Presented by the Securities and Investment Professional Liability Practice Group

Legal Updates for Securities - September 2019


Key Issues for Regulatory Examinations for State-Registered Advisers

Prepared by John P. Quinn, Esq.

The North American Securities Administrators Association (NASAA), the voluntary association of state securities regulators, recently published several reports that identified those areas of compliance that most commonly resulted in deficiency notices and/or enforcement actions arising from examinations conducted in the first half of 2019. From these reports, it is possible to ascertain state regulators’ priorities in the upcoming examination cycles. As discussed more fully below, investment advisers facing regulatory audit this year and next should expect the following issues to be of particular significance to examiners from state securities agencies:

  1. Books and Records Violations: Nearly 60% of all investment advisers examined in the first six months of 2019 were cited for one or more books and record-keeping violations. These violations included:
  • Missing or incomplete written advisory contracts (state investment adviser relationships must be in writing);
  • Incomplete financial statements for the adviser, including inadequate trial balance ledgers, incomplete or missing balance sheets and income statements, etc.;
  • Lack of client suitability information (e.g., no investment policy statement or risk profile documentation);
  • Insufficient client transaction records, including inadequate records showing customer approvals for non-discretionary accounts;
  • Inadequate written compliance policies and procedures or codes of ethics; and
  • Deficient records of delivery of disclosure documents, such as brochures and privacy policies.


      Maintaining adequate books and records is critical to compliance and risk management, and remains a primary focus of all adviser examinations.


  1. Registration: Nearly 50% of all reported investment adviser examinations resulted in deficiency notices relating to the registration of firms and their personnel. Registration violations included inconsistencies between the Form ADV Part 1 and the narrative ADV Part 2 disclosure brochures, inadequate disclosures in ADV Part 2 brochures as to services, fees, risks and conflicts of interest, untimely amendments of the ADV, and employment of representatives not properly registered in the jurisdictions in which the representative provided advisory services. Advisers renewing their registration documents for 2020 should pay particular attention to the disclosures in ADV Part 1 and Part 2 to ensure consistency and compliance with local regulations, as well as registration of all IARs representing clients in particular jurisdictions.


  1. Non-Compliant Advisory Agreements: Nearly half of all advisers examined between January and June of this year maintained deficient advisory contracts. The deficiencies ranged from inadequate fee disclosures, improper capital gains and performance fees (which may only be charged to Qualified Clients), failure to include state-specific clauses in the agreements, and missing clauses for discretionary authority and refund of fees. Regulators also found fault with advisers’ calculation of fees, particularly where such fees were calculated on assets that were not invested or investable (e.g., money market funds), and insufficient disclosures of third-party manager fees and expenses.


Advisers should review client agreements to ensure the fee and expense disclosures are complete and consistent with the advisers’ ADV. Agreements should also specify whether the relationship is discretionary or non-discretionary and should ensure compliance with local requirements, particularly with respect to arbitration, choice of law and limitation of liability clauses.


  1. Cybersecurity: Nearly one-fourth of all advisers examined in the first six months of 2019 were cited for inadequate protection of customer information. The most common deficiencies included lack of cybersecurity insurance, insufficient procedures for testing information security vulnerability, and inadequate policies and procedures for detecting and remedying data breach. The SEC and state regulators are now requiring advisers to implement and update information security policies as part of their regular compliance protocols.


Cybersecurity has become a focus of state and SEC examinations of registered investment advisers. RIAs that do not maintain insurance for data breach liability and that do not maintain specific policies and procedures for information protection, data breach response and remedy should expect to be cited for deficiencies.


  1. Advertising: One in six advisers were cited for violations of state and federal advertising rules. These violations included misleading information related to services and fees, unlawful client testimonials, insufficient website disclaimers (state regulators require website disclaimers to protect against advisers offering services in states in which they are not registered) and misleading performance data.


States and the SEC strictly construe the Advertising Rule set forth in Rule 206(4)-1 of the Advisers Act. This rule prohibits misleading information and client testimonials in advisers’ promotional materials. Performance data and projections are also prohibited absent certain disclosures, conditions and record-keeping requirements. Advisers must maintain policies and procedures to approve any communications considered promotional materials in accordance with this rule.


  1. Supervision: Sixteen percent of advisers examined were found in violation of supervision standards. Violations included the failure to conduct periodic and annual reviews of compliance policies and procedures, the failure to follow written policies, and inadequate procedures for mitigating conflicts of interest.


Advisers must review compliance policies at least annually and amend policies and procedures to address any violations, conflicts of interest and other issues that arose during the previous year.


Although not an exhaustive list, the foregoing issues have received significant attention from state regulators, and will likely be priorities to examiners in the near future.


Best Practices


The report concluded with a list of best practices that are suggested for registered investment advisers in preparation for examinations.

  1. Prepare, maintain and update all required records for customer accounts, investment advisory agreements, investment policy statements, compliance manuals, financial records for customers, and the advisory itself and disclosure documents. Back up electronic data and protect records that must be maintained under the recordkeeping rules.
  2. Review and update all advisory contracts, making certain all fees are clearly noted and adequately explained in the documents, and that the agreements comply with any local requirements.
  3. Review and revise Form ADV and disclosure brochures annually to reflect current and accurate information, filing amendments in a timely manner.
  4. Prepare and distribute a privacy policy to customers initially and annually.
  5. Calculate and document fees correctly in accordance with contracts and ADV.
  6. Implement cybersecurity procedures for detecting and remedying data breaches and unauthorized disclosures of customer information, and obtain cybersecurity insurance as a supplement to the adviser’s errors and omissions policy.
  7. Review all advertisements, including website and performance advertising, for accuracy and compliance with the Advertising Rule and any specific state rules.
  8. Update the written compliance and supervisory procedures manuals annually to ensure that these documents are still relevant to the type of business that the advisory conducts, including a written code of ethics to address conflicts of interest.
  9. Review solicitor agreements, disclosures, and delivery procedures to ensure proper disclosure and documentation of customer and third-party relationships.


As state regulators continue examinations for calendar year 2019, and prepare for 2020, registered advisers should pay particular attention to the best practices identified in the NASAA survey.



The material in this law alert has been prepared for our readers by Marshall Dennehey Warner Coleman & Goggin. It is solely intended to provide information on recent legal developments, and is not intended to provide legal advice for a specific situation or to create an attorney-client relationship.
We welcome the opportunity to provide such legal assistance as you require on this and other subjects. To be removed from our list of subscribers who receive these complimentary Securities and Investment updates, please contact If however you continue to receive the alerts
in error, please send a note to:


ATTORNEY ADVERTISING pursuant to New York RPC 7.1
© 2019 Marshall Dennehey Warner Coleman & Goggin. All Rights Reserved.