Ready for Launch? The Role of RegTech in the RIA Start-up Process

Evidence suggests, and consensus concurs, that the independent RIA model represents the future of wealth management. Data shows that RIAs have enjoyed strong growth over the last ten years, and expectations are that these entities will control almost a third of all advised assets in less than three years. 

This RIA growth trend, and I’m including hybrids in my discussion, should not surprise anyone. As large enterprises become larger, tech innovation creates greater efficiencies and the number of third-party solutions providers increases at an equally impressive pace, the lure of independence as an RIA becomes stronger. It checks a lot of boxes for financial advisors looking for more control when it comes to serving clients – and greater financial gain when they do that well.

Still, many financial advisors approach the RIA start-up process with trepidation. It’s not for the faint of heart, particularly in this ecosystem of heightened regulatory oversight. Thanks to the sheer volume of moving parts, from compliance and supervision to advertising and client communications, launching an RIA represents a heavy lift for even the most organized among us. This is where the aforementioned third-party solutions providers can deliver the support needed to expedite the process and help ensure all the bases are covered and covered well.

What wealthtech and regtech tools can newly launched RIAs and hybrid RIAs leverage (or those considering the move) to maximize success? And how can these resources be woven into a broader RIA launch strategy? I spoke with three outsourced solutions providers to discuss the challenges associated with the process and the role their offerings play in supporting new RIAs:

• Nico DeMaio, President and Partner, AdvizorStack, a fintech technology platform offering RIAs turnkey access to a curated assortment of third-party solutions providers 
• Mike Overdorf, President and Founder, Sycamore Company, which delivers data and functionality to retail and institutional advisory firms for commission processing, compliance supervision surveillance and data analytics 
• Mike Barranco, CEO, AlphaONE Operations, a cybersecurity and IT solutions provider 

Sander Ressler: At AdvizorStack, you specialize in delivering back and middle-office solutions and consultative support to enable newly launched RIAs/hybrids to hit the ground running. Can you elaborate on your back-office digital solutions architecture process?

Nico DeMaio: AdvizorStack can streamline the back-office operations of financial advisory firms through a comprehensive digital solutions architecture, including:

Custom integrations with CRMs within Salesforce allow firms to manage client data, communication and workflows seamlessly. AdvizorStack acts as your Digital Operation Project Manager, working closely with you to solve any operation inefficiencies and streamline processes, data and the client experience within your firm. Our goal is simple: provide you with the tools to assist you in your firm’s growth ambitions.

We can implement document management systems that automate client onboarding, filing, retrieval and compliance processes to help reduce errors, improve audit trails and ensure all necessary documentation is readily accessible and compliant with regulations. 

Whether transitioning from legacy systems or consolidating data across multiple platforms, AdvizorStack ensures smooth data migration processes, including cleaning, organizing and securing sensitive financial data during transfers.

Our compliance automation capabilities can integrate tools that automate regulatory reporting, client suitability checks and data retention policies. We can integrate directly with multiple compliance vendors and allow firms to create an in-house technology stack that works for them.

Our automated billing solutions, including tracking advisory fees and creating client reports, can reduce the chance of discrepancies and improve transparency with clients.

AdvizorStack configures automated workflows that handle routine tasks like client onboarding, portfolio rebalancing and task management. 

Integration with portfolio management software allows for automated trade reconciliation, performance reporting and portfolio analysis. 

The firm also implements best practices for data security, protecting sensitive client and firm information from cyber threats through encryption, secure data storage and user authentication protocols. 

AdvizorStack can integrate digital communication platforms, enabling secure client portals, automated emails and notifications, ensuring clients are kept informed about their portfolios and any firm updates. 

This comprehensive approach allows AdvizorStack to modernize the back-office operations of advisory firms, creating a scalable infrastructure that adapts to growth while remaining compliant and efficient.

SR: The hybrid RIA model continues to grow in popularity, as the ability to do commissionable business remains highly relevant. What are the top challenges and opportunities that broker-dealers focused on growing in the hybrid RIA and dual registrant advisor segments must address when it comes to digitally-enabled commissionable compensation calculations and subsequent payouts?

Mike Overdorf: It can be a major challenge for broker-dealers to effectively process payments for hybrid firms and dual registrant advisors. To do it right, they need a single platform that can pay two different business types. It should be able to process multiple lines of business, gather data from various sources – whether it be commission-based or fee-based – and distinguish the nomenclature associated with both types. The platform should also be able to differentiate who should be paid and how. For example, commissions and broker-dealer revenues can’t be paid to entities, while RIA fees can. 

Look for a platform that offers flexible compensation schemes, as payout schedules and rates often vary between commission- and fee-based revenue. Lastly, it should accommodate various rules, like ticket charge scenarios for commissionable business and management fees for RIAs. These qualities are especially important as the hybrid RIA model continues to grow in popularity and commissionable business remains highly relevant.

SR: By all accounts, AlphaONE is especially plugged into the community of LPL Financial-affiliated large enterprises and financial advisors as a popular cybersecurity solutions provider. Given that many of your customers include some of the fastest-growing LPL-affiliated hybrid RIA firms, what are the top three cybersecurity issues that newly-formed hybrid RIAs, in general, should be thinking of from day one?

Mike Barranco: Newly formed hybrid RIAs face several cybersecurity challenges that previously were often handled by their broker-dealer under the corporate RIA structure. As independent firms, they must now take full ownership of their cybersecurity posture to protect their clients and operations. The top three areas that should be addressed from day one are:

1. Business Email Compromise (BEC): Email is the critical key that unlocks access to other systems, such as financial accounts, client data and communications. A compromised email account can allow threat actors to reset passwords, bypass multi-factor authentication and send fraudulent emails that appear to be from the advisor. Common attacks include sending fake account updates or requests for changes to client forms, which can result in unauthorized access to funds. Protecting email with strong security settings, robust multi-factor authentication and vigilant monitoring is essential to safeguarding the entire business.
2. Cybersecurity Training and Awareness: Comprehensive security training for all employees is critical to addressing the wide range of threats RIAs face today. This includes recognizing phishing and vishing (voice-based phishing) attacks, new security challenges created by AI (deepfake communications) and mobile device and physical security. Ensuring that employees understand the full spectrum of cybersecurity risks equips them to act as an active defense layer against attacks.
3. 24/7 Security Monitoring by a Qualified MSSP: Cyber threats don’t operate on a schedule. Continuous monitoring by a trusted Managed Security Services Provider (MSSP) can help swiftly identify and respond to breaches before they cause significant damage. Proactive threat detection and incident response are crucial in reducing risk exposure for hybrid RIAs.

AlphaONE specializes in addressing these cybersecurity needs for RIAs, ensuring that businesses stay protected from evolving threats.

Sander Ressler is Co-Owner and Managing Director of Essential Edge Compliance Outsourcing Services, LLC, a strategic consultancy specializing in compliance and regulatory affairs for broker-dealers and registered investment advisers (RIAs).