Compliance Calendar

What belongs on the calendar

• Form ADV annual updating amendment (within 90 days of fiscal year end).
• Form ADV other-than-annual amendments (when triggered).
• Annual delivery of brochure and Form CRS (or notice of availability).
• Annual compliance review (Rule 206(4)-7).
• Annual privacy notice (Reg S-P).
• Code of Ethics holdings reports — initial, quarterly, annual.
• Surprise custody examination (when applicable).
• Annual cybersecurity training and tabletop exercise.
• State filings (if SEC-exempt or notice-filing).
• Marketing-materials review cadence.

Three properties of a defensible calendar

1. Owned — a named person (typically the CCO) is accountable for each item.
2. Current — updated when rules change, when the firm's circumstances change, or when items are completed.
3. Tied to evidence — each completed item has a record (the filing, the signed review, the attestation log) stored as part of books and records.

Common failure modes

• Calendar exists but is years out of date — items added when the rule was new, never refreshed.
• Calendar names the CCO for everything — no delegation, no accountability beyond one person.
• No connection between calendar entries and the resulting records.
• Personal calendar in someone's email rather than a system the firm can access.

Why the SEC pays attention

An out-of-date calendar is a leading indicator that other parts of the program have drifted too. Examiners ask to see the calendar early in an examination — both to check the firm's discipline and to figure out which areas to probe more deeply. A calendar that is current and tied to evidence builds examiner confidence; a calendar that's clearly fictional invites scrutiny everywhere else.

How StratiFi thinks about the compliance calendar

The calendar is the system that turns the compliance program from a binder into a practice. Done well, it's connected to the firm's other systems — the brochure, the personal-trading reports, the cybersecurity log — so that completing a calendar item produces evidence automatically. Done badly, it's a shared spreadsheet nobody trusts.