Compliance PRESENTATION

Compliance Updates Q2 2024

updated 2.20.24

Index

RIA Changes

Waystone Compliance

Advisor Assist

Cyber Security Tips

Compliance Support

Reporting Breaches

SEC Updates

Q&A

RIA Changes & Compliance

What does it mean to be an RIA?

Fiduciary Duty: RIAs are held to a fiduciary standard, which means they are legally obligated to act in the best interests of their clients. They must prioritize their clients' interests above their own and provide suitable investment advice tailored to each client's financial situation and objectives.Fee-Based Compensation: RIAs typically charge fees based on a percentage of assets under management (AUM) or on a retainer basis. They do not earn commissions on investment products they recommend, which helps mitigate conflicts of interest and aligns their interests with those of their clients. Regulation: RIAs are regulated primarily by the U.S. Securities and Exchange Commission (SEC) or state securities regulators, depending on the amount of assets they manage. They are required to register with the SEC or state securities authorities and adhere to regulatory requirements, including filing Form ADV and providing disclosure documents to clients. Investment Advisory Services: RIAs provide comprehensive investment advisory services, including portfolio management, financial planning, retirement planning, tax planning, and estate planning. They focus on developing customized investment strategies and solutions tailored to their clients' individual needs and objectives. Client Relationships: RIAs typically maintain direct relationships with their clients and act as fiduciaries, owing a duty of loyalty and care to their clients. They have a legal obligation to disclose potential conflicts of interest and provide full transparency regarding fees, investment strategies, and risks.

Advisor Assist Overview

Documentation & Logs

Regulatroy Filings

The logs required by LionStreet for charitable giving, client gifts, checks, and complaints are uploaded monthly to Advisor 360.

In addition to SEC annual filings, Advisor Assist supports with ADV, CRS and Client Agreement creation and updates.

Advisor Assist provides comprehensive compliance consulting services to help RIAs and financial advisory firms navigate complex regulatory requirements and ensure regulatory compliance.

+ info

Annual Trainings

Continued Education

Advisor Assist conducts mock regulatory examinations. As well as training sessions, webinars, and educational materials covering a wide range of compliance topics, including regulatory updates, compliance best practices, and industry trends.

Advisor Assist provides ongoing compliance support and assistance to RIAs and financial advisory firms, helping them navigate regulatory changes, address compliance issues, and stay ahead of evolving regulatory requirements.

Contact Info

Main Contacts- Chris Winn: CEO- Caleb Peress: Repsupport@advisorassist.com or by phone at 617-800-0388, Option 2.

Compliance Support

Contact Advisor Assist

Contact CCO

Fill Out Form

SEC UPDATES

SEC Compliance Rules & Regulations

1. Registration of Investment Advisers (Advisers Act)

2. Regulation Best Interest (Reg BI)

The SEC enforces a wide range of rules and regulations to protect investors, maintain fair and orderly markets, and promote transparency and integrity in the securities industry. While the specific compliance requirements may vary depending on the nature of the firm's business and the types of securities they deal with, here are ten key SEC compliance rules and regulations that financial firms typically need to follow.

3. Form CRS (Client Relationship Summary)

4. Anti-Money Laundering (AML) Program (Bank Secrecy Act)

5. Customer Identification Program (CIP)

6. Privacy of Consumer Financial Information (Regulation S-P)

7. Advertising and Marketing Rules

8. Proxy Voting Responsibilities

9. Custody of Client Assets

10. Books and Records Requirements

Frequently Updated Areas by the SEC

1. Regulation Best Interest (Reg BI): The SEC's Regulation Best Interest, which establishes a standard of conduct for broker-dealers and associated persons when they make recommendations to retail customers, continues to evolve. Changes in interpretations or enforcement actions related to Reg BI may impact financial advisors.
2. Form CRS: Form CRS (Customer Relationship Summary) is a disclosure document that provides retail investors with essential information about a broker-dealer or investment adviser. Updates to Form CRS requirements or guidance may affect financial advisors' disclosure practices.
3. SEC Examinations Priorities: The SEC publishes its examination priorities annually, outlining areas of focus for examinations of registered entities, including investment advisers and broker-dealers. Changes in examination priorities may require financial advisors to adjust their compliance practices and procedures.
4. Cybersecurity Requirements: The SEC emphasizes the importance of cybersecurity compliance for registered entities. Changes in cybersecurity regulations or guidance may necessitate updates to financial advisors' cybersecurity policies and procedures.
5. Advertising and Marketing Rules: The SEC regulates the advertising and marketing practices of investment advisers and broker-dealers. Updates to advertising and marketing rules or guidance may impact how financial advisors promote their services and communicate with clients.
6. Privacy and Data Protection: Compliance with privacy and data protection laws, such as the Gramm-Leach-Bliley Act (GLBA), is essential for financial advisors. Changes in privacy regulations or enforcement actions related to data breaches may affect financial advisors' data protection practices.
7. Economic and Market Developments: Economic and market developments can influence regulatory priorities and compliance requirements for financial advisors. Changes in economic conditions or market trends may lead to adjustments in compliance strategies and risk management practices.
8. Environmental, Social, and Governance (ESG) Investing: The SEC has shown increased interest in ESG investing and disclosure practices. Updates to ESG regulations or guidance may impact how financial advisors integrate ESG factors into their investment processes and disclosures.
9. Compliance Technology and Tools: Advances in compliance technology and tools offer financial advisors new opportunities to enhance compliance monitoring and risk management capabilities. Changes in compliance technology or best practices may influence financial advisors' adoption of new tools and systems.
10. Remote Work and Virtual Compliance Practices: The shift to remote work arrangements has prompted financial advisors to adapt their compliance practices to virtual environments. Changes in remote work policies or guidance may require financial advisors to reassess their virtual compliance procedures and controls.

+ info

Waystone Compliance

Waystone Academy

Do you have login info?Is the page bookmarked?

New Trainings coming Monday, March 4th. 2024 Due: March 31st. 2024 They Include:

• What is an RIA
• Who are Our Strategic Partners
• Updates to the Team (New advisor & Client Advocate)
• Basic Marketing and Communication Compliance
• Time Off - Submissions and Restrictions
• Phishing & Cyber Security Practices

Who Monitors Our Backups & Secures Our Data?

Short answer - The Chief of Compliance does!Long answer - Now that we are our own RIA we utilize Microsoft Azure Cloud backup to achieve and backup our data daily. Additionally, we utilize Zix for secure email encryption and FCI Cyber and CloudFlare for cybersecurity protection and data encryption. As an added level of security, we also have a VPN provider - TunnelBear for when we are not connected to our home or company encrypted WIFI.

Cyber Security Tips

Best Practices

Regular software updates and patches

Awareness of suspicious emails and links

Use of strong, unique passwords

Secure data storage and backup procedures

Two-factor authentication (2FA)

Tunnel Bear Don'ts

Tunnel Bear Do's

1. Do Use TunnelBear for Secure Browsing
2. Do Connect to TunnelBear Before Accessing Sensitive Information
3. Do Verify TunnelBear Connection
4. Do Keep TunnelBear Software Updates
5. Do Report Any Issues or Concerns

1. Don't Share TunnelBear Credentials
2. Don't Use TunnelBear for Illegal Activities
3. Don't Disable TunnelBear Without Reason
4. Don't Ignore Security Warnings
5. Don't Bypass TunnelBear for Sensitive Tasks

vs

Reporting A Breach

Assessment of Legal Obligations

Discovery and Assessment of the Breach

+ info

+ info

Internal Notification

Client & Staff Notification

+ info

+ info

Regulatory Notification

Containment and Mitigation

+ info

+ info

Reporting A Breach Continued

Monitoring and Follow-Up

+ info

Communication and Transparency

+ info

Review and Update Policies and Procedures

+ info

Questions?

1. Don't Share TunnelBear Credentials: Never share your TunnelBear credentials, including usernames and passwords, with anyone else. Keep your account information confidential.
2. Don't Use TunnelBear for Illegal Activities: Do not use TunnelBear VPN for engaging in illegal activities or violating company policies, laws, or regulations.
3. Don't Disable TunnelBear Without Reason: Avoid disabling or disconnecting TunnelBear VPN unnecessarily, especially when accessing sensitive information or browsing the internet in insecure environments.
4. Don't Ignore Security Warnings: Pay attention to security warnings or alerts from TunnelBear VPN and take appropriate action if any suspicious activity is detected.
5. Don't Bypass TunnelBear for Sensitive Tasks: Do not bypass TunnelBear VPN for sensitive tasks or activities that require enhanced privacy and security protections.

Chain of Command for Compliance Issues:

• Fill out Online Form on SharePoint: When a compliance issue is identified or encountered, the first step is to fill out the online form on SharePoint dedicated to compliance reporting.

• The online form should include fields for detailing the nature of the compliance issue, relevant dates, parties involved, and any supporting documentation.
• Notify Chief Compliance Officer (CCO): Once the online form is submitted, it triggers a notification to the Chief Compliance Officer (CCO) or their designated compliance personnel.
• The CCO is responsible for overseeing the compliance program and ensuring that regulatory requirements are met.
• Notifications to the CCO should be prompt and include relevant details to facilitate timely assessment and response to the compliance issue.
• Notify Advisor Assist if CCO is Unavailable: In the event that the CCO is unavailable or unreachable, the next point of contact is Advisor Assist.
• Advisor Assist serves as a backup or alternative contact for handling compliance issues when the CCO is not accessible.
• Notifications to Advisor Assist should include the same level of detail as notifications to the CCO, enabling them to take appropriate action in the CCO's absence.

1. Do Use TunnelBear for Secure Browsing: Use TunnelBear VPN when accessing the internet from public Wi-Fi networks or untrusted environments to encrypt your data and protect your privacy.
2. Do Connect to TunnelBear Before Accessing Sensitive Information: Always connect to TunnelBear VPN before accessing sensitive information, such as company resources, personal accounts, or financial data.
3. Do Verify TunnelBear Connection: Verify that the TunnelBear VPN connection is active before transmitting any data by checking the VPN indicator on your device.
4. Do Keep TunnelBear Software Updated: Regularly update the TunnelBear software to ensure you have the latest security patches and features for optimal protection.
5. Do Report Any Issues or Concerns: Report any issues or concerns related to TunnelBear VPN usage to the IT department or designated support personnel for assistance.

Previously:

Commission-Based Compensation: Registered representatives and investment firms under a broker-dealer typically earn commissions and fees based on the sale of investment products, such as stocks, bonds, mutual funds, and annuities. They may also receive compensation from third-party product providers for selling certain investment products.

Previously:

Transaction-Based Model: Broker-dealers facilitate the buying and selling of securities on behalf of clients and execute transactions through brokerage accounts. They may offer investment advice as part of their services but are not held to the same fiduciary standard as RIAs.

Additional Tips:

1. Use Vigilance and Common Sense:
1. Exercise vigilance and common sense when using TunnelBear VPN and browsing the internet to avoid falling victim to scams or cyberattacks.
2. Follow Company Policies and Guidelines:
1. Adhere to company policies and guidelines for VPN usage and cybersecurity to maintain a secure and compliant work environment.
3. Stay Informed About Security Best Practices:
1. Stay informed about security best practices and emerging threats to enhance your cybersecurity awareness and protect yourself online.

Previously:

Under the broker-dealer LionStreet we were held to the Suitability Standard which requires firms to recommend investments that are suitable based on the client's financial objectives, risk tolerance, and other relevant factors.

Previously:

Regulation: Broker-dealers and their registered representatives are regulated by the SEC and the Financial Industry Regulatory Authority (FINRA). They must register with FINRA and adhere to regulatory requirements, including compliance with FINRA rules, securities laws, and regulations governing sales practices and client communications.

Previously:

Broker-dealers and their registered representatives typically engage in transactional relationships with clients, executing trades and providing investment recommendations based on the suitability standard. While they have a duty to recommend suitable investments, they may not necessarily act as fiduciaries with the same level of legal obligation as RIAs. Due to this we have been limited in our ability to provide the full level of comprehensive planning we want to give while being able to receive compensation for these plans.