Quarterly Compliance Monitoring Checklist

Pull regulatory AUM, account counts, and client types from Schwab, Fidelity, or Pershing and reconcile against the figures cited on Form ADV Part 1A. Mismatches between custodian-reported AUM and Item 5 disclosures are a common SEC exam finding.

Pull the new-account list from Wealthbox or Salesforce FSC and confirm Form CRS was delivered at the recommendation or new-engagement event. Retain the acknowledgment in the client folder; missing CRS deliveries draw immediate Reg BI citations.

Sum 13(f)-eligible securities across all discretionary accounts at quarter-end. If the firm exercises investment discretion over $100M+ in Section 13(f) securities, a Form 13F holdings report is due 45 days after quarter-end on EDGAR.

Generate the 13F holdings table from Black Diamond or Addepar, validate CUSIPs against the SEC's official 13(f) securities list, and submit on EDGAR before the 45-day deadline. Confidential treatment requests must be filed concurrently if applicable.

File EDGAR submission receipts, ADV amendments, and CRS delivery logs in the books-and-records repository (NetDocuments or equivalent) with the five-year retention tag, two years on-site. Books-and-records gaps are a top-ten deficiency in SEC RIA exams.

Run a full sweep through Refinitiv World-Check or LexisNexis Bridger covering account holders, beneficiaries, trustees, authorized agents, and any party added during the quarter. A beneficiary added mid-quarter is a frequent gap when screening only fires at account open.

For each entity account opened this quarter, confirm the CIP file has the entity formation docs, EIN verification, and identity records for every 25%+ beneficial owner plus one control person. Skipping the beneficial-owner CDD step on entity accounts is a recurring AML exam finding.

Reach out to the relationship advisor for each flagged account and collect the missing IDs, certifications of beneficial ownership, and OFAC re-screens. Block any new transactions on the account until CDD is complete.

Work the queue of structuring, rapid-movement, and unusual-pattern alerts from Verafin or Actimize. SARs, when warranted, are due to FinCEN within 30 days of detection — track the clock from the alert date, not the review date.

Update source-of-funds, source-of-wealth, and adverse-media reviews for each politically exposed person on the high-risk list. EDD refresh cadence is documented in the firm AML program; missing the refresh is the same exam finding as missing the original EDD.

Verify every licensed user, distribution list, and shared mailbox feeds Smarsh or Global Relay. New hires onboarded mid-quarter without archiving connectors are the typical gap — cross-check the HR roster against the archive's user list.

Sample a handful of advisors and confirm client texting flows through MyRepChat or Hearsay Relate, not personal SMS. The 2022-2024 SEC enforcement wave hit firms for $2B+ over personal-device messaging; spot audits and attestations are the standard control.

Confirm the annual Reg S-P privacy notice was delivered to all clients and that the Identity Theft Prevention Program (Red Flags Rule) has been reviewed by the board or designated senior officer. Document any new red-flag scenarios identified during the quarter.

Pull a sample of LinkedIn posts, marketing emails, and website updates from the quarter and confirm each had principal pre-approval per Marketing Rule 206(4)-1. Testimonials and endorsements need the required disclosures; performance claims need methodology and net-of-fee presentation.

Three-way tie: internal billing calculation in Orion or Black Diamond, the invoice sent to the client, and the actual debit on the custodian statement. Average-daily-balance vs. period-end calculations produce different numbers — confirm the method matches the IAA.

Reconcile the gifts and entertainment log against vendor invoices and rep submissions, and confirm every access-person trade had pre-clearance per the code of ethics. ComplySci or MyComplianceOffice will surface unreported trades — investigate any gaps.

Each finding gets an owner, due date, and verification step. Repeat findings cycle after cycle is the single most common exam-letter criticism — track every open item to closure rather than letting them roll forward.

Pull the attestation report from ComplySci or RIA in a Box and chase any access person who hasn't certified the code of ethics, outside business activities, and political contributions for the cycle. Outside business activities are the most-omitted disclosure.

Summarize the quarter's regulatory developments — SEC risk alerts, FINRA notices, state rule changes, recent enforcement actions — and circulate with required-acknowledgment in the LMS. Track read receipts as part of the books and records.

Refresh the AML, Reg BI, and Marketing Rule modules to reflect any new SEC or FINRA guidance issued during the quarter. Specialized roles — branch managers, supervisors, OSJ principals — need role-specific updates beyond the general curriculum.

The CCO signs the quarterly compliance summary that goes to the management committee. Capture material findings, remediation status, and any items escalated for board attention. The signed report is part of the books and records and supports the annual Rule 206(4)-7 review.