4 Tips for Customizing Your Firm’s Compliance Manual

5 min read
August 05, 2019

RIA firms are, for the most part, required to maintain a compliance manual. While there are a few exceptions that have been granted at the state level for single-advisor firms, the vast majority of compliance officers will need to comply with this requirement.

The compliance manual (aka written supervisory procedures manual) is often the most dreaded compliance document of all.


Primarily due to the length of the document. Usually a firm’s written supervisory procedures manual will range anywhere from 60 pages to more than 100 pages long based on the firm’s size and operations.

The compliance manual also introduces compliance terminology that many advisors are not yet familiar with. It’s bad enough reading a long, boring compliance document. Add in the caveat that the reader is likely to be unfamiliar with many of the terms and concepts within the document and drafting and reviewing the document can seem like an insurmountable task.  

Another reason compliance manuals are difficult documents is because they contain supervisory procedures that tie the compliance officer to a specific set of tasks that may or may not be created and documented.

Just reading the compliance manual seems like a lot of work. But the work of drafting and reading the document is only the beginning of the process.

Once the compliance officer grasps the concept of the supervisory responsibilities they will have to complete on a recurring basis, they realize the process of compliance supervision has no end.

It would be nice if just reading and drafting the document once a year was the extent of the process. But every item in the document creates another set of tasks and workflows that will have to be implemented, and reviewed for the entire time the firm is in existence. These processes are time-consuming and not directly tied to the firm's growth.

Essentially the compliance manual represents everything that is “not fun” about RIA compliance. 

Despite this negative view of the written supervisory procedures manual, the request to review this document is extremely common in audits and examinations. So common that many audit deficiencies are directly tied to items that are listed in the firm’s compliance manual.

It is therefore imperative that every firm’s compliance officer spends time customizing the compliance manual and making sure there are customized workflows to support the tasks therein.

Below are four important tips for customizing your firm's compliance manual. 

Tip #1. Be Wary of Templates

Most compliance consultants will provide RIAs with a compliance manual template so they don’t have to draft the documents from scratch. This is a common practice among RIA compliance consultants and is extremely valuable from a time-saving standpoint.

The template is usually designed to cover roughly 70-80% of the items that will be required of the RIA. However, there may be some regulatory idiosyncrasies possessed by one or two state agencies that will require minor changes to the underlying themes of the categories of compliance in the document.

For example, firms may want to create customized procedures or workflows for complying with their state’s net capital or surety bond requirements.

Unfortunately, the common short route to this process for many firms is to adopt the template without actually reviewing and customizing it. This is dangerous because it gives the compliance officer a false sense of security. 

Far too often, the “compliance manual checkbox” is checked off without the document actually being customized. The result is a written and documented set of tasks and procedures that the compliance officer has attested to completing but that aren’t really getting done.

This alone can become the source of multiple audit deficiencies in a regulatory exam.

The tip here is to make the document your own, ensuring that the language from the template is reworded to reflect your understanding of the underlying compliance concept and the processes you will commit to completing.

You don't want to be your own CCO, and we don't blame you. Check out how much  simpler Registering your RIA with XYPN can be

Tip #2. Pay Attention to Detail

In most cases, people who work in regulatory offices at both the state and SEC levels are quite savvy in terms of their knowledge of compliance processes. Therefore, they are often aware that firms leverage templates from compliance consultants to make lighter work of their document drafting process.

As a result, regulators tend to look specifically for clues that show that firm owners and compliance officers have adopted a template without customizing it. Fields that are meant to “find and replace” and keywords such as “template” or key phrases such as “update as needed” are clues to the regulator that the template has not been genuinely customized.

The tip here is to scan the document upon adopting it to ensure there are no outstanding comments from compliance consultants or fields that need to be updated before providing the document to the regulator.

Tip #3. Learn the Lingo

It’s impossible for any process document to be effective if the individuals responsible for executing and supervising the processes don’t understand the document to begin with.

Even in situations where the compliance officer has not been adequately supervising a particular area of compliance, the ability to speak intelligently and articulate their understanding of the concept can go a long way.  

Most commonly advisers may not understand terms such as “directed brokerage” or “soft-dollar benefit”. These terms will appear in the compliance manual so you should make it a point to learn them. Nothing is more awkward than the sound of crickets when a regulator asks a question.

Even if all workflows and processes have not yet been established, at the very least compliance officers should take the time to do a quick scan of all terms in the compliance manual and learn those terms so they have a basic understanding of common industry uses.

Tip #4. Visualize the Process Behind the Concept

This is perhaps the most important aspect of customizing the compliance manual.

As previously stated, the compliance manual as a document is useless without the actual workflows that create the processes upon which the supervisory responsibilities will be executed and tracked.

It does no good to have a topic of compliance addressed in the manual without a picture of the actual tasks that will feed into supervising that set of compliance requirements.

For example, while visiting the social media supervision section of a compliance manual, it is critical to visualize how social media activity will be supervised.

How will the information be archived and made available for regulatory review? Who will be responsible for reviewing or pre-reviewing posts? How often will the firm conduct this review? Where will you document your findings? 

It may take a week or more to document all of these items along with customizing the manual, but it only takes a few moments to visualize a repeatable, scalable process that can be explained to a regulator should the hard copy documented process never make it into the firm’s internal procedures. 

The compliance manual can be intimidating to first-time compliance officers. But the good news is that the document can become the source of operational consistency and supervisory organization, which can alleviate a tremendous amount of regulatory risk.

Firms are wise to be proactive in this endeavor and reach out to a compliance consultant if assistance is needed to complete the process.

New call-to-action

Scott-Gill-Square-ColorAbout the Author
Scott is a licensed Securities Principal with experience in both RIA and broker-dealer compliance. He began his financial services career in 2006 as a Registered Representative with E*Trade Financial in Alpharetta, GA. He has also worked with J.P. Morgan Private Banking in Chicago, IL and with Wells Fargo Advisors in Chapel Hill, NC.

Scott’s most recent role before joining Team XYPN was as Compliance Officer of Carolinas Investment Consulting, in Charlotte NC. He’s a graduate of The University of North Carolina at Chapel Hill and holds FINRA Series 63, 65, 24, 4 and 53 Licenses.

Scott lives in Charlotte, NC with his wife Meredith, and their two sons Tyson and Jackson and daughter Eva. In his free time, Scott enjoys watching sports, exercising, and operating the charitable organization he created upon his father’s passing.

Subscribe by email