The Biggest Compliance Traps You Don’t Even Know Are Happening at Your Firm

Compliance risks don’t announce themselves. Even firms with robust programs may face hidden vulnerabilities that can draw SEC scrutiny. Here are three common but often overlooked traps.

1. The AI Trap: Risks You Didn’t Know You Had

You may think your firm is safe from AI-related compliance issues simply because you don’t use AI. The reality is, exposure often sneaks in through third-party SaaS tools or even employee use of AI-powered apps.

• Vendors: Many CRM or portfolio tools have embedded AI that interacts with client data, creating privacy and cybersecurity risks.
• Employees: Staff may use AI for analytics or reporting without realizing compliance implications.

Given the uncertainties with this emerging technology, firms must conduct continuous and regular due diligence of their third-party providers’ use of AI, monitor disclosures, and ensure policies accurately reflect any use or exposure to AI. CCOs should also hold regular conversations with staff about their own exposure to, and use of AI, in their delivery of services to clients or their operational functions.

2. The Off-Channel Communications Trap

Texting and messaging apps are convenient, but they create recordkeeping nightmares. Even casual messages can lead to uncaptured communications that qualify as “advice” under the Advisers Act.

While the requirement to maintain communications relates to advice and recommendations given or proposed to be given, the reality is that it would be incredibly difficult to filter out communications that fall under this requirement from those that do not. Best practice is retention of all business-related communications.

• The Challenge: Ensuring communications are captured and maintained – even those that are internal among colleagues, especially since other methods of communicating electronically, including IMs, chats, and texting, can be favored over email.
• The fix: Explore technologies that enable modern methods of communication to be captured, prohibit methods that are not captured, and strictly enforce adopted policies. Train staff regularly, implement employee attestations, and periodically review regtech options to keep pace with evolving communication practices.

Remember to review electronic communications as part of your duty to supervise advisers, identify client complaints, and ensure your firm is upholding its fiduciary obligations to clients.

3. The Marketing Rule Trap

The SEC’s Marketing Rule offers more flexibility than its predecessor, but comes with strict new requirements, including added disclosures:

• Endorsements & Testimonials: Must include clear disclosures on client status, terms of compensation, and conflicts of interest. Depending upon the terms of compensation (cash or non-cash), a written agreement with the party providing the endorsement or testimonial may also be required.
• Awards & Rankings: Require transparency about the adviser’s participation in a questionnaire, survey, or similar tool that resulted in the award or ranking. Disclosures regarding the date of the award or ranking, the period of time on which it was based, and payments are also required.
• Performance Ads: At a minimum, presentations must include both gross and net results, calculated over the same time period and using the same methodology. Depending on the performance being advertised, further disclosures may be necessary, especially if an adviser intends to advertise composite performance or hypothetical performance.

Even legitimate marketing efforts can lead to violations if disclosures are incomplete or misleading.

Staying Ahead of Hidden Risks

From unseen AI vulnerabilities to off-channel texts and marketing missteps, compliance risks often lurk in day-to-day operations. Partnering with a compliance consulting firm can help firms:

• Spot risks early
• Strengthen disclosures and policies
• Train and monitor staff effectively

Proactive compliance isn’t just about avoiding penalties, it’s about protecting your reputation and enabling sustainable growth.