Tasks For (Solo) RIAs
In addition to registration renewal and the Form ADV annual amendment, the compliance calendar for a solo advisor also includes a set of responsibilities associated with updating and maintaining the RIA’s compliance policies and procedures in accordance with Federal and state securities regulations. In short, firms need to follow the rules and show their work in doing so.
While each state has its own set of rules around policies and procedures, NASAA's Model Rule for Investment Adviser Written Policies and Procedures, on which many states’ regulations are based, lays out many of the common requirements that advisers need to go by (with the caveat that advisers need to check their own states’ rules for their own specific compliance rules). The following sections, which run down the main points of NASAA’s Model Rule, can give solo advisors a sense of the tasks and time requirements around maintaining their policies and procedures each year.
Compliance And Supervisory Policies And Procedures
The adviser's compliance policies and procedures generally need to be kept in written form, in a document usually referred to as the firm’s ‘compliance manual’. This is the bedrock document of the firm’s compliance program that enumerates the firm’s approach to all of the various compliance topics that follow. The main thing to remember is that the firm’s compliance manual should generally be reviewed and updated annually to ensure it aligns with any laws or regulations that may have changed and that it reflects the firm’s actual practices in regard to each policy.
In addition to describing the policies and procedures themselves, RIAs are generally required to describe how those policies and procedures will be supervised and enforced firmwide. For solo advisors, this part won’t change much from year to year since they only need to supervise themselves – their supervisory responsibilities would only change if they hired employees triggering additional supervisory responsibilities.
Proxy Voting Policies And Procedures
NASAA's Model Rule requires advisers to disclose to clients whether or not the adviser has authority for proxy voting of client securities and, if so, to maintain policies and procedures to ensure that the way the adviser votes the client’s securities in the client’s best interests. Those policies and procedures must also be communicated to clients, along with information on how the client can find out which way the adviser voted their securities on any given proxy vote.
Traditionally, many advisers have chosen not to engage in proxy voting because of the complications of complying with their fiduciary requirements in doing so, but more recently, with the rise in popularity of values-based investing strategies such as Environmental, Social, and Governance (ESG) investing, some advisers have used proxy voting to more fully align their investment strategies with their clients' values.
For firms that do engage in proxy voting, the ongoing tasks for complying with the above rules would generally involve:
- Keeping records of the adviser's disclosures to clients of their proxy voting policies;
- Keeping records of the proxy votes themselves; and
- Reviewing annually whether the firm’s practices concur with their written policies and procedures on proxy voting (and documenting that review).
Physical Security And Cybersecurity Policies And Procedures
In recent years, regulators have increasingly emphasized the importance of cybersecurity and privacy practices to protect clients’ personal information. NASAA adopted in 2019 a package of information-security-focused Model Rules with the following 3 components:
- Requirement for RIAs to adopt physical security and cybersecurity policies and deliver their Privacy Policyannually to all clients;
- Requirement for RIAs to keep written copies of their physical security and cybersecurity policies along with documentation of their compliance with the policies (and documentation of any violations); and
- Addition of the failure to establish or follow these policies and procedures to NASAA’s list of unethical business practices and prohibited conduct for investment advisers.
At a high level, the Model Rules require advisers to proactively protect the security and integrity of clients’ data and personal information against threats that could cause clients harm. They specify a 5-part "Identify-Protect-Detect-Respond-Recover" framework to assess potential threats and guard against them, detect any information security events that occur, and react to minimize the potential damage and restore any lost information or capabilities.
For solo advisors, squaring the need for ongoing vigilance against cybersecurity threats with the capacity limits on a sole proprietor’s time is a key challenge. NASAA published a cybersecurity checklist for RIAs to help develop and evaluate their policies and procedures, but solo RIAs are largely responsible on their own for finding a combination of tools and services that will achieve the best balance between security and practicality.
At a minimum, the ongoing cybersecurity and privacy compliance responsibilities for solo advisors entail the following:
- Annually reviewing the firm's cybersecurity policies and procedures and assessing potential risks;
- Annually reviewing the firm's 3rd-party vendors, custodians, and cloud storage providers that have access to sensitive client information;
- Changing email and device passwords on a regular (e.g., quarterly) basis;
- Scheduling virus scans and system updates to run automatically on a regular basis; and
- Annually reviewing and updating the firm's Privacy Policy and delivering a copy to clients (this could perhaps be done in the same email used for the annual delivery of Form ADV Part 2A to combine 2 steps into 1).
Code of Ethics
RIAs are generally required to keep a written Code of Ethics establishing minimum standards of conduct for the firm’s employees, reflecting their fiduciary obligations as investment advisers. The meat of the Code of Ethics is typically the firm’s policies for employees’ trading in their own personal accounts to avoid even the appearance of any conflict of interest with clients, insider trading, or profiting in any way from the advisor’s position of trust at the expense of their clients.
Advisors who have worked as employees for RIA firms (or who have employees of their own) are likely familiar with requirements to report personal securities holdings on an annual basis and personal securities transactions on a quarterly basis under the firm’s Code of Ethics, as is usually required by Federal and state law; they may also have been required to submit certain trades for pre-approval from compliance in advance.
Solo advisors who have no other employees are not exempt from the requirements to record their personal holdings or transactions; however, the process may be a bit more streamlined than for employee advisors. States that have adopted NASAA's Model Rule allow advisers with only 1 ‘access person’ (i.e., solo advisors) to simply keep records of all their personal holdings and transactions in lieu of quarterly or annual reporting, and exempt such advisors from having to pre-approve their own trades. In such cases, it is generally sufficient for the advisor to download and save statements from their personal accounts.
Material Nonpublic Information Policies And Procedures
NASAA's Model Rule requires advisers to "establish, maintain, and enforce written policies and procedures reasonably designed to prevent the misuse of material, nonpublic information by the investment adviser or any person associated with the investment adviser". In a nutshell, this means that the firm needs to state that its employees can't trade on any insider information that they come across (e.g., from a client who is an executive or officer of a publicly traded business).
For solo advisors, there aren’t really any additional tasks needed to comply with this rule (other than simply following it) since their personal transactions are already being archived under the previous section. This section can be reviewed and updated if needed when doing the overall review of the firm’s compliance policies and procedures.
Business Continuity And Succession Plan
The final major document required under NASAA's Model Rule is the Business Continuity Plan, which provides for how the business will continue to operate in the event of a major disruption like a natural disaster or unforeseen circumstances befalling its key personnel. Though notably, the business does not actually have to continue as a going concern beyond the incapacitation or death of the solo owner; the “business continuity plan” could simply stipulate a process for an orderly wind-down and termination of the business. Nonetheless, that still means the business continuity plan must actually specify how the business would be wound down in an orderly manner if the (solo) owner could no longer run the business (to ensure that the ship doesn’t continue to sail blindly with no one at the wheel!).
Consequently, a business continuity plan is a key risk management tool for advisory firm owners, and especially for solo advisors who have no business partners or employees who could otherwise support their firm’s continued operation if the owner were to become incapacitated. While there are many considerations that go into creating a business continuity plan (including whether to actually continue the business, or trigger a sale/exit or wind-down instead) which are beyond the scope of this article, the fact that the plan, by definition, is triggered only by an unforeseen event means that it essentially needs to be ready to go at a moment’s notice.
As such, the main ongoing task for this section is to ensure that the business continuity plan remains up-to-date with the locations of the firm’s books and records; the means to contact key parties like clients, vendors, and regulators; the names and contact information of those who will assume responsibility for the firm’s operation in the event of the owner’s death or incapacitation; and any other necessary information (such as buy-sell agreements or life insurance policies on the owner) relevant to keeping the firm running.
Annual Review Requirements
NASAA’s Model Rule requires advisers to review the above policies and procedures on at least an annual basis to assess their adequacy for complying with relevant laws and regulations and how effectively they are being implemented on a firmwide basis.
The annual review requirement doesn’t necessarily mean that everything needs to be reviewed all at once. Many larger firms hold an annual compliance meeting to review most or all of the firm’s policies and procedures at once, which may be the most effective practice trying to coordinate multiple calendars – but solo advisors might find it more practical to break up the review process into smaller chunks performed throughout the year.
For example, a solo advisor could schedule a few hours each quarter to review one of the major components of their policies and procedures. This could look something like this:
- Q1: Review and update proxy voting and material nonpublic information policies.
- Q2: Review and update physical security and cybersecurity policies and procedures and audit vendor information security practices.
- Q3: Review and update the Code of Ethics.
- Q4: Review and update Business Continuity and Succession Plan.
The advisor would document their review of each section and any changes, incorporating the changes into the firm’s compliance manual.
Ongoing Recordkeeping Tasks
The 3rd main category of compliance for RIAs is the maintenance of the firm’s books and records. NASAA’s Model Rule 203(a)-2 runs down the list of required records that advisers must maintain, which generally fall into the following categories:
- Business, financial, and accounting records
- Business formation documents (e.g., articles of incorporation, partnership agreements, LLC formation documents, etc.)
- Bank statements
- Accounting records
- Bills and invoices related to the advisory business
- Client-related documents
- Written client communications (including email, text, and messaging apps) relating to the purchase or sale of securities
- Client agreements
- Authorizations of discretionary authority and/or power of attorney, and a list of all accounts over which the adviser has discretionary trading authority
- Client trading and position histories for accounts over which the adviser has discretionary authority
- Written information that forms the basis for making any recommendations or providing investment advice to clients (e.g., the analysis used to make rollover recommendations)
- Solicitation agreements and records of disclosures made to the client and fees paid to the solicitor
- Written information regarding any client complaints, litigation, or arbitration
- Advertisements
- Newsletters
- Social media posts
- Blog articles
- Records and calculations used to advertise investment performance
- Policies and procedures
- The adviser’s written policies and procedures (as described above)
- Personal trading records
Also per the Model Rule, advisers with custody over client funds must keep the following:
- Documents authorizing the adviser to withdraw funds from client accounts at their own discretion
- Journals of all trading and transfers of securities, both for the firm as a whole and for each client
- Trade confirmation records for each trade
- Records of each security held by any of the firm’s clients
- Copies of all quarterly client account statements
- Records of independent CPA audits of the firm’s accounts
Some other types of records are not explicitly mentioned in NASAA’s Model Rule but are often scrutinized by states. For example, a state examiner may want to verify that all invoicing requirements are being met since many states require advisers who deduct fees from client accounts to send itemized invoices concurrently to both the custodian and client in order to avoid being treated as having custody over client accounts, meaning that RIAs would need to keep records that both invoices were sent as required.
Additionally, some states tend to scrutinize RIAs that charge on a monthly subscription or retainer basis and require advisers to document that they are delivering some form of service (or at least an outreach to clients to show that they attempted to deliver services, and it was the client who declined to engage) to justify the ongoing fee. For advisers who charge on an AUM basis, examiners may want to confirm that fees are being calculated according to the terms of the client agreement (and that those terms also agree with the description of the adviser’s fees on their Form ADV).
For example, advisers may need to ensure that their fees are charged based on clients’ assets as of quarter-end and not based on the average assets for the quarter, and advisers with different fee breakpoints may need to ensure that their fees are being calculated as a tiered or blended rate.
For solo advisors, many of the above requirements can be fulfilled in real-time. Client agreements and authorizations, documentation of recommendations and performance calculations, and written policies and procedures can be saved in a central file system such as Dropbox or OneDrive as they are completed. Dedicated advisor technology software can automatically archive email, text, and social media messages, and billing and custodial software can help preserve billing and trading records.
Advisors may still need to dedicate some time to pulling together other records. Notably, staying up to date on the firm’s bookkeeping is key to fulfilling the requirements of maintaining financial and accounting records, so it’s important to devote some time (or hire out) to reconcile accounts and record and categorize transactions.
Creating An Annual Compliance Calendar For A Solo RIA
Combining the tasks around annual registration renewal, Form ADV annual amendments, compliance policies and procedures, and maintaining books and records, the list of ongoing compliance tasks for solo advisors whose state regulations mirror NASAA’s Model Rule might look something like the following (but advisors should make sure to create a compliance list that meets their own specific state requirements):
The above can be considered a baseline list of annual compliance tasks; while some states may require additional documentation above and beyond what’s listed here (e.g., a small number of states require RIAs using a monthly subscription-style fee to show proof that they are delivering services every month), it isn’t likely that any state would require less than this.
As shown by the 3 types of compliance responsibilities (renewing registration and Form ADV, maintaining policies and procedures, and maintaining books and records), there are different cadences to different types of tasks that advisers must perform during the year. Some tasks, like registration renewal and Form ADV annual amendments, are done annually, with hard deadlines (e.g., mid-December for supplying documentation and paying fees for registration renewal and March 31 for the ADV annual amendment). Other tasks, like updating and reviewing policies and procedures, can be done annually but may be broken up into smaller parts throughout the year. Still others, like many of the books and records requirements, may be easiest to do continuously on a rolling basis.
The main challenge for solo RIA owners in staying on top of compliance is fitting all of these tasks in amid their many other duties. With client-facing work and business development often taking top priority on the advisor’s calendar, and middle- and back-office work competing for the remaining time, it can be difficult to prioritize compliance – especially when so many of the other tasks seem much more immediately pressing at any given time. And the effects of falling behind on compliance often aren’t felt until some event, like an unexpected examination, puts it suddenly at the forefront.
How can solo RIA owners stay on top of compliance amid the constant onslaught of more 'pressing' tasks? The following are 2 techniques that can help advisors stay up-to-date on their compliance requirements:
- Giving each task a calendar deadline. Attaching due dates to tasks is a time-honored trick for ensuring they get completed. Even though many compliance tasks don’t have actual due dates (with certain exceptions like annual registration renewal), assigning deadlines is a way to keep them from being constantly pushed to the back burner.
- Time blocking. Creating a structured schedule, with dedicated blocks of time for things like client meetings, email correspondence, client service tasks, etc., is an effective way to increase productivity by having a predictable rhythm for the workday and creating space to focus on 1 set of tasks at a time without having one’s attention being constantly pulled into other distractions. Most compliance tasks can be done relatively quickly – reviewing fee calculations, for example, might take only a few minutes – so an hour-long block dedicated to compliance work can allow an advisor to knock out several tasks at once that might otherwise have had trouble finding another slot in the calendar.
Applying these 2 concepts to an adviser’s compliance duties means, on one level, understanding each of the adviser’s annual compliance tasks and the frequency with which they need to be performed (in order to attach a deadline to each one to ensure it is completed), and on another level, reserving time for compliance on the advisor’s calendar.
For the first item – giving each task a deadline – the Annual Compliance Calendar template below can help solo advisors to sort out their compliance tasks throughout the year. It combines all of the adviser’s annual compliance tasks (registration renewal and Form ADV annual amendments), quarterly tasks (changing email and device passwords and reviewing/updating each section of the firm’s written policies and procedures), and monthly tasks (confirming clients’ billing accuracy, saving personal transactions statements, and updating bookkeeping records) into one sortable calendar, with monthly, quarterly, and annual due dates attached to each task.
In general, the more frequently the task is performed, the faster it will be to complete each time. Many of the monthly tasks can be completed in under 15 minutes, meaning dedicating just 1 hour per month to those tasks can ensure that they get done.
For quarterly tasks such as reviewing different parts of the firm's policies and procedures, the process may take more time, but still likely less than half of a day per quarter.
And for annual tasks, depending on the extent to which the firm has made changes, renewing the firm’s registration and updating its Form ADV could take anywhere from half a day to a day.
In other words, by sticking to this structured calendar, a solo advisory firm could complete all of its compliance responsibilities in 1 hour per month + 4 hours per quarter + 8 hours per year = 36 hours total, or less than 2% of an advisor’s working time each year.
One of the best ways to follow through with this plan is to carve out dedicated time on the calendar in advance of completing compliance tasks. For example, scheduling an hour on the first Friday of each month, 4 hours on the 3rd Thursday of each quarter, and 4 hours each in December and March to complete the firm’s registration renewal and ADV updates, respectively. Putting the time on the calendar at the beginning of the year, and protecting it from client meetings and other tasks, can be a way to ensure that the constant onslaught of more 'pressing' tasks doesn’t lead to falling behind on compliance.
For advisors who are concerned about the ‘learning curve’ of getting up to speed on the requirements, it’s also common to engage a compliance consultant that can participate alongside the advisor to walk through each month’s (or quarterly or annual) compliance obligations. In addition, 3rd-party technology solutions like SmartRIA or RIA In A Box provide software to help manage (and keep track of, and ensure documentation of) ongoing compliance tasks, for those who don’t want to rely on their own spreadsheets to manage it all.
For solo advisors, compliance can be daunting in large part because it is full of unknowns. Without a clear sense of what the ongoing responsibilities are, it’s hard to put a plan together to ensure they actually get done. Furthermore, solo advisors often fall through the cracks in many compliance guides and templates out there, which are often made with bigger firms in mind with supervisory responsibilities and can make it seem like there are many more necessary tasks than a solo advisor would actually be responsible for. Fortunately, though, there are compliance consultants with expertise in supporting solo RIAs in particular (at a lower price than what is charged for ‘big firms’ with more complex needs), and compliance technology solutions exist to help track and manage the process.
The key point, though, is that in the end compliance isn’t just about checking boxes; it’s about protecting and honoring the fiduciary obligations that advisors have to their clients – and finding an effective and systematic way to handle compliance tasks can help ensure that advisors can do so while continuing to serve their clients effectively. The good news, though, is that because compliance is primarily about systematically overseeing (and documenting the oversight of) the activities of an RIA, it is highly conducive to developing (and then being able to easily follow) a comprehensive, systematic process in the form of an Annual Compliance Calendar to keep track of the tasks required to stay compliant. Which is what has enabled solo advisors to survive and thrive, with compliance responsibilities that become increasingly more manageable as they customize and implement their own Annual Compliance Calendar!
Thanks to Travis Johnson, Managing Director of XY Compliance Solutions at XY Planning Network, for his assistance with answering compliance-related questions while putting this article together.