Surprise audits, a critical component of the custody rule process, carry a weight of major consequences for non-compliance. Whether the SEC discovers noncompliance or is self-reported, fines and penalties can be steep. The SEC regularly issues penalties to investment advisors who fail to maintain custody of client assets. This makes understanding the custody rule audit critical.

In this article, we’ll provide an overview of a recent SEC finding and discuss best practices for RIAs to stay compliant.


Costly Custody Rule Violations

On September 5, 2023, the Securities and Exchange Commission (SEC) charged five investment advisers for violating the SEC’s custody rule. All five advisory firms agreed to settle the charges and pay more than $500,000 combined fines.


What went wrong in the first place?

According to the SEC, the list of violations for firms included:

  • Five investment firms failed to do one or more of the following: have audits performed, deliver audited financials to investors in a timely manner, and/or ensure a qualified custodian maintained client assets.
  • Two firms failed to promptly file amended Forms ADV to reflect they had received audited financial statements.
  • One of the firms did not properly describe the status of its financial statement audits for multiple years when filing its Form ADV.

Asset protection for investors remains a top priority for the SEC. As Andrew Dean, the Co-Chief of the SEC Enforcement Divisions’ Asset Management Unit, said of these penalties, “The Custody Rule and the associated Form ADV reporting obligations are core to investor protection. We will continue to ensure that private fund advisers meet their obligations to secure client assets.”


How can RIAs avoid violating the Custody Rule?

Understanding these violations is crucial, but it’s equally important to know how to prevent such violations in practice.


1. Select A Qualified Custodian of Your Assets

The custody rule requires that investment firms maintain client assets with a qualified custodian. However, not every entity is a qualified custodian. A “qualified custodian” is defined as any type of financial institution that clients and advisers typically rely on for custodial services and is not a related party. These funds and securities are placed in a separate account under a client’s name or in an account that contains only those client assets under the registered investment advisor’s name as an agent or trustee for the clients.

Examples of qualified custodians are:

  • Registered broker-dealers
  • FDIC-insured banks
  • Certain foreign entities
  • Futures commission merchants

When choosing a qualified custodian, perform due diligence on custodians to guarantee they meet regulatory standards and do not violate the custody rule.


2. Review Exceptions to the Custody Rule

While the custody rule applies to investment advisers who have custody of client assets, there are limited exceptions. One such exception, applies to s apply to a certain subset of registered investment advisors (RIAs), polled investment vehicles (PIV). The SEC provides advisers of PIVs exemption from the reporting requirements of the rule if the pooled investment vehicle is:

  • Undergoes (at minimum) an annual audit.
  • Circulates its GAAP-audited financial statements to all limited partners within 120 days of the end of its fiscal year.


3. Maintain Good Recordkeeping

Records must be updated to reflect any changes in custody arrangements or audited financials to comply with the custody rule. So be sure to:

  • Update Form ADV to showcase any of these changes.
  • Document compliance efforts in your records.
  • Keep all records up-to-date as changes occur. 


4. Successfully Prepare for An Annual Custody Rule Audit

If a registered investment advisor retains custody of client assets, they must have an annual custody rule audit with an independent public accountant to examine those assets on a surprise basis.

While an RIA won’t know when this surprise audit examination will happen, there are specific steps to take not to be caught off guard when it does.

  • Evaluate current client and custodian agreements to determine the accounts under custody.
  • Consult with compliance or legal experts in complex situations where custody is unclear.
  • Maintain an updated account listing of accounts that are subject to an RIA surprise audit examination.
  • Keep all records up-to-date with current contact information for custodians, clients, and other third parties related to the privately offered securities.
  • Revise and update internal control documentation and explain how processes work.
  • Keep track of records of closed accounts that met custody.


5. Work with a PCAOB Registered CPA Firm

Not all accounting firms are qualified to provide a custody rule audit. These audits must be conducted by an independent public accountant registered with the PCAOB and undergoing regular PCAOB inspections. To comply with this requirement, the accountant must have provided audit services for at least one public issuer during any of the last three prior calendar years.

At Assurance Dimensions, we understand the complex reporting requirements RIAs encounter. That’s why we provide comprehensive audit services, including surprise examinations. Our fixed-fee pricing and cloud-based software have led to an intuitive, economical approach for completing surprise examinations quickly, remotely, and with minimal intrusion on your operations.

Contact us today for a free quote.