Quarterly Operations and Compliance QA Review

Quarterly quality assurance review run by the Operations Manager and CCO at an RIA or hybrid wealth firm. Covers reconciliation, Reg BI / Form CRS / ADV compliance, client service SLAs, and system reliability — with findings rolled up for principal sign-off.

5 sections 22 steps Collects data
1

Data Integrity and Reconciliation

  1. Reconcile custodian holdings to portfolio system

    • Run a position-level reconciliation between Schwab / Fidelity / Pershing / Altruist data and the portfolio system (Black Diamond, Orion, Tamarac, Addepar). Investigate any breaks over $100 or 0.1% of position value. Common sources: late corporate action posting, manual journals, sub-account omissions.

  2. Verify cost basis on transferred positions

    • Pull all ACATS-in transfers from the prior quarter and confirm cost basis carried over. Missing or zeroed basis on inherited or rollover positions creates phantom short-term gains at year-end and is a top client-complaint trigger.

  3. Identify duplicate CRM and custodian records

    • Run duplicate checks in Wealthbox / Redtail / Salesforce FSC and against the custodian master account list. Joint-account households often duplicate when one spouse is added later under a separate household ID.

  4. Audit corporate action processing for the quarter

    • Confirm splits, mergers, spinoffs, and special dividends posted correctly across all accounts. Cross-check against custodian corporate action notices. Manual basis adjustments on spinoffs are a frequent source of long-term reconciliation drift.

  5. Validate quarterly fee billing calculations

    • Three-way reconciliation: billing system invoice, custodian fee debit, and internal calculation spreadsheet. Confirm the billing methodology matches the IAA — average daily balance vs. period-end vs. period-start produces materially different fees and is a frequent SEC exam finding.

    Collects list
2

Compliance and Regulatory Adherence

  1. Review Form CRS delivery log for new clients

    • Sample 100% of new retail relationships from the prior quarter. Confirm Form CRS was delivered at first recommendation and that signed acknowledgment is in the client file. Missing CRS delivery is a Reg BI enforcement trigger.

  2. Confirm annual Form ADV Part 2 brochure delivery

    • If the quarter contains the 120-day post-fiscal-year-end window, verify ADV Part 2A and 2B (or a summary of material changes) was delivered to every existing advisory client. Skipped delivery is the most common SEC exam citation for small RIAs.

  3. Audit OFAC screening on all new parties

    • Pull the LexisNexis Bridger / Refinitiv / ComplyAdvantage screening log for the quarter. Confirm every new client, beneficial owner, trustee, beneficiary, and authorized agent was screened against SDN and PEP lists. The common gap is parties added mid-relationship — beneficiaries on IRAs, new trustees on trusts.

    Collects list
  4. Sample-test Reg BI recommendation documentation

    • Pull a 10% sample of recommendations from the quarter — especially rollovers and product switches. Confirm the file documents the 'why this vs. alternatives' rationale required under Reg BI / PTE 2020-02. Check-the-box suitability forms without narrative are a known examiner red flag.

  5. Review SLOA accounts for custody-rule safeguards

    • Pull every standing letter of authorization on file. For each, confirm the seven IM Guidance no-action conditions are satisfied: written client authorization, third-party identification, custodian confirmation to client, transfer logging, ADV disclosure, periodic re-confirmation, and limited authority. Missing any one trips Rule 206(4)-2 custody.

    Collects list
  6. Verify off-channel communication archiving

    • Spot-check Smarsh / Global Relay / Bloomberg Vault capture against advisor mobile devices and personal accounts. Sample five reps and confirm text and WhatsApp traffic is archived. Off-channel comms enforcement has driven over $2B in BD fines since 2022 — assume regulators will ask.

    Collects list
3

Client Service Quality

  1. Sample-review NIGO new account packages

    • Pull the not-in-good-order log from the custodian and tally the top NIGO reasons. Missing medallion signatures, mismatched names on entity accounts, and outdated beneficiary forms are the recurring offenders. Track rep-level NIGO rates for coaching.

  2. Audit complaint log resolution timing

    • Confirm every written complaint from the quarter is logged with date received, assigned reviewer, resolution date, and outcome. Per FINRA Rule 4513 and SEC books-and-records, retention is required even on resolved complaints.

  3. Verify RMD processing for the quarter

    • For Q4 reviews, confirm every IRA / inherited IRA client subject to RMD has a distribution scheduled or completed before December 31. Post-SECURE 2.0 the missed-RMD excise tax is 25% — unrecoverable client harm and a CCO file note.

  4. Review client meeting cadence in CRM

    • Run a CRM report for clients without a documented review meeting in the past 12 months. The service agreement promises a cadence; a gap is both a client-experience risk and a fiduciary documentation gap.

4

System Performance and Reliability

  1. Review custodian and portfolio system uptime

    • Pull quarterly uptime reports from the custodian portal and the portfolio system vendor. Note any incidents that fell during trading or rebalance windows and confirm the remediation steps documented by the vendor.

  2. Test backup and disaster recovery procedures

    • Run a tabletop or live failover exercise covering core systems: CRM, document vault (NetDocuments / ShareFile), email archive, billing system. Confirm the recovery time aligns with the BCP filed in ADV Part 2A and the firm's WSPs.

  3. Confirm patching cadence on advisor workstations

    • Pull MDM / RMM patch reports. Flag any workstations more than 30 days behind on OS or browser security updates. SEC's Reg S-P amendments raised the bar on documented technical safeguards — patch lag is one of the easier findings to write up.

  4. Audit user access and entitlements in core systems

    • Review user lists in the custodian portal, CRM, billing, and trading system. Confirm terminated employees were removed within 24 hours and that no rep has unsupervised principal-level access. Stale entitlements are a recurring CCO finding.

5

Findings and Principal Sign-Off

  1. Compile the QA findings register

    • For each finding, capture: control area, severity, named owner, target remediation date, and verification method. Repeat findings from prior quarters get flagged for CCO escalation.

  2. Open compliance exception ticket with CCO

    • An OFAC hit, an unsafeguarded SLOA, or unarchived business communication each triggers a same-quarter remediation memo to the CCO. Document the scope of exposure, the immediate containment action, and whether a SAR, SEC self-report, or client notification is required.

  3. Submit QA report for principal sign-off

    • CCO and managing principal review the findings register and sign. The signed PDF lives in the firm's compliance file as evidence of supervisory review under Rule 206(4)-7 (RIA) or FINRA Rule 3110 (BD).

    Collects list Collects paragraph Collects file Collects signature

Use this template

Copy it to your account, customize the steps, and run it with your team in minutes.

Use this workflow Start free trial
Sections 5
Steps 22
Category Financial Services
Price Free to start
Need a different process

Browse hundreds of free templates across every team and industry.

Back to template library

Related templates

More workflows your team can run.

Financial Services

Market Risk Checklist

View
Financial Services

Marketing Strategy Checklist

View
Financial Services

Annual Client Review Checklist

View
Financial Services

Client Onboarding Checklist

View

Run Quarterly Operations and Compliance QA Review with your team

Customize the steps, assign roles, set a schedule, and keep a complete record for every run.

Use this workflow Start free trial