2024 Year-End Checklist: Compliance Preparation for Investment Advisers

As the new year approaches, now is a crucial time of year for investment advisers to ensure that their compliance programs are up to speed. Recent Risk Alerts and examination findings by the Securities and Exchange Commission or the “SEC,” offer important insight into areas currently under scrutiny, and provide a good starting point for firms when reviewing compliance programs.

The SEC has recently heightened its focus on several key areas, starting with off-channel communications. In recent months, the agency has zeroed in on ensuring accurate recordkeeping of business communications, especially those conducted on off-channel platforms like personal devices. The SEC has stressed that advisers must properly archive all business-related communications and make them accessible during examinations to meet regulatory requirements.

Furthermore, the SEC’s recent 13F sweep exams have examined firms’ compliance with reporting obligations under Section 13(f) of the Securities Exchange Act of 1934, specifically evaluating the accuracy and timeliness of filings. The SEC also continues to prioritize compliance with the updated Marketing Rule, with particular attention to accurate recordkeeping and disclosure practices.

To help investment advisers prepare, we’ve created a detailed checklist with compliance steps and a few items to keep in mind going forward into 2025.

 

Compliance Checklist[1]

  • Registration Forms and Disclosure Documents – Review current registration forms and client disclosure documents (g.,Form ADV, Form CRS, prospectus and statement of additional information, and private placement memorandums) to ensure they are up-to-date and contain required and applicable disclosures.
    • Compliance Step: Review the SEC-issued guidelines for the relevant documents to confirm that all instructions have been followed and required information is included. Consider taking a look at recent SEC enforcement actions to gain insight into the specific disclosures they expect.
  • Form U-4 and Form ADV Part 2Bs – Ensure that all registered personnel have reviewed their current Form U-4 and Form ADV Part 2Bs, as applicable, and confirmed that the information is correct and up to date.
    • Compliance Step: Have each representative provide a written certification that disclosures are accurate and there are no (or no new) disciplinary or legal issues to disclose.
  • Legal Review of Client Agreements – Have legal counsel with securities law expertise review standard client agreement(s) for required and necessary provisions and consistency with disclosures in Form ADV.
    • Compliance Step: Discuss with legal counsel any new or potential future business changes that could impact your client agreements, including plans to offer new products or services, changes in fee structures, or expansion into new markets.
  • Risk Assessment and Conflicts Inventory – Conduct a risk assessment and conflicts inventory to determine if all material risks and conflicts have been properly identified, addressed and disclosed as appropriate.
    • Compliance Step: Take time to map each risk and conflict identified to corresponding policies and procedures, to ensure there are adequate controls in place to either eliminate or mitigate these risks. If gaps are found, update or create new policies and procedures to fill them as needed.
  • ERISA PTE 2020-02 Annual Review – Complete the annual retrospective review required under ERISA PTE 2020-02 ensure an executed certification from a senior manager is obtained.
    • Compliance Step: Review the documentation provided to clients supporting rollover recommendations to ensure it clearly demonstrates that the rollover is in the client’s best interest, and confirm that all representatives fully understand the associated requirements.
  • Cybersecurity and Privacy Measures – Perform an assessment of the risks surrounding your cybersecurity and privacy policies, procedures and safeguarding controls to confirm risk areas have been addressed.
    • Compliance Step: Ensure your incident response plan is customized and comprehensive, clearly outlining roles and responsibilities, preventative measures, and response priorities.
    • Compliance Step: Conduct vulnerability assessments and penetration testing before the end of the year, with a specific focus on identifying compliance gaps that may result from remote work arrangements.
  • Annual Identity Theft Program Assessment – In compliance with Regulation S-ID, conduct a comprehensive evaluation of your firm’s identity theft prevention program to ensure it aligns with all regulatory requirements and effectively addresses the unique risks your firm faces.
    • Compliance Step: Review the SEC Risk Alert issued in December 2022, [2] and consider offering clients, especially any senior or vulnerable clients, resources on how to safeguard against identity theft.
  • Business Continuity Plan (“BCP”) –Perform thorough testing of your testing of your BCP to assess its real-world effectiveness.
    • Compliance Step: Ensuring testing addresses a variety of disruptions, ranging from localized events such as power outages to broader crises like natural disasters or pandemics.
    • Compliance Step: If any gaps or inefficiencies are uncovered, promptly revise your BCP to address these issues. Be sure to document all test results and implement necessary updates to your plan by the end of the year.
  • Vendor Due Diligence –Perform due diligence reviews on your firm’s key service providers.
    • Compliance Step: Utilize compliance technology that can track, monitor, and document due diligence activities to maintain your due diligence calendar.
    • Compliance Step: Ensure significant areas are thoroughly evaluated, with a particular focus on cybersecurity, privacy, and business continuity, and confirm any vendors handling sensitive data or critical operations have robust cybersecurity measures in place.
  • Annual Surprise Custody Audit – Ensure that an annual surprise custody audit is performed, when applicable, by a third-party accounting firm, and that Form ADV-E is filed with the SEC via the firm’s IARD account.
    • Compliance Step: Perform an internal audit to confirm that all clients’ assets, for which the firm has custody (other than just the ability to debit fees), have been identified and included in the audit. Also, if any clients have Standing Letters of Authorization (“SLOAs”) in place with custodians to allow the firm to transfer client assets to a third-party, be sure that they are either identified and included in the surprise audit, or the firm has controls in place for ensuring adherence of the SEC’s No Action Letter issued to the Investment Adviser Association in 2017.[3]
  • Audit of Affiliated Private Funds – Confirm that the annual audit of the affiliated private fund(s) is scheduled and/or completed and internal controls are established to ensure the audited financial statements are mailed to investors within the required timeframe.
    • Compliance Step: Coordinate with each fund’s third-party service providers and staff to ensure sufficient time is allocated for audit preparation and facilitation.
  • Annual Review – Ensure that your annual review is performed and documented[4] as required under Rule 206(4)-7 of the Investment Advisers Act of 1940 (“Advisers Act”).
    • Compliance Step: Ensure that compliance testing protocols are properly set up to identify not only process gaps but also trends or patterns that could signal systemic risks.
    • Compliance Step: Additionally, confirm that all recommendations from the previous year’s annual review have been successfully addressed and that any suggested changes have been implemented and are working as intended.
  • Employee Training – Provide training to firm personnel that covers compliance policies and procedures, cybersecurity, business continuity, privacy safeguards, identity theft red flags, dealing with senior investors (required Senior Safe Act training), off-channel communications, as well as the updated Marketing Rule and advertising requirements (just to name a few).
    • Compliance Step: Training can be delivered in a variety of ways throughout the year. Methods include compliance emails (i.e., friendly reminders of compliance requirements), live or recorded webinars hosted by legal or compliance consultation firms, in-person compliance meetings, and third-party educational videos.
    • Compliance Step: Assess whether any training can count toward required continuing education credits.
  • Continuing Education – Confirm that investment adviser representatives have completed their state-mandated continuing education requirements.
    • Compliance Step: Review the list of states requiring CE via the NASAA website[5] and remind the IARs that it is their responsibility to ensure that the states have received notification of completion of CE, which can be done via FINRA’s FinPro system.[6]
  • Federal and State Filings – Confirm that all applicable required federal and/or state filings are made, such as Form 13F, Form 13H (Large Trader), Form N-PX, Schedule 13D/G, Form PF and Form D (private funds), NFA filings, state net capital filings, state registrations and/or notice filings for firm and representatives, and state blue sky filings (private funds).
    • Compliance Step: Form N-PX is a newly required filing for institutional managers that began in 2024.[7] The new regulations from the SEC require Form 13F filers (institutional managers) to report annually on how they voted on “say-on-play” related matters via submission of the Form N-PX.
    • Compliance Step: Considering using an automated system to program and track all filing deadlines and investigate third-party outsourcing solutions to assist with the filings.
  • Books and Records – Perform and document a detailed review of your firm’s books and records.
    • Compliance Step: Keeping in mind recent SEC enforcement actions, it is important to ensure you are capturing and retaining required business communications, including those conducted through off-channel platforms such as Microsoft Teams, WhatsApp, and other messaging tools.
    • Compliance Step: A recent addition to the required books and records pertains to the shortened trade settlement cycle, now referred to as T+1. Effective May 28, 2024, the SEC’s rule amendments reduced the settlement cycle for most U.S. securities transactions from T+2 to T+1. This change also introduced new recordkeeping obligations for advisers, requiring them to retain copies of all confirmations received, as well as any allocations and affirmations sent or received, with corresponding date and time stamps. Advisers should review and update their recordkeeping policies and procedures accordingly, ensuring alignment with broker-dealers for completing same-day affirmations.
  • IARD Renewal Calendar[8]Review the IARD (Investment Adviser Registration Depository) Renewal Calendar and schedule all applicable deadlines to ensure timely filings and renewal payments.
    • Compliance Step: Your IARD “Preliminary Renewal Statement,” which outlines your firm’s annual IARD charges and state renewal fees, will be available via your IARD account on November 11, 2024. These fees must be paid no later than December 9, 2024.
    • Compliance Step: Determine whether any post-dated U-5 filings are needed to remove state registrations.
  • Compliance Calendar – Review your compliance calendar to ensure all steps outlined in your policies and procedures, have been completed or are on track to be completed.
    • Compliance Step: Prepare your compliance calendar for the upcoming year by incorporating any regulatory changes, such as new rules, rule amendments, or updates to industry best practices, that will impact your firm.
    • Compliance Step: Look into implementing compliance technology to streamline the management of your compliance calendar. These tools can help automate the tracking of tasks, send reminders for upcoming deadlines, and document the completion of each task.
  • SEC Regulatory Examination Prep – Be proactive in ensuring your firm is ready for a regulatory examination.
    • Compliance Step: Review recent SEC Risk Alerts for valuable insights into the SEC’s current focus areas.
    • Compliance Step: Consider a mock SEC Examination to familiarize yourself with the examination process, including document production and employee interviews.

 

Prepare for 2025

  • Regulation S-P – Begin developing your written incident response policies to be compliant with Regulation S-P.[9]
    • Compliance Step: Adopted by the SEC in May 2024, Regulation S-P will require covered institutions to develop, implement, and maintain written incident response policies for unauthorized access to, or use of, customer information, as well as require timely notification to individuals whose sensitive data was or is reasonably likely to have been compromised, among other things.
    • Compliance Step: For larger entities, compliance with the amendments to Regulation S-P will be 18 months after the date of publication in the Federal Register, while smaller entities will have 24 months after the date of publication to comply.
  • Anti-Money Laundering (“AML”) Rule – Start planning for the newly implemented AML rule for investment advisers.[10]
    • Compliance Step: Adopted by the Financial Crimes Enforcement Network (FinCEN) in September 2024, advisers will soon be subject to AML program requirements. Under the new requirements, SEC registered advisers and SEC exempt reporting advisers must implement risk-based AML and CFT programs, including internal controls, policies, training, independent testing, and designation of a qualified AML/CFT officer, as well as file Suspicious Activity Reports (SARs) and Currency Transaction Reports (CTRs) with FinCEN, among other new requirements.
    • Compliance Step: Begin preparing now for the compliance deadline of January 2026.

 

Conclusion

The SEC continues to take enforcement actions for compliance violations very seriously. The SEC’s recent focus on areas such as off-channel communications, cybersecurity, and accurate disclosure underscores the necessity of a proactive and comprehensive compliance strategy. A key takeaway is that although maintaining a strong compliance program may appear costly, the consequences of not having one are far more severe. This checklist can act as a roadmap to help firms navigate the essential tasks needed to uphold your compliance program and begin preparing for the new year.

 

Author: Anna Schnitkey, Sr. Operations Associate; Editor: Maggie Tavares, Sr. Compliance Consultant, Core Compliance & Legal Services (“Core Compliance”). Core Compliance works extensively with investment advisers, broker-dealers, investment companies, and private fund managers on regulatory compliance issues.

 

This article is for information purposes and does not contain or convey legal or tax advice. The information herein should not be relied upon regarding any particular facts or circumstances without first consulting with a lawyer and/or tax professional.

[1] This list is not inclusive of all compliance areas that advisers should be considering and is provided as guidance only.

[2] See Risk Alert: Observations From Broker-Dealer and Investment Adviser Compliance Examinations Related to Prevention of Identity Theft Under Regulation S-ID (sec.gov)

[3] See https://www.sec.gov/divisions/investment/noaction/2017/investment-adviser-association-022117-206-4.htm

[4] The SEC adopted revisions to Rule 206(4)-7 requiring all SEC investment advisers to document in writing the required annual review.  The compliance date for this requirement was November 14, 2023.

[5] See https://www.nasaa.org/industry-resources/investment-advisers/investment-adviser-representative-continuing-education/iar-ce-map/

[6] See https://www.nasaa.org/industry-resources/signing-up-for-a-finpro-account/

[7] See SEC.gov | Enhanced Reporting of Proxy Votes by Registered Management Investment Companies; Reporting of Executive Compensation Votes by Institutional Investment Managers

[8] See https://iard.com/renewal-program

[9] See 34-100155-fact-sheet.pdf (sec.gov)

[10] See Federal Register :: Financial Crimes Enforcement Network: Anti-Money Laundering/Countering the Financing of Terrorism Program and Suspicious Activity Report Filing Requirements for Registered Investment Advisers and Exempt Reporting Advisers