SEC Form ADV is the document that investment advisers file to register with the SEC. Most compliance officers know that. Fewer recognize that Form ADV is also the first thing SEC examiners read before they walk in the door -- and that what Part 2 says about your privacy practices must match what your Regulation S-P program actually requires.
This article covers what Form ADV is, how each part works, when it must be amended, what SEC examiners do with it, and how to keep your Form ADV consistent with your Reg S-P compliance program.
What Is SEC Form ADV
Form ADV is the registration and reporting form for investment advisers registered with the SEC. It is filed through the Investment Adviser Registration Depository (IARD), a system operated jointly by FINRA and the SEC, and is publicly available through the SEC's Investment Adviser Public Disclosure database at adviserinfo.sec.gov.
Every SEC-registered investment adviser must file Form ADV and keep it current. The form has two main parts that serve different purposes: Part 1 is a structured registration data form; Part 2 is a plain-English disclosure document written for clients.
Form ADV is not just a one-time filing. It is a living compliance document that must be updated regularly and kept consistent with how your firm actually operates.
Form ADV Part 1: Registration and Business Information
Part 1 of Form ADV collects the structured data the SEC uses to administer the investment adviser registration system. It covers:
Identifying information. Legal name, principal office address, business structure, fiscal year-end, and the CRD number assigned when the adviser registers.
Business activities and clients. Types of investment advisory services offered, client types (individuals, institutions, pension funds, pooled vehicles), and regulatory assets under management. The AUM figure in Part 1 is what the SEC uses to determine whether an adviser qualifies for SEC registration or must register with state securities regulators.
Ownership and control. Direct and indirect owners, executive officers, and anyone who controls more than 5 percent of the adviser. Changes to ownership structure trigger prompt Part 1 amendments.
Affiliations. Whether the adviser or its related persons are registered or have pending registrations as broker-dealers, commodity advisers, banking institutions, or other regulated entities. These affiliations affect conflict of interest analysis during examinations.
Disciplinary history. Item 11 requires disclosure of disciplinary events involving the adviser or its management persons, including criminal convictions, civil court actions, regulatory sanctions, and arbitration awards. Disciplinary disclosures must be updated promptly when new events occur, regardless of the annual amendment cycle.
Investment advisers must file an annual amendment to Part 1 within 90 days of their fiscal year-end. For calendar-year advisers, the annual amendment deadline is March 31.
Form ADV Part 2: The Advisory Brochure Clients Receive
Part 2A of Form ADV is the advisory brochure -- a narrative disclosure document written in plain English (the SEC specifically requires plain English under its writing guidelines, not legal prose). Clients must receive the brochure before entering an advisory relationship and must be offered an updated copy each year within 120 days of the adviser's fiscal year-end.
Part 2A covers:
Fees and compensation. How the adviser is compensated, what the fee schedule is, whether fees are negotiable, and how fees are billed. This section also requires disclosure of compensation the adviser receives from third parties in connection with client assets.
Investment strategies and risk. The methods of analysis and investment strategies the adviser uses, including the material risks those strategies carry. Firms with multiple strategies may need to describe each separately.
Conflicts of interest. Any material conflicts between the interests of the adviser or its personnel and the interests of clients. Common conflicts include soft-dollar arrangements, affiliated custodians, proprietary products, and personal trading.
Disciplinary information. A summary of any disciplinary events that are material to a client's evaluation of the adviser's integrity or ability to serve as a fiduciary.
Privacy policies and practices. Form ADV Part 2A requires advisers to describe their policies and practices for protecting client information. This section must describe how client data is collected, how it is used, what safeguards the adviser maintains, and how clients can opt out of information sharing. This is where your Regulation S-P program intersects directly with your Form ADV filing.
Part 2B covers individual investment adviser representatives who have direct client contact, including their educational background, business experience, disciplinary history, and outside business activities. Clients must receive the brochure supplement for any supervised person who provides investment advice to them.
Form ADV Part 2 and Regulation S-P: The Privacy Disclosure Requirement
Regulation S-P Rule 248.4 requires investment advisers to deliver an initial privacy notice to customers at the start of the customer relationship and an annual privacy notice thereafter. This notice must describe what categories of non-public personal information the adviser collects, what categories of non-public personal information the adviser discloses, how the adviser protects that information, and the customer's right to opt out of certain information sharing.
The Form ADV Part 2A privacy section and the Reg S-P annual privacy notice are related but distinct obligations:
The Form ADV Part 2A privacy section is a brochure disclosure. It describes the adviser's privacy practices in summary form as part of the broader advisory relationship disclosure.
The Reg S-P annual privacy notice is a separate document delivered directly to customers. It must meet specific content requirements under Rule 248.6 and must be clear, conspicuous, and accurate.
Both documents must describe your information security practices accurately. And both must be consistent with your written Reg S-P policies and procedures under Rule 248.30.
This creates a compliance consistency obligation that many smaller advisers underestimate. If your Form ADV Part 2 privacy section says your firm maintains a written incident response program, that program must exist, be tailored to your firm's actual systems, and be reviewed annually. If your Reg S-P annual privacy notice describes vendor oversight procedures, your service provider oversight policy must document those procedures in detail.
SEC examiners are trained to cross-reference disclosures. An adviser who describes robust cybersecurity safeguards in Form ADV Part 2 but cannot produce written policies documenting those safeguards during an examination will face a deficiency finding for both the inadequate Reg S-P program and the inaccurate Form ADV disclosure.
When Form ADV Must Be Updated
Annual amendment deadline. Within 90 days of fiscal year-end. For most advisers, this is March 31 for calendar-year firms. The annual amendment must update all stale information in Part 1 and confirm that Part 2A remains current. If it is not, Part 2A must be amended.
Material changes requiring prompt amendment. The SEC requires prompt amendment when material information changes. For Part 2A, material changes include significant fee changes, new material conflicts, changes to investment strategies, and disciplinary events. For Part 1, ownership changes, new disciplinary events, and changes to registration status require prompt amendment.
Reg S-P program changes as a Part 2A trigger. When your information security program changes materially -- because of a new SEC risk alert, a vendor change, a security incident, or an annual Rule 206(4)-7 review finding -- your Form ADV Part 2A privacy section may require an update. Treating Reg S-P policy updates and Form ADV updates as separate, unconnected workflows is a common compliance gap. Advisers who update their Reg S-P policies without reviewing their Form ADV Part 2 disclosures may end up with inconsistencies that become deficiency findings during an examination.
The practical rule: any time you amend your written Reg S-P policies, review your Form ADV Part 2A privacy section within 30 days. If the change is material, amend Part 2 promptly. If it is not material, note it in your compliance calendar for the next annual amendment.
How SEC Examiners Use Form ADV
Before an SEC examination begins, the Division of Examinations sends an initial document request list. Form ADV is typically one of the first items reviewed, because it tells examiners what they need to know to scope the examination:
Client profile. How many clients does the adviser have? What are the client types? Individual high-net-worth clients, institutions, and pension funds each carry different conflict and examination risk profiles.
AUM and custodian relationships. Where are client assets held? Which custodians does the adviser use? Custodian relationships affect both conflict analysis and information security scope -- each custodian with system access to client accounts is a third-party service provider under Reg S-P.
Business activities. Does the adviser manage pooled vehicles, use sub-advisers, operate proprietary trading, or have affiliated broker-dealers? Each of these activities introduces risk areas that examination staff will test.
Commitments the firm has made to clients. What does Part 2A say about fees, conflicts, and information security? Examiners treat Part 2A as a list of commitments and then verify that those commitments match actual practice.
The last point is what makes Form ADV directly relevant to Reg S-P examination preparation. Examiners are not just checking that written Reg S-P policies exist. They are checking that your written policies match what you disclosed in Form ADV, that both match your actual practices, and that any changes since the last filing were handled appropriately.
Common Form ADV Deficiencies Related to Reg S-P
Generic privacy section language. "We maintain industry-standard safeguards to protect client information" is not adequate disclosure. Part 2A must describe what the firm actually does: what categories of information it collects, what technical and organizational controls it maintains, and what happens when a security incident affects client data.
Privacy section not updated after Reg S-P amended. The amended Regulation S-P took full effect in June 2026. Advisers whose Part 2A privacy section was last meaningfully updated in 2020 or 2022 may be describing a pre-amendment compliance framework that no longer matches current regulatory requirements.
Inconsistency between Part 2 and written policies. Part 2A describes a vendor oversight process; the written service provider oversight policy does not exist. Part 2A references annual cybersecurity training; the compliance files contain no training records. Examiners find this specific deficiency repeatedly because advisers update their brochures without updating their underlying programs, or update their programs without updating their brochures.
Annual amendment filed late. Advisers whose fiscal year ends December 31 have until March 31 to file the annual amendment. Late filing is a straightforward compliance failure that creates unnecessary examination risk.
Part 2A not delivered to clients annually. The obligation to offer clients an updated copy of the brochure within 120 days of fiscal year-end applies even if there have been no material changes. The delivery obligation is separate from the amendment obligation.
Keeping Form ADV and Your Reg S-P Program in Sync
The simplest way to prevent Form ADV / Reg S-P inconsistencies is to build a combined compliance calendar with four checkpoints:
After each Reg S-P policy update. When you update your incident response program, service provider oversight policy, breach notification procedures, or recordkeeping policies, schedule a Form ADV Part 2A review within 30 days. Determine whether the change is material and whether Part 2A needs to be amended promptly.
Before each annual Form ADV amendment. Pull your current Reg S-P written policies before filing the annual amendment. Read your Form ADV Part 2A privacy section and compare it against what your policies actually require. If there is any inconsistency, resolve it before filing.
After each annual Rule 206(4)-7 compliance review. The Rule 206(4)-7 annual review is required to assess the adequacy of your compliance policies and procedures. If the review results in changes to your information security program, treat those changes as a Form ADV amendment trigger.
When a new SEC risk alert or examination priority is published. If a new risk alert or the annual examination priorities letter signals increased scrutiny of information security practices, confirm that both your Reg S-P policies and your Form ADV Part 2A disclosures address the areas flagged.
Investment advisers who treat Form ADV and Reg S-P as two separate compliance tracks tend to end up with inconsistencies that examiners find. Advisers who treat them as a single, coordinated framework -- where Reg S-P policies support Form ADV disclosures and Form ADV disclosures are tested against Reg S-P documentation -- tend to avoid the consistency deficiencies that are among the most common findings in SEC information security examinations.
For advisers who have not yet built the underlying Reg S-P documentation that their Form ADV Part 2 disclosures should describe, that is the starting point. RegShield generates the four core Reg S-P documents -- the incident response program, service provider oversight policy, breach notification procedures, and recordkeeping procedures -- tailored to your firm's specifics in approximately fifteen minutes.
Need the four core Reg S-P documents your Form ADV Part 2 disclosures should describe? RegShield generates them in about 15 minutes, tailored to your firm for a one-time fee. Not a subscription.
Frequently Asked Questions
Rees Calder
Rees is the founder of RegShield and CEO of Levity Leads Ltd. He works with small registered investment advisers to simplify SEC compliance, with a focus on making Regulation S-P requirements accessible and actionable for firms that lack dedicated compliance departments.