RIAs are continuing their rapid expansion in 2025, fueled by organic growth, M&A activity and private equity interest. According to Cerulli Associates, independent RIAs are expected to outpace all other channels, with headcount gains of 4% annually through 2028.
While this is positive news for the sector, growth often introduces new complexities that mid-sized RIAs must manage to succeed. More clients, staff and services bring operational and compliance challenges that didn’t exist when these firms were smaller. Unfortunately, this added complexity is often where many firms encounter difficulties from a compliance perspective, not because of bad intentions, but because compliance programs fail to adapt as the firm expands.
If you’re a CEO or chief compliance officer (CCO) at a mid-sized RIA, ask yourself: Are you scaling your compliance infrastructure at the same pace as your business? Below are some of the most common and costly gaps we see in firms of your size, and what you can do to find (and close them) before the SEC does.
Compliance Leadership Without Infrastructure
Many mid-sized RIAs appoint a CCO but fail to support that individual with the tools, documentation or authority needed to enforce firm-wide compliance. This does not set the CCO, or your compliance program, up for success.
This is especially common in firms where the CCO wears multiple hats — think COOs or CFOs moonlighting as compliance leads. Without a robust framework beneath them, even experienced CCOs can’t maintain oversight across departments or ensure consistent application of policies.
This could be a problem for your firm if:
- Your CCO lacks a formal budget or clear escalation authority
- There is no centralized compliance calendar or task tracking system
- Policies exist, but aren’t translated into operational workflows
- Training is ad hoc or delegated without monitoring
To fix these issues, you need to invest in a compliance infrastructure that scales with your growth. This includes clear reporting lines, technology for compliance task management and regular leadership reviews that treat compliance as a strategic function, not a back-office necessity.
Inadequate Documentation Of Business Changes
As smaller RIAs grow, either organically or inorganically, into mid-sized firms, they must evolve rapidly. This can include adding services that new clients and advisors want, expanding geographically by entering new areas of the country or even changing fee structures. While all this change may monopolize the focus of leadership, they may fail to ensure that their compliance documentation is updated accordingly.
Form ADV disclosures, internal policies and client agreements can lag what’s actually happening in the business. That mismatch is a red flag for regulators and a liability for your fiduciary obligations.
Form ADV disclosures, internal policies and client agreements can lag what’s actually happening in the business.
You need to guard against issues around:
- Discrepancies between how services are delivered and how they’re described in marketing or ADV filings
- Undocumented changes to investment strategies, fee schedules or third-party partnerships
- Lack of a formal process for mapping business changes to compliance updates
Avoiding inadequate documentation of business changes should involve establishing an across-functional review process where operational and business changes are regularly flagged for compliance impact. Tie this to quarterly policy and disclosure reviews, and document all updates, not just in filings, but in internal controls and procedures.
Fragmented Marketing Oversight In The Post-Marketing Rule Era
Since the SEC’s revised Marketing Rule became effective, firms have significantly more flexibility, but also more risk. Mid-sized RIAs often struggle to apply consistent oversight across the increasing volume of digital and advisor-led marketing content. The result? Teams may post performance data or testimonials without proper substantiation, disclaimers or documentation. This isn’t just risky, it has become one of the most scrutinized areas in recent SEC exams.
When reviewing marketing practices during an exam, the SEC is looking for:
- Marketing materials created by individual advisors without compliance pre-review
- Use of hypothetical performance or third-party ratings without appropriate disclosures
- No audit trail or indication of who approved what or when
To pass the SEC’s scrutiny of your firm’s marketing when it comes time for an exam, you should implement clear guidelines and workflows for marketing compliance, especially for digital content. Use technology to track and approve materials, and ensure advisors understand when compliance approval is mandatory. Your compliance team should be able to produce an audit trail at any moment.
Your compliance team should be able to produce an audit trail at any moment.
Make Sure You Use Compliance As A Growth Lever
Compliance can be challenging when running a mid-sized RIA. However, with the right processes, you can not only avoid risk but also reinforce trust with clients and regulators alike. By evaluating your current state, identifying gaps and creating a roadmap to correct any deficiencies, you can confidently build a strong compliance program.
Sid Yenamandra is the Founder and CEO of SurgeONE.ai, a compliance, cybersecurity and data services platform for wealth management that unifies the offerings of RegVerse, Kovair, Security Snapshot and MGL Consulting.
