A man highlighting papers in a three ring binder that are for a custody audit


Registered investment advisers (RIAs) are often thrown off balance by the Security and Exchange Commission (SEC) custody rule and how it applies to a surprise custody audit. The most common violations disclosed by the SEC National Examination Program show adviser confusion related to custody over online client accounts, RIA surprise audit requirements, and instances related to authority over client accounts.

Rather than making assumptions about custody, advisers must understand the basics to avoid potential violations. In this article, we will discuss the custody rule and how to prepare for your surprise custody audit.


SEC Custody Rule (Rule 206(4)-2)

The SEC’s Custody Rule (Rule 206(4)-2) under the Investment Advisers Act of 1940 requires RIAs who have custody of client assets to use certain safeguards to protect those assets. One of those safeguards includes annual surprise audits of the custodian’s records by an independent public accountant.

What Is Custody According To Rule 206(4)-2?

If an RIA has direct or indirect access to your funds or securities, or if they have the authority to gain possession of them due to their advisory services, they are considered to have custody. Here is what that means:

  • Physical Possession: If the RIA physically holds your cash or securities, they have custody. This involves actual possession of the assets.
  • Withdrawal Arrangements: If the RIA has an arrangement that allows them to withdraw your cash or securities maintained with a custodian, this is also considered custody. This arrangement is typical when advisers have discretion over your account and can make transactions on your behalf.
  • Legal Ownership or Access: Any situation that gives the RIA legal ownership or access to your cash or securities also qualifies as custody. For instance, if the adviser acts as a general partner for a limited partnership in which you’re an investor or as a manager of a limited liability company where you hold membership, they are seen as having custody of your assets.

Exceptions to a Surprise Custody Audit

There are three significant scenarios where the SEC doesn’t mandate an annual surprise custody audit or considers it to be inherently met:

  1. Fee Deduction: If the RIA’s custody of client assets is exclusively due to the authority to deduct advisory fees, there is no need for an annual surprise examination.
  2. Pooled Investment Vehicle: If the RIA’s client is a pooled investment vehicle (for example, a mutual fund) and it’s subject to an annual U.S. GAAP financial statement audit and delivers these to pooled investors, the annual surprise examination is not required. However, the audit must be performed by an independent Public Company Accounting Oversight Board (PCAOB)-registered accountant, and the audited financial statements must be sent to the investors within 120 days of the fiscal year-end or 180 days after the fiscal year-end for a fund of funds.
  3. Related Person: An RIA is considered to have custody if a related person holds or can obtain possession of a client’s assets. However, the annual surprise examination requirement is considered satisfied if this related person is operationally independent of the RIA.


How to Prepare for A Custody Audit

While an RIA will not know when the surprise examination will occur, there are specific steps you can take to prepare for the audit.

  1. Review existing client and custodian contracts to identify which accounts are subject to custody.
  2. Engage legal or compliance experts for complex situations where custody is not immediately clear.
  3. Keep an updated account listing of which accounts are subject to a surprise examination.
  4. Ensure your records are up-to-date with current contact information for clients, custodians, and other third parties relevant to the privately offered securities.
  5. Update internal control documentation and explain how processes work.



Understanding the custody rule confuses even the most seasoned securities professionals. That’s why we’re here at Assurance Dimensions. We encourage you to chat with our CPA auditors and accounting professionals to ensure you have the tools and knowledge necessary to comply with the SEC’s custody requirements.

Contact our team for more information on this topic or to learn how Assurance Dimensions accounting and audit specialists can help.


A woman who is an accountant reviewing documents on her laptop for a custody audit engagement