Nothing like a high-profile scandal (Madoff) to increase the level of auditing in financial services.
On December 16th, 2009, the SEC adopted new rules for investment firms which act as custodians for client assets. The key word here is custodian. Traditionally, financial advisers were not considered custodians because they did not have “physical” custody of the funds (i.e. they were with one firm and the money/investments sat in an independent financial institution). What became clear in Madoff was the degree to which these “advisers” could initiate financial transactions without the knowledge or permission of their clients.
As such, the focus of the rule is around financial advisers who can perform these actions. Of note in the rule are two key components:
- “Surprise audits” – Advisers must undergo a surprise exam by an independent accounting firm to examine how client assets are being handled.
- And more relevant to this blog… is the required Custody Controls Review. This section of the rule requires advisers to undergo a controls audit by a PCAOB approved accounting firm. Specifically, a SAS 70 Type II is referenced.
Requiring financial advisers with custodial responsibility to document and have their controls independently audited is consistent with other industries (financial and non-financial such as technology) where the critical assets are managed by a third-party provider whom the client has neither control nor insight the that providers practices and safeguards for their assets. While the rule does not specifically mandate a SAS 70, it references it as well as AT Section 610 as suitable means for complying with the new rule.
For press release and full text of the final rule click here.