Name: Compliance Strategies for Small Advisory Firms
Uploaded: 2026-02-24T17:06:04.024Z
Duration: 50 min 8 s
Description: Compliance Strategies for Small Advisory Firms

Transcript for "Compliance Strategies for Small Advisory Firms": Hello, everyone, and welcome to a Comply webinar about compliance strategies for small advisory firms. I'm Allison Cooley. I'm the director of product marketing here at Comply. And today, I'm joined by one of our compliance consultants, Kelly Smith, and she is going to be walking us through a webinar today. But before we get started, let me just get to the next screen, we've got a few housekeeping things to take care of. So after this webinar, you're going get a recording from us in twenty four hours. If you don't get that recording, I have my information that I'll share in the chat, and we're happy to provide that to you, And we'll also be able to send the slides out if you ask for them. And so today, we're going to talk about different ways to identify and monitor risk, how to design a compliance program that fits your resources as a small advisory firm, maybe you're one, two, five people, it might look different, different tools for managing and documenting your compliance program, and then how to build that business case for the resources and technology, especially as a small firm or solo advisor. And so, before we get into the subject matter, I would love for you to give us a little background. Your story is one of my favorite stories So at if you could share with the group, that'd be great. Sure. Good morning, everyone. My name is Kelly Smith. As Allison mentioned, I am a comprehensive consultant here at Comply, and I'm also an IA CCP designee. So prior to coming to Comply, I spent many decades the financial services industry, where I worked mainly in financial planning departments and performing daily compliance operations for firms, where I ultimately served as the CCO for a Comply client. So, I have been using Comply software since 2018, and that also then gives me the perspective of someone who understands compliance from both sides of the table. So, I've sat in your seat. I've also worked with large firms, small firms, state firms, SEC firms, so I'm familiar with regulation in all walks of life. I just love that. I love that you're an IACCP designee. I love that you used to be one of our clients, and we took you over here to the other side. I just think, like, I know probably a handful of your clients are on the webinar today, so hi. I think that that is just really great. I think that everyone here is in good hands. Kelly knows her stuff. So, you know, I want to make this interactive and ask you a few questions instead of So, just reading out let's get into just the overview of identifying compliance risk, especially with those smaller firms as they get started. Yeah. But, you know, we really need to start with this. Small firms don't get small exams, there's never a small exam. So, know, you need to scale to your risk of your firm, what we're trying to say. You you may be a small firm, but your risk is going to be the same as our larger firms. Also, we realize that there's going be a mixed audience today. We're going to have some SEC registered firms, some state registered firms, and there may be some firms that are actually transitioning from state to SEC. So, goal today is to make sure we cover all the firms since both state and SEC regulators expect the same things. So, we want to make sure that we're showing you how to demonstrate a reasonably designed compliance program, whether you're a team of one or a team of 10. Yeah, I think that point about whether you're a team of one with $90,000,000 in AUM versus a team of 10 with a billion plus AUM, it's still the same rules, it's still the same regulations. It's the same exam, and you're just a smaller and leaner team. So let's get into the high risk pieces. Yeah, so really what is high risk? It doesn't mean most complicated, it's really the highest potential harm to the firm. So, what you need to do is ask yourself, if something breaks, what's the damage? What damage can be caused to the firm, to your clients, to the reputation? Are you going to cause regulatory harm, which could end up with deficiencies, fines, and enforcement actions? Are you causing harm to your clients? That could be financial loss, fiduciary headaches, or just the erosion of trust that the client has with the advisor or with the firm. Or are you causing reputational harm? So that could be long term damage to the credibility and growth of the firm itself. So, you know, ask yourself if something breaks, what's the damage? Is it a fee billing error that can cost a client money? Is it a marketing violation? That could be an enforcement action and bad press for the firm. Custody failures, that's a huge item. That is immediate exam escalation, if that comes up on the SEC or the state's radar. So, the risk is about the impact and the likelihood combined of those activities. So, we want to just make sure that your compliance programs are prepared to address those risks, especially those high risk areas. The idea that the risk isn't going to happen to you as a strategy is not a good first step, right? You really need to understand, like, my firm's not gonna be the one in the headline. Lines I hope I don't jump ahead of us, but I might. One of the most interesting things to me about, regulatory compliance is that if you identify a risk or a deficiency and you give that regulator, hey, I identified this. I saw the problem. I fixed the problem. How I fixed it? The reputational harm is gonna be way different than the firms that are trying to kind of sweep it under the rug. Right? The SEC is a little more lenient as they should be. Right? Hey. I saw the deficiency. We fixed it. Here's how, right? Documentation. The public shaming, so to speak, kind of comes from the firms that are trying or didn't identify the risk, which is a big deal, then not owning up and being forthcoming with the regulators. That I think is something so important, especially as a new CCO or as a growing firm or a newly established firm to understand. So, kind of getting into the regulatory focus of risk areas, walk us through that. So, let's be practical. There are different high risk areas that vary by firm, so you have to look at what is the most high risk for your firm. So, if you had to pick one area that could cause the most harm to your firm, what would that be? So some firms it would be, know, are you doing a lot of financial planning and you have retirees that are drawing income down? Suitability and withdrawal strategies become high risk for your firm. If you manage private funds, are your expense allocations, you know, are probably a high risk area. If you deduct fees, billing and custody become high risk for your firm. And if you have advisors that text clients, books and records becomes high risk. So you have to look at how your firm operates, how your advisors operate, how your staff operates, and then look at what is the most high risk area to your firm itself. So your risk profile is really shaped by your client base, your products, your regulators, and your staff, and that's what regulators, whether it's SEC or state or FINRA, that's what they're looking at. So, the SEC is really looking at marketing rule compliance, custody, expense allocations and fee billing, off channel communications. All you have to do is look up some recent enforcement actions, and you can see exactly what they're looking at. States often are more focused on fees, contracts, and advertising disclosures, while FINRA focuses more on conflicts, anti money laundering, suitability, and Reg BI. So, at where your firm lies, and then look at what risks are most applicable to your firm and focus on those. Also, if you have a chance, sure that you subscribe to the SEC Risk Alerts. They tell you exactly what the SEC is looking for, what's considered high risk. Also, enjoy reading, not enjoy because I enjoy, you know, seeing what other firms are going through, but the enforcement actions. Some of these are so simple that, know, tell your advisors they can't text. Off channel communications is huge, you know, if you don't allow texting, make sure that you are, you know, sending those enforcement actions around to people in your firm saying this is why we don't allow these things. These are high risk, the SEC is telling you what they're looking for, and you can look at what other firms are paying in fines and being marked as deficient for. Yeah, I think that's such a good point of, one, I love subscribing to the SEC Risk Alerts. A treasure trove. I mean, it's not the most beautifully designed website, but it has a lot of information on it. Secondly, distributing all of that information to the actual advisors really puts more context into their training, their certifications, all the things they do throughout the year in a very real world scenario. Like, oh, just the text alone was what set off everything and this domino effect, and now we have this huge enforcement action. Or, you know, a wrongly cited testimony on a marketing piece, you know, or whatever it may be. It's super important. And I think that, like, providing some information about how, you know, this plays out in the real world helps crystallize it for folks. The next topic we're going to get into is strategies for monitoring and managing your program. So, you know, I know that we serve, you know, state regulated firms, SEC regulated firms, you know, FINRA regulated firms, let's talk about these different tools in identifying risk and kind of how they apply to those different groups. Right, risk identification doesn't really happen in a vacuum. Risk assessments also don't need to be overly complex. So again, build your compliance program to the size of your firm, to the risks that your firm's undertaking, but make sure that you're instilling confidence that you are being mindful and thoughtful about your risks, and that you've addressed them all. So when you're doing your annual risk assessments, tracking complaints, when you're tracking any incidents, that kind of thing, make sure that you are just being mindful and thorough on what you're documenting. So, you know, examine, again, subscribe to those risk alerts. They keep you on top of what the SEC is tracking, and they're literally, again, telling you ahead of time what they want to see. And states follow SEC guidelines for the most part. If they're silent on marketing, that means that they're following the SEC guidelines unless the state has its own set of guidelines, which a lot of them don't. So, they're just relying on what you're learning from SEC make sure that you're following those rules. So, just again, make sure that if the SEC is talking about off channel communications, that should show up in your monitoring plan. If the SEC is talking about the use of AI, which is now on the exam priorities, make sure that you're, looking at that risk. So, you know, just a small firm example, there was a small RA firm that billed using estimated balances instead of the daily average balances that was stated in their contract and on their 2A. It wasn't really intentional, it was just a system limitation, but five years later they had to make refunds to clients and they got a deficiency letter. So, again, testing, make sure that your documentation matches, and document everything. Not that you're going in with a fraudulent mindset, but there may just be lack of testing, so make sure that you're using these tools to keep your firm in compliance. Let's get into some more of the cost effective marketing monitoring pieces here, because we have the high risk pieces and we also have the core compliance And so, let's get into those. I think one of the things I think about often, and I'm sure you do as well in your role, is these firms and compliance officers and leaders who are right about on that threshold from going to state to SEC regulated. And I ran into a couple of folks a couple of weeks ago at an event, and one of the guys came up to me looking for hope is what I told him because he was like, I've heard rumors that they're going to enhance or increase the AUM threshold. What do you know? And I'm like, I don't I haven't heard that yet. You know, so it's like, I think that that would be great to touch on too as we walk through this piece of it. Yeah, and I don't think anybody knows. The FCC hopes that they can, but that would put a huge burden on the states. And the way that we see it, we don't know that the states could handle that additional burden. So we would hope because it would help simplify things, but again, nobody knows, nobody's got the crystal ball. We all wish we had the crystal ball and could tell exactly what everybody's thinking, but it's just another one of those that's floating out there. I've heard two 50, I've heard 500,000,000 to the SCC. It's just until we hear definitively, just like the AML rule, we were ready to go and place the new AML rule and then last minute it got back burnered for two more years. So, we hear definitively we're just doing status quo and hoping it gets raised, but not too confident that it's going be anytime soon. It's never a bad idea to prepare for what the SEC expects, especially if you're inching towards that 100,000,000 threshold. Let's chitchat a little bit about the high risk testing versus the core compliance requirements. Yeah, so high risk, there's a lot of activities that are more high risk than others. Fee billing is always a high risk area, whereas if you're looking in custody, again, another high risk area, but if you're just looking at your annual Form ADV update, that's just a core compliance area, everybody has to do it. So, just make sure when you're looking at fee billing testing, vendor due diligence, custody, safeguarding of client information, those are all on the radar always with the SEC, with the states, especially with Reg SP coming into play now for SEC registered firms. Just make sure that you've got everything documented, that you're following up with new rules and regulations, that you're keeping your compliance manuals maintained. Especially for high risk items, documentation is key. It's an ongoing process though, it's not just a once a year review, so make sure that you're monitoring regulatory enforcement trends, make sure that you're looking at your high risk areas for your firm, and that you're doing adequate testing and documentation. All right, let's get into some tools and techniques. Anything else you want to cover here? If you've ever had an exam, if you've ever been examined by your state regulator or by the SEC, and you've received a deficiency letter, make sure that you're building those deficiencies into your testing. That's huge. Again, look at the sample letters that the SEC puts out. They tell you what they're looking for in exams. Again, states follow pretty much a lot of the same guidelines, so make sure that you're including those items in your testing. So, again, consistency really matters more than volume, so make sure you're documenting things, yeah. Documentation is the number one word in compliance. It's like how many times can we say documentation in one conversation when you're talking to compliance professionals? We have a chart up here that talks about that ongoing monitoring that we've already talked about with code buckets reporting, attestations, client file review, training completion. So, this is just a visual for the group to take in and think about how often and how frequent you're testing and who should be responsible for it. Do you have anything to add to this as people are thinking through it? Yeah, so these are just steady state activities. They require just consistency as long as you're consistent. Again, remember, the golden rule of compliance, if it's not documented, it didn't happen. Make sure that as you're doing these things, document what you're doing, how you're doing it, who did it, and make sure that you're taking adequate notes. Make sure that you have proper oversight in all of these. So how are you collecting these items that need to be collected? How are you documenting those? Just make sure that you're monitoring all the tasks because that just creates a strong foundation for your company's compliance program. Yeah, I think you make such a good point, and I know we're going talk about technology later on, but you know, I just keep thinking to myself, and I'm sure there's comments in the comment section that I haven't had a chance to read yet, but it's like when we're talking about documentation, you know, especially the technology advantage, right, with the audit stamp of I did this, this was in my compliance calendar, I did my code of ethics reporting for the quarter, check that off, move on to the next thing. But I know you have a ton of experience working in our technology, both on the client side and here. So, you know, I would love for you to dive into that a little bit if you have anything else to share. Yeah, so one of the things that I honestly found the most helpful, especially when I got new into the CCO role, I mean, I went from doing financial plans for thirty years to going into compliance, which you're going from a gray area to a black and white area. Compliance to me is very black and white. You know, you're either right or you're wrong. So, the compliance calendar and keeping just track of when you have to do things was a huge help for me as a newly minted CCO. Just knowing when I had to do things, when it was expected, what the filing deadlines are, those are things that are really important to keep track of. My calls with my consultants were a lifesaver for me, to just be able to bounce ideas off of, or not feel dumb like I was asking a dumb question, because there are no dumb questions when it comes to compliance. So, that's one of the things that I really valued, was knowing when things were due, knowing what I had to get done that week. I wanted to be able to look at my calendar on a Monday morning and say, Okay, this is what I have to do for the week, And that really helped me shape my firm's compliance program. I worked for a large firm. I had 40 plus advisors and $2,000,000,000 of AUM, so that was a huge task. Now, for a small firm, if you're one person, it's the same thing. I mean, you may have two advisors and $50,000,000 of AUM, or $25,000,000 of AUM. You have the same tasks that I did with a 40 advisor firm and $2,000,000,000 We had the same tasks, it's just a different level of depth of those tasks, but it's still the same deadlines for a small firm as the large firms. I love the compliance calendar in both our technology platforms, Comply for RIA, which was formerly RIA in a Box and Comply platform. The biggest struggle I have, especially from the product marketing perspective, right, so my job is to articulate our products to the market, is that the word calendar doesn't justify all the capabilities within the tool. And if anyone's got some ideas on what it should be called, feel free to enter them into the chat. But it's like, I was explaining it to leadership who aren't in a technology role and compliance regulatory role. And I was like, imagine having to say all of the meetings we've had about this specific subject and then going into your Outlook calendar and your email to pull that documentation out. How long would that take you? And they're like, that sounds like a nightmare. And then I'm like, that's the value of the compliance calendar and the task management tool within it. So I'm going off on a little tangent there. Oh my gosh. Was I? Probably not. It's next on the list. So, yeah, let's get into this piece because I think that there's a few things you want to touch on as I kind of derailed us for a second, but I got back on track. No, that's okay. Again, documentation, find out what works best for you. Simple is fine, but just needs to be complete. So, when you're getting examined, they don't want to read a novel. They want clarity on what you did, why you did it, etc. Having been through three SEC exams at my prior firm, I'm very familiar with it, and now going through exams with my clients, I know what the SEC is looking for, and states are going to be the same way. If you just write down, like if you are doing your fee billing and just say review billing, That is not complete documentation. What you want to say is something like, tested five accounts for Q1 billing, there was one discrepancy, this is the dollar amount, we refunded the clients, we updated the checklist. That is complete documentation. So, you want to make sure if senior management or an examiner reads your notes, will they understand what you tested, and why you tested it, and what the remediation was? So, you just, you know, when you're doing everything, you want to make sure that you can explain things to senior management, and you also want to be able to explain things to an examiner. Put it perfectly. So, let's get into a little bit of the task frequency on the compliance calendar itself. Yeah, so these are recommended guidelines. Again, know, fit these for your firm, but these are at a minimum as how often you should be doing these. Some of these are rules, so like your quarterly personal trading, those kinds of things, the SEC expects you to gather those within thirty days of the quarter end, or the year end when you're doing annual holding reports. You need attestations gathered annually, so make sure that you're looking at the rules of the actual frequency that occurs, and make sure you're making all the right notes and documentation. Think of it as your operating system. Also, if you are using some kind of calendar, attach the documentation to that task. That was the best thing when we ran into an SEC audit and they said to me, pull up your last two years of trade blotter reviews, Instead of having to go into, know, try to find these in various systems, I just went right to my calendar tasks and attached for that two year calendar period were my trade blotter reviews, or my two years of advertising reviews. I was able to just within that calendar find those. So, regardless of what calendar system you use, make sure that you're tying that to your tasks in your documentation to make it that much easier when you get that letter. Yeah, I mean, you just don't want to waste time gathering your documentation, especially if you've already done those things. Again, it just needs a better name than calendar because it's a case management project before. I know. I'm going to rename So, it one let's talk a little bit about testing templates. When I came into this industry, I was like, Testing, that's an interesting thing that we're doing, right, as a new person. But then I was like, it completely makes sense when you make sure the program doesn't fail. So I think testing templates are really beneficial for solo advisors, small compliance, like not even small compliance teams. Like, I'm an advisor in the compliance and this other role. So, let's talk about that and maybe how your team works through those templates with their own clients. So, I try to simplify things. So when you're doing a testing template, you need to make sure that you have a reasonable amount of items that you're testing. If you have 4,000 client accounts, you should not just be testing two accounts a quarter. Make sure that when you're looking at your templates that they're reasonable for the size of your firm, that everything regardless of whether it's marketing, fee billing, books and records, client suitability whatever you're testing, make sure that it fits across your client base and your firm base. So, sure that you are documenting the items that need to be documented, make sure that it's consistent with quarter over quarter, year over year, that you have consistency, that you're not reviewing the same things every quarter, you're not reviewing the same households over the same advisors, make sure that it's scalable to your firm. Again, you want to make sure that you're emphasizing regulatory friendly structures, so what I typically tell my clients is if you're testing client accounts for suitability, fee, and books and records, take that same group of clients you've already got all their documents pulled and test those three things all at once, but make sure that you're testing an appropriate number of accounts and clients and households. Again, fee billing is a great one that everyone always gets caught up on. Make sure you're testing terminated accounts. Don't just look at your active accounts. Make sure you're looking at any accounts that were terminated during the quarter, especially if you're billing in advance. Are you making sure that your refunds? That's things that we've seen clients get dinged on all the time in these SEC exam letters that they're getting back. You had a client and they terminated mid quarter and you didn't refund their fee promptly, so you need to make sure that you're testing all kinds of, across the spectrum, active clients, terminated clients, different account registrations across different advisors. Make sure that you've got these templates in place and that you are consistent with those across throughout the year. And again, document, document. That's all we can say. It's the number one word. There's no other word to explain it better. All right, so this question I feel like pops up a lot, right? The business continuity plans versus the business succession plans. I know you put this in here on purpose from your experience. So, I've separated the slides out. So, let's talk first about business continuity, and then the next slide will be the business succession planning. Okay, business continuity plans, that's all about tomorrow morning. So, what would happen if you were not available tomorrow? Who's going to contact your clients? How are you going to do business? A huge disruptor in this came when COVID hit. Most firms did not have business continuity plans in place and could not function. It's never going to happen. We're not going to have a global pandemic. Nothing's and it did. Right? And that goes to the same. Right. We've experienced that in our lifetime. And so now I think there's probably a lot of firms, especially, you know, clients that you've been working with that are just like, we can't have this happen again. Right? So Right. And these are things that get reviewed during SEC exams. They want to see your business continuity plan. How are you going to address another pandemic? Or should you have a regional loss of power? Or you're building floods, how are you going to handle that? Do you have alternate sites? How are you going to contact your employees? One of the biggest things that we see is most times somebody changes their cell phone number and the firm can't get a hold of you know, they didn't update their records. So, again, make sure that you're talking to your employees, that you have the most up to date contact information, that they know what your business continuity plan is. Do they know what to do should you shut the office down? Are you staging your website to indicate to clients that the office is shut down? Will clients know how to get in touch with you should something happen? So, these are all very important things that the state and regulators and the SEC are looking at to make sure that you can, again, work in the best interest of your client should a significant business disruption happen. I was about to take the words out of your mouth, or you should put the words out of your mouth, rather. Because it really, I mean, at the end of the day, the thing I always say is, like, when you think about regulatory compliance at financial services firms, like, you're the front lines of keeping the markets fair and protecting investors and ensuring that their money takes them to places that they want to go, wherever that investment fund looks like or their goals with that. And so it's just so, so, so important not to really sweat the small stuff. Right? Because it's really important for clients, your clients' clients, right? Your investors to know what's going on when disruption So let's get into business succession plans. So, business succession plans really are what's happening five years from now. So, what happens should you be the key member? I unfortunately had that happen to one of my small firms just this past year. The CEO had a heart attack. He was the CEO, CCO, CIO, he wore many hats like a lot of you do, and he had a sudden heart attack, passed away, and they had no business succession plan in place. So, they don't know what to do. The wife works for the firm, she was working with her husband, and they're trying to figure out what to do. They did not have a business succession plan in place, not that you ever want to test these out, but you want to make sure it's there in the event that you have something happen. So, it's all about leadership changes, the retirement or death or disability of a key person, how is that firm going to function should you lose somebody like that? So, it wants to ensure that the firm still exists tomorrow, should something happen. So, again, they both have completely different timelines, but they both are making sure that the firm still stands and can serve your clients. Yeah, I think business succession is so interesting. Early on in my career, I knew a lot about a financial services company, not company, firm rather, a big one in Baltimore where I was living at the time, and the CFO was going to retire. And my friend worked there, and he was like, oh, we're we're it's a three year plan. I'm like, are you talking about? It's a three year plan. And it was like this huge, like, succession planning of this big firm. But imagine on the other side of the same coin, if something were to happen at a small firm where there's four or five of you and that one person has all of the knowledge, then how do you hand that over? So it's just it's really it's not fun to think about the bad, but it's really important to prepare for it. So, that leads us right into, let's talk about making the case for resources. So, I would imagine if we were to do a poll, which I'm not going to do because I don't have it set up, but there's people on this session today that are using Excel or Word or SharePoint or whatever to document a lot of these things. There's probably a lot of clients on here that are using our technology. And then there's probably people who are piecing together things or figuring it out. And so, you know, how do we make that case for investing in technology, you know, that has a larger price tag than your, you know, out of the box Outlook or Microsoft programs, which you know don't have that audit ready documentation in it? So let's walk through that. So you really want to make sure that the firm is covered, you know, by not having certain softwares or by relying solely on one person, what kind of risk is that to the firm itself? So, you want to make sure that you're translating compliance into language that your executives are going to understand, so by not doing this, we run into these risks. If we were to implement this one tool, we could more efficiently do this, this, and this, and bypass these risks onto maybe a software system as opposed to manual calculations. I mean, there's just a lot of things that Sorry, I lost my train of thought. You're it's a lot. I mean, it's just, like, they're they're making the business case is difficult. So you might be the owner, so it's not a hard business case to make, but you're you're kinda like, do I wanna spend the money here? But if you're in that that group of people who are, like, really tired of the spreadsheets, really tired of the manual process, maybe not liking your technology you're with today, like, having a technology, a solution, like, Comply for RIA, right, where it's your full firm compliance requirements, we have the ability to do trade monitoring, code of ethics management, and it comes with a consultant if you choose, like two different varieties, right, is pivotal, right? It's just easier when you have something in one solution that's audit ready, was built for regulatory compliance, not compliance, not case management, but for regulatory compliance, it makes a huge difference in your ability to scale. Because the idea that financial services companies aren't on a high growth trajectory is crazy. Like, every financial services firm is wanting to grow, right? Grow their investments, grow their AUM, grow their clientele, all of those things. And setting it up early and in advance the right way will make a big difference than hodgepodging systems and, spreadsheets and different types of consultants for different types of things. It just creates, like, the deficiency letter comes out and it's like, how do we scramble for this? Or you get hit with the exam, it's your year to be examed. It's like, how do we prep for this? I think it makes a huge difference. Yeah, and I have to say, I've got a few clients that are brand new firms just recently registered with states and with SEC that have made the determination that compliance risk is of huge importance to their firm. So, they've taken the opportunity to engage with us to help them make sure that their compliance program from the get go is set up and is properly working. So, the fact that they're putting a lot of their focus into compliance to make sure that things are set up, they're making that case themselves for the resources for their firm. Yeah, I think that there's something very important about firms having a good relationship with regulators. If your strategy is the fine, we're going to risk the fine because we don't wanna do this and build it. We don't have time or the investment. And then to get hit with that fine, that's a big fine now. Right? And then people are gonna be looking and saying, you know, like, that's not a good, how do I say this relationship with regulators. Right? They want to see firms that are taking it seriously. So there's a lot of different things for making the case for resources. There's reputational damage. There's the regulatory relationship. Know, there's the cleanness of the way you do business and protecting your clients and investors. You know, there's a million different ways to organize it. But I think what would be interesting is if you could share a little bit more about how to translate some of the compliance things to executives who might not fully grasp it? They might be lost in the rule 30 one-twenty or whatever it may be. Any tips for those compliance leaders at smaller advisory firms with leadership who needs to understand it without overwhelmed? Yeah, so I think a lot of times they don't want the detail, they just want to know what the results are going to be. And again, you could say, right now we're meeting our baseline obligations, we know that we have to do X, Y, and Z, and we're doing that, but with one additional tool, maybe we can do A, B, C, and X, Y, and Z more efficiently, it's going to save us money in the long run. It's going to help, you can, I think as I said to one of my firms, you can spend money now or you can spend money later when you get that letter and you have all these fines and things? You have to hire outside counsel to help you, dollars 500 an hour for your outside counsel if it's even that inexpensive, to help you answer some of these deficiencies and to build a stronger compliance program. I remember during my first SEC examination, the initial examination, they indicated that all of the documents that we had drawn up by a legal firm did not match our firm at all, or what we were doing. So, we spent all this money getting contracts, compliance manuals, all of our regulatory documents drawn up by a legal firm, and we got a ding. So they just said, these are cookie cutter documents, they don't even say what your firm is doing because all of your documents have to say what you do, and then you have to do what you say you're doing. And if your documents don't Not even if it's required. It's if I'm gonna meet with Kelly every every first Tuesday of the month to discuss trade blotters testing, and we don't It's do not a requirement for us to meet about it, but because we put it in the policies and procedures, they're going to be like, how were those meetings with Kelly the first Tuesday of every month? Show me the evidence. And I'm going to be like, well, we did the first three months, and it kinda fell off. Like, fix your policies. There's nothing stopping you from updating your policies to make sure they reflect what's actually going on. And I would argue, and I'm sure you do too, that this should be an ongoing assessment of, like, evaluating and observing how the firm is working and making sure it's matching the policies. Once that goes a little off course, it's just ripe. It's just ripe from digging into more things that could be wrong for an examiner, I would imagine. Absolutely. Again, your compliance manual is your firm's bible. You have to abide by everything that's in that book. If you say you're doing it, you better be doing it. And if you're not doing it, you need to take it out of there or adjust it, or look at, is it something that's actually required that you're not doing? So, build a strong compliance manual will help a long way in building a strong compliance program to help you then take that compliance manual and build your compliance calendar. Your compliance manual should state when things are due and how often you have to do them, so make sure that you're building your compliance calendar around your manual. So, a good core compliance manual goes a long way in setting up a good compliance, good strong compliance program. Yeah, I mean, you couldn't have said it better. I think, as we wrap this up, one of the biggest things that Comply does as a business, right, is that we pair our technology with consulting. And so everything that Kelly just explained, right, writing your compliance manual, taking an assessment, writing it from scratch or assessing the one you have, getting that into a compliance calendar, identifying your areas of risk, performing these tasks throughout the year, wrapping up that annual review for your letter at the end of the year, these are all things that you can do on your own in our technology, but you can also do it with Kelly or one of her colleagues who's gonna take that extra, like, step to make sure that your manual is accurate, make sure that it's aligned to your compliance testing dates, make sure that your audit log's good, your checks your box checking. As much as we wanna say compliance is it checking the box, it is. Yeah. And and it feels so good to mark something off of your to do list. Like, I'll never deny that that from people. But, I don't want to spend too much time trying to oversell things. I just think it's really important to bring this all together as something that we understand as a business that we work with a lot of firms. We register firms. We bring them on board. We get them SEC registered, state registered, whatever it may be. And we really work as a partner with these firms. And I think the stat is on our enhanced consulting team. 100% of them were former state regulators. So you're in wonderful hands with those folks. And, you know, on your team, we've got former CCOs, former clients, former regulators. You know, it's just there's a lot of expertise. So, I'm going to stop bragging about you and your group. But any final comments? You know, again, we're going to get to the questions. I'm going to go through the comments. I think someone on my team has been addressing them as they can. But any final comments, Kelly, as we wrap this up? Yeah, really compliance for small firms isn't really about perfection, and if you get an examiner, don't freak out. I know that's the first instinct, but those aren't gotchas, they're just to help you build your program, and it's just all about prioritization. So make sure that you're making compliance a priority of your firm, make sure that you have a regular cadence, and make sure that it's scaled to your firm. Again, document, document, document. If it's not documented, it didn't happen, and that's the first thing that you're going to realize is the most important thing when it comes to compliance. Thank you so much for joining us today. Thank you everyone for watching live or if you're catching us on demand. Again, those live attendees, will get you a recording of this in the next twenty four hours. I've got my email address up here. Feel free to shoot me a note. I will, you know, get that your question or comment or whatever it may be to the right people here. And we hope you come back again for another one of our sessions. So thank you, Kelly, and thank you, everyone. Thank you. Have a nice rest Thank of your you. Bye.