On September 11, 2023, the North American Securities Administrators Association (NASAA) released examination statistics that should serve as a wake-up call for state-registered investment advisers. A series of coordinated examinations of Registered Investment Advisers (RIAs) by state securities examiners identified numerous compliance deficiencies. NASAA’s report demonstrates that even small RIAs are expected to implement robust compliance programs.

Seventy-two percent of the RIAs examined were one-person firms. For 34 percent of the RIAs, this was their first examination. Seven percent of the firms examined conducted other business activities such as insurance.

Specific deficiencies identified during examinations of state-registered advisers

NASAA reported that examiners found the most deficiencies in the following areas:

  1. Registration violations were discovered in 23 percent of the examinations, such as Form ADV or Form U4 inaccuracies;
  2. Books and records violations were found in 17 percent of the examinations, including client suitability information and Form ADV Part 2 amendments and revisions;
  3. Supervision and compliance violations were uncovered during 16 percent of the examinations, such as insufficient protection of vulnerable clients and inadequate review of the firm’s policies and procedures;
  4. Contract-related violations were observed in 12 percent of the examinations, including improper execution of agreements, fee miscalculations, and charging performance fees improperly; and
  5. Fee-related violations were found in 6 percent of the examinations, such as situations where fees did not match advisory contracts or Form ADV.

Among other compliance deficiencies, examiners found there was a lack of evidence that privacy policies were delivered initially or annually. A number of the RIAs had no policies and procedures for uncovering suspected financial exploitation of seniors and vulnerable persons. A significant number of violations were related to client suitability information.



NASAA, an organization comprised mainly of state securities regulators, made several recommendations to RIAs, including the following:

  • Review and revise the firm’s Form ADV, as well as its disclosure brochure, annually to ensure that information is current and accurate;
  • Review and update all agreements and be aware of hedge clauses in e-communications;
  • Prepare and retain all records, including documentation of checks forwarded;
  • Back-up electronic data and protect records;
  • Prepare and maintain client profiles or other suitability documentation;
  • Maintain a due diligence file for products or strategies recommended; and
  • Create and implement a written compliance and supervisory procedures manual that is tailored to the firm’s business model, including a business continuity plan and information security policies and procedures.

Examiners saw many instances where RIAs did not have information security policies and procedures. In addition, the RIAs examined committed numerous cybersecurity violations.

NASAA expects RIAs to utilize examiners’ findings to review their compliance practices in order to improve their services and protect their clients. NASAA hopes its findings will result in changes that increase investors’ confidence in their advisers and protect them from investment fraud.

NASAA’s examination report is available at here. These findings will also benefit SEC-registered investment advisers who can use them to bolster their compliance programs.


About RIA Compliance Group: RIA Compliance Group is an investment adviser compliance consulting firm based in Delray Beach, Florida. The firm’s mission is to provide affordable, timely, practical, and cost-effective compliance advice. We help investment advisers to comply with the myriad of state and SEC regulations and compliance obligations facing their firms. RIA Compliance Group takes pride in giving personal service and real world compliance advice, not theoretical concepts and legalese. The firm interacts on a daily basis with SEC and state securities regulators.

RIA Compliance Group, LLC – 701 SE 6th Ave, Suite 201, Delray Beach, FL 33483 – Tel: 561-600-0564 – sales@ria-compliance.com