The “Compliance Rule” under the Advisers Act (Rule 206(4)-7) requires RIAs to adopt and implement written policies and procedures reasonably designed to prevent violation, by you and your supervised persons, of the Advisers Act and the rules that the Commission has adopted under the Act. Among other critical areas, these policies and procedures must address the safeguarding of client assets from conversion or inappropriate use by advisory personnel.

With the Compliance Rule in mind, firms should establish robust policies and procedures to cover and address critical risk areas in relation to the safeguarding of client assets. Areas to consider may include the following items:

• Conducting background and credit checks on employees of the RIA who will have access (or could require access) to client assets;
• Requiring authorization of more than one employee before performing activities related to client accounts or assets, like, movement of client assets, transfer of cash, changes to account information, etc.;
• Limiting the number of employees who are permitted to interact with custodians with respect to client assets. Firms may also want to consider rotation of staff on a periodic basis.
• Requiring that any questions or concerns on custody of assets should be brought to the immediate attention of the Chief Compliance Officer and/or management.
• Prohibiting employees from acquiring custody of assets by barring them to become trustees for client assets or obtaining power of attorney for clients;
• Conducting annual training for employees on the firm’s policies around safeguarding client assets and potential custody violations (e.g. accidental acceptance of custody, inadvertent receipt of checks, and reinforcement of firm policies, etc.);
• Segregating the duties when possible. Example, if the firm has an affiliated custodian, advisory personnel should be segregated from custodial personnel. Another example could be to separate personnel responsible for processing invoices and those responsible for reviewing them; and
• Implementing periodic testing to check the effectiveness of custody controls which may include, but are not limited to, the following:
  1. Reconciling client account balances and transactions to records directly received from custodians;
  2. Reviewing client addresses and names obtained from internal records and comparing to addresses and names maintained by qualified custodians;
  3. Recalculating and reviewing management and, if applicable, performance fees directly debited from client accounts; and
  4. Reviewing client account statements from the advisory firm for accuracy and required disclosures.