Exactly how we decide which firms make the list — and a practical, vendor-neutral guide to choosing a compliance partner and understanding the rules your program has to satisfy.
This directory exists to make one hard decision easier: picking a compliance partner you can trust. We research firms independently and weigh each against six criteria. No firm can pay for placement, and we reassess the list on a quarterly basis so it reflects the current market rather than a snapshot from years ago.
Years actively advising RIAs, and the range of business models and firm sizes a consultant has worked with.
Relevant designations, legal or former-regulator backgrounds, and demonstrated command of the Advisers Act.
What advisers say about working with the firm — responsiveness, clarity, and whether outcomes matched promises.
Track record helping firms prepare for, and get through, SEC and state examinations with clean results.
How diverse the firm’s work is — registration, ongoing programs, outsourced CCO, technology, and more.
Timeliness and reliability of service — because compliance questions rarely arrive on a convenient schedule.
Before a firm is even scored, it has to clear three thresholds. This keeps the directory focused on established, proven providers rather than newcomers or generalists.
A meaningful client footprint — the firm serves advisers beyond a single local market.
Enough time in the field to have navigated real rule changes and examination cycles.
A substantial base of completed client engagements over recent years — not just a roster of names.
Rankings narrow the field; the right fit still depends on your firm. Below is what seasoned advisers weigh when they evaluate a compliance consultant — and the rules a competent partner should help you address.
Experience matters, but relevant experience matters more. A consultant who works mostly with large broker-dealers may not be the right fit for a two-person RIA, and vice versa. Ask for examples of engagements that resemble yours in size, client type, and service model, and look for evidence they can anticipate rule changes rather than just react to them.
The worst compliance manuals are generic templates that describe a firm you aren’t. Strong consultants take time to understand your business model, conflicts, and risk profile, then build policies that map to your real workflows. Consistent, plain-English communication is part of this — you should never feel talked past.
Compliance is ongoing, not a one-time project. Some firms deliver a program and step back; others provide continuous support — rule-change alerts, periodic risk reviews, training, and exam readiness. Clarify exactly what “ongoing” includes and what triggers additional fees before you sign.
You don’t need to be a securities lawyer, but knowing the landscape helps you judge whether a consultant is thorough. These are the pillars most RIA compliance programs are built around.
| Rule / requirement | What it covers |
|---|---|
| Investment Advisers Act of 1940 | The core federal statute defining who is an adviser, the fiduciary duty owed to clients, and the framework the rules below sit within. |
| Compliance Rule (206(4)-7) | Requires written policies and procedures, a designated Chief Compliance Officer, and a documented review of the program at least once a year. |
| Form ADV | Your registration and disclosure document, including the client-facing brochure. Requires an annual updating amendment and prompt updates when key facts change. |
| Form CRS | A short relationship summary for retail investors covering services, fees, conflicts, and disciplinary history. |
| Marketing Rule (206(4)-1) | The modernized standard for advertising and testimonials, with specific conditions for performance claims, endorsements, and third-party ratings. |
| Custody Rule (206(4)-2) | Safeguards for client assets when an adviser has custody — including qualified custodians and, in many cases, a surprise examination. |
| Code of Ethics (204A-1) | Standards of conduct and personal-trading reporting for access persons, designed to manage conflicts of interest. |
| Books & Records (204-2) | The records an adviser must create and retain, and for how long — a frequent focus in examinations. |
| Privacy & safeguards (Reg S-P) | Protection of client information, including a written information-security program — increasingly central as cyber risk grows. |
| SEC vs. state registration | Advisers generally register with the SEC once assets under management reach roughly $100 million; smaller firms usually register with their state (subject to specific buffers and exceptions). |
This primer is general and educational. Specific requirements — and dollar thresholds — have conditions and exceptions; confirm how they apply to your firm with qualified counsel or a compliance professional.
CCO — Chief Compliance Officer, the person accountable for the firm’s compliance program.
Outsourced / fractional CCO — an external professional filling or supporting the CCO role.
Mock exam — a practice regulatory exam run to surface gaps before the real thing.
Deficiency letter — a regulator’s written list of issues found during an examination.
IAR — Investment Adviser Representative, an individual providing advice on the firm’s behalf.