During a meeting with a client on November 18, financial advisor Matt Fizell looked down at his phone and saw an incoming alert; a call from the Wisconsin Department of Financial Institutions.
“Shoot, I’m going to have that audit before the end of the year,” he thought to himself.
Fizell, who founded a Madison, Wisconsin-based RIA called Harmony Wealth in May , knew the call was coming. (Regulators tell RIAs they can expect to be audited in about six months.) But he didn’t know when exactly the audit would take place. He was not thrilled about spending the start of the holiday season preparing for and being the subject of an official inspection. When his caller ID showed the department, Fizel said he felt anxious, nervous and stressed.
The same day as the call, Fizell received a letter from the Wisconsin Department of Financial Institutions instructing him to securely upload a list of documents online to the regulator within fifteen days.
The list was comprehensive and in-depth. The regulator requested Harmony Wealth’s assets under management, income statements, balance sheets and other documents. It also needed a list of his clients and his agreements with them, all emails and other communications sent to and received from clients in the past 12 months, and any advertising and communications sent to prospective clients.
None of that is unusual. Every RIA registered with state regulators or the Securities and Exchange Commission will eventually be the subject of one or more exams, Leila Shaver, founder and managing partner of the law firm My RIA Lawyer, said.
But when state regulators audit an RIA for the first time — and how frequently they audit a firm after that initial exam — can differ from state to state.
“Generally, from the state regulators’ standpoint, after your initial exam, you’re getting an exam every two to five years,” Shaver said.
In smaller states with fewer resources, the time between exams might be longer.
“There are states that have a meeting with the adviser prior to even registering the firms, states that try to examine firms within the first several months of registration, and states that use risk-based assessments that result in some lower-risk RIAs not being examined for a few years,” Chris DiTata, vice president and general counsel at RIA in a Box, a compliance software firm serving about 2,200 RIA firms managing more than $400 billion in assets, told RIA Intel.
In Wisconsin, all RIAs are required to submit to an initial regulatory exam about six months after their registration is approved. Most firms can expect another audit every three years after that if they have assets under management, Joseph Friesen, securities examiner for the Wisconsin Department of Financial Institutions, told RIA Intel. Firms without assets under management, and therefore less risky, are on a slightly longer schedule of four to five years.
[Like this article? Subscribe to RIA Intel’s’ thrice-weekly newsletter.]
At SEC-registered RIAs, Shaver said, the current trend is that they undergo a preliminary exam within the first 12 to 24 months of registering. The exam schedule after that is determined by the RIA’s risk profile, which will, in turn, determine a firm’s exam schedule going forward, according to Shaver.
A wealth manager’s regulator or geography aren’t the only factors that dictate how often a microscope is held to them. Whether they manage investments themselves, use third-party managers, or receive an influx of customer complaints might shorten the time between exams.
Advisors without any assets under management (for example, some financial planners or solicitors) have slightly longer examination cycles of four or five years, Friesen said.
Even some specific asset classes, such as cryptocurrencies, might draw more attention from regulators. “That business model opens up more risk in the sense that there are opportunities for unsuitability, a breach of fiduciary duty,” Shaver said.
There are three main types of exams: “routine” or periodic exams conducted to make sure an RIA is following the rules and regulations; “for cause” exams triggered by an incident such as client complaint or an internal inquiry; and “sweep” exams sent by regulators to one or more RIAs to gather information about a specific topic. (In October, the Financial Industry Regulatory Authority, or Finra, began an exam sweep to learn more about how broker-dealers are partnering with social media influencers, as well as their other online practices.)
Fizell submitted the documents that state regulators asked for before the December 3 deadline. Three days later, the examiner assigned to his case requested specific notes, invoices, and communications over the past 12 months from five randomly chosen clients.
Federal and state rules require RIAs to keep documents going back five years, and the past two years of documents should be in an “easily accessible place.” Examiners expect RIAs to drop what they are doing and get everything to them in the requested timeline, Shaver said.
On December 10, Fizell had his exam. The interview was scheduled for an hour and a half but only lasted 30 mins. It was far from many movie scenes, when dozens of agents descend on an office and begin rummaging through desks.
The examiner reviewed Fizell’s documentation, asked him questions about his investments and cybersecurity, checking to make sure his firm’s processes matched its Form ADV. The examiner mentioned that the Form ADV wasn’t properly linking to the firm’s website. Fizell fixed the link and his exit interview was scheduled for that same afternoon.
Fizell, who got his start in finance at a broker-dealer selling insurance, said he was taught to fear compliance. But he came out of the exam with respect and understanding for the process and what the regulators are trying to do. His advice is to know everything that is your documents, put in the hard work to do compliance well and be transparent.
“If you show that you want to do the right thing for your clients, they’re probably going to work with you, not against you,” Fizell said.
Poor preparation can lead to scrutiny and it is critical to take regulators’ questions seriously, Shaver said. She suggests reaching out to counsel to review an exam request and response.
Her firm is representing a wealth manager that didn’t hire counsel four years ago after an issue stemming from a routine exam. Which has now turned into a “nightmare issue,” for the RIA and the law firm. What might have previously resulted in a cautionary letter or small fine could cause the wealth manager to be barred from one or more states, Shaver said
And no advisor should think they can get away with something nefarious.
“These are highly trained, sophisticated attorneys, accountants. They’re peeling through page by page of your financial statements, your publicly available documents, like your ADV,” Shaver said. “They have been trained for this one thing; they will find it.”
Holly Deaton (@HollyLDeaton) is a staff writer at RIA Intel and based in New York City.