You Need a Custody Audit. Now What? (A Step-by-Step Guide for RIAs and Fund Managers)
If you’ve just learned that your firm is subject to a custody audit, it can be overwhelming, especially if you aren’t familiar with this requirement.
Many firms discover this obligation unexpectedly, often through routine operations that quietly trigger custody under SEC rules. The good news is that, while the realization can be a surprise, there are clear steps forward that you can take.
So, what does a custody audit involve, and how can your firm prepare for it with confidence?
The Custody Rule Audit Requirement
If your firm has custody of client assets (even indirectly), the SEC requires an independent audit to confirm that those assets are being properly safeguarded. This review is known as a “custody audit,” and it’s conducted by an independent public accountant who’s registered with the Public Company Accounting Oversight Board (PCAOB).
Unlike a financial statement audit, a custody audit examines how your firm handles client assets. The auditor will look at your control procedures, verify that the assets exist and consider your compliance with the SEC’s Custody Rule (Rule 206(4)-2) under the Investment Advisers Act of 1940.
If custody has been triggered, a custody audit isn’t optional, and it’s important to understand what it involves before you undergo one.
Step 1: Verify the Custody Trigger
Before preparing for a custody audit, it’s essential to confirm whether your firm has triggered custody under SEC rules. Work with your compliance or legal team to review your operations and document how custody applies.
Common custody triggers include:
- Authority to disburse client funds
- Standing Letters of Authorization (SLOAs) (check with your CPA firm)
- Access to client accounts or login information
- Serving as a general partner in a pooled investment vehicle
- Use of affiliated custodians or related-party transactions
Understanding the trigger early can help you and avoid unnecessary surprises later.
Step 2: Engage a Qualified Audit Firm
Once custody is confirmed, your next move is to find the right auditor. The SEC requires that custody audits be performed by an independent public accountant who is registered with the PCAOB. Not all firms meet this standard, so it’s important to choose one carefully.
Look for an auditor with experience working with alternative investment structures. Having this context will help an auditor navigate the nuances of fund operations and guide you through the custody audit process well.
Step 3: Prepare the Appropriate Materials
Once you’ve engaged an audit firm, the next step is to get your documentation and internal controls in order. Start by gathering key materials, including:
- Custodial agreements
- Fund governing documents
- Transaction records
- Internal control policies
Be sure your procedures for safeguarding client assets are documented well. This includes how disbursements are approved, how access to accounts is managed and how activity is monitored. Coordination with your operations team and fund administrators will be essential.
Step 4: The Custody Audit
Once the custody audit process begins, the auditor will meet with your team to learn how custody applies to your firm. The custody audit will focus on three areas:
- Testing your internal controls
- Verifying the existence of client assets
- Assessing compliance with the SEC’s Custody Rule
Custody audits are typically conducted annually and must be completed within 120 days of the period being tested and 180 days for fund of funds.
Step 5: Reporting
After completing the custody audit, the auditor will file Form ADV-E with the SEC. If any serious issues are identified during the review, they must be reported immediately.
Your firm will receive a copy of the auditor’s opinion. If any deficiencies are noted, you’ll need to address them quickly to enhance your compliance and to build trust with your clients.
Step 6: Plan for Proactive Compliance
If your firm continues to trigger custody, you’ll need a custody audit annually, so it’s important to be proactive.
Keep your internal policies up to date, train staff on custody-related procedures and regularly monitor for custody triggers. Even small operational changes can affect your custody status.
Regulatory interpretations change too, so stay in close contact with your audit and compliance advisors to make sure your firm remains aligned with current requirements.
Skipping or failing a surprise exam can lead to serious consequences, including:
- Fines or penalties from the SEC
- Damage to your firm’s reputation
- Potential legal action if client assets are mishandled
Ongoing compliance isn’t just about avoiding penalties; it’s about protecting your clients and your business.
Learn More and Start Preparing for Your Custody Audit
Discovering that you’re subject to the Custody Rule audit requirement can be a surprise, but it doesn’t have to be a setback. The key is preparation.
Understanding your custody status, engaging the right audit firm and staying proactive with your internal controls can make all the difference.
If you’re ready to take the next step, contact your Warren Averett advisor directly, or ask a member of our team to reach out to you to get the conversation started.
