Custody rule provisions aimed at preventing another Bernie Madoff swindle are tripping up financial advisers who have clients' online account usernames and passwords.
The adviser custody rule is one of
five top areas in which Securities and Exchange Commission examiners are encountering problems, the agency said Tuesday. Advisers have custody if anyone at the firm controls client assets or has “the authority to obtain possession of them,” the rule states.
One of the main deficiencies it sees is advisers not recognizing that the online access clients have granted them means they technically have custody and are subject to the rule, which requires advisers to hire an outside firm to conduct an annual surprise audit to verify client assets.
The unannounced audits typically cost $15,000 to $50,000, compliance experts said.
“This has been a real problem for advisers, especially those acting as a family office and helping high-net-worth clients with lots of things,” said Todd Cipperman, founder and principal at Cipperman Compliance Services.
(More: SEC reveals five most frequent compliance violations)
The
SEC strengthened the custody rules for advisers at the end of 2009
and for brokers in 2013, in the wake of the $60 billion Ponzi scheme perpetrated by Mr. Madoff, who maintained control of his clients' funds.
Advisers typically have account usernames and passwords when they help clients manage their affairs and don't want to have to keep going back to the client again and again for authorization, Mr. Cipperman said.
Advisers “generally don't take the news well” when they're informed they are violating the rule because they don't want to tell clients they can't offer them this higher level of service anymore, but they also don't want to pay for the audit, he said.
The SEC has been identifying the problem in deficiency letters sent to advisory firms for years, but advisers are still surprised when their compliance professionals bring it up.
(More: Boost in SEC examiners to enable closer scrutiny of RIAs)
“The custody issue can create some real serious compliance issues that are usually unintended,” said G.J. King, president of RIA in a Box.
Advisers can avoid the problem by choosing not to have access to clients' online accounts and instead relying on them to provide a copy of their statements, he said.
Some accounts allow clients to create more-restricted access for their adviser, who is given his or her own credentials to see the client's account but not control the assets, Mr. King said.
Similarly, some account aggregation platforms allow advisers to view client assets through a third-party and never touch client usernames and passwords, he said.
In addition to requiring a surprise review, the custody rule mandates advisers file a form each year with the SEC about the audit.
Karen Barr, president and chief executive of the Investment Adviser Association, recently wrote
a blog post arguing that the current SEC transition offers an opportunity for the agency to
take a new look at existing regulations, specifically suggesting the custody rule could be streamlined.
