The Annual Compliance Review as a Cornerstone Obligation
The annual compliance review is a cornerstone obligation for every registered investment adviser, required under SEC Rule 206(4)-7 and analogous state regulations. For small RIAs, the annual review serves as both a regulatory checkpoint and an opportunity to evaluate whether the firm's compliance program remains adequate in light of changes to the business, the regulatory landscape, and the firm's risk profile. Despite its importance, the annual review is one of the most frequently cited deficiency areas in state examinations, often because firms fail to conduct it at all, conduct it inadequately, or fail to document their findings.
Scope and Comprehensive Coverage
The scope of an effective annual review should encompass every area of the firm's compliance program. This includes evaluating the adequacy of written policies and procedures, testing whether those policies are being followed in practice, reviewing regulatory filings for accuracy and timeliness, assessing the firm's advertising and marketing activities, examining the code of ethics and personal trading compliance, and reviewing the firm's cybersecurity and data protection measures. For small firms, the review should also assess whether the compliance program remains appropriately scaled to the firm's business activities.
Form ADV Accuracy and Timeliness
A documentation checklist is essential for structuring the annual review and demonstrating to regulators that it was thorough. Key documents to review include the firm's current Form ADV Parts 1 and 2, the compliance manual and all policies, client agreements and fee schedules, trade blotters and allocation records, advertising and marketing materials used during the review period, client correspondence files, privacy notices, business continuity plans, and any regulatory correspondence. Each item reviewed should be noted in the annual review report along with any findings or observations.
Investment Advisory Activities and Conflicts of Interest
Testing procedures distinguish a meaningful annual review from a superficial checklist exercise. Testing involves verifying that the firm's written policies are actually being followed. For example, if the firm's policy requires pre-approval of all advertising materials, the reviewer should select a sample of materials used during the period and verify that pre-approval records exist for each. If the code of ethics requires quarterly personal trading reports, the reviewer should confirm that reports were submitted on time by all access persons. Testing should be documented with sufficient detail to demonstrate the methodology and results.
Code of Ethics and Personal Trading
Common findings in small firm annual reviews include outdated Form ADV disclosures that do not reflect the firm's current business activities, advertising materials that were not reviewed or approved under the firm's procedures, incomplete or missing personal trading reports, gaps in client file documentation such as missing advisory agreements or unsigned disclosure receipts, and cybersecurity policies that have not been updated to reflect current threats or the firm's actual technology infrastructure. These findings are not unusual and should be addressed through documented remediation steps.
Custody, Fees, and Financial Safeguards
Remediation of identified deficiencies is a critical component of the annual review process. Simply identifying a problem is not sufficient; the firm must also document the steps it will take to correct the deficiency and establish a timeline for implementation. For more significant findings, the firm should consider whether interim measures are necessary to mitigate risk while permanent solutions are being implemented. Regulators view timely and documented remediation favorably, and a firm that can demonstrate a pattern of identifying and correcting issues is far better positioned in an examination than one that fails to conduct the review at all.
Documentation and Examination Readiness
CCO certification of the annual review provides a formal record that the chief compliance officer has reviewed and approved the findings and remediation plan. For small firms where the CCO is also the firm's principal or sole adviser, this certification takes on particular importance because it demonstrates personal accountability for the firm's compliance posture. The certification should be signed and dated, and the complete annual review report, including all supporting documentation, should be retained in the firm's compliance files for a minimum of five years.
Compliance Approved Support
Compliance Approved provides a comprehensive annual review template specifically designed for small RIAs. Our platform guides firms through every step of the review process, from scoping and documentation gathering through testing, findings documentation, remediation tracking, and CCO certification. The template is customizable to reflect each firm's unique business activities and regulatory requirements, ensuring that no critical area is overlooked.