Over coffee in Mumbai, I’m chatting with Priyanka, who is a founder of a growing investment advisory firm. Priyanka looked a bit rattled looking at the annual compliance audit report.
“Kruti, we thought we had everything buttoned up,” Priyanka sighs, scrolling through the audit report. “But there are issues with our client agreements and record-keeping. We didn’t even realize we missed sharing copies with a few clients, and our interactions logs? Now we’re scrambling to fix it before SEBI follows up.”
I nod empathetically. “You’re not alone, Priyanka. In my 10+ years auditing firms like yours, I’ve seen these gaps time and again. They’re often oversights in the rush of daily operations, but they can lead to hefty penalties or even license suspensions. Let’s break it down on what exactly went wrong.”
As we chat, it becomes clear that these aren’t isolated incidents. Drawing from recent audits, let’s dive into the most frequent observations.
Common Audit Observations for Investment Advisers (RIAs)
SEBI’s framework for IAs emphasizes fiduciary duty, transparency, and robust record-keeping to protect investors. However, audits often reveal lapses that stem from siloed operations or outdated processes. Here are some of the top observations we’ve encountered:
#1 – Failure to Obtain Registration with KRA and CKYC Many IAs have failed to register with the KYC Registration Agency (KRA) and Central KYC (CKYC) Registry, leading to incomplete client onboarding process. This violates basic due diligence requirements and exposes firms to anti-money laundering risks.
#2 – Client Agreements Not Properly Executed or Lacking Disclosures: Agreements are often signed without including mandatory disclosures, details of fees charged and conflicts of interest. We have also noted agreements missed MITC section.
#3 – Copy of Agreement Not Shared with Clients: We have observed that the agreements are signed by only one party. Even when executed, IAs have missed providing clients with a signed copy, breaching transparency norms under the IA Regulations.
#4 – Failure to Maintain Records of Client Interactions: Conversations related to advice—via calls, including video calls, emails, or meetings—weren’t documented properly. This is critical for audit trails and dispute resolution, yet it’s a common gap in fast-paced advisory environments.
#5 – Not Obtaining Client Consent on Completed Risk Profile: Risk profiling was done, but consent wasn’t formally obtained or recorded as per SEBI norms.
#6 – Failure to Intimate changes to SEBI: Appointments or resignations of the Principal Officer and persons associated with investment advice (PAIAs), change in address and other material changes weren’t reported promptly to SEBI as required.
#7 – Failure to comply with AML requirements: Policies for prevention of Anti – Money Laundering (AML) was not formulated or kept on records. Also, FIU was not intimated about the Principal Officer and Designated Director.
#8 – Advertisements Issued Without Relevant Approval: Marketing materials were issued without taking approval from IAASB / BSE.
Action Points Post-Audit
Back to my chat with Priyanka: “So, what now? Do we have to submit the report to SEBI?” she asked.
“Yes, SEBI mandates specific steps post-audit to ensure transparency and accountability”. I replied
Here’s what every IA should do:
#1 – File the Report on BSE Portal Along with Documents: Submit the signed copy of the audit report, along with client level segregation certificate and action taken report (ATR), via the BSE portal. This must occur within one month of the date of the audit report.
#2 – Add Status of Audit on Website Along with Adverse Comments: Update your website with the audit completion status and any adverse findings.
#3 – Share the Audit Report with Clients: Provide a copy of the audit report to the existing clients.
“Sure, I will ask my compliance officer to take action on these points immediately.
We are planning to apply for a research analyst license. Are the compliance requirements for research analysts on similar lines? As you deal with RAs as well, do you have similar observations for non-compliance by RAs?”
“Yes Priyanka, we have similar observations for RAs as well. For RAs, the emphasis is on unbiased research, clear disclosures, and verifiable recommendations.”
Common Audit Observations for Research Analysts (RAs)
Key findings include:
#1 – Display of Past Performance: RAs showcased historical returns and shared client success stories or profit screenshots in pitches without consent, violating advertisement guidelines.
#2 – Failure to Maintain Duly Signed and Dated Copies of Research Reports: Reports lacked proper versioning or signatures, making them unverifiable during audits.
#3 – Failure to Maintain Rationale for Research Recommendations: The reasoning behind buy/sell calls wasn’t documented well.
#4 – Missing Disclosures in Research Reports and Public Appearances: Mandated disclosures under RA Regulations—such as conflicts, holdings, or compensation—weren’t included in reports or media interactions.
#5 – Failure to Intimate SEBI of Material Changes: Changes in research analysts, directors / partners and other changes weren’t reported timely.
#6 – Non-Maintenance of Records: Overall lapses were observed in keeping client interaction logs, KYC documents, research backups, or compliance files.
#7 – Non-compliance of client onboarding process: RAs failed to register with KRAs, thus leading to incomplete KYC process. Also, client consent was not recorded on the terms and conditions of RA service.
#8 – Advertisements Issued Without Relevant Approval: Marketing materials were issued without taking approval from RAASB / BSE.
#9 – Non-adherence to fee limits: RAs charged fees in excess of the limits prescribed by SEBI.
“Just to let you know that the RAs also have to submit the report to BSE and have similar reporting requirements as IAs.” I added.
“Sure. Please help me understand, what will happen once IAASB (BSE) goes through the report. Will any action be taken against my firm?”
“As you may be aware that SEBI / BSE are conducting surprise inspections. They may take these reports as base during inspections. If they note that there is no action taken by the management on the observations, they will definitely take action. Depending on the level of non-compliance, SEBI may penalise the firms or suspend the registration.”
“I got it, Kruti. Thank you. I will be in touch with you for further course of action.”
Turning Audits into Opportunities:
Whether you’re an IA providing financial planning services or an RA providing market insights, understanding these can help you build a more resilient practice. Audits aren’t just about flagging issues—they’re a roadmap for improvement.
Remember, in the capital markets, compliance isn’t a checkbox—it’s your competitive edge.
If you’re facing similar challenges or preparing for your next audit, reach out to us at kruti@cskruti.com. Let’s turn those observations into actionable wins.
Hi, As Per Sebi New Circular In Jan 2025, RIA Should Appoint Independent Compliance Officer Who Is Cs/ca Plus Also Need To Clear Nism Level1 And Level 2 Exam Along With 2 More. What Is Your Say In That
Informative
thank you!