Compliance Calendar for Investment Advisers: Annual Reviews, ADV Updates, and Recordkeeping

Registered investment advisers run on trust, process, and proof. A practical compliance calendar helps keep those pieces aligned all year—so your annual review, Form ADV updates, marketing oversight, and books-and-records requirements do not get lost in daily operations. The calendar below organizes recurring obligations into a workable schedule with plain-English checklists you can adapt to your firm's structure and regulator.

Because adviser regulation is a mix of federal and state rules, laws and deadlines vary by state and by regulator. Use this calendar as a planning tool and confirm dates and requirements with the authority that regulates your firm. For related guidance, see RIA Formation and Compliance: What to Consider Before Registering Your Advisory Firm.

What This Compliance Calendar Covers and Who Should Use It

This calendar is designed for owners, principals, and compliance officers at registered investment advisers who want an actionable, month-by-month plan to manage: For related guidance, see Multi‑State Franchise Compliance Basics for New Franchisors.

Annual compliance review: scope, testing, documentation, and reporting to ownership.
Form ADV and brochure: annual amendment, prompt updates for material changes, and client delivery.
Quarterly operational checkpoints: supervision, marketing, custody, trading, cybersecurity, vendor oversight, and conflicts.
Books-and-records: what to keep, retention periods set by your regulator, and organization tips to pass an exam readiness check.

Use these checklists to assign owners, set internal due dates, and capture evidence as you go—so year-end is confirmation, not reconstruction.

Annual Compliance Review: Scope, Evidence, and Common Pitfalls

Build the scope

Identify your firm's business lines, client types, and conflicts to map which policies require testing.
List core areas: portfolio management, trading and best execution, personal trading, fees and billing, custody, valuation, marketing, privacy and cybersecurity, anti-fraud/supervision, and vendor oversight.
Incorporate prior exceptions and exam findings into current-year test plans.

Design testing and timelines

Define tests and samples (e.g., trade blotter sampling, invoice recalculations, email reviews, call reviews for solicitors).
Set owners and due dates by quarter to avoid a year-end rush.
Document methodology up front so testing is repeatable and clear to examiners.

Capture evidence

Maintain a review binder (digital or physical) with policies, test plans, workpapers, exceptions, remediation, and sign-offs.
Keep board/owner reporting minutes or memos showing what was reviewed, results, and any policy updates.

Common pitfalls to avoid

Scope creep or gaps: Reviews that are too broad to execute or too narrow to address business risks.
No evidence trail: Conclusions without workpapers, or undocumented remediation.
Static policies: Manuals that do not reflect current practices, vendors, or technology.
One-and-done testing: Annual-only checks for areas that generate daily risk (e.g., billing or marketing).

Form ADV and Brochure Updates: Annual Amendment, Material Changes, and Client Delivery

Annual amendment planning

Calendar the annual update window. Many advisers are required to file the annual Form ADV amendment within a set period after fiscal year-end; confirm timing with your regulator.
Compile firm-wide inputs early: assets under management, client counts and types, wrap programs, disciplinary events, affiliates, financial industry activities, and conflicts.
Refresh Form ADV Part 1 and Part 2 and, if used, Part 3 (relationship summary), to reflect current services, fees, and conflicts.

Material changes and prompt amendments

Track events that may require a prompt amendment outside the annual cycle, such as significant fee changes, new disciplinary information, custody changes, or updates to affiliations.
Maintain a materiality log so potential changes are evaluated quickly and consistently.

Client delivery and posting

Prepare a summary of material changes for brochure delivery.
Confirm client delivery and, where applicable, website posting. Keep proof of delivery (e.g., mail logs, e-sign acknowledgments, or portal confirmations).
Ensure solicitor/marketer materials reflect current disclosures and are aligned with filings.

Operational Checkpoints by Quarter: Supervision, Marketing, Custody, Trading, and Cybersecurity

Quarter 1 (Q1): Foundation and annual updates

Form ADV annual amendment: File within the applicable regulator's timeline after fiscal year-end and deliver updated brochures to clients.
Policy refresh: Update the compliance manual, code of ethics, privacy notice, cybersecurity program, BCP, and vendor list to match current operations.
Best execution: Initiate annual review of execution quality and broker/custodian relationships; collect data for spreads, price improvement, and research/soft dollar arrangements where relevant.
Marketing/advertising review: Re-approve website content, presentations, social media profiles, podcasts, and any performance or testimonials. Maintain approval records and version control.
Personal trading certifications: Obtain annual code of ethics acknowledgments, holdings reports, and broker attestations.

Quarter 2 (Q2): Testing cadence and mid-year hygiene

Billing and fees: Sample invoices; reperform calculations; verify fee schedules against client agreements and ADV disclosures.
Trading and allocation: Test trade aggregation, allocation fairness, and restricted list controls.
Custody checks: Confirm standing letters of authorization, fee deduction authority, and any circumstances that may create custody; test client statement reconciliation procedures.
Cybersecurity: Run phishing simulations, access recertifications, vulnerability scans, and confirm incident response playbooks.
Vendor oversight: Review SOC reports or security questionnaires for key vendors; update contracts for data security commitments where appropriate.

Quarter 3 (Q3): Supervision deep dive and change management

Branch and remote supervision: Perform call reviews, email and text sampling, and workpaper reviews for IARs; confirm off-channel communication controls.
Conflicts inventory: Reassess conflicts from revenue sharing, referral arrangements, outside business activities, gifts and entertainment, and proprietary products.
Valuation and illiquid assets: Test pricing sources, overrides, and documentation for hard-to-value holdings.
Business continuity: Tabletop test for disaster scenarios; document lessons learned and control improvements.

Quarter 4 (Q4): Year-end wrap and next-year setup

Annual compliance review: Finalize testing, aggregate exceptions, and complete remediation tracking.
Owner/board reporting: Deliver written report summarizing testing, findings, updates, and planned enhancements.
Training and acknowledgments: Complete annual training for marketing, cybersecurity, and code of ethics; collect year-end attestations.
Calendar build: Create the next year's schedule, internal deadlines, and testing assignments.

If you want a compliance calendar mapped to your regulator's deadlines and your firm's operations, we invite you to schedule a consultation to discuss hiring counsel to build or refine your program. Call 414-253-8500 or use our contact form to speak with our firm about representation.

Books-and-Records: What to Keep, How Long, and Organization Tips

Advisers are generally required to maintain specific books-and-records for set periods. Exact lists and retention timelines depend on your regulator. The following categories commonly apply:

Core records to maintain

Corporate and ownership: Organizational documents, ownership ledgers, and governance records.
Client agreements and disclosures: Advisory contracts, Form ADV brochures, delivery proofs, new account forms, suitability/Know Your Client data.
Trading records: Trade blotters, order tickets, allocation statements, confirmations, and best execution analyses.
Portfolio records: Account statements, performance workpapers, model changes, and investment committee minutes.
Financial records: General ledger, trial balances, and financial statements.
Marketing and advertisements: Final copies, approvals, performance substantiation, testimonial/review permissions, and third-party rating documentation if used.
Compliance program: Policies and procedures, annual review reports, testing workpapers, training logs, code of ethics reports, and personal trading records.
Cybersecurity and privacy: Access logs, incident response documentation, risk assessments, and vendor security reviews.
Communications: Required business communications, including email, chat, text, and social media maintained in an archive that meets recordkeeping standards.

Retention and format

Retention periods vary by rule and regulator. Establish a written retention matrix that states the record, system of record, retention period, and responsible owner.
Accessible format: Store records in an organized, searchable format with appropriate safeguards. Confirm whether your regulator permits electronic WORM storage or other specific formats.
Indexing: Use consistent naming conventions, folder structures, and metadata tags so you can retrieve records quickly during an exam.

Organization tips

Create an exam-ready binder grouped by rule topic with cross-references to systems.
Automate ingestion and archiving from email, chat, and collaboration tools to capture business communications.
Run quarterly spot checks to confirm retention and access controls are functioning as written.

Mid-Year Health Check: Testing, Exception Tracking, and Board/Owner Reporting

Mid-year reviews keep risk from accumulating. Use this checkpoint to validate that your calendar, testing, and remediation are on pace.

Mid-year checklist

Progress review: Compare completed tests to the plan; adjust for new products, vendors, or regulatory updates.
Exception log: Confirm each exception has a root-cause analysis, client impact assessment, and remediation owner and due date.
Materiality review: Reassess any items that may require a prompt ADV amendment or client notification.
Training refresh: Provide targeted training where exceptions cluster (e.g., billing, off-channel communications, marketing substantiation).
Interim report: Provide owners with a concise status update and any resource needs to stay on schedule.

To align your mid-year testing with your regulator's priorities and your contracts, consider engaging counsel. We can help structure testing, exception handling, and reporting. To discuss representation, call 414-253-8500 or reach us through our contact form.

Year-End Wrap-Up: Certifications, Vendor Reviews, and Next Year's Calendar Setup

Final quarter actions

Consolidate evidence: Complete workpapers, sign-offs, and remediation documentation.
Owner/board presentation: Summarize results, policy updates, risk themes, and next-year initiatives.
Attestations: Collect annual acknowledgments for the code of ethics, cybersecurity, privacy, and marketing policies.
Vendor scorecards: Rate critical vendors on performance, security, responsiveness, and contract compliance; plan renewals or transitions.
Next-year build: Lock due dates for filings, training, and quarterly tests; assign owners and create dashboards.

Month-by-month planning guide

January–February

Finalize financial data for Form ADV; begin annual amendment drafting.
Re-approve marketing inventory and performance backup.
Collect employee holdings and outside business activity updates.

March–April

File annual ADV amendment within the applicable timeframe and deliver updated brochures.
Launch best execution review and billing test samples.
Run first phishing simulation and access review.

May–June

Quarterly trading and allocation testing.
Vendor due diligence refresh and contract check.
Mid-year owner report and training refresh.

July–August

Review off-channel communications controls and archives.
Valuation sampling for illiquid/private holdings.
BCP tabletop exercise and remediation tasks.

September–October

Close out remediation items with testing to verify effectiveness.
Draft the annual compliance review report; update policies.

November–December

Deliver final report to ownership; collect annual attestations.
Finalize next year's calendar and training plan.

Practical Controls That Reduce Operational Risk

Single source of truth: Maintain a central compliance calendar with automated reminders for each obligation and evidence required.
Approval workflow: Route marketing, new vendors, and new products through a short approval checklist with documented sign-off.
Exception management: Use a simple tracker with fields for date, control, description, client impact, remediation steps, owner, and deadline.
Change logs: Record policy changes with version numbers, effective dates, and rationale.
Dashboards: Share status dashboards with leadership monthly to keep accountability visible.

Roles and Accountability

Even small firms benefit from clear ownership of compliance tasks. Define:

Policy owners for each risk area (e.g., billing, trading, marketing).
Control performers who run tests and maintain workpapers.
Approvers who sign off on marketing, vendors, and policy changes.
Escalation paths for exceptions and potential client impact.

Technology and Vendor Oversight

Technology can streamline compliance, but it also introduces third-party risk.

Inventory systems: CRM, portfolio management, trading, billing, archiving, email, chat, and file storage.
Security checkpoints: Access control, MFA, encryption, audit logs, and incident response commitments.
Data processing addenda: Confirm privacy and data handling terms align with your obligations.
Exit plans: Ensure you can retrieve client data and records in a usable format if you move vendors.

Short Checklist You Can Use Today

Confirm your regulator's filing deadlines and add internal due dates 2–4 weeks earlier.
List material change triggers for Form ADV, and route them to compliance for immediate review.
Inventory marketing materials and performance claims; verify substantiation and approvals exist.
Run a billing sample test and document results, exceptions, and any client credits.
Test archive coverage for email, text, and chat; address gaps in off-channel capture.
Update the exception log and assign remediation owners and dates.

Common Questions

Who needs to register with state regulators versus the SEC, and how does that impact the calendar?

Registration depends on factors such as assets under management, business model, and where the firm and clients are located. Some advisers register with the SEC, while others register with state regulators. The obligations are similar in many areas, but deadlines, record lists, and processes can differ. Build your calendar around your actual regulator's requirements and confirm any state-specific items.

What counts as a material change that requires a prompt Form ADV amendment?

Examples can include significant fee changes, new disciplinary information, new affiliations that create conflicts, custody changes, or expanding into new services that alter your disclosures. When in doubt, document the event, evaluate its impact on your disclosures and clients, and make a timely amendment if warranted. Keep a materiality log and retain proof of your analysis.

How long should investment advisers retain compliance and trading records?

Retention periods are defined by the applicable rules of your regulator and can vary by record type and jurisdiction. Many core records are retained for multiple years, with some kept longer. Establish a written retention schedule that identifies each record, where it is stored, how long it is kept, and who is responsible, and confirm the schedule against your regulator's requirements.

How should firms handle off-channel business communications for recordkeeping purposes?

Adopt a clear policy that channels all business communications into captured systems. Prohibit unsupported channels where capture is not feasible, deploy compliant messaging tools with archiving, and conduct periodic monitoring to verify adherence. Document exceptions and remediation.

What documentation should support the annual compliance review?

Keep the written review plan, testing procedures, samples, results, exception logs, remediation actions, policy updates, training records, and the final report to ownership. Maintain version-controlled policies and evidence showing when changes took effect and why.

Next Steps

A structured compliance calendar reduces missed filings and exam risk. If you want a calendar tailored to your regulator, service lines, and technology stack, we welcome the opportunity to talk through next steps and discuss representation. Call 414-253-8500 or reach out through our contact form to schedule a consultation and see whether our firm can help.

Disclaimer: This article provides general information and is not legal advice. Laws and regulations vary by state and by regulator, and outcomes depend on specific facts. Reading this article does not create an attorney-client relationship. For advice about your situation, please contact an attorney.

Privacy and Cybersecurity for Financial Advisors: Safeguards, Policies, and Incident Response

Attorney advertising. This page is for general informational purposes only and is not legal advice. Reading this page or contacting the firm does not create an attorney-client relationship.