Most CCOs at growing RIAs have felt this shift. At 10 advisors, investment supervision is a conversation. At 50, it's a process. At 150, it's a system — or it's a gap. The question isn't whether the firm's investment decisions are being supervised; the question is whether what you're doing would hold up under a Rule 206(4)-7 examination, and whether the answer scales as the advisor count grows.
This problem has a specific shape at firms that let advisors act as portfolio managers on their own books — the rep-as-PM model. Each advisor, working from the client's Investment Policy Statement (IPS), makes real allocation decisions, real rebalancing calls, real tax-loss harvesting trades. In aggregate, that's hundreds or thousands of investment decisions a week the firm is responsible for supervising. Manual spot-checks don't cover it. And the systems most firms already own — portfolio accounting, compliance platforms, rebalancers — each see a slice of the problem, but none of them reconciles what the advisor did with what the IPS said they should do.
That reconciliation is what portfolio supervision is. It's also what Rule 206(4)-7 effectively requires. Understanding how to operationalize it is the difference between a defensible program and a finding.
SEC Rule 206(4)-7, adopted under the Investment Advisers Act of 1940, is the rule every registered investment adviser builds its compliance program around. The rule has three substantive requirements: adopt written policies and procedures reasonably designed to prevent Advisers Act violations, designate a Chief Compliance Officer responsible for administering those policies, and conduct an annual review of the policies' adequacy and effectiveness.
Most CCOs can recite that. What's less universally understood is how far "reasonably designed" reaches into the investment decision itself. The SEC's position, reiterated across enforcement actions and Division of Examinations Risk Alerts, is that a firm's written policies must cover the substantive areas in which Advisers Act violations could occur — and investment management decisions, including those that deviate from the client's stated objectives or risk tolerance, are squarely within that perimeter.
Three implications matter for portfolio supervision specifically:
The last point is where most supervisory gaps open. Firms grow past the business model their policies were written for, and the policies don't keep up.
The rep-as-PM model is the dominant structure at midmarket RIAs today. Individual advisors, licensed as Investment Adviser Representatives, manage their own clients' portfolios using the firm's investment menu and each client's IPS as the governing document. Compared to a centralized model, where one team runs a set of model portfolios and advisors assign clients to models, the rep-as-PM model is more personal, more flexible, and — from a proactive compliance standpoint — more demanding.
| Dimension | Centralized IC model | Rep-as-PM model |
|---|---|---|
| Who makes the investment decision | Investment committee (small team) | Each advisor, for their own clients |
| Primary supervisory artifact | Model portfolio definition | Each client's IPS |
| Decisions per supervisory cycle | Tens (model changes, rebalances) | Thousands (one per advisor per client) |
| Supervisory effort scaling | Flat as the firm grows | Superlinear — grows with advisor count × avg clients |
| How CCO typically reviews | IC meeting minutes | Sampled account review, mostly reactive |
The table's last row is the problem. Most rep-as-PM firms supervise investment activity through periodic sampled account reviews — pick a few accounts per advisor each quarter, compare the holdings against the IPS, document the review. This satisfies the letter of a "supervisory review" obligation, but at 150 advisors and 75 clients per advisor, it's a 0.3% sample at best. Meaningful IPS drift can — and routinely does — persist in the other 99.7% for full cycles between reviews.
Growing firms recognize the issue but struggle to close it without doubling compliance headcount. Hiring one additional reviewer per 40 advisors is the ratio some compliance consultants cite. Most firms don't want that cost structure. They want what proactive compliance actually means: the supervisory program catches divergence as it emerges, not eighteen months later when the next exam is scheduled.
The instinct is that the firm already owns systems that should handle this. Portfolio accounting platforms show what's in each account. Rebalancers flag drift from model targets. Compliance software tracks reviews and records. What's missing?
What's missing is the layer that reads the IPS and reconciles it with the portfolio.
| Stack layer | What it does | What it doesn't cover | 206(4)-7 coverage |
|---|---|---|---|
| Portfolio accounting | Reports holdings, performance, billing | Doesn't read the IPS; doesn't know what allocation was agreed | Books and records only |
| Rebalancing tool | Flags drift from model targets; executes trades | Assumes a model portfolio, not a client-specific IPS | Partial — only where model-based |
| Compliance platform | Training, attestations, marketing reviews, code of ethics | Doesn't read portfolio data; doesn't evaluate investment decisions | Covers administrative areas; silent on investment supervision |
| Trade surveillance | Watches for churning, front-running, concentration limits | Evaluates trades against rule thresholds, not the client's stated objectives | Partial — surveillance, not IPS reconciliation |
Each layer is necessary. None is sufficient for investment policy statement compliance at rep-as-PM scale. A firm with a complete stack across all four rows still has the central supervisory loop open if nothing in the stack reads the IPS and compares it to the portfolio. This is the gap that drives Rule 206 4 7 annual review requirements for RIAs to find exceptions that an automated supervisory layer would have surfaced months earlier.
The category most RIAs haven't bought yet — because it didn't clearly exist until recently — is the layer that reconciles the policy with the portfolio. Call it portfolio supervision, IPS intelligence, or (in regulatory terms) the system of controls that operationalizes the firm's 206(4)-7 supervisory obligation for investment decisions.
What this layer does in practice:
For hybrid RIA/BD firms, the same supervisory function also addresses FINRA Rule 3110, which imposes an independent supervisory obligation on the broker-dealer side. A firm that runs a single IPS-reconciliation process across both sides of the business avoids the "one system per regulator" fragmentation that drives exam-prep cost. For deeper treatment of dual-registrant supervision, see FINRA Rule 2111 and excessive trading, which covers the intersection of fiduciary and suitability standards.
A supervisory program that would survive an SEC exam on portfolio management has five components. None of them require a vendor to implement — they require a CCO to define and a system to execute.
Firms that document each of these — and run them — pass exams on this dimension. Firms that describe RIA compliance supervision in the policy manual but don't run it at the account level don't. For a fuller treatment of what documented thresholds look like in adjacent surveillance areas, see trading activity thresholds for RIA compliance and SEC trading activity monitoring for RIAs.
StratiFi's ComplianceIQ and AdvisorIQ together function as the IPS intelligence layer described above. ComplianceIQ ingests each client's IPS, reconciles it on a configurable cadence against portfolio data, and generates the exception records that constitute the firm's supervisory audit trail. AdvisorIQ delivers the exception routing and remediation workflow at the advisor level, so the loop closes without the CCO becoming the firm's bottleneck.
The design principle is deliberate: StratiFi sits above the rebalancer and the compliance platform, not alongside them. The firm keeps its portfolio accounting, its compliance recordkeeping, and its execution tools in place. What StratiFi adds is the supervisory intelligence that reads across them.
If your firm is feeling the rep-as-PM supervision gap at 50, 100, or 150 advisors, we'd welcome the conversation about what closing that loop looks like for your specific business model and regulatory posture.
Portfolio supervision under Rule 206(4)-7 is the firm's documented process for ensuring investment decisions made for client accounts conform to the client's stated investment objectives, generally as captured in the Investment Policy Statement. Rule 206(4)-7 requires RIAs to adopt written policies and procedures reasonably designed to prevent Advisers Act violations — which the SEC interprets to include substantive investment management activity, not just administrative compliance areas.
Rule 206(4)-7 itself does not prescribe specific portfolio management procedures. It requires that the firm's written policies be reasonably designed to prevent violations of the Advisers Act, that a designated Chief Compliance Officer administer those policies, and that the firm conduct an annual review of their adequacy and effectiveness. For portfolio management, this means the firm must have a documented supervisory process appropriate to its business model and scale, and must actually run it.
The scalable approach combines three elements: (1) written IPS-based thresholds and tolerance bands, (2) automated reconciliation between each client's portfolio and their IPS on a defined cadence, and (3) an exception-routing workflow that surfaces divergence to the responsible advisor and CCO for resolution. Manual sampled-account reviews are not a scalable substitute at rep-as-PM firms above roughly 50 advisors — the review sample size is too small to be meaningfully supervisory.
IPS drift is the divergence, over time, between a client's actual portfolio allocation and the target allocation documented in their Investment Policy Statement. It arises naturally from market movement, from client deposits and withdrawals, and from advisor-initiated trades. Drift becomes a compliance risk when it persists beyond the firm's stated tolerance bands without documented review, because the firm can no longer demonstrate that investment decisions are being supervised against the client's stated objectives.
Rule 206(4)-7 requires an annual review of the firm's compliance policies' adequacy and effectiveness. In practice, the portfolio supervision component should be reviewed at the same annual cadence as part of that review. The supervisory process itself — the comparison of portfolios against IPS — should run at a higher frequency than annual: daily, weekly, or monthly depending on the firm's business model. Running reconciliation annually is generally insufficient to demonstrate a reasonably designed supervisory program.
FINRA Rule 3110 applies to FINRA member firms — broker-dealers — and to registered persons associated with them. A pure RIA that is not also a FINRA member is not subject to Rule 3110. However, hybrid firms registered as both RIAs and BDs are subject to Rule 3110 for their BD-side activity, and the supervisory obligation under 3110 parallels the 206(4)-7 obligation on the RIA side. For dual-registrant firms, a single supervisory infrastructure that satisfies both rules is more efficient than maintaining two separate processes.