10 Compliance Red Flags and How to Avoid Them
Most firms and advisors don’t suddenly wake up and say “hey, let’s fall out of compliance today.”
After all, failure to follow SEC and FINRA rules can result in severe fines, removal from professional groups, legal issues, a negative reputation, and even criminal charges for firms.
But that doesn’t mean that firms and advisors can’t inadvertently move down the slippery slope to noncompliance. It may not be intentional, but little actions or missteps can lead to much larger issues.
Stay in compliance by watching out for these 10 red flags:
Outdated Form ADV
Form ADV is required to register as an investment advisor and collects details like the number of clients or total assets under management. As situations change and your firm grows, Form ADV may become outdated, which can lead to compliance issues with the SEC. To avoid this red flag, regularly update the form, especially as your business changes.
Lack of Compliance Training
The SEC has warned firms about a rise in inadequate compliance resources, specifically when it comes to compliance training. In many cases, the poor resources aren’t a conscious decision on the part of the organization, but get lost in the myriad of other responsibilities compliance teams have. A lack of training doesn’t mean a firm is out of compliance. It does mean, however, that it makes identifying and addressing issues more difficult.
Even with the proper resources, many firms experience the red flag of unclear policies and procedures. According to the SEC, many firms have policies, but they don’t adequately implement recommended actions. Not following compliance checklists and processes is an example of this problem. Unclear procedures can allow tasks and documents to fall through the cracks.
Undisclosed Conflict of Interest
As a fiduciary, you are responsible for protecting your client’s best interests. That means disclosing if you have a conflict of interest, such as a personal or professional connection to an account. Conflicts may arise, but the client needs to be made aware of them as they come up. The SEC carefully monitors conflicts of interest and requires all RIAS to complete Form CRS (Client Relationship Summary). Not disclosing a conflict of interest to the SEC or clients is a major red flag.
Incomplete Commission Disclosure
Some of the most common conflicts of interest are commissions or when an advisor is paid for recommending a particular fund or product. You must inform your clients if you generate profits from certain funds sold. Avoiding that disclosure puts you at risk of noncompliance.
Unsecure Digital Files
A significant part of compliance is document storage and retention. Firms can store items in the cloud, but those systems must follow specific protocols and security measures. Many firms don’t take advantage of network storage providers’ available security features, which puts them at risk for noncompliance and exposes their clients’ information to vulnerabilities.
Not Maintaining Records
The SEC’s Books and Records rule includes an extensive list of documents, records, and communication that has to be stored, either physically or digitally, for years. Some required records include email correspondence and social media posts, which some firms don’t realize they need to maintain. Failing to follow this rule by not keeping track of the proper documents for the right amount of time can be a compliance red flag.
Skipping Onboarding Steps
All new client accounts must go through AML (Anti-Money Laundering) and KYC (Know Your Customer) processes to protect against identity theft and money laundering. These processes can be cumbersome and often involve entering and verifying client information in multiple places. Firms may be tempted to skip some onboarding steps, but that can be a slippery slope for noncompliance.
Faulty Internal Access and Verification
A firm can have a robust data and document storage system, but if that system isn’t secured, it opens the doors to potential compliance issues. Systems need to have multiple steps of verification and require staff to change passwords regularly. Not deleting access for past employees and leaving private client information on screens in public areas puts a firm at risk for noncompliance.
Not Properly Destroying Physical Forms
Firms are required to keep records for years and then dispose of the forms properly. That means shredding them in a secure location where clients’ private data can’t be recovered. A compliance red flag is when firms don’t prioritize the proper disposal of their clients’ information and documentation.
Many red flags can be avoided or corrected with a secure data management platform like Docupace. Automating document management and streamlining compliance issues ensures client and firm data is stored safely and securely.
Contact us for a free demo.