Are You Unintentionally Triggering Custody?

Navigating the Complexities of the Custody Rule

Navigating the Securities and Exchange Commission (SEC) Custody Rule 206(4)-2 remains one of the most challenging compliance areas for registered investment advisors. What seems like simple client service can unexpectedly trigger regulatory requirements with significant consequences. Financial advisors can unknowingly find themselves deemed to have custody of client funds through routine activities like fee deductions, accepting client deposits, managing 401(k) accounts, or utilizing standing letters of authorization (SLOAs).

Inside the Episode: Key Custody Triggers and Compliance Steps

In this episode of the Oyster Stew podcast, regulatory compliance experts Ed Wegener, Candy Palugi, and Nolan Hughes examine the nuanced world of custody regulations and outline concrete steps firms should take when custody is discovered, including Form ADV amendments, engaging independent public accountants for verification audits, and implementing enhanced supervision procedures.

For compliance professionals and investment adviser firm leaders, this conversation provides essential guidance on balancing client service with regulatory requirements. Listen now to gain valuable insights that will help protect your firm from unintentional custody violations while maintaining exceptional client service. Review your operational procedures today to ensure you’re not triggering custody requirements without proper safeguards in place.

Listen Now

Additional Resources:

Understanding SEC Custody Rules: From SLOAs to Login Credentials

Insider’s Guide: Selecting The Right RIA Custodian

How to Manage Outsourcing Vendors and Due Diligence

Balancing Client Service with Regulatory Expectations

Oyster Consulting understands that navigating the SEC’s Custody Rule can be a complex and high-stakes challenge for investment advisors. Our experienced consultants work alongside RIAs to evaluate operations, identify potential custody triggers, and implement the necessary controls to remain compliant. Whether you’re building processes from the ground up, reviewing custodial agreements, or responding to a surprise custody discovery, Oyster provides the guidance, testing, and support your firm needs. From amending Form ADV filings to developing policies, training staff, and preparing for verification audits, our team helps ensure your firm is protected from regulatory risk and well-positioned for operational success.

Transcript

Transcript provided by TEMI

Libby Hall: Hi, and welcome to today’s episode of the Oyster Stew Podcast. I’m Libby Hall, Director of Communications for Oyster Consulting. In this episode, we’re diving into a critical topic for investment advisors, custody of client assets. While most advisors work with qualified custodians, there are certain activities that can unintentionally trigger a custody designation, bringing with it a host of regulatory requirements and risks.

Today I’m joined by Oyster experts, Ed Wegener, Candy Palugi, and Nolan Hughes, who share their insights from working directly with firms navigating custody challenges. We’ll explore the types of activities that can result in a custody designation, how to avoid those pitfalls, and what steps to take if your firm is deemed to have custody from fee deduction and standard letters of agreements to physical checks and login credentials. This conversation breaks down the nuances, consequences, and compliance strategies that every advisor should understand.

Let’s get started – Ed?

Ed Wegener: Well, hello everyone. I am Ed Wegener, and I’m the practice lead for Governance, Risk, and Compliance for Oyster Consulting. When we work with our investment advisory clients, one of the things that we work with them on is assessing whether they either intentionally or unintentionally are deemed to have custody of client funds and securities. Most advisors use qualified custodians, though there are activities that an advisor can engage in that can cause them to be deemed to have custody, which will have unintended consequences. So today we wanted to talk about custody, the types of activities that could cause an advisor to be deemed to have custody, the consequences, and finally, what firms should do to either avoid unintentionally being deemed to have custody, or if they do have custody, what steps that they can take. And I’m very pleased to have Candy Palugi and Nolan Hughes with me, two of our very experienced compliance consultants who deal with these issues on a regular basis. Welcome to you both.

Why don’t we dive right in and start by setting some foundation. Whether an advisor is deemed to have custody of client funds, their security, their assets can have a pretty major impact on the requirements of the firm. So, what are the major requirements that a firm and an advisor have if they are deemed to have custody of client assets?

Nolan Hughes: At a high level, once you are deemed to have custody, the main point revisions to your policies and procedures, you’re going to have to build out your policies and procedures to make sure that you’ve got the appropriate framework built around it. Your books and records requirements increase surrounding custody. One of the bigger things is obtaining an independent accountant to perform the surprise verification audit, which has to be done within a short period of time after you realize you have custody. And then of course, ADV amendments, you’ll have to amend item nine of your ADV-1A and then file an ADV to go along with it.

Ed Wegener: So, a definite thing that an advisor wants to avoid if they can, by using a qualified custodian to be responsible for doing all of those things. So given those requirements, what are some of the types of things that might cause a firm to be considered to have custody?

Candy Palugi: I’ll take that, Ed. To start, just having the ability to deduct fees automatically from your customer accounts gives you custody. The thing about this custody is the verification audit is not required. So, you’re not required to do that just because you deduct fees, but it is important for firms to understand you do have custody if you have that authorization. The primary things that cause custody which may require the custody audit are possession of client assets. And that can be accepting physical securities in the office, deposits accepted into the office on certain occasions if they’re made payable to the RIA, for instance, as opposed to the customer or to the custodian, any authorization to withdraw or gain access to client funds. And that could be the ability to authorize the custodian to transfer securities to third parties or to the RIA or other access, such as if you have control over an account or one of your associated persons has control, such as being a trustee on a client account, an executor, or a power of attorney. Those things all grant custody to the firm where the custody would in some manner be able to authorize or take access of the customer securities.

Ed Wegener: Those standing letters of authorization where it allows the custodian or those who have control to pay third parties is one area that firms tend to get tripped up on. And so, I thought it would be good to talk about what we’ve seen when working with advisors, some of those things that can cause a custodian to unintentionally be considered to have custody by doing things that might trigger one of those items that can be discussed.

Nolan Hughes: Sure. Ed, you mentioned SLOAs, and that’s a big one that I see routinely. One of the first things the firms should do is really go through their custodial arrangement with their chosen custodian and really understand that language of who’s responsible for what. You go back to that No Action Letter on SLOAs, and it lays out seven pillars that can be satisfied to provide a safe harbor from the surprise examination. A lot of your custodians have policies and procedures that say, we will satisfy six of these, and one of those is on you, and that’s the verification of the payee information. But not all custodians cover the same thing. So, it’s really important to understand what your arrangement is, how it’s spelled out and where the responsibilities lie. What are you responsible for and what your custodian is responsible for from an enforcement standpoint.

I’ve seen a good deal of enforcement where firms have not complied with those seven pillars because they assumed the custodian was doing all seven or didn’t have an understanding of what their responsibilities were, and didn’t have documentation to show, “Hey, we’re doing our part of this, and that’s ongoing, it can’t be a one-time thing.”

Another area where I think a lot of firms get tripped up, you hear plenty about possession, logging credentials. More and more firms are opening up to managing participants 401Ks that don’t have that broker window option. And the easy button there is like, hey, client, just give me your login credentials and I can go in there and make the changes for you, without even thinking that that triggers custody. So, understanding the different entry points there, and you have to have a risk appetite with some of it and have to have an individual evaluation of what we are going to allow and what we’re not going to allow and then building that out on the front end.

Candy Palugi: Yeah, I agree with everything Nolan said. I’ll just add a couple of things. One other place I see firms getting tripped up is not understanding the processes they need to have in place when they decide to accept deposits into the office for client accounts and/or accepting physical securities. And there are a lot of nuances there that can trigger custody. If you don’t receive that, it’s a check deposit made properly. Let’s say a client has their 401k rolled over to your firm or something like that. And so, this third party, 401k vendor sends the check directly to your firm if they happen to make that check payable to your firm. If you accept that check, you now have custody of those assets. And another important point is that some firms may understand it to that degree and will contact the customer and return the check to the customer. That is improper and not compliant. In order for you to avoid custody, you must return that check back to the third party who sent it to you. So, there are several nuances about accepting securities and/or checks for deposit that firms really need to be clear on, because what seems like a simple process, hey, I’ll give this back to the customer, really triggers custody.

Nolan Hughes: I was going to say to add on to Candy’s point there, a lot of the triggers for custody are under what a lot of firms would say is customer service. Our customers expect this. We’re going above and beyond, but they don’t understand the downstream ramifications of that service which can be substantial. And I think it’s really important, especially in today’s environment, for firms to really balance customer service with the regulatory framework that they’re in and mitigate that as much as possible

Ed Wegener:  Because, once the damage is done, the damage is done, and the SEC is going to expect that you are meeting all those other requirements once you’re deemed to have custody as a result of that. And so, that’s where I’ve seen both of you work with your clients, both on the front end when they’re setting up their processes, setting up their relationships with their custodians, setting up relationships with third parties like the 401k provider that you had mentioned. But to your point, it is also to do that on a regular basis. So you know, whether it’s part of your ongoing due diligence that you do on your relationships, whether it’s part of your 206(4)-7 testing, it’s really important that you make sure that both of the front end, but also periodically throughout you’re checking to see what may have changed that might impact the activities that you’re doing and, and potentially have that unintended consequence of causing you to be deemed a custodian. What could happen is an examination happens, and you learn that either through an examination or through testing or otherwise that you’ve triggered the custody requirement. So, let’s say you’re working with a client, and you realize that some of their activities have triggered the custody requirement. What would you have them do in those cases?

Candy Palugi: Well, in those instances, first we determine for sure that they have access to funds and or trigger custody. In determining the custody trigger, we have to see if it goes beyond having the ability to withdraw fees from the customer accounts. If you withdraw fees and that’s all that you do that triggers custody, then your answer to the ADV-1A on custody is no. However, if we find that you have some other form of custody, then the first thing you need to do is to amend your ADVs, your 1A, your 2A, to show that you have this custody, which will go into how many accounts, how many assets you have custody of. After that it’s important to immediately, especially if you find you have had custody for a while and haven’t realized it. So, then it’s important to immediately engage an independent public accountant who can set up and be prepared to do a surprise verification audit.

So, they need to have enough foresight to say, okay, we’ve engaged you to come do this, but this needs to be a surprise examination. So, it’s going to be a little while, and you will come back in and let us know, “Hey, you’re beginning the audit.” The actual rule states that you should engage this public accountant to have a custody audit within six months of determining you have custody. So you would need to do those things. And then depending on the type of custody you have, is there more training that needs to be provided at the firm so that all aspects, all levels in the firm understand what’s triggering custody? Is it deposits? Are we accepting the wrong checks? Do we need to make sure our back office understands the policy and the framework and our procedures around that? You would need to amend your procedures to make sure that you are now monitoring, supervising this custody aspect as well as for certain instances such as when your advisors have custody through a trustee position or something like that, you would have greater supervision requirements over those particular accounts that they now have control and access to client funds.

And you’re aware of that. So, there would need to be some ongoing supervision and verification of what’s actually happening in those accounts from time to time to make sure you’re staying compliant on everything and there are no issues coming up that you would be unaware of.

Ed Wegener: Well, and because of the risk of misappropriation or fraud that can happen as a result of this the regulators take this very seriously. So, they’re going to be looking very closely at your activity and determine whether you have custody and if so, whether you’re taking these steps. So again, it really goes back to making sure that you have a real good handle on your operations, on your procedures, on your relationships with your custodian and with other third parties to make sure that the activity that you’re engaging in doesn’t unintentionally cause all of these issues, because that can get you in a lot of trouble.

I really appreciate these insights. You know, we really like to take the things that we learn from our day-to-day interactions with clients and some of the things that we’ve had to deal with and use them to share out with others, just so that you can be aware. I really appreciate the expertise that you bring to these podcasts and am really looking forward to having you back to talk about other topics. Thank you very much.

Libby Hall: If you found today’s discussion helpful, don’t forget to subscribe for more episodes where we dive into industry strategies and best practices. For more information about our experts and our services, visit our website at oysterllc.com. Thanks for listening.