Executive Summary
In an effort to provide premium service to clients, it’s common for financial advisors to be granted a standing letter of authorization – or “SLOA” – to enact money movements in and out of a client’s account. The use of SLOAs and other disbursement authorizations effectively allows advisors to act based on a client’s verbal requests, without “troubling” them for additional paperwork and signatures every time.
Yet the caveat is that while providing such conveniences is appealing from a client service perspective, from a regulatory perspective, the ability of an advisor to transfer money out of a client’s account – especially to a third party that isn’t the client – creates the risk that the advisor could abuse their authority. Accordingly, in this “age of Madoff”, the SEC has decided it’s necessary to issue additional compliance rules to protect consumers when it comes to advisors with standing letters of authorization (SLOAs) to make client disbursements.
In this guest post, Chris Stanley, a compliance consultant and the founding principal of Beach Street Legal, shares his perspective on the recent issuance of an SEC No-Action Letter, and supporting FAQ and IM Guidance Update 2017-01, which deems that advisors who have SLOA authority will be treated as having custody of client assets. Which means not only will those assets and accounts need to be reported for custody purposes on Form ADV, but those investment advisers who don’t comply with certain new safe harbor provisions will also be subjected to the requirement for an annual surprise exam under the custody rule as well!
Fortunately, the SEC will allow RIAs to continue to use SLOAs to support clients in limited (but still useful) circumstances, and provide additional guidance on how RIAs can avoid the custody rule if their only standing authorizations are for “first-party” transfers (i.e., moving money amongst accounts that are all the client’s, with the same account registration). Nonetheless, the reality is that most advisors will at least need to work with their RIA custodian to update account agreements and/or some of their SLOA paperwork with clients to remain compliant and avoid surprise exams under the custody rule!
The SEC’s custody rule has proved to be a real pain in the ass.
But then again, so too did Bernie Madoff (and that is perhaps the most generous of monikers).
Lest we forget, the SEC’s laser focus on the custody rule as we know it today is borne in large part out of the actions of inmate #61727-054 at the Butner Federal Correctional Institution just outside of North Carolina’s research triangle. His multi-billion dollar Ponzi scheme was unearthed in December 2008, and the SEC overhauled its custody rule a year later in December 2009. To underscore the rule’s importance (and highlighting its complexity), the SEC has since issued several Risk Alerts, nearly 20 pages of FAQs, and multiple staff speeches – all regarding the custody rule.
And in February of this year, the SEC issued yet another custody volley in the form of (1) a no-action letter, (2) an update to its custody rule FAQs, and (3) a Guidance Update. It is this latest round of hot custody action that is the subject of the article you will hopefully keep reading.
Madoff’s scheduled release, in case you’re curious, is November 14, 2139.
History Of The SEC Custody Rule 206(4)-2 (it’s brief, I promise)
The custody rule (rule 206(4)-2 under the Investment Advisers Act of 1940) is not new. In fact, it was originally adopted during the Kennedy administration on February 27, 1962. The rule remained largely untouched for over 40 years, during which time the SEC issued approximately 90 no-action and interpretive letters that on the one hand helped clarify the operation of the rule, but on the other hand created a complex patchwork that ultimately became unsustainable. In a world of certificated stocks, bonds and funds, the rule at the time essentially called for segregated bank deposits, client notification about the location of their funds and securities, mailed quarterly account statements (from the adviser), and an annual surprise exam by an independent public accountant. The rule didn’t even define custody at the time (it was found in the Form ADV instructions).
The first major amendment to the rule didn’t come until 2003, and as you might imagine it represented a significant change to the way the SEC approached custody. Rather than relying on adviser-issued account statements and an annual surprise exam, the SEC instead introduced the concept of a “qualified custodian” that – if it delivered account statements directly to clients – would allow advisers to avoid the annual surprise exam. It also defined custody within the rule itself rather than relying on the Form ADV instructions, and provided three examples designed to illustrate when an adviser has custody. And – better late than never – the amendment also brought the rule into the 21st century by recognizing book-entry securities held in custodial accounts at securities depositories.
The Madoff-derived amendments arrived six years later in the middle of the great recession and at a time when the media took turns playing Monday morning quarterback for the SEC, faulting it for not detecting the Ponzi scheme earlier. Public expectations were high, and I can only imagine the pressure felt behind closed doors at 100 F Street, NE. The SEC got burned and the advisory community as a whole would pay the price… but I get it. Thus came the custody rule amendments that comprise the rule as it exists today, which – among other changes – removed many of the exemptions afforded by the 2003 amendments, increased SEC reporting obligations, and required an “internal control report” such as a Type II SAS 70 or SSAE 16 from qualified custodians that were related to advisers.
Current State of Affairs On The SEC Custody Rule
In brief, the custody rule is designed to provide for the safekeeping of investor funds and securities, and to prevent such funds and securities from being misused or misappropriated by advisers. The three-pronged mission of the SEC is to “protect investors, maintain fair, orderly, and efficient markets, and facilitate capital formation;” the custody rule falls squarely in the “protect investors” category.
Let’s begin with the definition of custody, straight from rule 206(4)-2: “Custody means holding, directly or indirectly, client funds or securities, or having any authority to obtain possession of them.” As this year’s no-action letter and Guidance Update exemplify, the definition of custody is broader than one might initially think. To this end, the SEC provides three examples of custody within the rule itself:
Custody includes:
(i) Possession of client funds or securities (but not of checks drawn by clients and made payable to third parties) unless you receive them inadvertently and you return them to the sender promptly but in any case within three business days of receiving them;
(ii) Any arrangement (including a general power of attorney) under which you are authorized or permitted to withdraw client funds or securities maintained with a custodian upon your instruction to the custodian; and
(iii) Any capacity (such as general partner of a limited partnership, managing member of a limited liability company or a comparable position for another type of pooled investment vehicle, or trustee of a trust) that gives you or your supervised person legal ownership of or access to client funds or securities.
Example (i) is the reason why security certificates and checks made payable to the adviser for deposit into the client’s account must be returned to sender within 3 business days, but checks made payable to the custodian FBO the client account may be forwarded by the adviser to the custodian.
Example (ii) is the reason for the current custody kerfuffle, because the SEC has apparently maintained a much broader view of “any arrangement” than the industry had assumed. This particular custody trigger will be discussed at length later, but the short answer is that this example encompasses most (but not all) disbursement or money-movement authority that an adviser may possess. This example is also the reason that advisers with the authority to deduct their advisory fees from their clients’ accounts are also deemed to have custody. But as will be explained in more detail later, an adviser with custody solely because of its authority to deduct advisory fees from client accounts is exempted from the annual surprise exam requirement.
Example (iii) is the reason why advisers should not be listed as a trustee on any client account, and why they should avoid possession of a client’s login credentials to a 401(k) or other online account if – using those login credentials – the adviser has the ability to withdraw funds or securities or transfer them to another account not in the client’s name (See also, SEC Custody FAQ II.6).
Importantly, the fact that an adviser never actually exercises its authority to possess a client’s funds or securities is irrelevant; the mere existence of such authority alone triggers custody.
To reiterate, if an adviser holds, directly or indirectly, client funds or securities, or has any authority to obtain possession of them – it has custody over such funds or securities. But who cares? What are the implications for an adviser with custody?
The Implications Of An RIA Having Custody
For starters, a “qualified custodian” must safekeep the funds and securities over which an adviser is deemed to have custody. A qualified custodian is generally a bank or savings association, broker-dealer, futures commission merchant, or foreign financial institution. Think TD, Fidelity, Schwab, etc., which are the household names most advisers know as RIA custodians (though technically their back-end capabilities mean they are broker-dealers as well). The qualified custodian must maintain clients’ funds and securities in a separate account for each client under that client’s name, or in accounts under the adviser’s name as agent or trustee for the clients. The client must also be apprised of the qualified custodian’s name, address, and the manner in which the funds or securities are maintained, promptly when an account is opened on the client’s behalf and following any changes to this information.
The rule still requires that the qualified custodian send an account statement to clients at least quarterly, and it must identify the amount of funds and of each security in the account at the end of the period and set forth all transactions in the account during that period.
The adviser must have a reasonable basis, after “due inquiry,” for believing that the custodial account statements are actually being sent directly to clients by the qualified custodian. An adviser’s due inquiry must be documented in some fashion, but the SEC refrained from prescribing a single method to fulfill this documentation. The one example it listed in the 2009 amendment’s adopting release was to have the qualified custodian provide the adviser with a copy of the account statement delivered to clients. Alternatively, a quarterly written affirmation or confirmation from the custodian to this effect may also suffice (and is indeed made available by several large custodians on their adviser-use websites).
If the adviser sends supplemental account statements to clients in addition to the ones required to be sent by the qualified custodian, the adviser’s supplemental account statements must urge the client to compare the account statements from the custodian with those from the adviser.
There are several other provisions within the custody rule that are beyond the scope of this article and likely inapplicable to most readers, but there is one more provision worthy of discussion that will mercifully allow the author to transition to the aforementioned February 2017 custody developments… which is ostensibly the crux of this entire article.
Custody BUT Not Always Annual Surprise Exams
The custody rule gets a bad rap because it requires advisers with custody to undergo an annual “independent verification” by an independent public accountant.
The independent public accountant is charged with verifying the adviser’s custodial books and records and reconciling client funds and securities at its clients’ qualified custodian(s) – in other words, making sure that what the adviser claims is the status of client assets under its direct custody are really there in the amounts stated – and reporting its findings directly to the SEC (on an expedited basis if any material discrepancies are uncovered). The date of each annual independent verification (more commonly known as the annual surprise exam or annual surprise audit) will vary year to year and is unknown to the adviser in advance (though it’s up to the adviser to hire the accounting firm that will conduct the annual surprise exam). As with most business audits and regulatory exams, the process itself can be very operationally disruptive for the advisory firm for the few days that the auditors are there on site at the adviser’s office. The annual cost typically starts with at least a few thousand dollars, and can rise to tens of thousands of dollars depending on the amount of assets under custody.
But there’s a “but”. And it’s a big “but”. And I cannot lie.
The “but” is that an adviser deemed to have custody “solely as a consequence of [its] authority to make withdrawals from client accounts to pay [its] advisory fee” is not required to undergo an annual surprise exam. Such an adviser must still comply with the other provisions of the custody rule as described in the previous section (use of a qualified custodian, quarterly account statement delivery, “due inquiry”, etc.); however, the (potentially costly and operationally disruptive) annual surprise exam is out. Because the annual surprise exam is the most draconian element of the custody rule, this “but” was deemed a victory for the industry after the 2009 custody rule amendments were adopted. As originally proposed by the SEC, advisers with fee debiting authority would have been required to undergo the annual surprise exam. Most of the 1,300 comment letters received by the SEC specifically and forcefully opposed this element of the rule, and it was dropped from the final release. Phew.
At the time the SEC adopted its 2009 custody rule amendments, it estimated that a total of 1,859 advisers would be subject to the annual surprise exam requirement. It ballparked the cost of an annual surprise exam between $10,000 and $125,000 annually depending on the size of the adviser and the percentage of client funds or securities in custody. Kudos to the SEC for being receptive to industry feedback and not imposing these costs on each and every adviser with fee debiting authority.
And so the custody rule existed in this form between 2009 and 2017 – a tolerable middle ground for both the regulator and the regulated. During this time the SEC updated its custody rule FAQs several times, and it even issued a few Risk Alerts to chastise educate advisers about observations gathered over the course of its exams.
In 2013, it released a Risk Alert entitled “Significant Deficiencies Involving Adviser Custody and Safety of Client Assets,” in which it noted that its exam staff “has observed widespread and varied non-compliance with elements of the custody rule.” Notably, not one of the common deficiencies was related to an adviser’s authority to disburse client funds.
And in early February 2017 (two weeks before the release of the Guidance Update, no-action letter and FAQ update trifecta), the SEC was apparently trying to boost its SEO ranking and released another Risk Alert entitled “The Five Most Frequent Compliance Topics Identified in OCIE Examinations of Investment Advisers.” Luckily it was not released in the form of a six page click-through slideshow with an IBD advertisement on slide 3. *Ahem*. But custody rule failures did make the top five, and it did make a vague reference to advisers not recognizing that they may have custody “as a result of certain authority over client accounts.”
In the months (and years) leading up to the February 2017 Risk Alert, reports began to emerge about advisers being issued deficiency letters from their SEC examiners related to the custody rule – and specifically related to third-party disbursement authority authorized by Standing Letters Of Authorization, or “SLOAs”. Deficiencies were apparently even being issued to advisers that had the authority to move money among the same client’s own accounts.
This newfound scrutiny of advisers’ disbursement authorities was significant because effecting disbursements from their clients’ accounts – whether to authorized third-parties, or simply to help clients move money amongst their own accounts – has been a core “convenience” service offering for many advisers large and small for years. And disbursements have been explicitly facilitated by custodians using a variety of proprietary systems and forms (such as Schwab’s MoneyLink® or other custodians’ ACH or Electronic Funds Transfer forms), or by accepting an adviser’s own SLOA forms. Monthly bill paying, brokerage-to-checking transfers, single-to-joint interspousal account money movements… all potentially use SLOAs, and therefore all began to raise custody question marks.
This was cause for concern, because first-party money movement authority had not been understood by the advisory community to constitute custody for purposes of ADV reporting and annual surprise exams, and third-party SLOAs were not commonly believed to result in custody either. To clear up these seeming misunderstandings, the Investment Adviser Association (“IAA”) – in collaboration with several major custodians – requested that the SEC issue further guidance. On February 21, 2017, the SEC obliged.
Which finally, finally brings us to the trifecta of guidance described below.
Even-More-Current State of Affairs – SEC’s No-Action Letter And IM Guidance Update 2017-01
The SEC guidance trifecta released on February 21, 2017 contained three components: (1) a no-action letter, (2) an update to its custody rule FAQs, and (3) a Guidance Update.
SEC No-Action Letter To IAA
Let’s begin with the no-action letter. In its original guidance request, the IAA argued that:
An investment adviser simply following a client’s instructions to transfer assets pursuant to the limited authority granted to the investment adviser under a SLOA and the investment adviser’s corresponding direction to the qualified custodian do not result in an investment adviser “holding” client funds, give an investment adviser “authority to obtain possession” of client funds, or authorize or permit an investment adviser to “withdraw client funds” for any purpose, as contemplated by the Custody Rule.
Not one to mince words, the SEC replied as follows:
We disagree.
It cited the text accompanying a footnote in the 2003 custody rule amendments as justification for its disagreement: “An adviser with power of attorney to sign checks on a client’s behalf, to withdraw funds or securities from a client’s account, or to dispose of client funds or securities for any purpose other than authorized trading has access to the client’s assets” (emphasis added).
In other words, an adviser with the authority to disburse money to a third-party on the client’s behalf pursuant to a SLOA constitutes custody.
However, the no-action letter goes on to throw the IAA (and the advisory community) a significant bone: so long as seven specific conditions are satisfied, an adviser with third-party SLOA authority will not be subject to the custody rule’s annual surprise exam requirement. The seven conditions are as follows:
- The client provides an instruction to the qualified custodian, in writing, that includes the client’s signature, the third party’s name, and either the third party’s address or the third party’s account number at a custodian to which the transfer should be directed.
- The client authorizes the investment adviser, in writing, either on the qualified custodian’s form or separately, to direct transfers to the third party either on a specified schedule or from time to time.
- The client’s qualified custodian performs appropriate verification of the instruction, such as a signature review or other method to verify the client’s authorization, and provides a transfer of funds notice to the client promptly after each transfer.
- The client has the ability to terminate or change the instruction to the client’s qualified custodian.
- The investment adviser has no authority or ability to designate or change the identity of the third party, the address, or any other information about the third party contained in the client’s instruction.
- The investment adviser maintains records showing that the third party is not a related party of the investment adviser or located at the same address as the investment adviser.
- The client’s qualified custodian sends the client, in writing, an initial notice confirming the instruction and an annual notice reconfirming the instruction.
Each of these seven conditions should be carefully read and understood by advisers with SLOAs, because failure to comply with just one of the seven conditions will necessitate the annual surprise exam.
What’s especially interesting about the seven conditions is how many of them are contingent upon the custodian’s forms and procedures. The only condition that is exclusively the responsibility of the adviser is #6; the remainder are at least to some degree dependent on the custodian’s cooperation and independent compliance. It is for this reason that advisers would be wise to begin coordinating with their custodian(s) sooner rather than later. This will entail not only reviewing existing SLOAs to confirm if they meet the seven conditions, and asking the custodian if it intends to conform to the SEC’s SLOA guidance going forward, but understanding the go-forward forms and procedures for new SLOAs.
The logical next question is by when advisers and their custodians need to get their SLOA arrangements up-to-snuff. The SEC has officially only stated that it will allow for a “reasonable period of time” to implement the forms and procedures to comply with the seven conditions, but a ballpark timeframe of six to twelve months from when the guidance was issued in February (of 2017) seems to be consistently cited by those in-the-know (which would imply that advisers should be certain they’re compliant by early 2018).
It is also important to remember that not all SLOAs are created equal. Some, the SEC acknowledged, may not even implicate the custody rule at all and therefore do not require compliance with the seven conditions. The one example provided in the no-action letter is an arrangement under which the adviser has no discretion as to the “amount, payee, and timing of transfers under a SLOA” (emphasis added). If the adviser does have discretion as to the amount or timing of transfers under a SLOA, the seven conditions are back on the table. If the advisor has discretion as to the payee, this falls outside the no-action letter and is considered general bill-pay or check-writing authority for which the annual surprise exam is basically unavoidable.
Beginning with the next Form ADV annual updating amendment after October 1, 2017, advisers will now have to report client assets subject to a SLOA in their response to Item 9 of Form ADV Part 1 (the ADV item in which the SEC asks several custody-related questions). This is likely not a metric that advisers have historically tracked, so it will be important to either begin tracking it internally or work with their custodian(s) to understand their SLOA asset reporting capabilities.
SEC Custody Rule FAQ II.4
The SEC’s no-action letter exclusively addresses money movement from a client’s account to a third-party’s account. The updated custody rule FAQ II.4 exclusively addresses money movement among a client’s own accounts – “first party” money movements. For third-party money movements, the mechanism used to move money (by wire, ACH, or check) is irrelevant; all mechanisms result in custody as discussed above. For first-party money movements, whether the money is moved via wire, ACH, check, or journal does matter for purposes of determining custody.
An adviser that has the authority to move money among a client’s accounts via journal (within the same custodian or affiliated custodians) does not have custody.
An adviser that has the authority to have a check issued by the custodian from a client’s account, payable to that same client, and mailed to that same client’s address of record does not have custody.
Similarly, an adviser that has the authority to move money among a client’s accounts via ACH (even if to that client’s account at another custodian) does not have custody.
Custody is avoided for first-party journals, checks, and ACHs because the sending and receiving account numbers and client account names are already known to the custodian (as is the case with journals), the SEC addresses a custody carve-out elsewhere in its FAQs (as is the case with checks mailed to the client’s address of record, covered in custody FAQ II.5.A), or because the sending and receiving account numbers and client account name (including the ABA routing number(s) or name(s) of the receiving custodian) are already required to effect such a first-party money movement (as is the case with ACH transfers).
First-party wires, on the other hand, are a potential custody landmine if the adviser does not obtain enough information about where the money is going. To avoid custody when handling first-party wires, the name and account numbers of both the sending and receiving accounts must be included on the written authorization signed by the client (as well as the ABA routing number(s) or name(s) of the receiving custodian). This detailed written authorization need only be provided to the sending custodian, not the receiving custodian.
The practical effect of all this is that an adviser may very well need to replace existing first-party wire authorizations with new authorization forms issued by its custodian(s) if they do not contain the needed specificity like the destination account number. Furthermore, what technically qualifies as a first-party transfer is somewhat murky; a funds transfer from the individual account of client A to the joint account of client A+B is open for interpretation. Coordination with clients’ qualified custodian(s) will be key in this regard.
Again, the unofficial timeframe to come into compliance is six to twelve months from when the FAQ was updated in February.
IM Guidance Update 2017-01
The third piece of guidance issued by the SEC regarding potential custody issues is an actual “Guidance Update”, which in my humble opinion is – to quote the late Tom Magliozzi of Car Talk – “Non Impediti Ratione Cogitationis”… or “unencumbered by the thought process.”
The Guidance Update essentially says that a custodial account agreement between a client and a custodian in and of itself may impute advisers with custody (and potentially the annual surprise exam requirement). Mind you, this is an agreement that the adviser may not be privy to, does not have any control over, did not agree to, and did not sign. But if the client-custodian agreement contains standardized language that authorizes the adviser to disburse or transfer a client’s funds or securities, an advisory agreement between the adviser and the client that disclaims such authorization (an agreement the adviser actually signed) is effectively moot. Said another way, a client-custodian contract overrules and supersedes a client-adviser contract for purposes of the custody rule.
To avoid this “inadvertent” custody scenario, the Guidance Update recommends that advisers have both their clients and their respective custodian(s) sign a written consent to acknowledge that the adviser’s authority is limited to trading in the client’s account. Only then will an advisory agreement’s terms with respect to disbursement authority be given full force and effect.
I don’t mean to sound alarmist, as not all custodial account agreements grant general disbursement authorization to the adviser. It is simply the principle and logic of the Guidance Update that baffles me. The best course of action is for an adviser to review its clients’ custodial agreements and/or work directly with the custodian to confirm whether or not any offending language exists therein. If standardized disbursement language does exist in clients’ custodial account agreements, I would encourage advisers to put pressure on their custodians to remove the offending language and amend existing account agreements to avoid triggering inadvertent custody and an annual surprise exam. Depending on how long ago various clients signed their custodial account agreements, this may prove to be an arduous task; custodians have evolved their account agreements over the years and disbursement-related language may be different from agreement to agreement.
Additional clarifying guidance may ultimately be released to provide another “out”, but for now this is what we have to work with.
Summary – Key Points Regarding New Custody Guidance On SLOAs
- Fee debiting authority and third-party SLOA disbursement authority both trigger custody. Fortunately, fee debiting authority alone does not require an annual surprise exam, and an adviser can also escape the annual surprise exam for third-party SLOA disbursement authority by complying with the no-action letter’s seven SLOA conditions. Nonetheless, fee debiting and third-party SLOA disbursement authorities will still trigger all the other custody rule obligations (use of a qualified custodian, quarterly account statement delivery, “due inquiry”, etc.).
- Fee debiting authority does not require the adviser to report affected client accounts as “custody” assets when reporting on Form ADV Part 1, Item 9. However, third-party SLOA disbursement authority does, which means for advisers with a 12/31 fiscal year-end, be prepared to report any applicable custody assets (i.e., client accounts for which the adviser has a third-party SLOA) by the next annual updating amendment due March 30, 2018.
- First-party disbursements effected by a journal, check, or ACH do not trigger custody. A first-party disbursement via wire triggers custody unless the destination account number (and other particulars) are included on the original authorization… which means if the original authorizations do not specify the destination account number, advisers will need to replace their authorizations with a new compliant authorization form that includes the like-registration destination account details.
- Client-custodian contracts supersede client-adviser contracts for purposes of adviser disbursement authority, which means the custodian’s existing account agreements with clients could be triggering custody for advisers on their platform (unless the custodian updates its own account agreements to limit this).
- Don’t assume custodians will take care of everything; they will be instrumental in helping advisers comply and will need to update forms and procedures themselves, but the burden of custody rule compliance – and verifying whether the adviser’s various authorizations constitute custody – rests with the adviser.
Investment Adviser Action Items – Next Steps To Take On SLOA Custody Issues
- Identify the accounts for which the adviser has been granted first or third-party disbursement authority.
- For accounts with first-party authorizations – i.e., to move money between the client’s existing accounts with like-kind registrations – review the existing authorizations on file, verify they include the (like-registration) destination account number and details, and if not prepare to replace any out-of-compliance authorizations.
- For accounts with third-party authorizations – where the adviser has a “SLOA” disbursement authority to have money moved out of the account to any “third-party” account that is a different registration than the original – contact the custodian to verify whether it will be taking steps to comply with the SEC’s new requirements to avoid the SLOAs from triggering the requirement for annual surprise exams. And bear in mind that the adviser will need to include a note in the client file for every SLOA to affirm the third-party is not a related party to the adviser nor at the same mailing address as the adviser.
- Work with the custodian(s) to confirm when new forms and procedures will be in place for use with new clients and for purposes of new disbursement authorizations. Industry scuttlebutt has Schwab in the lead insofar as proactive guidance and adviser outreach among the big-four custodians, but it has thus-far taken a rather conservative approach by narrowly interpreting individual-to-joint transfers as third-party rather than first-party transfers (a position I can’t entirely disagree with at this stage). As of the writing of this article, all custodians seem to be a bit vague on when its advisers can expect updated authorization forms and procedures. Concerned advisers should contact their custodians directly as soon as possible.
- All advisers should have policies and procedures related to the safekeeping of client assets (i.e., policies and procedures related to custody). Update existing custody-related policies and procedures to conform to the new guidance trifecta if necessary, or draft new custody-related policies and procedures if they don’t currently exist. This is an area in which an attorney or compliance consultant should be able to provide tailored guidance.
- Pure financial planners that do not have fee debiting or money-movement authority will typically have the easiest time avoiding the custody rule’s compliance obligations, but many advisers will not be so lucky. To avoid triggering the custody rule altogether (i.e. more than just avoiding the annual surprise exam), an adviser with fee-debiting authority must find another way to collect its fees; an adviser with discretion as to the amount, payee, or timing of transfers under a third-party SLOA must rescind that authority and (if desired), replace it with a third-party SLOA that contains no such discretion; an adviser with first-party wire disbursement authorization without the destination account number must also rescind and replace such non-compliant authorizations. To beat a dead horse, advisers can continue to maintain fee debiting authority and third-party SLOAs (that comply with the no-action letter’s seven conditions), trigger custody, but still avoid the annual surprise exam. Existing first-party wire authorities without destination account numbers are likely where the most changes will need to be made via superseding custodial forms.
- Be prepared to update the reporting of “custody assets” when doing annual ADV updates in early 2018. Assets subject to fee-debiting authority do not need to be reported as custody assets in Item 9 of Form ADV Part 1, but third-party SLOA assets will (along with any other assets that trigger the standard custody rule). As long as advisers’ authorities are limited to fee-debiting, third-party SLOA disbursements with custodians that meet the new requirements, and first-party authorizations that include destination account numbers, no annual surprise exam is required.
- Rule 206(4)-2 technically applies to SEC-registered advisers and not state-registered advisers, but many states adopt the SEC’s rules or versions substantially similar. State-registered advisers would be wise to conform to the new guidance until their respective state issues something to the contrary.
Notably, an adviser’s attorney or compliance consultant can be particularly helpful in conforming to these various new potential custody triggers, especially if the adviser is trying to navigate the custody rule for the first time, or there is ambiguity about certain firm-specific practices that may or may not trigger custody. He or she should also be able to review the adviser’s custody practices in general to ensure no other common custody rule landmines are being tripped.
The Last Word(s) On The Multiple Tiers Of SEC Custody Rules
The SEC has made it more and more difficult for advisers to escape the entirety of the custody rule over the years, and the February guidance trifecta continues that trend. Fortunately, the trend of new guidance is to separate out “simpler” and more limited forms of custody (for which custody reporting may be required, and basic policies and procedures are necessary, but full annual surprise exams are not), from more direct forms of custody that necessitate the full scale of custody compliance and oversight (including annual surprise exams).
Yet the growing scrutiny of the SEC on custody, and the growing number of “tiers” of custody, means the Rule 206(4)-2 custody rule is becoming one of the most complex yet most important rules under the Advisers Act, and SEC examiners will continue to give it due attention (as they should). Advisers are encouraged to make good faith efforts to get their custodial house in order sooner rather than later, but I suspect that the final chapters of this custody rule saga have yet to be written. Stay tuned.
(Note: Many thanks to Laura Grossman and the rest of her colleagues at the Investment Adviser Association for advocating on behalf of advisers, partnering with custodians, and generally working with the SEC on these important custody-related issues.)
So what do you think? Do the new rules on first-party money movements and third-party SLOAs represent good consumer protections? Or just a nuisance when trying to provide a service convenience to clients? Will you be changing how you handle SLOAs and disbursement authorizations with clients in 2018? Please share your thoughts in the comments below!