February 15, 2024

Navigating Your First Custody Rule 206(4)-2 Surprise Examination: A Thorough Guide for New RIAs

By Dan McIntosh, CPA, Partner, Assurance Services & Marni Pankin, CPA, Partner, Alternative Investment Group

Navigating Your First Custody Rule 206(4)-2 Surprise Examination: A Thorough Guide for New RIAs Alternative Investments

Entering the world of registered investment advisors (RIAs) comes with its fair share of regulatory requirements; chief among them is the adherence to the Custody Rule under the Investment Advisers Act of 1940. For newly registered RIAs, the first surprise examination required by Rule 206(4)-2 can be formidable. This article is designed to guide you through the process, clarifying your obligations and providing practical advice to help you successfully navigate your first surprise examination audit.

Understanding the Custody Rule and Its Implications

The Custody Rule is central to the Securities and Exchange Commission’s (SEC’s) efforts to prevent the misuse of client assets. Defined broadly, custody means holding client funds or securities and having any authority to take possession or withdraw them. RIAs may have custody, for instance, by possessing the authority to withdraw fees or through certain trustee arrangements or custodial agreements. Custody may also include related persons with access to client assets.

RIAs should be aware of inadvertent custody, which can occur if a client gives access to accounts without proper safeguards. SEC Guidance No 2017-01 addresses this issue. It also should be noted that in February ‘23, the SEC Proposed Amendments to the Custody Rule – The Safeguarding Rule which aims to broaden the Custody Rule’s scope to include all client assets, not just funds and securities, and tighten the conditions under which exemptions for privately offered securities apply.

The Surprise Examination Mandate

The annual surprise examination is obligatory for RIAs with direct or indirect custody of client cash and securities. This includes managing pooled investment vehicles like hedge funds, with some exemptions, such as the “audit provision” exemption for RIAs distributing GAAP-compliant financial statements in a timely manner. Other exemptions to the surprise exam requirement, such as having custody solely for the ability to deduct advisory fees, should be reviewed carefully when setting up client accounts and commencing operations to ensure the best possible outcome.

Selecting a Qualified Auditor

Key to the examination is the selection of a qualified independent accounting firm. The accountant must be registered with the PCAOB and be subject to its inspections. The PCAOB website has lists of both registered firms and inspected firms. Any selected independent accounting firm should be included on both lists.

Preparation for the Examination

Preparation is paramount. RIAs should have an independent accountant engagement letter in place when it becomes subject to the surprise examination requirement and at the beginning of any subsequent years. The first examination must occur within six months of becoming subject to the independent examination. Future examinations must occur on an annual basis.

Taking proactive steps is crucial. An RIA should conduct an internal review before the engagement of the accountant, which should include the following procedures:

  • Catalog and review all contracts with custodians.
  • Maintain up-to-date records and listings of all accounts the RIA is deemed to have custody of.
  • Reconcile records to information regarding custody and client accounts reported on Form ADV.
  • Check-in with custodians and clients to ensure that customer statements are sent to clients on at least a quarterly basis.
  • Consult with legal and compliance experts on any customer accounts whereby it’s unclear if the RIA is deemed to have custody.
  • Obtain an internal control report for any related custodians not independent of the RIA.
  • Maintain listings of and supporting ownership documentation for client assets not held with qualified custodians (i.e., privately offered securities).
  • Perform mock examinations and remediate any discrepancies.

The Date of the “Surprise”

Unless physical securities are held on-site, the surprise examination procedures do not necessarily need to be in person or performed on a specific date. The auditor haphazardly selects a surprise date during the year that has passed (the “Surprise Date”) to perform the examination procedures. The Examination Period begins at either the first date the RIA has deemed custody of client assets or, for future periods, the Surprise Date identified by the accountant in the prior year and ends with the current Surprise Date.

Conducting the Examination

The auditor will engage in a detailed examination that includes, but is not limited to:

  • Understanding the RIA’s process for determining the completeness and accuracy of the identified in-scope accounts subject to the Custody Rule’s examination requirements.
  • Confirming a sample of client funds and securities held with both the independent qualified custodians and the clients as of the Surprise Date to ensure that all positions are held in either a separate account under the clients’ names or in accounts under the name of the RIA as agent or trustee for the clients.
  • Confirming any and all contributions and withdrawals made during the Examination Period for a sample of clients.
  • Confirming the existence and ownership of any privately offered securities with counterparties or issuers.
  • Reconciling any differences between the RIA’s records and third-party evidence requested and received.
  • Confirming accounts closed during the Examination Period or for those whose funds were returned to the client.

Communication is Key: Establish clear communication channels with the accountant. Knowing what they will need and having regular updates to discuss outstanding items and potential issues can reduce surprises.

The auditor will require management to assert in writing that they comply with the applicable Custody Rules of the Investment Advisors Act of 1940 and will have to represent, among other things, that they have determined which accounts they have custody of and that they have reasonable belief that their qualified custodians send client accounts statements to clients on at least a quarterly basis.

Active Participation: While the examination is meant to be independent, providing insight and context to your practices can assist the auditor in understanding your operations. Further, by understanding and preparing for these typical examination procedures and testing, the RIA can better facilitate the process and mitigate issues that can lead to non-compliance. These practices should yield a more favorable outcome from the surprise visit.

Examination Reporting

The auditor has 120 days from the Surprise Date to complete the examination and issue the Independent Accountant’s Report with the SEC through Form ADV-E. The report will delineate the procedures performed and express an opinion on management’s compliance with the requirements of the applicable Custody Rules, specifically, paragraph (a)(1) of Rule 206(4)-2 of the Investment Advisors Act on the Surprise Date and Rule 204-2(b) during the Examination Period.

Any material discrepancies identified must be reported to the SEC on the Independent Accountant’s Report as well as within one business day of learning of the material discrepancy.

Post-Examination Follow-Up

  • Review Findings: It’s crucial to carefully review any findings or deficiencies the accountant identifies. This review process can provide valuable insights into areas where your custody practices may need improvement.
  • Implement Changes: Promptly take corrective action on any issues that have been identified. Be sure to document these changes thoroughly, as this is evidence of your commitment to compliance and addressing the problems identified.
  • Continuous Compliance: Bear in mind that the surprise examination isn’t a one-time event; maintaining continuous compliance with the Custody Rule throughout the year is essential. Treat the examination as part of your ongoing risk management strategy and ensure compliance efforts are integrated into your daily operations.

Through diligent review, immediate implementation of changes, and a commitment to continuous compliance, RIAs can address and mitigate risks and discrepancies, fostering a robust culture of compliance within the organization.


Facing a Custody Rule surprise examination for the first time may appear daunting, but understanding your obligations and preparing diligently can transform it into an opportunity to strengthen your firm’s integrity and client trust. Remember that this is not merely a regulatory hurdle but a chance to demonstrate your unwavering commitment to safeguarding client assets.

For new RIAs, this first examination begins a continuous journey toward meticulous compliance and risk management. With the insights provided in this guide, you’re now better equipped to approach your first surprise examination with the confidence and preparedness necessary for a positive outcome.