Click Here to Download the Summary Below
🔍 Key Compliance Themes & SEC Focus Areas for 2025
1. SEC's Examination Objectives
- Investor Protection: To ensure IARs are acting in clients’ best interests.
- Market Integrity & Risk Monitoring: Identifying emerging risks and adapting regulation.
- Enforcement Through Fiduciary Duty: When no explicit rule applies, the SEC may enforce through the broad principle of fiduciary duty—a concept that’s evolving.
📌 Learn more about the SEC’s Office of Compliance Inspections and Examinations (OCIE):
https://www.sec.gov/ocie
2. Top Deficiencies and Compliance Risks
➤ Marketing Rule Violations
- Many firms still misunderstand the SEC Marketing Rule (adopted May 2021).
- Applies to even a single recipient if performance info is shown.
- Must disclose all assumptions and methodologies in hypothetical performance scenarios.
- Third-party ratings require disclosures about selection criteria, total surveyed, and independence.
📘 Rule reference: SEC Investment Adviser Marketing Rule (Rule 206(4)-1)
https://www.sec.gov/investment/im-guidance-2021-01.pdf
➤ Form CRS Deficiencies
- Most common exam deficiency in recent years.
- Must:
- Be prominently linked directly from your website
- Show the most recent review date (even if nothing changed)
- Include all required SEC “conversation starters” verbatim
- Avoid internal references like “see above”
- Records of delivery (digital or physical) are required.
📘 Form CRS FAQs:
https://www.sec.gov/investment/form-crs-frequently-asked-questions
➤ Custody Rule Oversights
- Having the ability to move client money = custody.
- Being a trustee, executor, or having SLOAs to third parties may trigger custody rules.
- Custody requires:
- Amending Form ADV to reflect custody
- Surprise audits by a PCAOB-registered auditor
- Even successor trusteeship or login access to client accounts using their credentials may count.
📘 Custody Rule Overview:
https://www.sec.gov/investment/custody-faq
3. Fiduciary Duty: Loyalty and Care
- Loyalty: Always put the client’s interest above your own—even in small matters like accepting a discount from a client.
- Care: Make recommendations based on your expertise as if you were in the client’s position.
📘 Fiduciary Duty Guidance:
https://www.sec.gov/investment/im-guidance-2019-01.pdf
4. Disclosures & Regulatory Filings
- “Say what you do, and do what you say.”
- All disclosures across:
- Form ADV Part 1 and 2
- Form CRS
- Advisory Agreements
- Website and marketing materials
...must match and be updated concurrently.
- Avoid disclosing risks for services you don’t actually offer—this is considered misleading.
5. Fees and Compensation Risks
- States may consider >2% advisory fees “excessive” (e.g., Maryland).
- Watch for:
- Hidden fees
- Inconsistencies in ADV, agreements, and custodial billing
- Charging for financial plans + AUM (risk of "double dipping")
Check competitor pricing using:
https://www.adviserinfo.sec.gov (use the zip code search)
🔐 Cybersecurity and Emerging Tech
- Cyber threats remain a priority.
- New issues around AI note-taking tools and client privacy (e.g., sharing SSNs on recorded Zoom calls).
- Must implement policies and train staff on use of AI, digital assets, and other tech tools.
📘 Reg S-P and cybersecurity compliance guidance:
https://www.sec.gov/rules/proposed/2023/34-96975.pdf
📋 Operational Best Practices
➤ Written Policies Must:
- Be tailored to your firm
- Specify who is responsible for updates (especially for Form CRS)
- Avoid "off-the-shelf" templates that list irrelevant services
➤ Recommended Blotters/Logs:
- Trade error log
- Client complaint log
- Gift log (including gifts received)
- Terminated clients
- Personal securities transactions
- SLOA and custody reviews
- Cybersecurity incident log
🧠 Training, Testing, and Documentation
- Annual reviews are not enough—quarterly check-ins advised.
- Email and trade reviews should be done weekly or quarterly, depending on activity.
- Document all compliance testing and decisions.
- Compliance culture must be top-down: management must lead by example.
🧾 Examination Process Overview
- Initial Call/Notice
- Document Request Letter
- Secure Uploads with Responses
- Follow-up Requests
- Exit Interview & Letter
- Respond to Deficiencies
📝 Tip: Only answer the questions asked. Don’t over-explain or open new doors.
🎯 Final Takeaways
- The SEC expects a mature understanding of compliance, especially as you grow from state to SEC registration.
- AI, crypto, and tech are increasingly under scrutiny.
- Document. Disclose. Train. Test. Repeat.
Very good overview of the principal areas examiners are looking as far as firm and IAR compliance are concerned. As CCO for my firm, this session was helpful in identifying a couple of compliance items on which I need to focus more attention.
- David D.
Best practices for developing and maintaining compliance programs -especially testing the policies and procedures regularly and documenting the tests. (2) safeguarding client assets and the ways you can take custody of client's assets.
- Jacqueline B.
Interesting points about serving as trustee for non-family. Also reviewing ADV annually. Websites for IAR
- Jennifer S.
Attendees Comments:
Very good overview of the principal areas examiners are looking as far as firm and IAR compliance are concerned. As CCO for my firm, this session was helpful in identifying a couple of compliance items on which I need to focus more attention.
- David D.
Best practices for developing and maintaining compliance programs -especially testing the policies and procedures regularly and documenting the tests. (2) safeguarding client assets and the ways you can take custody of client's assets.
- Jacqueline B.
Interesting points about serving as trustee for non-family. Also reviewing ADV annually. Websites for IAR
- Jennifer S.