Two diverse businessmen discussing details about the Custody Rule & annual RIA Surprise Audit


Registered Investment Advisors (RIAs) serve a critical role to their clients. RIAs have strict fiduciary responsibilities and compliance requirements. One of the important compliance requirements RIAs need to follow was mandated by the Securities and Exchange Commission (SEC) regarding custody rules and an annual RIA surprise audit, also known as surprise audits. Here are 6 important things you should know about the custody rule before your RIA surprise audit.

1. The Custody Rule Protects Advisory Clients

Rule 206(4)-2 (also known as the “Custody Rule”) of the Investment Advisers Act of 1940 is one of the most critical rules adopted to protect advisor clients from misappropriation or misuse of their assets by RIAs. In December 2009, the SEC adopted additional protections under this rule, which requires advisers to undergo RIA surprise audits when they have custody of client funds or securities.

2. The SEC Has a Strict Definition of Custody

RIAs are deemed to have custody if the RIA or a related person holds directly or indirectly client funds or securities or has any authority to obtain possession of them.

3. You Need a Qualified Custodian of Your Assets

The Custody Rule requires that RIAs must maintain client funds and securities with a qualified custodian. A “qualified custodian” is defined as any type of financial institution that clients and advisers customarily turn to for custodial services. These assets can be placed in a separate account under a client’s name or in an account that contains only client funds and securities under the RIA’s name as an agent or trustee for the clients. Examples of qualified custodians are:

  • Banks
  • Registered broker-dealers
  • Futures commission merchants
  • Certain foreign entities

4. There Are Exceptions to the Custody Rule

There are limited exceptions to the Custody Rule, which apply to specific investment clients. Exceptions include:

  • Registered Investment Companies – Advisers need not comply with the rule for these clients.
  • Pooled Investment Vehicles – The SEC has ruled that advisers of pooled investment vehicles need not comply with the reporting requirements of the rule if the pooled investment vehicle is:
  1. Audited at least annually.
  2. Distributes its audited financial statements prepared in accordance with GAAP to all limited partners within 120 days of its fiscal year.

5. An Annual RIA Surprise Audit Exam Is Required

If an RIA has custody of client assets, the Custody Rule requires an annual RIA surprise audit with an independent public accountant to examine those assets on a surprise basis every year.

6. Your Accounting Firm Must Be Registered With the PCAOB

Not all accounting firms are qualified to provide an RIA surprise audit. A surprise audit must be performed by an independent public accountant who is registered with the PCAOB and subject to regular PCAOB inspection. To comply with this requirement, an independent public accountant must have provided audit services for at least one public issuer during any of the last three prior calendar years.


Office building of a firm that is undergoing an RIA surprise audit


RIA Suprise Audit: Final Thoughts 

Every investment advisor should review the Custody Rule requirements to determine the right path for their organization. 

We recommend discussing your unique situation with your audit team. As a PCAOB registered firm, Assurance Dimensions and its team of CPA auditors have performed custody examinations for SEC-registered investment advisor clients ranging from one account to thousands of accounts under custody.

Contact us today to learn how we can help with your next custody audit.