4th Quarter Compliance Tasks
Now that we are in the downhill slide toward the end of the year, here are a few compliance items to consider this month:
Personal Securities Transaction Reports
CCOs typically collect and review the personal securities transaction reports of access persons for the third quarter in October. This review should be completed by October 30. If you are the CCO and sole access person for your firm, you only need to keep copies of your personal account statements in your firm records.
Firm and IAR Registrations
We are approaching CRD/IARD renewal season soon. The preliminary renewal statements typically are issued in the first full week of November. October is a good time to assess whether your firm and IARs are properly notice-filed or registered in the correct states. You may want to review your client list and note the states in which your clients reside.
As a reminder, most states follow the federal de minimis rule that allows you to have up to five clients in the state before requiring notice filing or registration. Three states - Louisiana, Nebraska, and Texas - require registration before you accept your first client. State-registered RIAs are allowed up to five clients in New Hampshire before registering, but SEC-registered RIAs must notice-file before taking on their first client.
For IAR registration, most states do not require registration unless the IAR has an office location in the state, but some states require IAR registration regardless of location. Once you determine which states the firm needs to be registered in, I can check to see if you need to register an IAR in those states.
Information Security and Cybersecurity
October is Cybersecurity Awareness Month, so this is also a good time to review your information security and cybersecurity policies and update if necessary. These policies sometimes include details regarding network hardware, software, applications, and vendors that may need to be updated from time to time. Take a fresh look at your policies and make sure you're doing what you can to protect your clients' confidential information. If you really want to get nerdy, the Cybersecurity & Infrastructure Security Agencyhas a wealth of resources available on its website.
As always, let me know if you have any questions. Happy to help!