Quarterly Compliance Monitoring Checklist

Pull regulatory AUM, account counts, and client types from Schwab, Fidelity, or Pershing and reconcile against the figures cited on Form ADV Part 1A. Mismatches between custodian-reported AUM and Item 5 disclosures are a common SEC exam finding.

Pull the new-account list from Wealthbox or Salesforce FSC and confirm Form CRS was delivered at the recommendation or new-engagement event. Retain the acknowledgment in the client folder; missing CRS deliveries draw immediate Reg BI citations.

Sum 13(f)-eligible securities across all discretionary accounts at quarter-end. If the firm exercises investment discretion over $100M+ in Section 13(f) securities, a Form 13F holdings report is due 45 days after quarter-end on EDGAR.

Generate the 13F holdings table from Black Diamond or Addepar, validate CUSIPs against the SEC's official 13(f) securities list, and submit on EDGAR before the 45-day deadline. Confidential treatment requests must be filed concurrently if applicable.

Run a full sweep through Refinitiv World-Check or LexisNexis Bridger covering account holders, beneficiaries, trustees, authorized agents, and any party added during the quarter. A beneficiary added mid-quarter is a frequent gap when screening only fires at account open.

For each entity account opened this quarter, confirm the CIP file has the entity formation docs, EIN verification, and identity records for every 25%+ beneficial owner plus one control person. Skipping the beneficial-owner CDD step on entity accounts is a recurring AML exam finding.

Reach out to the relationship advisor for each flagged account and collect the missing IDs, certifications of beneficial ownership, and OFAC re-screens. Block any new transactions on the account until CDD is complete.

Work the queue of structuring, rapid-movement, and unusual-pattern alerts from Verafin or Actimize. SARs, when warranted, are due to FinCEN within 30 days of detection — track the clock from the alert date, not the review date.

Verify every licensed user, distribution list, and shared mailbox feeds Smarsh or Global Relay. New hires onboarded mid-quarter without archiving connectors are the typical gap — cross-check the HR roster against the archive's user list.

Sample a handful of advisors and confirm client texting flows through MyRepChat or Hearsay Relate, not personal SMS. The 2022-2024 SEC enforcement wave hit firms for $2B+ over personal-device messaging; spot audits and attestations are the standard control.

Pull a sample of LinkedIn posts, marketing emails, and website updates from the quarter and confirm each had principal pre-approval per Marketing Rule 206(4)-1. Testimonials and endorsements need the required disclosures; performance claims need methodology and net-of-fee presentation.

Three-way tie: internal billing calculation in Orion or Black Diamond, the invoice sent to the client, and the actual debit on the custodian statement. Average-daily-balance vs. period-end calculations produce different numbers — confirm the method matches the IAA.

Reconcile the gifts and entertainment log against vendor invoices and rep submissions, and confirm every access-person trade had pre-clearance per the code of ethics. ComplySci or MyComplianceOffice will surface unreported trades — investigate any gaps.

Pull the attestation report from ComplySci or RIA in a Box and chase any access person who hasn't certified the code of ethics, outside business activities, and political contributions for the cycle. Outside business activities are the most-omitted disclosure.

Summarize the quarter's regulatory developments — SEC risk alerts, FINRA notices, state rule changes, recent enforcement actions — and circulate with required-acknowledgment in the LMS. Track read receipts as part of the books and records.

Refresh the AML, Reg BI, and Marketing Rule modules to reflect any new SEC or FINRA guidance issued during the quarter. Specialized roles — branch managers, supervisors, OSJ principals — need role-specific updates beyond the general curriculum.