compliance to standards, regulations, and requirements to pass audit and manage quality control. concept about conformity with manager or auditor pressing buttons with icons.

How to Handle Compliance

March 23, 2022 |

shoestringria stacked color

There are many things to worry about when you’re first getting started as an independent RIA. By the nature of this industry, everything is tightly regulated, which means there is a lot of paperwork.

You have two options to handle this: you can prepare the necessary paperwork yourself (cheaper, but time-consuming and complex) or hire an RIA compliance firm to handle everything (much less stressful).

We strongly recommend you don’t handle this on your own, as any mistakes could delay your business’ launch for weeks (if not months).

A good compliance firm takes the time to learn your business model, confirms that your documents, including your Form ADV 1, compliance manuals, brochures, and marketing materials are all in good order, and that your books are compliant with both state and federal record keeping requirements.

In this article we’re going to discuss what an outsourced compliance firm can do and in the next article we will offer some tips on how to have a successful relationship with your CCO.

Engage a Compliance Outsourcing Firm

As we said initially, hiring a compliance firm is by far the least stressful method to ensure you’ve filed everything correctly and that your books are in good order. Even on a shoestring budget, you’ve spent quite a bit of money. The last thing you need is liability issues at this point.

The compliance firm will help you register your RIA correctly, even timing the registration, so your departure from your current firm (which may be accelerated by this process) and your transition to an independent RIA is as painless as possible.

The first step is to register your business with the proper authority: where depends on your total assets under management (AUM). If your AUM is under $100 million, file your registration with the state; otherwise, it’s filed with the SEC. This process alone requires a mountain of paperwork.

If any issues occur during your registration, you might not know how to handle them yourself. These firms have done hundreds if not thousands of these registrations and have likely seen just about everything.

And this is just a sample of what outsourced compliance can do. Core Compliance, one of many firms offering compliance services, provided a list of outsourcing benefits:

  • Experienced industry professionals can quickly create customized documents unique to your situation.
  • They have access to resources to help you stay on top of compliance trends and issues much faster than you could do on your own
  • In-house compliance officers wear more than one hat, especially in small firms. Outsourced compliance officers do nothing but compliance: you’re not fighting for their attention.
  • On average, those that use outsourced compliance are more likely to adhere to compliance advice and experience fewer compliance issues in the long term.

That last point is the most important. While you want your RIA to grow, you’ll attract more and more attention as you do. Sorting out your compliance strategy early on, and addressing any issues then, is much better than discovering it later as a much bigger firm (and when it will be a much bigger problem).

Having this all done for you by experts in the compliance industry makes sense. Registration and ongoing compliance are time consuming efforts, which will take your eyes off running your business (and most importantly, making money). And if something goes awry, you’re not left scrambling to try and fix it. They’ve seen it all.

Outsourced compliance firms operate outside your business, company culture and politics. They’re focused on keeping you legal, and that’s it. You can think of them as the voice of reason.

Two other vendors worth checking out are RIA in a Box and Foreside (formerly NCS Regulatory Compliance). Each offers different service levels based on what you’re looking for.

The entry-level packages include basic registration and compliance services, while middle packages offer additional services like consulting, annual reviews, and single sign-on compatibility. Top tier packages provide the most features, up to and including officer training and on-site compliance visits, but are pretty expensive.

Most reading this wouldn’t need all that and will be just fine with one of the entry-level packages to start. Expect to spend about $3,000-$5,000 or more a year on compliance alone.

Risks of Outsourcing

While we strongly recommend engaging an outsourced compliance firm early on to ensure that everything is in order, it would be irresponsible of us to say that outsourcing compliance doesn’t have its risks, just like outsourcing any other business process has risks.

The SEC itself has warned of potential risk exposure due to outsourcing your compliance activities. In a 2015 risk alert, chief among its concerns was an overall lack of communication between outsourced CCOs and the outsourcing firms they service. This led to a whole host of other issues, such as the CCOs not being able to articulate potential risks for firms and failure to confirm whether or not a represented firm had implemented any of the recommendations they had given.

Among the 20 or so firms the SEC interviewed, the agency found other issues like different risk factors given by principals and the CCO, generic checklists for compliance, and occasionally inadequate compliance policies. While this may scare you a bit, these issues were only present in relationships where communication was lacking.

The SEC found the following traits among outsourced CCO/RIA relationships, which we strongly recommend you emulate to ensure a successful relationship:

  • Regular in-person visits
  • CCOs and firms frequently communicate
  • Strong support of the CCO, with sufficient access to documents and information
  • An experienced CCO that takes the time to learn its client

You may notice some things in the above list that we mentioned as only coming in some of the more expensive packages from compliance firms. If you can’t afford the higher-end packages now, just go with the best that you can afford right now from an experienced vendor, with the ultimate goal of having a tight relationship with your outsourced CCO as the SEC suggests.


The Shoestring RIA is a series of articles written and published by the BillFinTM team at Redi2 Technologies designed to help RIAs as they start out on their own. We recognize just how challenging it is to venture out and build a successful business. Our articles will be focused on helping these new businesses with a wide range of topics.


The 26 Steps I Took To Set Up And Launch My Own Independent RIA

First Year Budget Template

Costs to Register as a Registered Investment Advisor Firm

Understanding the Costs of Starting and Running an RIA