Safeguarding client assets is one of an RIA's most fundamental duties – and a core focus in state and SEC examinations. Yet, despite its importance, the Custody Rule (Rule 206(4)-2 under the Investment Advisers Act of 1940) remains one of the most misunderstood and unintuitive compliance areas for RIAs.
In this guest post, Rich Chen, founder of Brightstar Law Group, unpacks the nuances of the Custody Rule, clarifying when custody is triggered and how RIAs can build operational systems that reduce regulatory risk.
Advisors often assume that custody only applies when they physically hold client assets. In reality, custody can be triggered in a broad range of scenarios, including when an advisor has authority to move client assets, such as via fee deduction, Standing Letters Of Authorization (SLOAs), or even serving in a legal role like trustee or executor. In many cases, advisors don't realize they've triggered custody – and are caught off guard by the compliance consequences, particularly the requirement for an annual surprise examination by a third-party accountant.
Once custody is triggered, RIAs must comply with a host of additional regulatory requirements. These include holding client assets with qualified custodians, sending clients written notice of custodial arrangements, ensuring clients receive quarterly account statements directly from custodians, and undergoing a surprise examination – unless a valid exemption applies. Accurate disclosure of custody status on Form ADV is also essential, as SEC examiners often compare operational practices with reported information to identify inconsistencies.
The Custody Rule includes limited exemptions that may ease the compliance burden. For example, when RIAs trigger custody solely through fee deduction, they can avoid the surprise examination requirement if they satisfy the other Custody Rule requirements and fee deduction is the only basis for their having custody of client funds and securities. A similar exemption exists for SLOAs, but only when the RIA satisfies a detailed list of specific criteria – from proper documentation to annual client reaffirmations and third-party confirmations.
Custody can also arise through related persons of the firm – such as affiliates or entities under common control – which further complicates the compliance landscape. And for state-registered RIAs, custody obligations may differ significantly, with some states imposing additional requirements for firms with custody, such as net capital minimums or surety bond mandates. These financial safeguards (often triggered automatically by the presence of custody) vary by jurisdiction and must be proactively monitored – especially after events like ownership changes and changes in service offerings – to ensure ongoing compliance.
Ultimately, custody compliance hinges on operational awareness and discipline. Many custody-related violations aren't the result of bad intent, but of small missteps or overlooked details. RIAs can reduce their risk by proactively inventorying custody risk across all client relationships, reviewing internal processes and third-party practices, and building systems for documentation (e.g., creating check logs and SLOA files), staff training (e.g., ensuring compliance awareness), and review (e.g., implementing internal compliance matrices). These practices will help to demonstrate good faith efforts to comply with rules while also reducing the risk of deficiencies during audits or exams. And by treating custody compliance as a core element of the firm's integrity instead of just a regulatory requirement, RIAs can reduce risk while strengthening trust with clients and improving operational oversight!