Per Rule 204-2 under the Investment Advisers Act, there are several books and records that a Registered Investment Adviser (RIA) is required to create and retain. In addition to these requirements, additional rules are placed on RIAs by The Securities and Exchange Commission (SEC).
SEC requires that books and records be maintained and preserved in an easily accessible place for no less than five years from the end of the fiscal year during which the last entry was made on the record. Additionally, these books and records must be retained in an appropriate office of the RIA for the first two years.
With that said, it is critically important that firms implement safeguards to preserve records from destruction, tampering, and unauthorized intrusion. In our last blog, we covered Cybersecurity Requirements and practical steps that you can take to safeguard your records. In this week’s blog, we will discuss bookkeeping requirements along with how to create compliant document storage for these records.
Book-Keeping Requirements for RIA Firms
There are several records that RIAs are required to keep on file and readily accessible. Remember, you must be ready to produce these records promptly anytime there is a request from securities regulators.
Depending upon your firm’s business model and registered location, several additional books and records may be required.
As an RIA, you must keep voluminous books and records including—but not limited to—the following:
- Copies of all versions of your firm’s compliance manual;
- Annual reviews of policies;
- Annual reviews of procedures;
- Up-to-date lists of your current and former clients;
- Contact information for your current and former clients;
- All of your firm’s cash receipts, disbursements, internal working papers, and financial statements;
- Your firm’s checkbooks, bank statements, canceled checks, and cash reconciliations;
- All written agreements between your firm and your clients;
- Documentation of discretionary authority if applicable;
- If your firm only has non-discretionary authority, documentation showing client approval of transactions;
- Copies of your firm’s client correspondence, including e-mails;
- Copies of your firm’s client complaints and their resolution;
- Documentation that proves disclosure brochures and supplements were provided when required;
- Documentation proving the delivery of privacy notice when required;
- Copies of reports required by your firm’s Code of Ethics;
- If applicable, documentation related to solicitor relationships;
- Your firm’s advertisements, including all websites, blogs, and social media used for business purposes.
Creating Compliant Document Storage for Record Keeping
Creating a secure system for your compliant document storage is crucial. As an RIA, you must consider several factors when it comes to cloud storage. First, think carefully about how documents are stored on your computer and devices. Secondly, think about your process of moving information from local storage to the cloud and the process of moving files back and forth between you and your clients. Finally, choose your cloud storage solution wisely and think carefully about how you can protect it. To help you stay in compliance with record and book-keeping requirements, here are a few actionable steps to take.
Secure your devices with strong passwords
As a best practice, remember to log out of your computer anytime you walk away from it, even if it is for only a few minutes.
Use encryption software
This ensures that the documents stored on your device are not fully accessible on your hard drive if your computer is hacked. A few potential solutions for this include BitLocker Drive Encryption for PC users, OSX for any devices running iOS, and Symantec for Windows and Apple operating systems.
Don’t neglect your mobile devices
As a best practice, try not to keep any client information on your personal phone. Remember, since many mobile devices link to cloud services like Google Drive and Dropbox, they must be treated like a computer. Additionally, use a protected PIN to secure your device.
Secure the transmission of data
Always use a secure Internet connection. If you travel frequently for work, invest in a private VPN and avoid unsecured public networks.
Secure your documents on the cloud
All cloud-based software uses different levels of encryption. For RIAs, 256-bit is what FINRA has recommended as the new standard. That puts Google Drive or Dropbox out of the running.
For more information on compliant document storage, read our blog on Cybersecurity Options for Financial Advisors.
Special Notices for Outsourcing Book-Keeping
On October 26, 2022, the Securities and Exchange Commission (SEC) proposed a new rule that would impose specific due diligence and monitoring requirements on RIAs who choose to outsource certain functions of their business to service providers. While many RIAs may be tempted by the thought of outsourcing their book-keeping, this new proposed rule is important to consider.
About Bridgemark Strategies
Bridgemark Strategies is a leading M&A, recruiting, and consulting firm. We help advisors evaluate, assess, and negotiate the search for a broker-dealer, RIA, and strategic partner. Our team makes it easy for advisors to find their next firm. Reach out to us today at (866) 266-8823 or on the web through our contact form to set up a confidential discussion and learn more about our services.