If you run your own financial planning firm, you need to understand the compliance rules and regulations around RIA custody. This is even more important for financial advisors running a monthly retainer model in their business, as the lines can easily blur and staying compliant with current rules can pose a challenge if you’re not educated on the topic.
Registered Investment Advisors who have the ability to withdraw funds or take possession of securities -- specifically stock certificates -- from clients accounts are required to safeguard those assets according to the SEC’s custody rule.
This rule was designed to protect investors and provide safeguards against theft or misappropriation from investment advisors.
Here are a few things you should know about the custody rule to ensure you remain compliant around RIA custody of funds or securities, and maintain the safety of your clients investments.
What Is RIA Custody?
According to the SEC, “custody by investment advisers means holding client funds or securities, directly or indirectly, or having the authority to obtain possession of them.”
This includes any situation where an adviser has access to funds, the ability to sign checks on a client’s behalf, withdraw funds, and even dispose of assets for any purpose outside of authorized trading.
How the SEC’s Custody Rule Affects RIAs
As previously mentioned, the custody rule was put in place to protect clients against theft and/or fraud. As a protective measure, the SEC imposed a number of requirements that registered advisers were expected to follow to avoid any conflicts.
For example, an investment adviser is required to maintain client funds and securities with a “qualified custodian.” The custodians must maintain client funds and securities in a separate account for each client either under that client’s name, or under the name of the adviser acting as agent or trustee for the client.
The investment adviser must also provide the contact information of the qualified custodian, and detail the manner in which funds or securities are maintained. In addition, the firm must keep records for each client account showing deposits and withdrawals.
The custody rule also requires that firms send quarterly or more frequent itemized statements to each client that shows all disbursements for the custodian account, including the amount of advisory fees. Your RIA must notify clients in writing of how the funds are maintained and when accounts are changed.
Finally (and in my opinion, the most burdensome of all of these requirements), is that the advisory firm must arrange an annual unannounced visit from an independent public accountant who must then file a report verifying the amount of client funds and securities in custody.
Since there is a significant increase in your compliance responsibility for those firms that have custody of client funds or securities, it's critical that you consider these additional items when determining whether or not your firm will have custody.
You can find more information on the Custody of Funds/Securities of Clients by Investment Advisers by visiting the SEC website.
Deducting Fees from Client Accounts
Due to the fact that a part of the definition of custody involves having the authority to obtain client funds, issues of custody arise whenever an RIA is authorized to automatically debit the client’s account for payment of fees.
If the instance of custody is limited only to this process, then most regulators will refer to this as “limited custody.” Firms that have limited custody are often relieved of some of the above mentioned compliance responsibilities.
In order to be protected under the safeguards of limited custody, the RIA firm must:
- Send a copy of its invoice to the custodian at the same time that it sends the client a copy.
- Attest that the custodian will send at least quarterly statements to the client showing all disbursements for the account, including the amount of the advisory fee.
- Make sure that the client will prove written authorization to the firm, permitting them to be paid directly for their accounts held by the custodian.
Let’s evaluate each of these items a bit more closely:
Send copies of invoices to custodians and clients: Many firms have commented on how it is redundant, and operationally inefficient to generate and send invoices when the custodian is already doing so.
But regulators insist that this practice is a requirement. In a regulatory exam, an RIA is often not permitted to transfer responsibility of invoicing to their custodian, nor is the firm permitted to utilize the custodian’s invoices as evidence of having generated their own.
Regulators want to see that the firm is checking behind the custodian. In financial planning engagements that don’t involve a traditional custodian, the bank can be considered the custodian, and the notification to the bank can be made via electronic payment processor (this is still open to regulator interpretation).
Attest that the custodian will send at least quarterly statements to the client: Most custodians understand their responsibility to send statements at least quarterly, so this is rarely an issue for RIA firms.
Make sure that the client will prove written authorization to the firm: This can be completed in numerous ways. Firms can incorporate a check box, initial box, or signature line on their advisory agreement that is specifically designed to capture this authorization.
If the firm intends on relying on documentation provided by a custodian or an electronic payment processor, then the firm should make sure they know exactly what documentation the client will sign, and how that fulfills this part of the regulation.
Finally, as a general best practice, firms should make sure they are familiar with the functionality of any payment systems that are being utilized. Regulators reserve the right to question how payment amounts, and/or terms and conditions may be changed within the system, and whether or not those changes require client authorization.
An electronic payment processing system that allows for changes to these items without client authorization is an immediate red flag, and could cause the firm to unknowingly violate custody regulations.
When you run an RIA, you need to understand and act on these rules around custody of client funds and investments. It can be a tricky issue to resolve, but that doesn’t mean there are no solutions.
The best action to take when you serve as your own CCO? Continue educating yourself, seeking resources, and asking questions. Remember that XY Planning Network provides compliance services, support, and communication for members. If you want additional help and information, consider becoming a member and allow XYPN to help you start, run, and grown your own RIA.
About the Author: Scott Gill is the Director of Keeping Us Compliant here at XY Planning Network. Outside of the office, Scott enjoys watching sports, exercising, and operating the charitable organization he created upon his father’s passing. You can connect with him on LinkedIn.