NASAA’s 2023 state IA exam sweep identifies compliance deficiencies

State examiners identified shortcomings in registration, books and recordkeeping, supervision and compliance as well as contracts and fees.

The most recent round of coordinated examinations of state-registered investment advisers by state securities examiners has identified a number of firm policy and practice deficiencies, the North American Securities Administrators Association (NASAA) recently announced.

NASAA’s Investment Adviser Operations Project Group collects and reports on this data from the various US state securities examiners every two years, and NASAA’s latest report was issued this month. State securities regulators have regulatory oversight responsibility for investment advisers with assets under management of $100m or less.

Book and records violations revolved mostly around not including sufficient client suitability information, having no business continuity or succession planning details, and failing to have policies or procedures for information security purposes.

Findings

“The results of this multi-state coordinated initiative provide valuable insights into compliance practices of the investment adviser industry and highlight areas for improvement,” said NASAA President Andrew Hartnett. “Advisers should use this information to review their compliance practices with an eye toward improving services for their clients.”

To get insight into how small some of these businesses are, 72% of the state-registered investment advisers examined were one-person firms. Approximately 34% of the exams conducted were on investment advisers for whom this was their first state exam. Of the state-registered investment advisers examined, 7% conducted other business activities, such as in the insurance sector.

Ranked by the number of deficiencies, registration was the top one (23%), followed by failures to keep comprehensive books and records (17%).

Supervision and compliance (16%) were listed next in terms of shortcomings, and contracts (12%) and fees (6%) rounded out the top five leading areas of deficiencies identified by the state examiners.

“Prepare a written compliance and supervisory procedures manual relevant to the type of business to include business continuity plan and information security policies/procedures. 1) Policy; 2) Who; 3) Does what; 4) How often; 5) How evidenced.”

NASAA’s Investment Adviser Coordinated Exams 2023 Report

Book and records violations revolved mostly around not including sufficient client suitability information, but other areas included having no business continuity (BCP) or succession planning details, and failing to have policies or procedures for information security purposes.

The supervision and compliance lapses revolved around the inadequate protection of vulnerable clients mainly (37%) and supervision and compliance procedures not being up-to-date (28%). Along the lines of business continuity planning (BCP) again, under the supervision and compliance category, firms having none or an inadequate BCP was fourth on the list (22%).

The contract-related violations included instances of performance fees being charged, adding hedge clauses to them, and making fee miscalculations. Privacy violations were identified as the eighth most common violation in this year’s examination results, with the majority of violations due to lack of evidence of delivering privacy policies to clients, either initially or on an annual basis.

Implementing reforms

Referring to the vulnerable investor protection deficiencies, Alisa Goldberg, Chair of the Investment Adviser Operations Project Group and Director, Florida Division of Securities told NASAA: “Unfortunately, there were a number of deficiencies related to state investment advisers not having policies and procedures for suspected financial exploitation. “Our hope is that this data will result in changes that increase investors’ confidence in their advisers and better protect them from investment fraud.”

At the end of its report, NASAA counseled investment advisers to maintain records and have backups for all electronic data, and to maintain a due diligence file for all recommendations to clients of products and strategy.

The final tip to advisers the association provides is this: “Prepare a written compliance and supervisory procedures manual relevant to the type of business to include business continuity plan and information security policies/procedures. 1) Policy; 2) Who; 3) Does what; 4) How often; 5) How evidenced.”