Key Factors for Conducting an Annual Review

Under the Compliance Rule (Rule 206(4)-7) of the Investment Advisers Act of 1940, Investment Advisers (RIAs) registered with the Securities and Exchange Commission (SEC) are mandated to conduct an annual evaluation of their policies and procedures (P&Ps) to assess their sufficiency and the effectiveness of their execution[1]. This process is commonly referred to as an annual review.

For financial advisors overseeing the annual review process, understanding and mitigating risk is paramount to safeguarding client investments and ensuring compliance. A well-structured approach not only minimizes risk but also maximizes client satisfaction and trust.

In this month’s Risk Management Update, we provide three key steps to keep in mind when performing an annual review. These steps delve into the proactive identification of risks and conflicts of interest, the necessity of consistent testing procedures, and the significance of meticulous documentation and implementation strategies.

Step #1: Recognizing Risks and Addressing Conflicts of Interest

The effectiveness of an RIA’s P&Ps lies in its ability to pinpoint and manage risks and conflicts of interest. To ensure a thorough annual review, RIAs should explore two key approaches: conducting a risk assessment and completing a conflict-of-interest inventory.

Although not mandated by Rule 206(4)-7, performing risk assessments can be incredibly beneficial. They assist in identifying the areas of an RIA’s compliance program that carry the highest risks. This focused approach enables RIAs to concentrate their efforts on assessing the adequacy of their P&Ps in these specific areas and, if needed, establish additional controls to mitigate potential risks in the future.

Similar to risk assessments, conflict of interest inventories play a crucial role in identifying aspects of an RIA’s business that might necessitate further disclosures. They also aid in implementing supplementary controls to alleviate risks stemming from these conflicts.

Step #2: Testing Procedures

It is imperative for an RIA to continuously test its P&Ps and existing controls to ensure their adequacy and efficiency. Simply assuming that P&Ps suffice without testing them is inadequate. Without testing, an RIA cannot determine if everything is functioning properly.

For instance, if an RIA employs varying fee structures for different clients and inadvertently charges a client incorrectly, it could lead to substantial civil and regulatory liabilities. To evaluate the functionality of the RIA’s advisory billing, conducting rolling tests and consistently documenting these assessments throughout the year is essential. This approach ensures that the P&Ps either remain sufficient or allows for the identification of issues so they can be rectified promptly, with additional controls implemented as necessary.

Step #3: Documentation and Implementation Procedures

While Rule 206(4)-7 does not mandate RIAs to generate a report documenting their annual review findings, utilizing a report can be advantageous. It helps RIAs not only document and compare reviews across different years but also serves as a guide to implement recommendations resulting from the annual review.

Regardless of the report format, it should outline the areas reviewed, documents assessed, tests performed, findings, and recommendations. Furthermore, senior management should review this documentation alongside the Chief Compliance Officer (CCO) to ensure awareness of any compliance issues and to comprehend and endorse the CCO’s recommendations.


Upon completion of the annual review, the responsibility falls upon the RIA’s CCO and their designated personnel to strategize the implementation of the review’s recommendations. The effectiveness of an annual review hinges on the execution of these recommendations. It is through their implementation that an RIA’s compliance program can adapt and evolve, effectively addressing emerging risks and regulatory mandates.

Should you or your firm seek clarification on the annual review process, testing procedures, risk assessments, conflicts of interest inventories, or require guidance in conducting an annual review, we encourage you to reach out to us at (619) 278-0020 or to arrange a consultation. Our team of compliance experts is ready to provide the necessary assistance and support.


Author: Christopher Hufty, Compliance Consultant; Editor: Anna Schnitkey, Sr. Operations Associate, Core Compliance & Legal Services (“Core Compliance”). Core Compliance works extensively with investment advisers, broker-dealers, investment companies, and private fund managers on regulatory compliance issues.

This article is for information purposes and does not contain or convey legal or tax advice. The information herein should not be relied upon regarding any particular facts or circumstances without first consulting with a lawyer and/or tax professional.


[1] COMPS-1879.pdf (