Global Investment Performance Standards (GIPS®) Workshop

Don’t miss this opportunity to reserve your seat at an interactive workshop that offers a practitioner’s view of the GIPS^® standards. Sessions have been organized covering GIPS compliance fundamentals and how to create and maintain a GIPS compliance program, with an in-depth review of composite construction and calculations, GIPS compliance policies and procedures, GIPS compliant performance reporting and error correction. We hope you can join us and bring a colleague, but don’t delay – space is limited and early bird pricing ends 3/31/2019. Click here for registration details.

April 25, 2019  –  Portland Oregon

This workshop is being co-organized by Amy Jones of Guardian Performance Solutions.  If you are interested in GIPS compliance…this is the workshop to attend.

 

 

 

Advertisement

Three Compliance Goals You Should Set for Your Financial Planning Firm

Compliments of Scott Gill, XY Planning Network

A new year presents the opportunity to reflect, reevaluate, and refocus for the benefit of our personal and professional lives. When it comes to setting resolutions, many financial planners focus on resetting financial planning goals for their clients, such as debt management or restructuring the household budget.

But what about goals for themselves?

From a business perspective, the new year is an ideal time for firms to evaluate their internal business practices and set goals accordingly.

Perhaps your goal for the year is to implement a new portfolio management solution by initiating a relationship with a new Custodian or TAMP. Or maybe it’s to grow your financial planning firm by “X” number of clients or “X” dollars of revenue.

There are so many areas of business where resolutions can be made. Let’s not forget about an often overlooked one—compliance.

Here are three important goals—or resolutions—that advisors can adopt to improve their compliance program this year.

#1. I Will Read My Compliance Documents

As strange as it may sound, there is evidence to suggest that countless financial advisors neglect this basic and most necessary task.

Often, compliance documents are drafted with the assistance of a compliance consultant upon initial registration.Then, the registration gets approved and the advisor is off and running.

Unless an audit or regulatory exam occurs, or another materially change is being implemented, an advisor can easily go an entire year without reviewing their compliance documents.

The ADV must be updated annually, so the tendency is to mentally bookmark this as an annual task and not look at or think about it again.

But what about your advisory contracts, compliance manual, or business continuity plan? Does your firm have a social media policy or a cybersecurity or data security policy?

There is no regulatory requirement to review these items annually, so many advisors don’t.

It may seem like a waste of time to review these additional documents, especially if there are no changes that need to be made. But just like every other neglected, seemingly mundane compliance task, there is extreme value in spending time exploring documents that may assist a compliance novice in moving forward towards the education needed to become a competent CCO.

#2. I Will Use My Compliance Task Management System

All firms would be wise to utilize technology to manage their compliance program.

As with every other function in business, be it accounting, client relationship management, trading, or invoicing, use of technology quite simply makes life easier.

For firms that have not yet begun a relationship with a compliance task management provider, this is the year to do so.

For those that have compliance task management software but are not consistently using it to update tasks and track deadlines, this is the year to start.

It is best practice to set aside a bit of time on the same date and time each month to log into the software and check for past due and upcoming tasks. If there are tasks that you don’t understand, spend your time researching and ask questions of regulators and compliance consultants to gain an understanding of the purpose behind the task.

There is no better way to get a grip on a compliance program than by leveraging task management software.

#3. I Will Communicate With My Clients and Business Partners About Compliance

In many ways, running an effective compliance program boils down the willingness and ability of the CCO to communicate about compliance.

Sure, clients hear about the big SEC takedowns of massive Ponzi schemes, and by way of these stories are acutely aware of compliance issues. But most clients have no idea how important compliance is to their financial advisor specifically because there is traditionally little-to-no mention of compliance by advisors.

In many cases, advisors communicate with clients about compliance with a grumble while having a client sign a form, as if they are banding together with the client in opposition to the evil “institutional compliance powers that be.”

When they do so, they are indirectly communicating to the client that compliance is not important to them.

In joining with third-party vendors, some financial planners may apologize for the inconvenience while having the business partner complete a process that is required by their compliance program.

Again, this portrays a general lack of concern about compliance.

These negatively-toned communication methods have been made popular in instances in which the advisor is not also the compliance officer. Then, the advisor can pawn off compliance inconveniences on the CCO of the firm. But when the advisor is the CCO of the firm, it becomes even more important that communication about compliance be made in a tone that is indicative of priority.

As a compliance obligation, each firm is responsible for executing third-party due diligence on all outside entities with which there is a professional relationship. This responsibility presents the opportunity to work on presenting compliance items with a sense of urgency.

This time of year, we frequently hear all types of promises and resolutions. But within just a few short months, this talk subsides and most resolutions have been abandoned. This year, I urge you to make—and keep—these three simple compliance resolutions. In doing so, you will build a stronger financial planning firm .

 

About the Author
Scott is a licensed Securities Principal with experience in both RIA and broker-dealer compliance. He began his financial services career in 2006 as a Registered Representative with E*Trade Financial in Alpharetta, GA. He has also worked with J.P. Morgan Private Banking in Chicago, IL and with Wells Fargo Advisors in Chapel Hill, NC.

Scott’s most recent role before joining Team XYPN was as Compliance Officer of Carolinas Investment Consulting, in Charlotte NC. He’s a graduate of The University of North Carolina at Chapel Hill and holds FINRA Series 63, 65, 24, 4 and 53 Licenses.

Scott lives in Charlotte, NC with his wife Meredith, and their two sons Tyson and Jackson and daughter Eva. In his free time, Scott enjoys watching sports, exercising, and operating the charitable organization he created upon his father’s passing.

New Hacking Incident – be VERY Aware

A client recently sent me an email asking about a blank form he received in the mail. It was a MA-W Notice of Withdrawal form (it is a form for withdrawing registration as a municipal advisor).  It was sent without any cover letter or explanation.  Since he isn’t registered as a municipal advisor, I told him not to do anything with the form. However…it was all part of a very sophisticated attempt to defraud him.

I’m telling you all the details so that you can be on the lookout for something similar. The form arrived via USPS Priority Mail in a Flat Rate Mailing Envelope.  Don’t accept this delivery, if you have an opportunity to do so. More than likely it will be left in your mailbox.  The envelope was sent to the client’s home address with a legitimate tracking number from William Waters of Denison TX.

The day after he received the envelope he received an email from PayPal with details of his shipment (which he didn’t pay much attention to as he thought it was spam or a spoof).

The following day he was reconciling his financial information and noticed a strange charge of $577 to his American Express (AMEX) card.  He call AMEX to report the strange charge.  He was told that any investigation would have to come from AMEX’s back office and PayPay, but this can take up to 30 days.

He began to dig to see how this happened.  In doing so he noticed an email from Waterilliam (very similar to the weird form that had been mailed from William Waters (the blank MA-W Notice of Withdrawal form).

He checked the USPS tracking number from the envelope.  The envelope originated in Flint MI.  Once USPS sends notification of the delivery, the thieves show proof of delivery to PayPal and his AMEX is charged.

This is a sophisticated hacking incident where they are hiding behind PayPal.  At this point, my client isn’t clear as to how he was targeted.  He is thinking it could be a result of the Marriott data breach as this was the most recent AMEX purchase.

Suggestion – do NOT use the same password for anything.  I know that I have had a tendency in the past to use the same one for things that don’t seem to be a security issue…like say a hotel rewards card.  Use a password manager and review it for any duplicates…then change them.

Lastly, be on the alert for any emails from PayPal.  Review them before deleting to be sure they aren’t about a shipment coming your way.

SEC Exams and the DOL Rule

If your Policies and Procedures Manual says you do ‘X’ then you should be doing it.  In the past year I have added a policy for the DOL Rule to client Policies and Procedures Manuals.  Examiners have been asking about those policies and what the firms have done to meet the requirements of those policies.

Many people believe the that DOL Rule is dead.  The 5th Circuit has not vacated the Rule, so it is still in effect.  What has become clear during the SEC examinations is that the examiners are using the Policies and Procedures Manual to determine if firms are meeting their DOL Rule requirements.

Be sure that you are doing what your Manual says you are doing, especially regarding the DOL Rule.

DOL Fiduciary Rule – update

Although it appears that the federal court decision vacating the DOL Fiduciary Rule was supposed to take effect on May 7, 2018, the DOL releases a statement continuing its policy of non-enforcement given “uncertainty about fiduciary obligations.”

Firms that have compliance P&Ps to comply with the DOL’s impartial conduct standards are wise to keep them.  These standards seem to be similar to what may be required with the SEC’s proposed investment adviser fiduciary duty interpretation.

My recommendation is to maintain compliance with your firm’s P&P regarding the DOL Rule until there is official word.

News regarding DOL Fiduciary Rule

Yesterday, March 15, 2018, the U.S. Court of Appeals for the 5th Circuit voted 2-1 to vacate the DOL Fiduciary Rule.  HOWEVER,  the effect of the decision only applies to the following three states within the 5th Circuit’s jurisdiction – Louisiana, Mississippi, and Texas.

The next question is whether any party will appeal this decision to the U.S. Supreme Court.

So don’t rush to stop your compliance with the Impartial Conduct Standards that have been in effect since June 9, 2017.

Cybersecurity Training Options

Cybersecurity is once again on the SEC’s OCIE exam priorities list.  There are many things that a firm can do to counter the concerns of Cybersecurity.  One of the most difficult items to counter is an employee and their inadvertent opening of an email that could open up your firm data to the outside.

Several of my clients have started to work with a firm called KnowBe4.  They have a relatively inexpensive program that can handle several of your Cybersecurity concerns relative to employees:

1. Cybersecurity Training
2. Phishing

They maintain an online library of security awareness training that can assist with the Cybersecurity Training requirement.  These trainings can be automated and scheduled reminders sent to employees via email.  Which can be documented in the firm’s CRM.

They also have a  fully automated system that will send out simulated phishing attacks.  This will help you to know which of your employees may be susceptible to a phishing attack.  You receive the results of the “attacks” and can then train employees accordingly.

This is an easy, low-cost solution to a problem that isn’t going away.  Check out their demo at KnowBe4.com.

SEC Fines and Bars CCO for Ignoring Compliance Problems

from Cipperman Compliance Services

The SEC fined and barred an adviser’s Chief Compliance Officer from acting in a compliance or supervisory capacity because of his failures to remedy compliance deficiencies. The adviser hired an outside compliance consultant which recommended 59 compliance action items. The SEC alleges that the CCO failed to address many of the issues raised including failures to (i) ensure a surprise audit pursuant to the custody rule, (ii) retain emails and other electronic records, and (iii) implement policies to protect customer information. The SEC also charges the CCO with compliance program deficiencies including failures to update the compliance manual or conduct any meaningful annual review of the compliance program. The firm’s president/principal was also censured and fined.

OUR TAKE: The SEC doesn’t often prosecute standalone (i.e. not dual hat) CCOs without an underlying client loss, but it will if the CCO ignores obvious compliance deficiencies of which he has notice. This is what we call “compliance voodoo” i.e. an appearance of compliance infrastructure without an effective program. This CCO had a compliance manual, did some quarterly testing, and hired a third party consultant. But, neither the CCO nor the firm took any action to actually implement relevant procedures to address cited compliance deficiencies.

https://www.sec.gov/litigation/admin/2017/34-82397.pdf

 

Three Firms Fined for Marketing Hypothetical Third Party Performance

from Cipperman Compliance Services, LLC

The SEC censured and fined three more investment advisers in connection with marketing F-Squared’s misleading hypothetical performance information. One of the firms agreed to pay $8.75 Million in disgorgement, fines, interest and another agreed to pay over $700,000, while the third firm, which has ceased its business, agreed to pay a $200,000 fine. The SEC alleges that the firms incorporated misleading F-Squared-provided performance information into their marketing materials without conducting adequate due diligence into the performance claims, despite significant red flags such as hypothetical backtested performance, outlier returns, lack of actual performance history, and lack of data transparency. The SEC charged the firms with failing to implement adequate compliance policies and procedures to verify third party performance claims and maintain required records. The defunct firm, which also sponsored a registered mutual fund, was also charged with several Investment Company Act violations including violations of Section 15, which requires a shareholder-approved written agreement with all sub-advisers. The SEC has previously brought several cases related to incorporating misleading F-Squared performance (see http://cipperman.com/2016/08/29/sec-fines-13-advisers-for-failing-to-verify-third-partys-performance/).

OUR TAKE: Investment advisers must adopt and implement procedures to test performance claims made by third parties, and firms can’t claim ignorance and innocence if the third party refuses to provide backup data. Also, we do not believe firms should ever use hypothetical backtested performance data, because the SEC usually alleges that such information is too misleading.

https://www.sec.gov/litigation/admin/2017/33-10443.pdf
https://www.sec.gov/litigation/admin/2017/34-82244.pdf
https://www.sec.gov/litigation/admin/2017/ia-4823.pdf

Renewal Fees

Preliminary Renewal Statements are available on the IARD.  This statement includes the fees due to states for 2018.  These fees are due whether you are a state or an SEC advisor. Payment is due on or before December 18, 2017.  

It is imperative that fees are paid in a timely manner.  Many states will terminate your registration if you have not paid your fees.  This could require that you register all over again.  During this time you may no longer be considered “registered.”

The SEC can require you to repay fees to clients for the time that you were not in compliance (meaning you haven’t paid your fees).

So, if you haven’t done so already, head to the IARD and pay those fees.