Walk into any well-run RIA and you will find a mature RIA compliance software stack: a policies-and-procedures platform, a personal trading surveillance tool, an archiving vendor, a CRM with audit trails, and an OMS or rebalancer wired to custodian feeds. By every checklist the firm looks covered — and for most of what Rule 206(4)-7 asks, it is. But one obligation keeps slipping through the seams of even the most carefully assembled stack: the ongoing supervision of client portfolios against their own Investment Policy Statements.
This is not a vendor failure. It is a category gap. The tools you own were built for different jobs — attestations, trade reviews, books-and-records, execution. None was built to read a portfolio against an IPS every day and flag drift before it becomes a violation. That gap is why a new category — IPS intelligence — is emerging as the missing layer in compliance software for RIA firms.
Rule 206(4)-7 under the Investment Advisers Act is famously short and famously demanding. It requires every registered adviser to:
You can read the compliance procedures and practices for investment advisers release directly on the SEC site.
The phrase examiners keep circling back to is "reasonably designed." It is a substantive standard, not a box-checking one. In the 2003 adopting release, the Commission was explicit that policies must address "the portfolio management processes, including allocation of investment opportunities among clients and consistency of portfolios with clients' investment objectives, disclosures by the adviser, and applicable regulatory restrictions."
Translated into plain language, 206(4)-7 expects your RIA compliance software to answer four questions on a continuous basis:
Most modern compliance platforms can document that you have policies for all four. Most can store attestations. Very few can tell you, at 9:00 a.m. on a Tuesday, whether the portfolios themselves are in line. And that is the supervisory obligation — the substantive one — that lives at the center of the rule.
For the deeper treatment of how this maps to portfolio-level supervision, see our pillar on portfolio supervision ria ips intelligence.
Compliance leaders often assume that because each layer is in place, the supervisory obligation is satisfied. It is a reasonable assumption, and it is wrong — because the four layers were built for four different jobs. Here is how they map against 206(4)-7 compliance tools obligations:
| Category | What it does | 206(4)-7 coverage | Gap |
|---|---|---|---|
| Portfolio accounting | Positions, performance, reconciliation, billing | Books-and-records source of truth | Does not know the IPS exists |
| Rebalancer / OMS | Generates and routes trades to model tolerances | Enforces the model — not the IPS | Silent on client-specific constraints and drift |
| Compliance platform | Policies, attestations, personal trading, archiving | Administrative and behavioral supervision | Never reads a client portfolio |
| IPS intelligence / supervision layer | Reads portfolios against each IPS daily; flags drift | The substantive portfolio-supervision obligation | The layer most firms have not yet added |
A second way to look at it: what each layer was designed for, and what consistently falls out of scope.
| Layer | Job | Common examples | What it misses |
|---|---|---|---|
| Portfolio accounting | Record the truth about positions and performance | Portfolio accounting & performance systems | Interpretation against each client's IPS |
| Execution | Trade to a target model efficiently | Rebalancing platforms, OMS, direct indexing tools | Whether the model itself still fits the client |
| Compliance operations | Govern people, policies, and records | Compliance checklist & personal-trading platforms | Continuous portfolio-level supervision |
| IPS intelligence | Supervise every portfolio against its own IPS | Emerging category — StratiFi's ComplianceIQ | Nothing, by design — that is the job |
None of this is a criticism of the first three layers. They are good at what they do. The point is structural: no layer in the traditional stack was ever scoped to read a portfolio against an IPS every day.
If the gap is so obvious once you see it, why hasn't it been filled? Three structural reasons:
Most CCOs still run portfolio oversight through spreadsheets, quarterly sampling, or an annual IPS review. See how this surfaces in related domains like proactive compliance the new standard for rias.
Categories get built when a job exists that no existing category does well. The job here — the one at the heart of the rebalancing vs supervision distinction — has three defining properties:
Call it IPS intelligence, or the portfolio supervision layer. It is not a rebalancer. It is not a compliance checklist. It sits between portfolio accounting and compliance operations and does a job neither was built to do.
What IPS supervision software does that the other categories do not:
StratiFi's ComplianceIQ operates in this slot — turning unstructured IPS documents into structured, enforceable rules that run against live portfolios. The point of naming the category is not to crown a winner; it is to give CCOs and COOs the right procurement question: which layer of my stack supervises portfolios against the IPS? If the answer is "none," the stack is not yet reasonably designed under 206(4)-7.
For adjacent examples of intelligence-layer thinking in practice, see share class monitoring software rias broker dealers and ips drift style drift policy breach.
Before your next annual review, ask your team three diagnostic questions:
These are not hypothetical scenarios. They are the questions that surface in exam interviews — and they are the questions the best RIA compliance software stacks need to answer with data, not attestations.
For the regulatory deep-dive on how examiners frame these expectations, see our guide on the ria portfolio supervision rulebook.
Most compliance platforms are designed to supervise people, policies, and records — attestations, personal trading, code of ethics, archiving, and books-and-records. They generally do not ingest the IPS as data or read client portfolios against it. That portfolio-level supervisory work belongs to a different category, often called IPS intelligence or the portfolio supervision layer. StratiFi's ComplianceIQ was built to fill precisely this role.
Rebalancing executes trades to bring a portfolio back to a target model within pre-set drift tolerances. Supervision asks a different question: does the model — and the current portfolio — still match what the client's IPS says? Rebalancing enforces a target; supervision validates whether the target itself is still appropriate and whether the portfolio is honoring client-specific constraints the model does not account for.
It covers an important portion of them — policies and procedures, annual review workflow, attestations, personal trading, and archiving. What traditional RIA compliance software typically does not cover is the substantive portfolio-management obligation embedded in the adopting release: ensuring client portfolios remain consistent with their stated investment objectives on an ongoing basis. That is the gap an IPS intelligence layer is designed to close.
This category is emerging and is most often referred to as IPS intelligence or the portfolio supervision layer. It sits between portfolio accounting (which records positions) and compliance operations (which governs policies and people). Its job is to read each client's IPS as structured data, evaluate live portfolios against those constraints daily, and produce an auditable supervisory record mapped to 206(4)-7.
See what the IPS intelligence layer looks like in practice. Whether your firm runs thirty portfolios or thirty thousand, the question is the same: which layer of your stack supervises portfolios against the IPS? If you do not have a clear answer, that is the conversation worth having.