%2010.svg){kind=logo}
Table Of Contents
Why Your Compliance Stack Fails 206(4)-7's Portfolio Supervision Test
Walk into any well-run RIA and you will find a mature RIA compliance software stack: a policies-and-procedures platform, a personal trading surveillance tool, an archiving vendor, a CRM with audit trails, and an OMS or rebalancer wired to custodian feeds. By every checklist the firm looks covered — and for most of what Rule 206(4)-7 asks, it is. But one obligation keeps slipping through the seams of even the most carefully assembled stack: the ongoing supervision of client portfolios against their own Investment Policy Statements.
Related reading in the IPS supervision cluster
- portfolio supervision ria ips intelligence — the cluster pillar on why growing RIAs need an intelligence layer above rebalancing and checklists.
- documenting ips supervision 206 4 7 framework — how CCOs document the framework so it holds up in an SEC exam.
- ips drift style drift policy breach ria compliance — the three drift categories RIAs conflate and what each triggers.
- ria portfolio supervision rulebook 206 4 7 finra 3110 — the definitive rule-by-rule reference.
- trading activity thresholds ria compliance — companion guide on threshold-setting for trading surveillance.
This is not a vendor failure. It is a category gap. The tools you own were built for different jobs — attestations, trade reviews, books-and-records, execution. None was built to read a portfolio against an IPS every day and flag drift before it becomes a violation. That gap is why a new category — IPS intelligence — is emerging as the missing layer in compliance software for RIA firms.
What 206(4)-7 Actually Expects of Your Stack
Rule 206(4)-7 under the Investment Advisers Act is famously short and famously demanding. It requires every registered adviser to:
- Adopt and implement written policies and procedures reasonably designed to prevent violations of the Advisers Act
- Review those policies annually
- Designate a Chief Compliance Officer to administer them
You can read the compliance procedures and practices for investment advisers release directly on the SEC site.
The phrase examiners keep circling back to is "reasonably designed." It is a substantive standard, not a box-checking one. In the 2003 adopting release, the Commission was explicit that policies must address "the portfolio management processes, including allocation of investment opportunities among clients and consistency of portfolios with clients' investment objectives, disclosures by the adviser, and applicable regulatory restrictions."
Translated into plain language, 206(4)-7 expects your RIA compliance software to answer four questions on a continuous basis:
- Are client portfolios consistent with their stated investment objectives (i.e., the IPS)?
- Are allocation decisions being applied fairly across similarly situated clients?
- Are disclosures about your investment process actually matching what the portfolios look like?
- Are regulatory restrictions — concentration limits, suitability, prohibited holdings — being honored?
Most modern compliance platforms can document that you have policies for all four. Most can store attestations. Very few can tell you, at 9:00 a.m. on a Tuesday, whether the portfolios themselves are in line. And that is the supervisory obligation — the substantive one — that lives at the center of the rule.
For the deeper treatment of how this maps to portfolio-level supervision, see our pillar on portfolio supervision ria ips intelligence.
The Four Layers of Your Stack — and the Portfolio Supervision Gap
Compliance leaders often assume that because each layer is in place, the supervisory obligation is satisfied. It is a reasonable assumption, and it is wrong — because the four layers were built for four different jobs. Here is how they map against 206(4)-7 compliance tools obligations:
| Category | What it does | 206(4)-7 coverage | Gap |
|---|---|---|---|
| Portfolio accounting | Positions, performance, reconciliation, billing | Books-and-records source of truth | Does not know the IPS exists |
| Rebalancer / OMS | Generates and routes trades to model tolerances | Enforces the model — not the IPS | Silent on client-specific constraints and drift |
| Compliance platform | Policies, attestations, personal trading, archiving | Administrative and behavioral supervision | Never reads a client portfolio |
| IPS intelligence / supervision layer | Reads portfolios against each IPS daily; flags drift | The substantive portfolio-supervision obligation | The layer most firms have not yet added |
A second way to look at it: what each layer was designed for, and what consistently falls out of scope.
| Layer | Job | Common examples | What it misses |
|---|---|---|---|
| Portfolio accounting | Record the truth about positions and performance | Portfolio accounting & performance systems | Interpretation against each client's IPS |
| Execution | Trade to a target model efficiently | Rebalancing platforms, OMS, direct indexing tools | Whether the model itself still fits the client |
| Compliance operations | Govern people, policies, and records | Compliance checklist & personal-trading platforms | Continuous portfolio-level supervision |
| IPS intelligence | Supervise every portfolio against its own IPS | Emerging category — StratiFi's ComplianceIQ | Nothing, by design — that is the job |
None of this is a criticism of the first three layers. They are good at what they do. The point is structural: no layer in the traditional stack was ever scoped to read a portfolio against an IPS every day.
Why the Portfolio Supervision Gap Persists
If the gap is so obvious once you see it, why hasn't it been filled? Three structural reasons:
- Incentives point elsewhere. Portfolio accounting is paid for accuracy and scale. Rebalancers are paid for execution speed and tax efficiency. Compliance platforms are paid per seat for attestations and archiving. None is paid to interpret an unstructured IPS PDF against a live portfolio.
- The data lives in three silos. The IPS sits in a CRM or document vault as prose. Positions sit in portfolio accounting. Models sit in the rebalancer. No single vendor owns all three feeds.
- The obligation was invisible until recently. SEC examination priorities only began foregrounding portfolio-level supervision as a distinct deficiency area in the last several exam cycles. Examiners are now asking pointed questions about drift, suitability, and concentration — and the answers are landing in deficiency letters.
Most CCOs still run portfolio oversight through spreadsheets, quarterly sampling, or an annual IPS review. See how this surfaces in related domains like proactive compliance the new standard for rias.
Naming the Category: IPS Supervision Software
Categories get built when a job exists that no existing category does well. The job here — the one at the heart of the rebalancing vs supervision distinction — has three defining properties:
- It reads unstructured IPS language — prose, constraints, carve-outs, client-specific restrictions — and turns it into machine-readable rules.
- It joins those rules to live position data from portfolio accounting or custodial feeds.
- It runs continuously and produces an auditable supervisory record — not a quarterly report, not an attestation, but a daily, portfolio-by-portfolio trail.
Call it IPS intelligence, or the portfolio supervision layer. It is not a rebalancer. It is not a compliance checklist. It sits between portfolio accounting and compliance operations and does a job neither was built to do.
What IPS supervision software does that the other categories do not:
- Parses an IPS into structured constraints — asset-class bands, concentration limits, prohibited securities, ESG carve-outs, tax sensitivities
- Evaluates every client portfolio against its own constraints daily, not against a generic model
- Distinguishes acceptable drift, exception-worthy drift, and a breach requiring documented remediation
- Produces a supervisory record aligned to 206(4)-7 and to FINRA-adjacent frameworks like FINRA Rule 3110
StratiFi's ComplianceIQ operates in this slot — turning unstructured IPS documents into structured, enforceable rules that run against live portfolios. The point of naming the category is not to crown a winner; it is to give CCOs and COOs the right procurement question: which layer of my stack supervises portfolios against the IPS? If the answer is "none," the stack is not yet reasonably designed under 206(4)-7.
For adjacent examples of intelligence-layer thinking in practice, see share class monitoring software rias broker dealers and ips drift style drift policy breach.
Three Signs Your Stack Has the Gap
Before your next annual review, ask your team three diagnostic questions:
- Can you produce a supervisory record — for any client, for any day — showing their portfolio was evaluated against their IPS? If the answer requires pulling spreadsheets, the gap is open.
- When an IPS constraint changes, how long before every affected portfolio is re-evaluated? If the answer is "next quarterly review," examiners will note the lag.
- Who owns the gap between the rebalancer's model drift tolerance and the client's actual IPS constraints? If the answer is "the advisor, manually," you have a supervision process that does not scale.
These are not hypothetical scenarios. They are the questions that surface in exam interviews — and they are the questions the best RIA compliance software stacks need to answer with data, not attestations.
For the regulatory deep-dive on how examiners frame these expectations, see our guide on the ria portfolio supervision rulebook.
Frequently Asked Questions
Does compliance software supervise the investment policy statement?
Most compliance platforms are designed to supervise people, policies, and records — attestations, personal trading, code of ethics, archiving, and books-and-records. They generally do not ingest the IPS as data or read client portfolios against it. That portfolio-level supervisory work belongs to a different category, often called IPS intelligence or the portfolio supervision layer. StratiFi's ComplianceIQ was built to fill precisely this role.
What's the difference between portfolio rebalancing and portfolio supervision?
Rebalancing executes trades to bring a portfolio back to a target model within pre-set drift tolerances. Supervision asks a different question: does the model — and the current portfolio — still match what the client's IPS says? Rebalancing enforces a target; supervision validates whether the target itself is still appropriate and whether the portfolio is honoring client-specific constraints the model does not account for.
Does RIA compliance software cover Rule 206(4)-7 obligations?
It covers an important portion of them — policies and procedures, annual review workflow, attestations, personal trading, and archiving. What traditional RIA compliance software typically does not cover is the substantive portfolio-management obligation embedded in the adopting release: ensuring client portfolios remain consistent with their stated investment objectives on an ongoing basis. That is the gap an IPS intelligence layer is designed to close.
What category of tool supervises portfolios against the IPS?
This category is emerging and is most often referred to as IPS intelligence or the portfolio supervision layer. It sits between portfolio accounting (which records positions) and compliance operations (which governs policies and people). Its job is to read each client's IPS as structured data, evaluate live portfolios against those constraints daily, and produce an auditable supervisory record mapped to 206(4)-7.
See what the IPS intelligence layer looks like in practice. Whether your firm runs thirty portfolios or thirty thousand, the question is the same: which layer of your stack supervises portfolios against the IPS? If you do not have a clear answer, that is the conversation worth having.