Investment Adviser

How Broker-Dealers & Investment Advisers can overcome the Regulatory Risks and Challenges of Remote Work

The nature of work is changing as the workforce attempts to adapt to working completely remote. For most broker-dealers and investment advisers that are working remote due to the COVID-19 pandemic and recent state issued stay-at-home orders, you’ve now become part of an actual working test of your business continuity plan and cybersecurity program all at once. And by now, many of you have discovered what works and what doesn’t. Time to stop and pivot. Welcome to remote work as the new normal— for now at least.

The COVID-19 pandemic has certainly disrupted routines for everyone, not the least of which is your normal day-to-day business activities. The massive scale of the outbreak and its sheer unpredictability have made it challenging for firms to continue to conduct their business remotely. However, by understanding the following risks associated with remote work, firms can better prepare themselves for meeting the regulatory challenges that lie ahead.

1. Treat your home office as your regular office

Although this may be difficult for some depending on your home set-up, your focus should be on establishing a dedicated space in which to work that is clean, secure, and separate from the rest of the house. Implement a “clean desk policy” similar to regular work policies so that you eliminate or at least reduce any firm/client related documents lying around your desk in plain view. You should also focus on physical safeguarding measures by being able to secure your home office and any file cabinets inside the office. Your home office should be separate enough from the rest of the house to provide some element of privacy for calls while reducing everyday interruptions and/or distractions around the house. Easier said than done, but it’s something to work toward for your security and peace of mind.

2. Review your business continuity & cybersecurity plans

In light of current events, you should revisit your firm’s business continuity and cybersecurity plans to ensure that your processes are properly aligned with your firm’s policies and procedures. If not, you may want to adjust them, or your processes, to the new normal. Even when firms are able to utilize remote working policies, they will need to prepare employees who are unaccustomed to remote working to navigate the challenges ahead. Firms that have prepared, implemented and tested “workable” contingency plans related to business continuity and cybersecurity events were likely ahead of most in terms of firm readiness. Also, firms that are experienced in working virtually and that have deployed certain collaboration technologies and infrastructure for remote working in the normal course of business will generally fair better in their ability to implement crisis management protocols and quickly adapt to unprecedented situations. For firms that rely on legacy systems and dated processes, the shift to remote work will come with significant obstacles. If your firm’s business continuity or cybersecurity plan doesn’t specifically address how to implement and continue to operate under a remote work plan, it’s time to address it.

3. Practice basic security measures

Nothing is full proof and no data is 100% secure, but there are certain basic security measures you can implement while working remote that will provide additional layers of security for better protection. Mobile security, VPN, and zero-trust network access are in high demand right now as firms rush to ensure that their employees can connect to their applications from wherever they are. While working remote, be sure to take inventory of personal vs. business equipment used for business purposes. There is a simple reason for this: personal equipment often lacks the level of security measures that firms install and implement for their business equipment. This makes using personal equipment especially susceptible to hackers especially in times of crisis. The following are simple steps you can take to limit your risk.

a. Enhance your authentication systems— Whether you’re using your phone/smartphone, computer or other external devices/drives (if permitted), it’s important to utilize some form reliable authentication system to open and operate your devices. Whether you decide to use a basic PIN, strong password or phrase or relay on biometric authentication such as fingerprint or facial recognition will largely depend on the device used and the data it contains. Regarding the use of passwords in general, some common sense goes a long way. For example, you should use strong passwords with at least eight characters of lowercase and uppercase letters, numbers and symbols; change your passwords periodically; make sure to use different passwords for different accounts; always log off when leaving your device; avoid entering passwords on computers you don’t control; and avoid entering passwords when using unsecured Wi-Fi connections.

b. Increase your personal security— Implement security measures on all devices used for business related purposes. For those of you using a work computer at home, most firms have installed anti-virus software and other security tools which add a layer of protection. If your firm provides access to a corporate Virtual Private Network (VPN), you can use it to access your firm’s network as it provides better protection by using an encrypted layered tunneling protocol where VPN users use authentication methods, including passwords or certificates to gain access to the VPN.

If you don’t have access to a corporate VPN, you can also try a personal VPN such as ExpressVPN, Norton Secure VPN, NordVPN or others, provided its permitted by your firm’s procedures and compliance dept. However, remain cautious as VPNs have limitations. They generally protect you during transit as you move from site to site, but it's up to you to stay safe and secure when you arrive at your destination site, and VPNs won’t protect you from phishing scams or other malicious software or applications. As recent as March 13th, the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Homeland Security’s cyber agency, issued an alert pointing to specific cyber vulnerabilities around working from home versus the office. CISA zeroed in on potential cyberattacks on virtual private networks (VPNs) which may make it easier to telecommute, but, according to CISA, they also open up a tempting way for hackers to get in.

If you're using your own computer and can't access your firm's internal network, at a minimum you will need to add protection by installing anti-virus software such as Microsoft Defender, Norton Security, McAfee Total Protection, Malwarebytes or others that scan for the latest virus, malware, spyware and ransomware attacks to defend yourself from hackers.

c. Update your software—make sure that applications running on your phone, laptop/desktop and their operations systems are updated and patched. Even routers need to be secured, though router makers often install these updates automatically. As recent as March 25th, in letters to Google, Netgear, Belkin and others, Sen. Mark Warner of Virginia urged vendors to help ensure that their wireless access points, routers, modems, mesh network systems, and related connectivity products remain secure and cannot be easily exploited to attack consumer systems and workplace networks.

d. Use two-factor authentication— consider two-factor authentication to provide added security when accessing sites that may contain sensitive or personally identifiable information (PII). Two-Factor Authentication (2FA), also known as Multi-Factor Authentication (MFA), is a method of authorizing a login using two pieces of authentication. The two pieces are usually defined as something the user has, and something the user knows. Under basic log-in procedures where you enter your username and password, your password serves as your single factor authentication. However, 2FA adds a second level of authentication to your basic log-in procedure by requiring two out of three types of credentials before being able to access an account.

e. Avoid phishing scams— Phishing is a cybercrime in which a target is contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into revealing or providing sensitive data such as personally identifiable information (PII).

In light of current events, the National Cyber Security Centre (NCSC) recently issued a warning that criminals are looking to exploit the spread of coronavirus to conduct cyberattacks and hacking campaigns and evidence now points to an increase in overall hacking incidents and an increase in hacking threats that use terms like "coronavirus" or "COVID-19" to trick users into handing over sensitive information or installing malicious software. Everyone can fall prey to phishing scams so it’s important to remain vigilant and follow the ten basic guidelines to keep you safe from phishing scams.

4. Contact your third-party vendors

Most of us try to leverage technology to make our jobs more efficient and effective. However, you are only as secure and effective as the vendors who assist you with your critical business functions. Remain cautious as disruptions, outages and delays may occur which can ultimately affect your business and may potentially result in notifications to your clients. Whether you rely on vendors to assist with trading systems, research & data analysis, CRM, portfolio management, social media & email archiving, compliance, cybersecurity, legal, accounting or others, all aspects of your business are considered important in terms of your internal supply chain and should be treated equally important as your lifeline to seamless operations. Check with your vendors frequently regarding their operating levels and status during this crisis and make adjustments if necessary. In the event that you consider new third-party vendors to assist you with your business, make sure you perform thorough due diligence through the use of due diligence checklists for broker-dealers or investment advisers or other means in terms of determining core considerations (e.g. security, costs, functionality, ease of use, etc.) to ensure the right fit for your firm’s size, scope and operational function.

5. Contact your regulator regarding changes to your firm’s business

In the event your firm experiences a material change to its business due to remote work policies, firms may want to reach out to your regulator to communicate such changes. The different types of notifications will largely depend on whether you’re a broker-dealer, investment adviser or branch office of either type. For example, FINRA member broker-dealers may consider notifying their designated Risk Monitoring Analyst (previously referred to as Regulatory Coordinator) based on FINRA’s recent exam and risk monitoring program transformation to a Single Point of Accountability per member firm. SEC registered investment advisers may consider notifying their SEC regional office in addition to any Form ADV filing updates if needed, and state registered investment advisers may consider notifying their respective state regulatory agency in their home state in addition to any Form ADV filing updates if needed. Notifications may be triggered by potential delays in regulatory reporting deadlines or other compliance related matters where contacting your regulator may mitigate circumstances by demonstrating transparency and open lines of communications with regulators regarding deficiencies resulting from the current crisis.

6. Check reliable resources to stay current on the developing crisis

To stay on top of current events and how they may impact you and your advisory business, you should monitor core resource sites for developments in the ever changing regulatory landscape. First, from a global health perspective, advisers should visit the WHO and CDC websites to get the latest on COVID-19 developments. Second, advisers should monitor regulatory sites such as SEC (for registered broker-dealers and federally covered advisers), NASAA and specific state regulatory websites (for state registered firms), and FINRA (for broker-dealers and dual registered advisers) on the recent regulatory developments to COVID-19. Firms should also check their specific custodians, clearing firms and other vendors specific to assisting with business operations on recent developments and contingency plans related to COVID-19.

7. Remain vigilant when using communication systems and technology

For remote workers, the majority of information sent and/or received comes from communication systems such as your phone (e.g. home or mobile device) and computer (e.g. email and video conferencing, etc.). Web and video conferencing, cloud-based file sharing and networking solutions have become critical systems allowing remote workers to continue to perform everyday functions and stay productive. Many companies including Zoom, Microsoft Teams, Cisco Webex, GoToMeeting, Free Conference Call, Google Hangouts Meet, Slack and others provide video conferencing solutions and other tools to assist remote workers, and in some cases for free in response to the current crisis. Some vendors such as Cisco and McAfee are also offering some of their security products at no charge in response to the current crisis.

However, no technology is without its set of risks. As an example, Zoom appears to be a popular choice among many firms because of its ease of set-up, use and sharing, but beware of “Zoom bombing” which is used to describe Zoom’s online virtual meetings where user sessions are interrupted or hijacked by unwelcome guests who are looking for ways to create disruption on the Internet. To protect from these types of intrusions, it’s best to familiarize yourself with Zoom’s settings and features and security measures surrounding your Personal Meeting ID (PMI) and how to avoid using your PMI to host public events which Zoom has posted on its Zoom blog.

Also, be sure to review the privacy policies of each vendor to ensure that they don’t violate your firm’s existing privacy policies or procedures. For example, some vendors may have certain privacy considerations regarding its collection and use of data (see Kate O’Flaherty’s recent Forbes article Zoom’s A Lifeline During COVID-19: This Is Why It’s Also A Privacy Risk).

8. Monitor your Cloud Storage and File Sharing Systems

Although many firms use cloud storage to store, share and maintain their books and records, the current COVID-19 pandemic has prompted many other firms to migrate to the cloud for security and ease of access for remote work. Cloud storage and file sharing sites such as Microsoft OneDrive, Dropbox, Box, SugarSync, Google Drive, Sharefile and others are popular with small to medium sized broker-dealers and investment advisers. When using cloud storage and file sharing sites, be sure to use two-factor authentication for enhanced security measures and review your policies on managed access rights to ensure that the right people have the right access to sensitive documents to adjust and update if and when needed.

However, some broker-dealer and investment advisers have yet to use cloud storage or fully migrate to a digital format and still maintain hardcopy books and records. For firms that maintain all or some books and records in hardcopy format, be sure to properly safeguard all firm and client related records maintained remotely and carefully follow firm policies on safeguarding client information.

9. Check your Form BR branch office status for changes

For broker-dealers and investment advisers, there are certain reporting obligations to FINRA regarding the type and status of each branch office through the Uniform Branch Office Registration Form (Form BR). Firms are encouraged to review its remote work policies to see how they may impact its current branch office registration status. In particular, Item 2 of the Form BR allows for firms to indicate the “types of financial industry activities conducted by the applicant at this branch office” which includes sales, investment advisory activities, investment banking/underwriting/research, market making/trading, back office operations, public finance and other. As firms shift to a remote work environment, firms may have to update their Form BRs related to specific branch offices as a result of changes in office type, changes in supervisory personnel, changes in types of branch related or other business activities or other arrangements.

10. Keep your Customers Informed (and document your communications)

Whether it’s an emerging crisis or a sudden shift toward remote work, sometimes the ability to effectively communicate with your clients becomes more difficult and complex. When it comes to clients, its best to keep the lines of communication open and frequent in terms of the developing events and how they may impact your relationship with your clients and your current and business operations. The ability to stay calm in times of uncertainty is paramount and clients need to be reassured that they’re in good hands and that their level attention and service remain steady regardless of the circumstances. When working remote and communicating with clients, you need to ensure that all communications are conducted within firm approved communication systems (e.g. email, social media, text, blogs, etc.) and that all communications are archived and properly maintained in accordance with books and records requirements through the use of vendors such as Global Relay, Smarsh and others.

Broker-dealers and investment advisers along with other businesses everywhere face unimaginable hardship as this crisis forces everyone to self-isolate for safety. No business could have predicted what we’re now experiencing. As firms face new realities, remote work brings with it a unique set of challenges to which all firms will need to adjust while mitigating risk. Inequities in firm resources and digital access which impacts a firm’s degree of readiness, further complicate matters. Firms must closely monitor the ongoing developments of this crisis to identify its implications for routine business activities and make adjustments to help adapt to new working norms. Now more than ever firms must keep a keen eye on the developing risks associated with these new norms as they navigate this unprecedented time together.

Requesting an extension to Form ADV filing requirements due to COVID-19?

Any investment adviser relying on this Order with respect to the filing of Form ADV or delivery of its brochure, summary of material changes, or brochure supplement required by Rule 204-3(b)(2) or (b)(4), must promptly provide the SEC via email at IARDLive@sec.gov and disclose on its public website (or if it does not have a public website, promptly notifies its clients and/or private fund investors of) the following information:

(1) that it is relying on this Order;

(2) a brief description of the reasons why it could not file or deliver its Form on a timely basis; and

(3) the estimated date by which it expects to file or deliver the Form.

see SEC Order IA-5463 at https://www.sec.gov/rules/other/2020/ia-5463.pdf.



California Registered Broker-Dealers and Investment Advisers are Mandatory Reporters of Elder Abuse

Broker-Dealers and Investment Advisers are Mandatory Reporters of Elder Abuse (SB 496 Financial Abuse Report)

As a reminder, effective January 1, 2020, SB 496 makes California registered broker-dealers and investment advisers mandated reporters of suspected financial abuse of an elder or dependent adult.  In addition, the bill authorizes broker-dealers and investment advisers to notify a previously designated trusted contact of the financial abuse, and temporarily delay a requested disbursement from the victim’s account.

The bill also requires broker dealers and investment advisers to notify the Department of Business Oversight (DBO), among other entities, of the suspected financial abuse of elders and notify the DBO of delayed disbursements.

Report suspected elder abuse to the DBO at SB496ReportsBDIA@dbo.ca.gov.

Here is a link to the new full bill:  SB 496, Chapter 351, Statutes of 2019.

Seven Key Elements to Building the Right Compliance Manual

Your compliance manual is the centerpiece of your compliance program and plays a critical role in helping enhance and enforce your firm’s culture of compliance.  As a former regulator and current principal of a compliance consultancy, I’m often asked about the key considerations for building an effective “audit proof” compliance manual.  Although there is no such thing as an “audit proof” manual, based on many years working with both regulators and firms of all sizes on the right ingredients for an effective compliance manual, I’ve highlighted seven key elements to building the right manual for improving your next regulatory audit.

1. Seek Expert Help to Save Time

First, whether you’re starting from scratch or updating your existing manual, you shouldn’t try and reinvent the wheel unless you absolutely have to.  Your time is valuable and probably best spent on top-line functions so seeking expert help may be the right choice for saving time while getting the right guidance needed to get started.  Although each firm is different and one size certainly does not fit all, you can make your life a lot easier if you have a baseline from which to start and then customize.  There are a wide range of vendors, service providers and/or individual consultants out there on marketplace or platform sites such as Connexien or membership directories on FINRA and NSCP offering everything from baseline templates as your starting point to more highly specialized services related to building customized compliance manuals centered around your firm’s activities.  There is no right answer as to how you approach this as long as you end up with a compliance manual that is sufficiently aligned with your firm’s business activities and supervisory processes.

2. Build Your Foundation

One of the most important steps to building the right compliance manual is to start with a good foundation.  Whether you’re a broker-dealer or investment adviser firm (or any other regulated entity for that matter), you will need to prepare a set of written supervisory procedures or a “compliance manual” that is largely based on the firm’s business activities, corresponding risks and the regulatory framework within which it operates.   As a baseline standard, it should include general compliance requirements (e.g. those that every firm must comply with regardless of product lines or business model) together with product and/or service specific compliance requirements (e.g. based on your approved business lines per your FINRA Membership Agreement for broker-dealers or Form ADV for investment advisers, etc.).  For broker-dealers looking for a good starting point, FINRA produces a WSP Checklist which is generally designed for guiding new FINRA member applicants on the minimum requirements when preparing a compliance manual during the new membership application process.  Although this certainly doesn’t cover all required areas for all firms, it’s a useful tool and good reference point when considering what you should include based on your firm’s business model and product lines.

3. Understand Policies vs. Procedures

Understanding the distinction between policies and procedures is important when constructing your compliance manual.  Although policies and procedures are separate in their purpose, they are complementary to each other in that you need both to build a comprehensive manual.  For example, a well-constructed manual will start with broad-based Policies, which consist of a formal set of rules or guidelines adopted by a firm to achieve its goals and/or objectives, and then fine-tune its actions with Procedures, which consist of step-by-step processes for accomplishing such goals and/or objectives. Policies tend to have widespread application, change less frequently and focus on the “what” and “why” by identifying company rules, explaining why they exist and when and why the rules apply.  Procedures on the hand have a narrow application, are more prone to change and tend to focus on the “how”, “when” and “who”  by describing step-by-step processes, frequency of actions taken and the specific parties responsible for carrying out those actions.

4. Emphasize Assignment of Responsibility

Assignment of responsibility is key to clearly defining lines of authority with respect to each task to be performed. This refers to the “who” in the “who, what, where, when and how” questions that firms must address when building their compliance manual. For example, firms should focus on detailing who will be responsible for conducting the supervision of various tasks.  To accomplish this step, firms should assign and list the designated supervisory principals or practice leaders who are responsible for each division, department or group and their respective compliance tasks including direct and indirect reports under their supervision.  Firms must also stay on top of any changes in key personnel that may affect the compliance manual in terms of supervisors and direct reports and their assigned scope of responsibility.

5. Align your Procedures with your Processes

With any compliance manual, striking the right balance between procedures vs. practice is important. To hit the right note, firms should consider their business processes and align their procedures around those processes. If your procedures are too vague or lack specificity, it leaves little direction or guidance for the end user or, worse yet, may cause regulators to question your actual processes, while drafting procedures that are too specific or narrow in focus might create added risk if the firm deviates from overly precise controls.  To effectively align procedures with internal processes, you should answer the remaining “what, where, when and how” questions when building your compliance manual.  For example, your compliance manual should clearly describe “who” is conducting the supervision, “what” type of tasks are supervised, “where” are the tasks and supervision conducted, “when” is supervision performed, and “how” is the supervision documented.  In this case, attention to detail on tasks specific to the organization is critical.

6. Focus on Dynamic over Static Procedures

Regardless of the type of financial service firm, regulation and its compliance requirements are in a constant state of change and keeping up with the ever changing regulatory landscape is a major focus.  You compliance manual should be treated as a dynamic document constantly evolving with your changing internal processes, controls and personnel all set against the changing regulatory landscape.  Your manual is only as accurate as its last update.  Therefore, firms should remain vigilant in their approach to remain current in terms of current and applicable rules and regulations while also staying ahead of the curve with proposed rules that could impact the firm’s future processes.

7. Test the Efficacy of your Procedures

Lastly, the best way to find out if your compliance manual is working properly is to test it.  Although many firms test the efficacy of their procedures in different ways, one of the main ways is through annual and/or periodic internal/external compliance reviews where the testing and verification processes are designed to detect any irregularities or gaps in compliance processes. These types of reviews also consider material changes in the regulatory landscape that may impact the firm and its internal controls and compliance processes.  Additionally, since regulators will most certainly test your manual against your firm’s processes, getting it right can save time and energy by effectively managing regulatory expectations during the audit process. Firms should implement corrective actions and corresponding changes to their procedures with the discovery and identification of any gaps in their compliance program.

California DBO Posts 2020 Renewal Program Calendar for Investment Advisers

The following is a list of some of the upcoming dates regarding annual renewals for investment advisers:

  • Monday 11/11/19 – PRELIMINARY Renewal Statements are available through E-Bill on FINRA – Annual Renewal page.

  • Monday 12/1/19 – DBO Reminder Email will be sent to all Licensees to renew their license for the calendar year 2020. Licensees should ensure they have an active designated email address on file.

  • Monday 12/16/19 – RENEWAL PAYMENT DUE DATE. This is the DEADLINE for receipt of Preliminary Renewal Statement payments. Review the Renewal Program Payment Options for detailed information. FINRA recommends using E-Bill to pay your Preliminary Statement. If you use other means, submit your payment with additional time to sufficiently allow for mail delivery and/or payment processing to post to your Renewal Account by the deadline. FINRA-registered firms that do not have payment posted by the deadline may be assessed a Renewal Late Fee.

  • Thursday 12/26/19Last Day to submit form filings prior to year-end. Web CRD and IARD are available form 5 AM until 6 PM Eastern Time (ET).

  • Friday 12/27/19 – Web CRD and IARD are unavailable due to FINRA statement and renewals processing.

  • Saturday 12/28/19 – 12/31/19 – Web CRD and IARD are available for QUERY-only and the creation of “Pending” filings.

Common Types of Investment Adviser Deficiencies

Whether you’re a federal (SEC) or state registered investment adviser, its good to know (and avoid) some of the common types of deficiencies affecting advisory firms based on examination findings. Here is a list of the common types of deficiencies often found during regulatory examinations of investment adviser firms:

  • Outdated or inaccurate Form ADV. Advisers are required to keep an updated copy of their Form ADV in their office for review.

  • Failing to keep accurate records of client billing. All client-billing invoices must be maintained. All billing invoices should show how fees are calculated and indicate which specific periods bill cover. If the fee is deducted directly from the client's account, the adviser must follow procedures regarding custody established under federal securities laws.

  • Lack of or missing client contracts. All clients should have an executed contract on file with the adviser for review. The contract should have a description of the services offered, a fee schedule, and a non-assignment clause. If the adviser has a contract that contains a "hedge" clause, which tries to limit the adviser's liability if the adviser has acted in good faith or with no negligence, the adviser should be aware that it may still be held liable. Advisory contracts should not contain hedge clauses since they attempt to limit a client's rights under federal securities laws.

  • Misleading business cards and letterhead. The use of certain professional designations (e.g., CLU, CFP, CIC can be confusing to the public. The use of the designation "RIA" is improper since it is not a designation approved by any professional organization. Also, affiliations with broker-dealer firms must properly be disclosed on the adviser's business cards and letterhead.

  • Advertising file deficiencies. Investment advisers are prohibited from using testimonials. Further, advisers should not make reference to a past, specific, profitable recommendation without the advertisement setting out a list of all recommendations made by the adviser within the preceding period of not less than one year, and the advertisement must comply with other specific conditions.

  • Missing documentation regarding discretionary authority over a client's account. An adviser should have the brokerage new account form and any related trading authorizations that show that the adviser has the authority to trade for the client. The adviser's contract should clearly show that the client has granted the adviser discretionary authority.

  • Inadequate financial records. All advisers are required to maintain financial records for their business which includes journals for cash receipts, and disbursements, ledgers reflecting asset, liability, reserve, capital, income and expense accounts. These records should be maintained in a manner that can be produced in a written form for an examiner to review. All records should be kept in accordance with generally accepted accounting principles.

  • Inadequate documentation of supervision. If the adviser has employees, the manager/principal will have supervisory duties over those individuals. These duties and responsibilities should be documented in a written compliance/supervision manual. The manual should encompass all aspects of the business such as the review of incoming and outgoing correspondence, the review of customer financial plans, the review of new account documentation, the disclosure of any conflicts of interest, the review of personal securities transactions, and any other items that are necessary to have procedures that ensure compliance with the various securities laws.

  • Records maintained in an electronic format. Records will be examined in the format in which they are maintained.

  • Inadequate or outdated client information. The adviser should maintain a client information document that contains the client's age, annual income, net worth (exclusive of home, furnishings and automobiles), the client's investment objective, the name of the person that solicited the account, and the prior investment activity of the client. It is suggested that the above information be supplemented by other information such as client liabilities, expenses, financial goals, risk tolerance, marital status, number of dependents, and insurance coverage. All of this information should be kept current.

  • Consistency of records. Examiners will compare the customer new account information, client contract, and customer information document with the services or advice actually provided to its clients. An adviser must maintain adequate information on its customers to document the suitability of the recommendations made. Examiners will also look thoroughly at the recommendations made where the client has granted discretionary authority to the investment adviser.

  • Agent Not Registered. Registration is generally required for any person that receives any compensation or other remuneration, directly or indirectly, from the investment adviser in connection with the solicitation or referral of a client for the adviser and/or prepares or offers investment advice to a client.