Speaking at the debut Junxure Advisor Conference on Monday, noted securities attorney (and Investment Advisor columnist) Tom Giachetti warned the 180 attendees that since Bernie Madoff and the Dodd-Frank Act, "the SEC has gotten better on asking smart questions" in its exams of RIAs.
The questions asked of advisors and the areas of concern to the examiners is "much different than in 2008, 2009, even 2011," he said, suggesting that RIA firms that have not updated their internal recordkeeping and documents could be in for a very nasty surprise when the examiners come to call.
The attendees at the first Junxure users conference included RIAs, dually registered advisors and independent broker-dealer reps, and they crowded into the main auditorium at the Hilton Anatole in Dallas to be alternately lectured and cajoled by Giachetti (right). Junxure co-founder and CEO Greg Friedman introduced Giachetti by saying that while he has been traveling with Giachetti on a multi-city compliance roadshow this year, and that he is Friedman's own securities attorney at his Private Ocean wealth management firm, Friedman always learns something new when Giachetti speaks, even if what he hears can be scary.
There have been three main areas of concern for the SEC post-Madoff and DFA, Giachetti reported: custody, due diligence, and privacy/confidentiality. However, the SEC now has added a fourth area: business continuity plans (BCPs) and disaster recovery (it's not just the Feds who are worried about BCP, as Giachetti wrote in his August column for Investment Advisor, the states are concerned as well.)
Giachetti doesn't suffer fools gladly, especially those in the compliance consulting business: "some are good, some are terrible," he said. Beyond whether he thinks his firm, Stark & Stark, is the ne plus ultra of compliance (which he does), Giachetti's main point was that advisors' documents not only be up-to-date, but that they match their actual practice.
For example, Giachetti said that your firm's business continuity plan "can't be dated four or five years ago; old ones won't cut it anymore." With BCPs as well as your policies and procedures manual, you have to "show the government you look at your documents every year."
The biggest problem with "canned" compliance packages is not only that they may not reflect current regulatory concerns, he said, but that they don't match either what an advisory firm is required to do, or what the firm actually does. One other thing on compliance consultants: if they hand you a policies and procedures manual in PDF format, "fire them," because to take control of your practice's compliance, you must have the ability to edit and customize the manual to match your firm's specific activities.
Here's one example of where canned documents are "terrible." As he does during all his speeches (at least those that this writer has attended over the years), Giachetti first asked the Junxure audience how many were RIAs. He then asked those attendees how many had a money laundering policy. When several hands stayed up, he delivered his customary zinger: "You don't need a money laundering policy! Get rid of it."
On the question of due diligence, Giachetti said "you can't count on your custodian's own due diligence" to satisfy examiners; "if you hire your own managers, you have to have written" proof that you conducted due diligence on those managers. For larger firms with multiple offices, Giachetti said the SEC has adopted the "FINRA model on branches." Too many advisors are also running afoul of the SEC by failing to file Form 13F, the quarterly report of equity holdings by RIAs who have discretionary authority over $100 million or more of exchange-listed equity securities (Giachetti goes into more detail on who should file 13F in his September column.)
He warned that in the current atmosphere, SEC examiners are "looking to set examples for the advisor community, so make sure your policies jibe with your ADV and your disclosure statements; take control of your documents." Further, if you have a "two-, three- or four- year-old policies and procedures manual," you won't be able to demonstrate to the examiners that "you have a 'culture of compliance.'"