New SEC Requirement for Investment Advisers: Documenting Annual Compliance Program Reviews

6 min read
October 30, 2023

With the overwhelming amount of rulemaking taking place at the SEC, the operational impact of maintaining compliance, when taking into account the totality of the rules recently finalized and currently being proposed, is sure to be significant for most investment advisers going forward.

Regardless of whether you are state-registered or registered with the SEC, it is a good practice to understand what the SEC is focused on and what is going on with new (and proposed) regulations. Many state securities regulators tend to look, in part, at what the SEC is doing or what they have recently done when evaluating their own rule-making agenda. NASAA also may look at current and recent SEC rulemaking when they propose and adopt model rules that most states look to at varying levels and may adopt within their own regulation. So while state-level regulation, interpretations, and rule proposals may not always align perfectly with everything the SEC is doing, for many states it is certainly a material factor that influences their agenda. 

As such, one recently amended SEC rule that should be understood by all investment advisers, regardless of jurisdiction, involves the need for investment advisers to document their annual compliance program reviews. The amended rule was part of a recently finalized package of rule reform that was largely focused on private fund advisers, except for the annual review component of SEC Rule 206-4(7) “Compliance Rule” which applies to all investment advisers, not just those who manage private funds

The Compliance Rule already required that advisers conduct a review of their compliance program, no less than annually, to ensure continued adequacy of the firm’s policies and procedures and assess the effectiveness of their implementation. This amendment to the rule simply formalizes the expectation (now requirement) to document the reviews. 

Why are they requiring you to document your review in writing? 

On Page 219 of the final rule release, the SEC explained two key reasons for adopting this amendment which include:

  1.  “...written documentation of the annual review may help advisers better assess whether they have considered any compliance matters that arose during the previous year, any changes in the adviser’s or an affiliate’s business activities during the year, and any changes to the Advisers Act or other rules and regulations that may suggest a need to revise an adviser’s policies and procedures. 
  2. “…the availability of written documentation of the annual review should allow the Commission and the Commission staff to determine if the adviser is regularly reviewing the adequacy of the adviser’s policies and procedures.”


How & when should you document your annual compliance review?

Within the rule amendment, the SEC does not prescribe how an adviser must document their annual compliance program review but explains that the documentation of the review should be retained in a manner that can be produced and made available to SEC examiners promptly. 

In addition, when determining what must be included in the documentation of your review, the rule does not prescribe specific elements that need to be part of this documentation as it is intended to remain flexible so that advisors can continue using practices that they have developed and/or found most effective within their firm. 

The SEC did say that they understand some advisers might choose to document their annual review in several ways including:

“...(i) in a lengthy written report with supporting documentation; 
(ii) quarterly documentation, aggregated at year-end; 
(iii) a presentation to the board or another governing body, such as a limited partner advisory committee (LPAC); 
(iv) a short memorandum summarizing the findings; and 
(v) informal documentation, such a compilation of notes throughout the year.”

Your documentation of such a review could take a few different forms. You could document the scope and results of your review each quarter (or whatever frequency you choose to conduct your reviews) and compile the documentation into an annual review report with a cover page or “executive summary” summarizing key points and conclusions from each of the reviews throughout the past year. 

Another option involves preparing an internal memo for any findings from each review explaining what the finding was, how it was resolved, and how it will be prevented in the future or what changes to your policies were made to help prevent that deficiency going forward and save each of those memos in a subfolder within your compliance policies folder structure so that you can provide them to examiners upon request. 

We often recommend that advisers conduct the review of their compliance program throughout the year rather than attempt to dedicate a significant amount of time all in one week or month.  An excellent way to systematize your compliance tasks is to follow a Compliance Calendar. According to’s Crafting An Annual Compliance Calendar For A (Solo) RIA, “It’s feasible for an RIA to keep their compliance house in order with barely 2% of their annual working hours…leaving the other 98% of their time to serve their clients effectively.”

If you need help creating a calendar and developing dedicated time blocks that allow you to spend more frequent but shorter time reviewing your firm’s policies and procedures, check out my webinar, Mastering Your Compliance Program as an RIA Owner, where I break down the process, provide tips and tricks that help you think about compliance during the initial phases of building your firm, regain control if you didn’t begin with ongoing management processes, and develop and maintain an efficient and effective compliance program that stays current with new rules and rule amendments within your jurisdiction as your firm grows.
Whatever cadence you choose to review and evaluate the efficacy and relevance of your firm’s compliance policies and procedures based on your firm’s operations, it is very important to consider any recently published new rules or rule amendments within your jurisdiction (your primary state or the SEC) and their applicability to your current policies and operational practices. We at XYPN Compliance, formerly XY Compliance Solutions, are here to help you stay current and compliant in the simplest way possible. 

You don't want to be your own CCO, and we don't blame you. Check out how much  simpler Registering your RIA with XYPN can be

Key Takeaways

For those who are SEC-registered 
Make sure you have a plan in place going forward to document your annual compliance program review and incorporate this process into your written policies and procedures and compliance task management system or compliance calendar so that it doesn’t get missed. 

For state-registered investment advisers 
The applicability of this amendment and documentation requirements are going to depend on your state’s books and records rules however we believe it is a best practice to document key findings from your compliance program reviews including what issues you identified, how they were addressed, and what changes were made to prevent those issues going forward. These could be retained in the form of internal memos by the CCO that are stored in your compliance/supervision folders for future reference or production to appropriate regulators during an exam. 

For those with multiple team members who are subject to your compliance policies and procedures
We also recommend sharing key points of your annual compliance review with your team and the steps the firm is taking to manage compliance risks or deficiencies identified during the reviews. Conducting periodic compliance training or at minimum holding an annual compliance meeting to discuss these key points will help keep all stakeholders informed and contribute to fostering a strong culture of compliance. 

Seeking Outside Support:
The SEC also clearly explained in the final rule that firms are not prohibited from seeking outside counsel for help with their annual compliance program review and the documentation of it. Seeking the support of an outside consultant may provide some advisors with more confidence in the execution of the review, cut down on the amount of time the advisor spends conducting reviews directly, and provide opportunities to refine and strengthen current practices. For current or future members of XYPN, we offer hourly and ongoing compliance options to support you with many aspects of your compliance program including these annual reviews. Reach out to our compliance team through your member portal whenever you need assistance with reviewing and or refining your compliance program. 

New call-to-action


About the Author
As Managing Director of XYPN Compliance, Travis Johnson, IACCP® leads the Compliance Team in the development and delivery of all of XYPN's compliance offerings and resources. Travis leverages his years of experience as a member of XYPN's Compliance Team, as well as prior experience building and running operations and compliance programs within RIAs to provide practical insights into the application of compliance rules, regulations, and industry best practices.

Subscribe by email