Advisers’ Year-End Checklist for 2024

Get out Your Checkbook and Update Your Registration

Annual Renewal Program for IARD System: The IARD Renewal Program facilitates the annual renewal of investment adviser (IA) firms and their IA representatives’ (IARs) registrations with states. Check out the 2025 Renewal Bulletin here.  Preliminary renewal statements are available through E-Bill (as of November 11).  Renewal statements reflect the registration renewal fees and annual system processing fees for all IARs and state-registered IA firms.  Your firm must have sufficient funds available in its Flex-Funding or Renewal Account on December 9, 2024, and payments can take up to two days to process, so submit your payments by December 5, 2024. Payment in full for preliminary statements is due December 9, 2024.  Questions?  Check out the FAQs.

Investment Adviser Notice Filings

In addition to filing with the SEC, federally registered investment advisers (RIAs) are required to comply with state notice filing laws (and pay filing fees) in the jurisdictions where they have advisory clients. SEC-registered investment advisers are allowed up to five clients in most states (as long as the adviser does not have a place of business in the state) before having to submit a notice filing in that state. Before taking on the sixth client, however, the adviser would need to submit a notice filing.  Most states exempt firms from notice filings if their only clients are other investment advisers, broker-dealers, or institutional investors. Moreover, some states require SEC-registered advisers to submit a notice filing before taking on their first client, such as Louisiana and Texas. Check out this handy website from Thompson Hine that compiles the investment adviser notice filing laws for all 50 states and the District of Columbia.   

RIAs should confirm whether any new notice filings are required before year end. Request a client list that includes the client’s state of residence and the client type (e.g., institutional or individual), and compare this list to the states where the firm has notice filings (See Form ADV Part 1A, Item 2.C.) The firm should also confirm whether notice filings have been made in states where it has recently opened new offices. Firms can also save money by deciding not to register in states where they no longer have clients or offices. 

Making a notice filing is easy.  Most states require that investment advisers check the relevant state box on Form ADV Part 1A, Item 2.C., and pay a fee. Fees vary by state, ranging from $30 to $500. IARD’s website provides a fee schedule for all 50 states here.  

Investment Adviser Representative Filings

The individuals responsible for providing investment advice (investment adviser representatives, or IARs) are regulated by the states where they do business and have clients, even if they work with an SEC-registered advisory firm. Each state has its own requirements for IAR registration. As a threshold matter, an individual who meets the “Investment Adviser Representative” definition under the Advisers Act and has a place of business in a state will have to register with that state.  Advisers Act Rule 203A-3(a)(1) defines an investment adviser representative as a supervised person of an investment adviser who has more than five clients who are natural persons and not qualified clients, and more than ten percent of whose clients are natural persons who are not qualified clients.

RIAs should confirm whether their IARs must register in additional states before year end. In most states, IARs register using Form U-4, the Uniform Application for Securities Industry Registration, on the Central Registration Depository System (CRD).  In addition to filing the registration form, IARs must meet specific qualification requirements.  Many states require that IARs pass (1) the Series 65 Uniform Investment Adviser Law Examination or (2) the Series 7 General Securities Representative Examination, combined with Series 66, the Uniform Combined State Law Examination.  States may also grant waivers to these requirements for IARs with certain professional designations, including Chartered Financial Analyst (CFA), Chartered Investment Counselor (CIC), Certified Financial Planner (CFP), and Chartered Financial Consultant (ChFC).  States may also require IARs to submit a copy of their fingerprints to the licensing division for criminal background checks. Many states waive examinations and background checks for individuals currently registered in another state. 

Update Organizational Charts

As noted in an EXAMS Risk Alert from 2023, SEC staff routinely requests organizational information from advisers, including its organizational structure, affiliations and control persons.  Staff will also ask for a list of current and former supervised persons, officers and directors.  To be ready, firms should update their organizational charts periodically.

Update Business Continuity Plans

Similarly, business continuity and disaster recovery plans should also be reviewed at year end. Confirm that the plans and information in those documents remain correct and update as necessary.

ERISA PTE 2020-02 Annual Review

Firms that rely on ERISA Prohibited Exemption 2020-02 (“PTE 2020-02”) must complete the required annual retrospective review and get a written certification from a Senior Executive Officer. The review must be completed annually and no later than six months following the end of the period covered by the review.  Since this is not a new requirement, firms should already have a process in place for reviewing the account opening process, along with a sample of account documentation, to determine whether the policies and procedures for compliance with PTE 2020-02 are being followed. 

This review is meant to help firms detect and prevent violations of – and achieve compliance with – the Impartial Conduct Standards. The methodology for conducting the review and the results must be included in a written report provided to a Senior Executive Officer. Finally, a Senior Executive Officer must certify that he or she has read the report, and that the firm has policies and procedures prudently designed to achieve compliance with exemption PTE 2020-02. The certification must also state that the firm has a prudent process to modify its policies and procedures as business, regulatory, and legislative changes and events dictate and to periodically test its policies and procedures’ effectiveness.

Regulation S-ID Annual Assessment

Although Regulation S-ID, the “Identity Theft Red Flag Rule,” was enacted in 2013, many firms are unaware that it imposes an obligation on investment advisers to assess periodically whether they offer or maintain covered accounts. Firms with covered accounts must establish a program designed to detect, prevent and mitigate identity theft in connection with the opening or maintenance of covered accounts. A covered account is defined as:

1. an account that a financial institution or creditor offers or maintains, primarily for personal, family, or household purposes, that involves or is designed to permit multiple payments or transactions; or
2. any other account that poses a reasonably foreseeable risk to customers of identity theft.

Firms should review the Risk Alert issued by EXAMS in 2022 on this topic for more tips on how to comply.  Even if the firm has no covered accounts, the SEC expects documentation of a periodic assessment, so make sure it is in the file.

Review the Firm’s Privacy Policy

Under Regulation S-P, investment advisers are required to provide their clients with a privacy notice describing their policies regarding the disclosure of clients’ non-public personal information. The notice must be provided when the client relationship is established and on an annual basis unless the following exemption applies. Advisers do not have to provide clients with an annual privacy notice if they (1) do not share nonpublic personal information with non-affiliated third parties (other than as permitted under certain enumerated exceptions, e.g., to service providers who perform services on behalf of the financial institution, or as necessary to administer a transaction requested or authorized by an individual); and (2) have made no changes to their privacy policies since the last time the policy was sent out.

The SEC provides a safe harbor for an adviser to meet its disclosure obligations under Regulation S-P by using the SEC’s 2011 Model Form. Advisers should review their privacy notice at least annually and consider whether updates are needed.

Prepare for Annual Review of Compliance Program

Rule 206(4)‑7 under the Advisers Act generally requires registered investment advisers to evaluate, at least annually, the adequacy of their compliance policies and procedures and the effectiveness of their implementation. As part of that process, chief compliance officers should also review their firm’s most recent annual compliance review, both to ensure that any deficiencies or discrepancies uncovered have been corrected and as a baseline to consider what material changes in a firm’s operations, organization and practices may need to be addressed.

• Review your compliance calendar. Review the compliance calendar to make sure the testing and monitoring required by the compliance manual are complete and documented. Confirm whether firm committees have met as required by the compliance manual. For example, does the firm have written minutes for all of its Best Execution Committee meetings? Has the Valuation Committee met as required, or if not, why not?
• Review the Most Recent Annual Review and Fix Identified Defi RIAs should read their most recent annual compliance review to confirm that any identified deficiencies have been addressed or a plan has been implemented to fix them in the new year.
• Update the Risk Assessment. Year-end is a good time to review the firm’s risk assessment. It is important to consider whether an adviser’s risk profile has changed and what those changes require. Although firms should review their risk assessments throughout the year, many firms do not make it a priority.  In a nutshell, an RIA’s risk assessment should:
  • Document a list of risks posed by the firm’s business practices,
  • Assign a rating to each risk based on the probability that the risk will occur and its severity and prioritize higher risk items for mitigation, testing and monitoring,
  • Mitigate identified risks using written policies and procedures, including periodic testing and monitoring.
  • Review and update the risk assessment as changes are made to the firm’s business, operations, and client base.
• Read this article: Write the Best Annual Compliance Review Ever. We’ve compiled our best advice on how to approach the annual review.

Annual Verification of New Issue Eligibility

Private fund managers that invest in IPOs should also consider getting an annual verification from investors that they are not “Restricted Persons” under FINRA Rule 5130. FINRA Rules 5130 and 5131 prohibit broker-dealers and their affiliates from selling or allocating shares in all IPOs of equity securities (“New Issues”) to funds in which “Restricted Persons” have a significant interest. Restricted Persons include broker-dealers, persons who own or control broker-dealers, portfolio managers, and executive officers and directors of the portfolio company, among others.  Managers of private investment funds that purchase New Issues are required to ask investors whether they are Restricted Persons before their initial investment, usually through an investor questionnaire or subscription agreements.

Rule 5130 requires that investors reconfirm their “non-Restricted Person” status annually to continue participating in New Issues. After obtaining the initial representation, the annual certification may be obtained through “negative consent” letters. This means that an adviser can send a notice to investors asking whether there has been a change in their status, and if no response is received, the adviser and the relevant broker-dealer can rely on the existing information provided by that investor.  

Updates to Federal Form D and Blue Sky Filings

Firms offering securities in privately offered pooled investment vehicles (“private funds” or “issuers”) under Regulation D are generally aware of the requirement to file a Form D with the SEC within 15 days of their first sale using the EDGAR system. Form D filings are active for a period of one year and must be amended if the fund is being offered continuously. Firms must also file an annual amendment on or before the anniversary date of the previously filed notice. No amendments are required for funds where fundraising is complete, and no new commitments are being accepted. 

In addition to the federal Form D, private fund advisers must also comply with state securities or “blue sky” laws.  Under these laws, states require sellers to register their securities offering by submitting a copy of Form D, consent to service of process and payment of a state filing fee. Some states also require annual blue sky renewal filings.  For those states with renewal requirements, blue sky filings are active for 365 days from the previous filing. Failing to make required filings can result in severe consequences, including hefty fines.  Blue sky filings and submission rules vary from state to state. Many states use the North American Securities Administrators Association (NASAA) Electronic Filing Depository System (“EFD”) for submission of blue sky filings and the payment of applicable state fees, although a few still require paper filings. Fox Rothschild provides a helpful survey of state blue sky filing requirements, available here.

Conclusion

Maintaining a robust compliance program is an ongoing responsibility, and each firm has to decide for itself where to focus its time and efforts to minimize risk.  When developing a year-end compliance checklist, focus on your firm’s greatest risks and vulnerabilities first. Best of luck!

Photo by Michaela St on Unsplash