Implementation Guide: Auto-generate required disclosure documents and adv delivery confirmations

Hardware Procurement

Software Procurement

Prerequisites

• Client must be a registered investment adviser (SEC-registered or state-registered) with current Form ADV Parts 1, 2A, 2B, and Form CRS already filed — the automation system templates from existing filings, it does not create initial filings from scratch
• Chief Compliance Officer (CCO) or designated compliance principal must be identified and available for 4-6 hours per week during implementation to validate templates, review workflows, and approve document output
• Current client roster with complete contact information (name, mailing address, email address, account type, AUM) must be available in a structured format — either already in Redtail CRM or exportable from existing CRM/spreadsheets for migration
• Client consent records for electronic delivery must exist or a consent collection campaign must be planned — SEC guidance requires that the adviser have reason to believe electronic delivery will result in good delivery, typically evidenced by written/electronic consent
• Existing copies of all current disclosure documents (Form ADV 2A, 2B, Form CRS, Privacy Notice) in editable format (Word/PDF) for template creation — if only PDF versions exist, the ScanSnap OCR process in Phase 1 will be needed
• Business-grade internet connection (minimum 50 Mbps download / 10 Mbps upload) with static IP preferred for firewall configuration
• Active domain name with DNS management access for email authentication (SPF, DKIM, DMARC) — critical for ensuring disclosure delivery emails are not flagged as spam
• Written Information Security Policy (WISP) or willingness to adopt one — required under Reg S-P amendments; MSP can provide a template but client must formally adopt it
• Client must have or establish an IARD account (Investment Adviser Registration Depository) with current CRD number for Form ADV e-filing integration
• Budget approval for estimated $18,000–$28,000 one-time implementation plus $1,500–$4,000/month ongoing managed services

Installation Steps

Step 1: Discovery Audit and Current-State Documentation

Conduct a comprehensive audit of the client's existing compliance document workflow. Inventory all current disclosure documents (ADV 2A, 2B, Form CRS, Privacy Notices), their last update dates, and current delivery methods (email, mail, portal). Document the existing tech stack — CRM, custodian platforms, email system, file storage. Map the current manual workflow from document creation through delivery to confirmation tracking. Identify all integration points and data sources. Review the firm's SEC or state registration status, fiscal year-end date (drives the 90-day ADV amendment deadline), and any upcoming exam dates.

# Create project folder structure on MSP's documentation system
mkdir -p /projects/{client_name}/discovery/{current_documents,workflows,integrations,compliance_audit}
mkdir -p /projects/{client_name}/implementation/{templates,configurations,test_results,training_materials}
# Document checklist items in PSA ticket system
# Use the Discovery Checklist Template (see custom_ai_components)

Step 2: Microsoft 365 Business Premium Deployment and Hardening

Deploy or upgrade the client's Microsoft 365 environment to Business Premium tier. This provides the identity backbone (Entra ID), email platform (Exchange Online), document storage (SharePoint/OneDrive), endpoint management (Intune), and endpoint protection (Defender for Business). Configure security baselines appropriate for a financial advisory firm handling sensitive client data under Reg S-P.

Install-Module -Name Microsoft.Graph -Scope CurrentUser
Connect-MgGraph -Scopes 'User.ReadWrite.All','Organization.ReadWrite.All','Policy.ReadWrite.ConditionalAccess'

$params = @{
    displayName = 'Require MFA for All Users'
    state = 'enabled'
    conditions = @{
        users = @{ includeUsers = @('All') }
        applications = @{ includeApplications = @('All') }
    }
    grantControls = @{
        operator = 'OR'
        builtInControls = @('mfa')
    }
}
New-MgIdentityConditionalAccessPolicy -BodyParameter $params

v=spf1 include:spf.protection.outlook.com -all

_dmarc.{domain}.com TXT v=DMARC1; p=quarantine; rua=mailto:dmarc@{domain}.com

• Configure Intune compliance policies: Require BitLocker encryption on all Windows endpoints
• Require screen lock after 5 minutes of inactivity
• Require minimum OS version (Windows 11 22H2+)
• Block non-compliant devices from accessing M365 resources

• Set up SharePoint document library for compliance documents
• Create site: Compliance Documents
• Libraries: ADV-2A, ADV-2B, Form-CRS, Privacy-Notices, Delivery-Confirmations, Archive

Connect-SPOService -Url https://{tenant}-admin.sharepoint.com
New-SPOSite -Url https://{tenant}.sharepoint.com/sites/ComplianceDocs -Title 'Compliance Documents' -Owner cco@{domain}.com -Template STS#3 -StorageQuota 25600

Step 3: Network Security Deployment — FortiGate Firewall

Install and configure the Fortinet FortiGate 40F firewall to replace any consumer-grade router. This satisfies the Reg S-P amendment requirement for maintaining cybersecurity policies and procedures to protect client information. Configure IDS/IPS, SSL inspection for outbound traffic, web filtering, and VPN for remote compliance staff.

# Default access: https://192.168.1.99 admin/(no password)

# Set management interface
config system interface
    edit port1
        set ip 192.168.1.1/24
        set allowaccess ping https ssh
    next
end

# Configure WAN interface (adjust for ISP)
config system interface
    edit wan1
        set mode dhcp
        set allowaccess ping
    next
end

# Enable IPS with default profile
config ips sensor
    edit 'protect_client'
        config entries
            edit 1
                set status enable
                set log enable
                set log-packet enable
            next
        end
    next
end

# Apply IPS to outbound policy
config firewall policy
    edit 1
        set srcintf 'internal'
        set dstintf 'wan1'
        set srcaddr 'all'
        set dstaddr 'all'
        set action accept
        set schedule 'always'
        set service 'ALL'
        set utm-status enable
        set ips-sensor 'protect_client'
        set ssl-ssh-profile 'certificate-inspection'
        set av-profile 'default'
        set webfilter-profile 'default'
        set logtraffic all
    next
end

# Configure SSL VPN for remote CCO access
config vpn ssl settings
    set servercert 'Fortinet_Factory'
    set tunnel-ip-pools 'SSLVPN_TUNNEL_ADDR1'
    set port 10443
    set source-interface 'wan1'
    set source-address 'all'
    set default-portal 'full-access'
end

# Enable FortiGuard updates
config system fortiguard
    set auto-firmware-upgrade enable
end

Step 4: Endpoint Protection Deployment — SentinelOne

Deploy SentinelOne Singularity Control on all workstations and any on-premise NAS or server. This provides the EDR capability required under the Reg S-P incident response mandate. Configure the SentinelOne management console in the MSP's multi-tenant dashboard.

# Download SentinelOne installer from MSP console

# Silent install via command line (run as Administrator on each endpoint)
SentinelOneInstaller_windows_x64.exe /SITE_TOKEN={your_site_token} /quiet /norestart

# Verify installation
sc query SentinelAgent
# Expected: STATE = RUNNING

Step 5: Smarsh Email Archiving Configuration

Deploy Smarsh email archiving to capture and preserve all email communications in WORM-compliant format. This is mandatory for SEC Rule 204-2 recordkeeping (5-year retention) and critical for archiving disclosure delivery emails and client correspondence. Configure journaling from Exchange Online to Smarsh.

Connect-ExchangeOnline -UserPrincipalName admin@{domain}.com

# Create journaling rule to send copies of all email to Smarsh
New-JournalRule -Name 'Smarsh Archive - All Email' -JournalEmailAddress journal@{smarsh_tenant}.smarsh.com -Scope Global -Enabled $true

# Verify journaling is active
Get-JournalRule | Format-List Name,JournalEmailAddress,Scope,Enabled

Step 6: Redtail CRM Setup and Client Data Migration

Configure Redtail CRM as the authoritative client data source. Import or validate existing client records ensuring all fields required for disclosure document generation and delivery are populated: full legal name, mailing address, email address, account types, AUM, advisory agreement date, electronic delivery consent status, and assigned advisor. Set up custom fields for compliance tracking.

Step 7: COMPLY Platform Setup and Form ADV Template Configuration

Deploy and configure the COMPLY (MyRIACompliance) platform. This is the core compliance automation engine. Configure the firm profile, connect to IARD for Form ADV e-filing, build disclosure document templates using the firm's existing approved language, and set up the compliance calendar with automated alerts for all regulatory deadlines.

Step 8: COMPLY Integration with Redtail CRM

Configure the bidirectional integration between COMPLY and Redtail CRM so that client data flows automatically into disclosure document templates and delivery tracking records flow back to CRM contact records. This eliminates dual data entry and ensures document generation uses current client information.

Step 9: DocuSign Integration for Tracked Document Delivery

Configure DocuSign Business Pro as the electronic delivery mechanism for disclosure documents. Set up envelope templates for each document type, configure delivery tracking, and establish the audit trail that satisfies SEC Rule 204-3 evidence-of-delivery requirements. Create PowerForms for client-initiated acknowledgment.

Step 10: Power Automate Workflow Deployment

Build and deploy Microsoft Power Automate flows that orchestrate the end-to-end document generation, delivery, and confirmation tracking process. These flows connect the compliance calendar triggers in COMPLY with document generation, DocuSign delivery, and CRM record updates. Deploy four core workflows covering new client onboarding, annual ADV delivery, material change notifications, and delivery confirmation processing.

Access & Licensing

• Power Automate flows are built in the browser-based designer
• Access: https://make.powerautomate.com
• All flows are deployed under the CCO's or a dedicated service account's license
• Use the Premium connector plan ($15/user/month) for HTTP and custom connectors

Flow 1: New Client Disclosure Package

• Trigger: When a new contact is created in Redtail CRM with Category = 'Active Client'
• Action 1: Get contact details from Redtail (Name, Email, Advisor, E-Delivery Consent)
• Action 2: Condition — IF E-Delivery Consent = Yes
• YES branch: HTTP POST to DocuSign API to create envelope from Template E (New Client Initial Disclosure Package)
• YES branch: Update Redtail contact — set activity 'Disclosure Package Sent' with timestamp
• YES branch: Log to SharePoint list: ComplianceDeliveryLog
• NO branch: Create task for operations staff — 'Prepare paper disclosure package for {client_name}'
• NO branch: Send email notification to CCO
• Action 3: Wait for DocuSign webhook (see Flow 4)

# DocuSign API: Create envelope from Template E (New Client Initial
# Disclosure Package)

POST https://demo.docusign.net/restapi/v2.1/accounts/{accountId}/envelopes
Authorization: Bearer {docusign_access_token}
Content-Type: application/json

{
  "templateId": "{template_e_id}",
  "templateRoles": [
    {
      "email": "{client_email}",
      "name": "{client_name}",
      "roleName": "Client"
    }
  ],
  "status": "sent"
}

Flow 2: Annual ADV Delivery Campaign

• Trigger: Scheduled — Recurrence: Annually on [FYE + 100 days] (e.g., April 10 for Dec 31 FYE — gives 20-day buffer before 120-day deadline)
• Action 1: Get all Redtail contacts where Client Status = 'Active'
• Action 2: Apply to each contact — Condition: IF E-Delivery Consent = Yes
• YES: Send DocuSign envelope from Template A (ADV 2A Annual Delivery)
• NO: Add to paper delivery list (SharePoint list)
• Action 2 (continued): Log delivery attempt to SharePoint ComplianceDeliveryLog
• Action 3: After loop — send summary email to CCO with counts (X electronic deliveries sent, Y paper deliveries queued)
• Action 4: Create follow-up task — Review delivery status in 7 days

Flow 3: Material Change Notification

• Trigger: When a new item is created in SharePoint list 'MaterialChanges' (CCO creates an item when a material change occurs)
• Action 1: Get material change details (description, effective date, affected documents)
• Action 2: Generate updated disclosure document via COMPLY API or manual upload
• Action 3: Send DocuSign envelope with updated document and summary of changes
• Action 4: Log to ComplianceDeliveryLog

Flow 4: Delivery Confirmation Processing

• Trigger: When an HTTP request is received (DocuSign Connect webhook)
• Action 1: Parse DocuSign webhook JSON payload
• Action 2: Extract — envelopeId, recipientEmail, status, completedDateTime, certificateUri
• Action 3: Condition — IF status = 'completed'
• Completed — Download Certificate of Completion PDF via DocuSign API
• Completed — Save to SharePoint: /ComplianceDocs/Delivery-Confirmations/{year}/{client_name}/
• Completed — Update Redtail CRM contact UDF: 'Last ADV 2A Delivered' = completedDateTime (or applicable document type field)
• Completed — Log to SharePoint ComplianceDeliveryLog: Status = Confirmed
• Action 4: Condition — IF status = 'declined' OR envelope expired
• Declined/Expired — Create urgent task for CCO: '{client_name} has not acknowledged disclosure delivery'
• Declined/Expired — Flag for paper delivery follow-up
• Declined/Expired — Log to ComplianceDeliveryLog: Status = Follow-Up Required

SharePoint List: ComplianceDeliveryLog — Column Schema

ComplianceDeliveryLog — SharePoint List Columns:

- ClientName        (text)
- ClientEmail       (text)
- DocumentType      (choice: ADV2A | ADV2B | CRS | Privacy)
- DeliveryMethod    (choice: Electronic | Paper)
- DateSent          (datetime)
- DateConfirmed     (datetime)
- Status            (choice: Sent | Confirmed | Declined | Expired | PaperSent)
- EnvelopeID        (text)
- CertificateLink   (hyperlink)
- Notes             (multiline text)

Step 11: Synology NAS Backup Configuration

Configure the Synology DS224+ as the local backup repository for compliance documents, delivery confirmations, and email archive exports. Set up automated backup schedules, immutable snapshots for WORM-equivalent compliance, and offsite replication via Datto or Synology C2.

Initial Synology DSM Setup

Create Shared Folders for Compliance Document Storage

Navigate to Control Panel > Shared Folder > Create and set up the following folders:

• 'ComplianceArchive' — Primary archive of generated documents
• 'DeliveryConfirmations' — DocuSign certificates and confirmation records
• 'EmailArchiveExport' — Periodic Smarsh export dumps

Enable Btrfs Snapshots for WORM-Equivalent Immutability

Navigate to Snapshot Replication > Snapshots > Settings and configure the following:

• Folder: ComplianceArchive
• Schedule: Daily at 2:00 AM
• Retention: Keep all snapshots for 5 years (1,825+ snapshots)
• Enable 'Make snapshot immutable' — CRITICAL for SEC compliance
• Immutable period: 1,825 days (5 years)

Configure Synology Hyper Backup to Datto/Cloud

Network Security for NAS

Navigate to Control Panel > Security and apply the following settings:

• Enable auto-block after 5 failed login attempts
• Enable firewall: Allow only from office subnet (192.168.1.0/24)
• Disable default admin account, create named admin account
• Enable HTTPS only (disable HTTP)
• Enable 2-factor authentication for all NAS accounts

Configure Automated File Sync from SharePoint

Step 12: End-to-End Integration Testing and CCO Validation

Conduct comprehensive testing of the entire automated workflow from document generation through delivery confirmation archival. Use test contacts (internal team members) to validate every pathway. The CCO must review and formally approve all generated documents and confirm the audit trail meets SEC examination standards.

TEST 1: New Client Onboarding Flow

TEST 2: Paper Delivery Fallback

TEST 3: Annual ADV Delivery Campaign (Dry Run)

TEST 4: Material Change Notification

TEST 5: Audit Trail Completeness Check

Pull records from all five systems and verify consistency and completeness across:

• SharePoint ComplianceDeliveryLog
• DocuSign envelope history with Certificates of Completion
• Smarsh email archive (search for disclosure delivery emails)
• Synology NAS /ComplianceArchive/ and /DeliveryConfirmations/
• Redtail CRM contact records (UDF delivery dates)

CCO Sign-Off

Present test results to CCO in a formal review meeting. CCO must approve all of the following, documented with signature and date:

Custom AI Components

Discovery Audit Checklist Generator

Type: workflow

A structured discovery questionnaire and audit template that MSP technicians use during Phase 1 to systematically inventory the client's current compliance document workflow, tech stack, regulatory status, and integration requirements. Outputs a standardized assessment document.

Implementation:

Discovery Audit Checklist — Financial Advisory Disclosure Automation

Section 1: Firm Registration & Regulatory Status

Section 2: Current Disclosure Documents

Section 3: Current Technology Stack

Section 4: Electronic Delivery Consent Status

Section 5: Current Pain Points (Interview CCO)

• How long does the annual ADV delivery process take? _______
• Who is responsible for tracking delivery confirmations? _______
• How are delivery confirmations currently stored? _______
• Have you ever been unable to produce a delivery confirmation during an exam? Y/N
• What triggers an interim disclosure update (material changes)? _______
• How do you handle new client disclosure packages? _______

Section 6: Integration Requirements Assessment

Scoring & Recommendation

• If existing compliance platform exists: Migration path assessment required
• If no compliance platform: Greenfield deployment of COMPLY recommended
• If CRM data quality is poor (>10% missing emails): Add 2-week data cleanup phase
• If no e-delivery consent records: Add consent collection campaign phase (3-4 weeks)

Auditor: _______ Date: _______ CCO Reviewed: Y/N

Annual ADV Delivery Campaign Orchestrator

Type: workflow

A comprehensive Power Automate flow specification for the annual Form ADV delivery campaign. This is the most complex workflow — it must handle bulk delivery to all active clients, support both electronic and paper delivery paths, track confirmation status, escalate non-responses, and produce a compliance summary report for the CCO. Runs annually within the 120-day delivery window after fiscal year-end.

Implementation:

Power Automate Flow: Annual ADV Delivery Campaign Orchestrator

Flow Name: ADV-Annual-Delivery-Campaign

Trigger: Recurrence — Annual on April 1 (assuming Dec 31 FYE; adjust per client)

License Required: Power Automate Premium (HTTP connector)

Environment Variables (configure per client):

# customize per client deployment

{
  "FirmName": "[Client Firm Name]",
  "CCOEmail": "cco@clientdomain.com",
  "OpsEmail": "ops@clientdomain.com",
  "DocuSignAccountId": "[DocuSign Account GUID]",
  "DocuSignBaseUrl": "https://na4.docusign.net/restapi",
  "ADV2ATemplateId": "[DocuSign Template GUID for ADV 2A]",
  "ADV2BTemplateId": "[DocuSign Template GUID for ADV 2B]",
  "FormCRSTemplateId": "[DocuSign Template GUID for Form CRS]",
  "PrivacyNoticeTemplateId": "[DocuSign Template GUID for Privacy Notice]",
  "RedtailAPIKey": "[Redtail API Key]",
  "RedtailBaseUrl": "https://smf.crm3.redtailtechnology.com/api/public/v1",
  "SharePointSiteUrl": "https://[tenant].sharepoint.com/sites/ComplianceDocs",
  "DeliveryLogListName": "ComplianceDeliveryLog",
  "FiscalYearEnd": "2024-12-31",
  "DeliveryDeadline": "2025-04-30",
  "BatchSize": 50,
  "BatchDelayMinutes": 15
}

Flow Steps:

Step 1: Initialize Variables

• Initialize variable TotalClients (Integer) = 0
• Initialize variable ElectronicSent (Integer) = 0
• Initialize variable PaperQueued (Integer) = 0
• Initialize variable ErrorCount (Integer) = 0
• Initialize variable ErrorLog (Array) = []
• Initialize variable BatchCounter (Integer) = 0
• Initialize variable CampaignId (String) = concat('ADV-', formatDateTime(utcNow(), 'yyyy-MM-dd'))

Step 2: Notify CCO — Campaign Starting

• Send email to CCOEmail:
• Subject: [FirmName] Annual ADV Delivery Campaign Starting — [CampaignId]
• Body: The automated annual ADV delivery campaign is beginning. Documents will be sent to all active clients. Delivery deadline: [DeliveryDeadline]. You will receive a summary report upon completion.

Step 3: Retrieve Active Clients from Redtail CRM

• HTTP GET: [RedtailBaseUrl]/contacts?status=Active&category=Active+Client
• Headers: Authorization: Basic [base64(APIKey:password)], Content-Type: application/json
• Parse JSON response to extract client array
• Set TotalClients = length(clientArray)

Step 4: Apply to Each Client (with batching)

• Apply to each: clientArray
• Increment BatchCounter by 1

Condition A: Does client have E-Delivery Consent = Yes?

YES — Electronic Delivery Path

• Compose DocuSign envelope request (see JSON below)
• HTTP POST to DocuSign: [DocuSignBaseUrl]/v2.1/accounts/[DocuSignAccountId]/envelopes
• Scope: Try/Catch — If API call fails: Increment ErrorCount, Append to ErrorLog: { client: [name], email: [email], error: [error_message] }, Continue to next client
• If successful: Extract envelopeId from response, Increment ElectronicSent
• Create item in SharePoint DeliveryLogListName: ClientName: [name], ClientEmail: [email], DocumentType: ADV2A, DeliveryMethod: Electronic, DateSent: utcNow(), Status: Sent, EnvelopeID: [envelopeId], CampaignId: [CampaignId]

{
  "templateId": "[ADV2ATemplateId]",
  "templateRoles": [{
    "email": "[client.email]",
    "name": "[client.firstName] [client.lastName]",
    "roleName": "Client"
  }],
  "status": "sent",
  "emailSubject": "[FirmName] — Annual Disclosure Document Delivery",
  "emailBlurb": "Dear [client.firstName], please find enclosed our current Form ADV Part 2A brochure as required by the Securities and Exchange Commission. Please review and acknowledge receipt by signing below."
}

NO — Paper Delivery Path

• Increment PaperQueued
• Create item in SharePoint DeliveryLogListName: ClientName: [name], ClientEmail: N/A, DocumentType: ADV2A, DeliveryMethod: Paper, DateSent: (blank — pending), Status: Paper Delivery Queued, CampaignId: [CampaignId]
• Create item in SharePoint list PaperDeliveryQueue: ClientName, Address, DocumentType, DueDate: [DeliveryDeadline]

Batch Rate Limiting

• Condition: If BatchCounter mod BatchSize = 0
• Delay: BatchDelayMinutes minutes
• (Prevents DocuSign API rate limiting)

Step 5: Generate Summary Report

Compose HTML email body and send to CCOEmail and OpsEmail with subject: [FirmName] ADV Delivery Campaign Complete — [ElectronicSent] Sent, [PaperQueued] Paper

<h2>[FirmName] Annual ADV Delivery Campaign Report</h2>
<p><strong>Campaign ID:</strong> [CampaignId]</p>
<p><strong>Execution Date:</strong> [utcNow()]</p>
<p><strong>Delivery Deadline:</strong> [DeliveryDeadline]</p>
<hr>
<table border='1' cellpadding='8'>
  <tr><td>Total Active Clients</td><td>[TotalClients]</td></tr>
  <tr><td>Electronic Deliveries Sent</td><td>[ElectronicSent]</td></tr>
  <tr><td>Paper Deliveries Queued</td><td>[PaperQueued]</td></tr>
  <tr><td>Errors</td><td>[ErrorCount]</td></tr>
</table>
<h3>Errors (if any):</h3>
<pre>[ErrorLog]</pre>
<h3>Next Steps:</h3>
<ol>
  <li>Print and mail paper disclosure packages from PaperDeliveryQueue list</li>
  <li>Monitor DocuSign completion status over next 14 days</li>
  <li>Follow up on non-responses after 7 days (automated reminders are set)</li>
  <li>Escalate non-responses after 21 days to CCO for paper delivery fallback</li>
</ol>

Step 6: Schedule Follow-Up Checks

• Create scheduled flow trigger: 7 days from now — ADV-Delivery-7Day-FollowUp
• Query SharePoint DeliveryLogList where CampaignId = [CampaignId] AND Status = 'Sent'
• These are clients who received but haven't acknowledged
• Send reminder list to CCO
• Create scheduled flow trigger: 21 days from now — ADV-Delivery-21Day-Escalation
• Query SharePoint DeliveryLogList where CampaignId = [CampaignId] AND Status = 'Sent'
• These are clients who still haven't acknowledged after DocuSign's own reminders
• Move to PaperDeliveryQueue as fallback
• Send urgent notification to CCO

Error Handling:

• All API calls wrapped in Try/Catch scopes
• Errors logged but do not halt the campaign
• CCO receives error report for manual remediation
• If >20% error rate, flow sends URGENT email and pauses for manual review

Testing Protocol:

Delivery Confirmation Webhook Processor

Type: integration

A Power Automate flow triggered by DocuSign Connect webhooks that processes envelope completion events, downloads the Certificate of Completion, updates Redtail CRM contact records, and archives the confirmation to SharePoint and the Synology NAS. This is the critical audit trail component that satisfies SEC Rule 204-3.

Implementation:

Power Automate Flow: DocuSign Delivery Confirmation Processor

Flow Name: DocuSign-Delivery-Confirmation-Processor

Trigger: When an HTTP request is received (Premium connector)

Webhook URL: Auto-generated by Power Automate — register this URL in DocuSign Connect

Trigger Configuration:

• Method: POST
• Request Body JSON Schema:

{
  "type": "object",
  "properties": {
    "event": { "type": "string" },
    "apiVersion": { "type": "string" },
    "uri": { "type": "string" },
    "retryCount": { "type": "integer" },
    "configurationId": { "type": "integer" },
    "generatedDateTime": { "type": "string" },
    "data": {
      "type": "object",
      "properties": {
        "accountId": { "type": "string" },
        "envelopeId": { "type": "string" },
        "envelopeSummary": {
          "type": "object",
          "properties": {
            "status": { "type": "string" },
            "emailSubject": { "type": "string" },
            "completedDateTime": { "type": "string" },
            "recipients": {
              "type": "object",
              "properties": {
                "signers": {
                  "type": "array",
                  "items": {
                    "type": "object",
                    "properties": {
                      "email": { "type": "string" },
                      "name": { "type": "string" },
                      "status": { "type": "string" },
                      "signedDateTime": { "type": "string" },
                      "deliveredDateTime": { "type": "string" },
                      "ipAddress": { "type": "string" }
                    }
                  }
                }
              }
            }
          }
        }
      }
    }
  }
}

Flow Steps:

Step 1: Parse Webhook Payload

• Parse JSON: triggerBody()
• Initialize variables:
• EnvelopeId = data.envelopeId
• EnvelopeStatus = data.envelopeSummary.status
• RecipientEmail = data.envelopeSummary.recipients.signers[0].email
• RecipientName = data.envelopeSummary.recipients.signers[0].name
• CompletedDateTime = data.envelopeSummary.completedDateTime
• IPAddress = data.envelopeSummary.recipients.signers[0].ipAddress
• EmailSubject = data.envelopeSummary.emailSubject

Step 2: Determine Document Type from Email Subject

• Switch on EmailSubject contains:
• Contains 'ADV Part 2A' → DocumentType = 'ADV2A'
• Contains 'ADV Part 2B' → DocumentType = 'ADV2B'
• Contains 'Form CRS' → DocumentType = 'FormCRS'
• Contains 'Privacy Notice' → DocumentType = 'PrivacyNotice'
• Default → DocumentType = 'Other'

Step 3: Switch on Envelope Status

Case: 'completed' (client signed/acknowledged)

a. Download Certificate of Completion

# Download Certificate of Completion; save response body as PDF

GET [DocuSignBaseUrl]/v2.1/accounts/[AccountId]/envelopes/[EnvelopeId]/documents/certificate
Authorization: Bearer [access_token]

b. Download Signed Document

# Download combined signed document; save response body as PDF

GET [DocuSignBaseUrl]/v2.1/accounts/[AccountId]/envelopes/[EnvelopeId]/documents/combined

c. Archive to SharePoint

• Create file at path: /ComplianceDocs/Delivery-Confirmations/[Year]/[RecipientName]/
• File name (certificate): [DocumentType]_Confirmation_[RecipientName]_[CompletedDateTime].pdf
• Create file at same path for signed document
• File name (signed document): [DocumentType]_Signed_[RecipientName]_[CompletedDateTime].pdf

d. Update SharePoint Compliance Delivery Log

• Get items where EnvelopeID = [EnvelopeId]
• Update item — DateConfirmed: [CompletedDateTime]
• Update item — Status: 'Confirmed'
• Update item — CertificateLink: [SharePoint file URL]
• Update item — Notes: Acknowledged from IP [IPAddress] at [CompletedDateTime]

e. Update Redtail CRM Contact

GET [RedtailBaseUrl]/contacts?email=[RecipientEmail]

# Update Redtail UDF fields; map DocumentType: ADV2A → 'Last ADV 2A
# Delivered' = [CompletedDateTime], ADV2B → 'Last ADV 2B Delivered' =
# [CompletedDateTime], FormCRS → 'Last Form CRS Delivered' =
# [CompletedDateTime], PrivacyNotice → 'Last Privacy Notice Delivered' =
# [CompletedDateTime]

PUT [RedtailBaseUrl]/contacts/[contactId]/udfs

f. Add Redtail Activity Note

# Create Redtail activity note for confirmed delivery

POST [RedtailBaseUrl]/activities
{
  "Type": "Note",
  "Subject": "[DocumentType] Delivery Confirmed",
  "Body": "Client acknowledged receipt of [DocumentType] via DocuSign on [CompletedDateTime] from IP [IPAddress]. Envelope ID: [EnvelopeId]. Certificate of Completion archived to SharePoint."
}

Case: 'declined' (client declined to sign)

• Update SharePoint log: Status = 'Declined'
• Send email to CCO — Subject: URGENT: [RecipientName] Declined Disclosure Acknowledgment
• Email body: [RecipientName] ([RecipientEmail]) has declined to acknowledge receipt of [DocumentType]. Envelope ID: [EnvelopeId]. Manual follow-up required. Consider paper delivery as fallback.
• Create Redtail activity: [DocumentType] delivery declined — CCO follow-up required

Case: 'voided' (envelope voided/expired)

• Update SharePoint log: Status = 'Expired'
• Send email to CCO with instructions to initiate paper delivery
• Add to PaperDeliveryQueue SharePoint list
• Create Redtail activity: [DocumentType] electronic delivery expired — paper delivery required

Step 4: Respond to DocuSign (Required)

• Response: 200 OK

DocuSign Connect Configuration:

In DocuSign Admin > Connect > Add Configuration:

• Name: 'Compliance Delivery Tracker'
• URL to Publish: [Power Automate HTTP trigger URL]
• Include: Envelope events only
• Events: Envelope Completed, Envelope Declined, Envelope Voided
• Require Acknowledgment: Yes
• Include Documents: Yes
• Include Certificate of Completion: Yes
• Envelope Custom Fields: Include all
• Recipients: Include all recipient information
• Log: Enable

Compliance Delivery Status Dashboard

Type: workflow

A SharePoint-based dashboard specification using Power BI Embedded or SharePoint list views that gives the CCO real-time visibility into disclosure delivery status across all clients. Shows delivery completion rates, outstanding acknowledgments, upcoming deadlines, and historical audit trail access.

Implementation:

SharePoint Compliance Delivery Dashboard

SharePoint List Schema: ComplianceDeliveryLog

{
  "columns": [
    { "name": "ClientName", "type": "Single line of text", "required": true },
    { "name": "ClientEmail", "type": "Single line of text" },
    { "name": "DocumentType", "type": "Choice", "choices": ["ADV2A", "ADV2B", "FormCRS", "PrivacyNotice", "FullPackage"], "required": true },
    { "name": "DeliveryMethod", "type": "Choice", "choices": ["Electronic", "Paper"], "required": true },
    { "name": "DateSent", "type": "Date and Time" },
    { "name": "DateConfirmed", "type": "Date and Time" },
    { "name": "Status", "type": "Choice", "choices": ["Sent", "Confirmed", "Declined", "Expired", "PaperQueued", "PaperSent", "PaperConfirmed"], "required": true },
    { "name": "EnvelopeID", "type": "Single line of text" },
    { "name": "CertificateLink", "type": "Hyperlink" },
    { "name": "CampaignId", "type": "Single line of text" },
    { "name": "AssignedAdvisor", "type": "Single line of text" },
    { "name": "Notes", "type": "Multiple lines of text" }
  ]
}

SharePoint List Views to Create

View 1: Current Campaign Status

• Filter: CampaignId = [most recent campaign]
• Group by: Status
• Sort by: ClientName ascending
• Columns shown: ClientName, DocumentType, DeliveryMethod, DateSent, DateConfirmed, Status

Conditional formatting:

• Status = 'Confirmed' → Green background
• Status = 'Sent' → Yellow background
• Status = 'Declined' or 'Expired' → Red background
• Status = 'PaperQueued' → Orange background

View 2: Outstanding Acknowledgments

• Filter: Status = 'Sent' AND DateSent < [today - 7 days]
• Sort by: DateSent ascending (oldest first)
• Purpose: CCO follow-up queue

View 3: Audit Trail (All History)

• Filter: None (show all records)
• Sort by: DateSent descending
• Columns: All columns
• Purpose: SEC examination response — pull complete delivery history

View 4: By Client

• Group by: ClientName
• Sort by: DateSent descending within each group
• Purpose: View complete delivery history for a single client

View 5: Paper Delivery Queue

• Filter: Status = 'PaperQueued'
• Sort by: ClientName
• Purpose: Operations staff print-and-mail queue

SharePoint List: PaperDeliveryQueue

{
  "columns": [
    { "name": "ClientName", "type": "Single line of text", "required": true },
    { "name": "MailingAddress", "type": "Multiple lines of text", "required": true },
    { "name": "DocumentType", "type": "Choice", "choices": ["ADV2A", "ADV2B", "FormCRS", "PrivacyNotice", "FullPackage"] },
    { "name": "DueDate", "type": "Date and Time", "required": true },
    { "name": "PrintedDate", "type": "Date and Time" },
    { "name": "MailedDate", "type": "Date and Time" },
    { "name": "TrackingNumber", "type": "Single line of text" },
    { "name": "Status", "type": "Choice", "choices": ["Queued", "Printed", "Mailed", "Delivered"], "required": true }
  ]
}

SharePoint List: MaterialChanges

{
  "columns": [
    { "name": "ChangeDescription", "type": "Multiple lines of text", "required": true },
    { "name": "EffectiveDate", "type": "Date and Time", "required": true },
    { "name": "AffectedDocuments", "type": "Choice (multi-select)", "choices": ["ADV2A", "ADV2B", "FormCRS", "PrivacyNotice"] },
    { "name": "ApprovedByCCO", "type": "Yes/No" },
    { "name": "ApprovalDate", "type": "Date and Time" },
    { "name": "NotificationSent", "type": "Yes/No" },
    { "name": "NotificationDate", "type": "Date and Time" }
  ]
}

KPI Tiles (using SharePoint column formatting or embedded Power BI)

Use SharePoint JSON column formatting for status tiles at the top of the main view page:

{
  "$schema": "https://developer.microsoft.com/json-schemas/sp/v2/tile-formatting.schema.json",
  "hideColumnHeader": true,
  "formatter": {
    "elmType": "div",
    "style": {
      "display": "flex",
      "flex-direction": "row",
      "justify-content": "space-around",
      "padding": "10px"
    },
    "children": [
      {
        "elmType": "div",
        "style": { "background-color": "#107C10", "color": "white", "padding": "20px", "border-radius": "8px", "text-align": "center", "min-width": "150px" },
        "txtContent": "='Confirmed: ' + toString(@currentField)"
      }
    ]
  }
}

For a richer dashboard, deploy a Power BI report connected to the SharePoint lists:

• Card visual: Total Clients, Confirmed, Pending, Overdue
• Bar chart: Delivery status by document type
• Timeline: Delivery trend over time
• Table: Detailed drill-through to individual records
• Slicer: Filter by CampaignId, Advisor, Document Type

Embed the Power BI report on the SharePoint site home page using the Power BI web part.

SEC Exam Readiness Report Generator

Type: workflow

A Power Automate flow that generates a comprehensive SEC examination readiness report on demand, pulling data from all systems (SharePoint delivery log, Redtail CRM, Smarsh archive, DocuSign) to produce a single PDF document demonstrating the firm's disclosure delivery compliance. Designed to be run when an SEC exam notice is received.

Implementation

Power Automate Flow: SEC Exam Readiness Report Generator

Flow Name: SEC-Exam-Readiness-Report

Trigger: Manual (Instant cloud flow — button trigger from SharePoint or Teams)

Input Parameters:

• ReportPeriod_Start (Date): Start of reporting period
• ReportPeriod_End (Date): End of reporting period
• RequestedBy (Text): Name of person requesting report

Flow Steps:

Step 1: Gather Data from SharePoint ComplianceDeliveryLog

• Get items from SharePoint list: ComplianceDeliveryLog
• Filter: DateSent >= ReportPeriod_Start AND DateSent <= ReportPeriod_End
• Calculate: TotalDeliveries = count(items)
• Calculate: ConfirmedDeliveries = count(items where Status = 'Confirmed' or 'PaperConfirmed')
• Calculate: PendingDeliveries = count(items where Status = 'Sent')
• Calculate: FailedDeliveries = count(items where Status = 'Declined' or 'Expired')
• Calculate: PaperDeliveries = count(items where DeliveryMethod = 'Paper')
• Calculate: ElectronicDeliveries = count(items where DeliveryMethod = 'Electronic')
• Calculate: CompletionRate = (ConfirmedDeliveries / TotalDeliveries) * 100

Step 2: Gather Campaign Summary Data

• Get unique CampaignIds from the filtered items
• For each campaign: Campaign date, total sent, total confirmed, completion rate

Step 3: Get Active Client Count from Redtail

• HTTP GET: Redtail API — count of active clients
• Calculate coverage rate: ConfirmedDeliveries / ActiveClients

Step 4: Generate HTML Report

<!DOCTYPE html>
<html>
<head><style>
  body { font-family: Calibri, Arial, sans-serif; margin: 40px; }
  h1 { color: #003366; border-bottom: 2px solid #003366; }
  h2 { color: #003366; }
  table { border-collapse: collapse; width: 100%; margin: 15px 0; }
  th { background-color: #003366; color: white; padding: 10px; text-align: left; }
  td { border: 1px solid #ddd; padding: 8px; }
  tr:nth-child(even) { background-color: #f9f9f9; }
  .metric { font-size: 24px; font-weight: bold; color: #003366; }
  .green { color: #107C10; }
  .red { color: #D13438; }
  .yellow { color: #FFB900; }
  .footer { font-size: 10px; color: #666; margin-top: 40px; border-top: 1px solid #ddd; }
</style></head>
<body>
<h1>[FirmName] — SEC Examination Readiness Report</h1>
<p><strong>Disclosure Delivery Compliance Report</strong></p>
<p>Report Period: [ReportPeriod_Start] to [ReportPeriod_End]</p>
<p>Generated: [utcNow()] by [RequestedBy]</p>
<p>Prepared by: [FirmName] Compliance Department</p>

<h2>Executive Summary</h2>
<table>
  <tr><td>Total Active Clients</td><td class='metric'>[ActiveClients]</td></tr>
  <tr><td>Total Disclosure Deliveries (Period)</td><td class='metric'>[TotalDeliveries]</td></tr>
  <tr><td>Confirmed Deliveries</td><td class='metric green'>[ConfirmedDeliveries]</td></tr>
  <tr><td>Pending Acknowledgments</td><td class='metric yellow'>[PendingDeliveries]</td></tr>
  <tr><td>Failed/Declined Deliveries</td><td class='metric red'>[FailedDeliveries]</td></tr>
  <tr><td>Completion Rate</td><td class='metric'>[CompletionRate]%</td></tr>
</table>

<h2>Delivery Campaigns</h2>
<table>
  <tr><th>Campaign ID</th><th>Date</th><th>Sent</th><th>Confirmed</th><th>Rate</th></tr>
  <!-- Dynamic rows per campaign -->
  <tr><td>[CampaignId]</td><td>[CampaignDate]</td><td>[Sent]</td><td>[Confirmed]</td><td>[Rate]%</td></tr>
</table>

<h2>Delivery by Document Type</h2>
<table>
  <tr><th>Document</th><th>Electronic</th><th>Paper</th><th>Total</th><th>Confirmed</th></tr>
  <tr><td>Form ADV Part 2A</td><td>[count]</td><td>[count]</td><td>[count]</td><td>[count]</td></tr>
  <tr><td>Form ADV Part 2B</td><td>[count]</td><td>[count]</td><td>[count]</td><td>[count]</td></tr>
  <tr><td>Form CRS</td><td>[count]</td><td>[count]</td><td>[count]</td><td>[count]</td></tr>
  <tr><td>Privacy Notice</td><td>[count]</td><td>[count]</td><td>[count]</td><td>[count]</td></tr>
</table>

<h2>Evidence of Delivery Systems</h2>
<p>The firm maintains disclosure delivery records in the following systems:</p>
<ol>
  <li><strong>DocuSign eSignature</strong> — Certificate of Completion with timestamps, IP addresses, and tamper-evident seals for all electronic deliveries</li>
  <li><strong>SharePoint Compliance Delivery Log</strong> — Centralized tracking list with delivery dates, confirmation dates, and status for all clients</li>
  <li><strong>Redtail CRM</strong> — Contact-level delivery date fields and activity notes for each disclosure delivery</li>
  <li><strong>Smarsh Email Archive</strong> — WORM-compliant archive of all delivery notification emails</li>
  <li><strong>Synology NAS + Cloud Backup</strong> — Immutable backup copies of all Certificates of Completion with 5-year retention</li>
</ol>

<h2>Record Retrieval Instructions</h2>
<p>To retrieve a specific client's delivery confirmation:</p>
<ol>
  <li>SharePoint: ComplianceDocs > Delivery-Confirmations > [Year] > [Client Name]</li>
  <li>DocuSign: Admin > Envelopes > Search by client email or envelope ID</li>
  <li>Smarsh: Search > From/To contains client email > Date range</li>
</ol>

<div class='footer'>
  <p>This report was auto-generated by the firm's compliance automation system. Records are maintained in accordance with SEC Rule 204-2 requirements. For questions, contact the Chief Compliance Officer.</p>
</div>
</body>
</html>

Step 5: Convert HTML to PDF

• Use the 'Create file' action to save HTML to OneDrive
• Use 'Convert file' action (OneDrive connector) to convert to PDF
• Or use Muhimbi PDF Converter connector for Power Automate

Step 6: Save and Distribute

• Save PDF to SharePoint: /ComplianceDocs/ExamReadiness/SEC_Exam_Report_[date].pdf
• Send email to CCO with PDF attachment
• Subject: 'SEC Exam Readiness Report Generated — [ReportPeriod]'

Usage:

• Run on-demand when SEC exam notice received
• Can also be scheduled quarterly for proactive CCO review
• Include in the firm's Written Supervisory Procedures as the standard exam prep tool

Testing & Validation

• TEST 1 - COMPLY Platform Connectivity: Log into COMPLY platform, verify firm profile displays correct CRD number, SEC registration, and fiscal year-end date. Navigate to compliance calendar and confirm automated reminders are configured for annual ADV amendment (March 31), annual ADV delivery (April 30), and Reg S-P compliance deadline. Expected result: All dates display correctly with reminder notifications enabled at 90, 60, 30, and 7 days.
• TEST 2 - CRM Data Sync: Create a new test contact in Redtail CRM with all required fields populated (name, email, address, e-delivery consent = Yes, assigned advisor). Wait for the configured sync interval (4 hours or force manual sync). Verify the contact appears in COMPLY with all mapped fields correctly populated. Expected result: Contact data appears in COMPLY within one sync cycle with no field mapping errors.
• TEST 3 - Document Template Generation: In COMPLY, select a test client and generate each disclosure document type (ADV 2A, ADV 2B, Form CRS, Privacy Notice). Verify all merge fields populate correctly — firm name, CRD number, AUM figures, fee schedules, advisor biographical information. Have the CCO review each generated document for regulatory accuracy. Expected result: All merge fields populate correctly; CCO approves document content with no regulatory deficiencies.
• TEST 4 - DocuSign Electronic Delivery (Single Envelope): Manually create a DocuSign envelope from the ADV 2A Annual Delivery template, addressed to an internal test email. Verify: envelope arrives in email, document displays correctly, acknowledgment fields work, and the Certificate of Completion generates upon signing. Expected result: Complete envelope lifecycle from sent → delivered → completed with full audit trail.
• TEST 5 - Power Automate New Client Flow: Create a new contact in Redtail CRM with Category = 'Active Client' and E-Delivery Consent = Yes. Verify Power Automate Flow 1 triggers within 15 minutes, sends a DocuSign disclosure package, logs the delivery to SharePoint ComplianceDeliveryLog, and creates a Redtail activity note. Expected result: Entire flow executes end-to-end without manual intervention; delivery log entry shows Status = 'Sent'.
• TEST 6 - Power Automate Paper Delivery Fallback: Create a new contact in Redtail CRM with Category = 'Active Client' and E-Delivery Consent = No. Verify Power Automate routes this contact to the PaperDeliveryQueue SharePoint list instead of DocuSign, and sends a notification email to the CCO. Expected result: No DocuSign envelope sent; PaperDeliveryQueue list contains new entry with client name and mailing address.
• TEST 7 - Delivery Confirmation Webhook Processing: Complete a DocuSign envelope as a test client. Verify the DocuSign Connect webhook fires to Power Automate, the flow downloads the Certificate of Completion, saves it to SharePoint under the correct folder structure (/Delivery-Confirmations/[Year]/[ClientName]/), updates the SharePoint delivery log status to 'Confirmed', and updates the Redtail CRM contact UDF with the delivery date. Expected result: All five systems updated automatically within 5 minutes of envelope completion.
• TEST 8 - Declined/Expired Envelope Handling: Send a DocuSign envelope to a test address and either decline it or let it expire (set expiration to 1 day for testing). Verify the webhook processor updates the SharePoint log to 'Declined' or 'Expired', sends an urgent email to the CCO, and adds the client to the PaperDeliveryQueue. Expected result: CCO receives notification within 5 minutes; paper delivery queue updated.
• TEST 9 - Annual Delivery Campaign Dry Run: Tag 5 internal test contacts in Redtail (3 with e-delivery consent, 2 without). Modify Flow 2 to target only these contacts. Execute the annual delivery campaign flow manually. Verify: 3 DocuSign envelopes sent, 2 paper deliveries queued, summary report email sent to CCO with accurate counts, no errors in the error log. Expected result: Summary email shows 3 electronic sent, 2 paper queued, 0 errors.
• TEST 10 - Audit Trail Completeness Check: After completing Tests 5–9, pull records from all five audit trail systems: (1) SharePoint ComplianceDeliveryLog, (2) DocuSign envelope history, (3) Redtail CRM contact records (UDF dates and activity notes), (4) Smarsh email archive (search for DocuSign notification emails), (5) Synology NAS /ComplianceArchive/ folder (verify Cloud Sync has pulled SharePoint files). Verify all systems contain consistent, matching records for each test delivery. Expected result: 100% consistency across all five systems with no missing records.
• TEST 11 - SEC Exam Readiness Report: Run the SEC Exam Readiness Report Generator flow with the test period dates. Verify the generated PDF report contains accurate counts matching the SharePoint delivery log, correct firm information, and all five evidence-of-delivery systems listed. Have the CCO review and confirm the report would satisfy an SEC examiner's request. Expected result: Professional PDF report generated with accurate data; CCO approves format and content.
• TEST 12 - Email Authentication Validation: Send a test disclosure delivery email and check the receiving mail server's headers for SPF pass, DKIM pass, and DMARC pass. Use a tool like https://www.mail-tester.com or check message headers in Gmail/Outlook. Expected result: All three authentication methods pass, email spam score is low (< 3 on mail-tester), ensuring disclosure emails are not flagged as spam.
• TEST 13 - Backup and Recovery Validation: Verify Synology NAS immutable snapshots are being created on the configured schedule. Attempt to delete a file from an immutable snapshot to confirm WORM protection is active (deletion should fail). Verify Datto/Hyper Backup cloud replication is current. Perform a test restore of a single Certificate of Completion file from backup. Expected result: Immutable snapshot prevents deletion; cloud backup is current within 24 hours; test restore succeeds.
• TEST 14 - Security Baseline Validation: Verify MFA is enforced for all users accessing compliance platforms (test by attempting login without MFA — should be blocked). Verify BitLocker is enabled on all workstations via Intune compliance dashboard. Verify FortiGate IPS is active by checking security logs. Verify SentinelOne agents are running on all endpoints. Expected result: All security controls active and enforced across all endpoints and user accounts.

Client Handoff

Client Handoff Agenda and Deliverables

Training Sessions (Schedule 3 sessions over 1 week):

Session 1: CCO Training (2 hours)

• COMPLY platform navigation: compliance calendar, document templates, alert management
• How to trigger a material change notification in SharePoint
• How to review and approve generated documents before delivery
• How to use the SEC Exam Readiness Report Generator
• How to access and interpret the SharePoint Compliance Delivery Dashboard
• How to handle declined/expired deliveries (paper delivery fallback process)
• Annual ADV amendment workflow: what the CCO needs to do vs. what is automated
• Q&A with walkthrough of a complete new client onboarding scenario

Session 2: Operations Staff Training (1.5 hours)

• Redtail CRM data entry standards: required fields, e-delivery consent capture
• How to add new clients and ensure automation triggers correctly
• How to process the PaperDeliveryQueue: print, mail, log tracking numbers
• How to check delivery status in the SharePoint dashboard
• DocuSign admin basics: resend envelopes, check envelope status, void envelopes
• Troubleshooting: what to do if a flow fails (check Power Automate run history)

Session 3: Advisor Training (45 minutes)

• Overview of what is automated (no action required from advisors for most deliveries)
• How to use the DocuSign PowerForm during in-person client meetings
• How to check if a specific client's disclosures are up to date (Redtail CRM UDF fields)
• When to notify CCO/operations of material changes or new client situations

Documentation Package to Leave Behind

Success Criteria to Review Together:

Maintenance

Ongoing MSP Maintenance Responsibilities

Weekly (30 minutes):

• Review Power Automate flow run history for any failures — navigate to https://make.powerautomate.com > My Flows > Run History for each of the 4 core flows. Investigate and resolve any failed runs. Common issues: DocuSign token expiration (re-authenticate OAuth), Redtail API timeout (retry), SharePoint list threshold (archive old items).
• Check SentinelOne dashboard for any unresolved threats or agents in disconnected state.
• Verify Synology NAS backup status via DSM > Hyper Backup > check last successful backup timestamp.

Monthly (1-2 hours):

• Review Smarsh archiving status — verify journal rule is active and emails are being captured. Spot-check by searching for recent disclosure delivery emails in Smarsh.
• Review FortiGate security logs for any blocked threats or suspicious traffic patterns. Update FortiGuard signatures if not set to auto-update.
• Check Microsoft Secure Score in the M365 Security admin center — address any new recommendations.
• Review Redtail CRM data quality: run a report of active clients missing email addresses or e-delivery consent flags. Provide list to operations staff for cleanup.
• Verify Synology immutable snapshot schedule is running and disk utilization is within acceptable bounds (alert at 80% capacity).
• Check for platform updates: COMPLY, Redtail, DocuSign — review release notes for any breaking changes to APIs or integrations.

Quarterly (Compliance Tech Review — billable engagement $500-$1,500):

• Comprehensive audit of the ComplianceDeliveryLog: verify all deliveries from the quarter have matching confirmation records.
• Test the complete new client onboarding flow end-to-end with a test contact.
• Test the delivery confirmation webhook with a test envelope.
• Review and update document templates if the CCO has made any regulatory content changes.
• Verify backup recovery capability — perform a test restore of a random Certificate of Completion.
• Review user access: disable accounts for departed employees, verify RBAC roles are correct.
• Generate a quarterly compliance tech report for the CCO summarizing system health, delivery statistics, and any issues.
• Review COMPLY compliance calendar for upcoming deadlines in the next quarter.

Annually (ADV Filing Season — billable engagement $1,000-$3,000):

• Pre-campaign system check (60-75 days before delivery deadline): verify all integrations are active, test annual delivery campaign flow in dry-run mode, confirm client list is complete and current.
• Support the CCO during the annual ADV amendment process: provide technical assistance with COMPLY/IARD filing if needed.
• Execute or supervise the annual delivery campaign: monitor flow execution, troubleshoot any errors in real-time, verify summary report accuracy.
• Post-campaign reconciliation: compare delivery log against active client list, ensure 100% coverage, escalate any gaps.
• Annual platform license renewals: COMPLY, Smarsh, DocuSign — review pricing, negotiate renewals, ensure no service gaps.
• Annual security review: update the firm's WISP and Incident Response Plan technology sections, review firewall rules, rotate service account credentials, verify certificate/SSL expiration dates.
• Review regulatory changes: check SEC.gov for any new rules or guidance affecting disclosure delivery requirements and update automation accordingly.

Escalation Paths:

• Tier 1 (MSP Help Desk): Password resets, basic platform access issues, workstation problems — respond within 4 business hours.
• Tier 2 (MSP Senior Technician): Flow failures, integration errors, API authentication issues, data sync problems — respond within 8 business hours.
• Tier 3 (MSP Architect/Project Lead): Regulatory requirement changes requiring workflow modifications, platform migrations, new integration development — respond within 2 business days; scope and quote if >2 hours.
• Vendor Escalation: For platform-specific issues beyond MSP control, escalate to vendor support: COMPLY (dedicated account manager), DocuSign (admin support portal), Redtail (support@redtailtechnology.com), Smarsh (client support), Microsoft (CSP support channel).

SLA Considerations:

• Critical (system down, unable to deliver disclosures): 2-hour response, 8-hour resolution target. This is rare but critical near the annual delivery deadline.
• High (integration failure, flow errors): 4-hour response, 24-hour resolution target.
• Medium (data quality issues, template updates): 8-hour response, 48-hour resolution target.
• Low (dashboard enhancements, reporting requests): Next business day response, 5 business day resolution.
• Annual Delivery Campaign Window (March 15 - April 30 for Dec FYE firms): Elevated SLA — all compliance-related tickets treated as High priority minimum.

Alternatives

SmartRIA as Primary Compliance Platform

Replace COMPLY with SmartRIA as the core compliance automation platform. SmartRIA offers similar capabilities — automated compliance program management, document generation, compliance calendars, and audit preparation — with approximately 2,400 firms currently using the platform. SmartRIA is often praised for building out a full compliance program in one place with responsive customer support.

Tradeoffs

• Cost: Similar pricing range ($250–$600/month for small firms) but SmartRIA offers customized pricing that may be more favorable for very small firms (under 5 employees).
• Complexity: Similar implementation effort; SmartRIA may have slightly different API/integration patterns — verify Redtail CRM and DocuSign integration availability before committing.
• Capability: SmartRIA is strong on automated employee onboarding and compliance program buildout but may have less mature Form CRS auto-generation compared to COMPLY's proprietary tool.
• Recommend SmartRIA when: the client has fewer than 5 employees and wants a more hands-on vendor relationship, or when COMPLY pricing is prohibitive.

Orion Compliance for Existing Orion Stack Firms

If the client already uses Orion Portfolio Solutions for portfolio management, billing, or financial planning, use Orion Compliance as the integrated compliance module instead of a standalone platform like COMPLY. Orion Compliance pulls data directly from the Orion ecosystem to populate Form ADV filings and integrates with MyRIACompliance for IARD filing. This creates a single-platform experience.

Tradeoffs

• Cost: Orion Compliance pricing is typically bundled with the broader Orion stack, which can be cost-effective if the firm is already paying for Orion PM ($200–$500/month for the compliance module).
• Complexity: Lower integration complexity since data flows within the Orion ecosystem without external API calls. However, if the firm does NOT already use Orion, the total cost of adopting the full Orion stack is significantly higher ($500–$2,000+/month).
• Capability: Orion Compliance is deeply integrated with portfolio data, making AUM-dependent disclosure content more accurate. The tradeoff is vendor lock-in — the firm becomes deeply dependent on the Orion ecosystem.
• Recommend when: the client already uses Orion for portfolio management and wants to consolidate vendors.

InvestorCOM ComplianceExpress for Delivery-Only Automation

If the client already has a compliance consultant or outsourced CCO handling document creation and ADV filing, and the primary pain point is specifically the delivery tracking and confirmation workflow, deploy InvestorCOM ComplianceExpress as a specialized delivery management platform instead of a full compliance suite like COMPLY. InvestorCOM has been providing regulatory compliance delivery solutions since 1992 and specializes in automating document delivery with tracking.

Tradeoffs

• Cost: Quote-based pricing, typically lower than full compliance platforms since it focuses on delivery rather than the entire compliance program.
• Complexity: Simpler implementation since you are automating only the delivery/tracking workflow, not document generation or ADV filing. The client continues to generate documents manually or via their compliance consultant.
• Capability: Strongest delivery tracking and confirmation capabilities in the market, but does NOT automate document generation, compliance calendar management, or ADV filing.
• Recommend when: the client already has a strong compliance program and outsourced CCO, and the specific gap is electronic delivery tracking and audit trail management.

Fully Manual Process with Enhanced Tracking via SharePoint Only

For very small firms (1-2 person RIAs) with minimal budget, skip the dedicated compliance platform entirely and implement a lightweight solution using only Microsoft 365 (SharePoint lists, Power Automate, and DocuSign). The CCO manually generates documents in Word using mail merge templates and uploads them to DocuSign for delivery. Power Automate handles confirmation tracking and SharePoint provides the audit trail.

Tradeoffs

• Cost: Significantly lower — eliminates the $300-$700/month compliance platform fee. Total monthly cost drops to roughly $100-$200/month (M365 + DocuSign).
• Complexity: Lower platform count but higher manual effort — the CCO must manually generate documents and manage the compliance calendar without automated alerts.
• Capability: No automated document generation, no IARD filing integration, no compliance calendar with regulatory intelligence, and no Form CRS auto-generator. The CCO takes on more manual responsibility, increasing the risk of human error.
• Regulatory risk is higher because there is no rules engine validating document content.

PandaDoc + Zapier as Document Automation Alternative

Replace the COMPLY + DocuSign combination with PandaDoc for both document generation and electronic delivery, connected to Redtail CRM via Zapier instead of Power Automate. PandaDoc provides template-based document creation with conditional logic, electronic signature capture, and delivery tracking in a single platform. Zapier provides the integration layer.

Tradeoffs

• Cost: PandaDoc Business at $49/user/month is less expensive than COMPLY + DocuSign combined, and Zapier Professional at $49/month is cheaper than Power Automate Premium for small teams. Total savings of $200–$500/month.
• Complexity: Simpler architecture with fewer platforms to manage. However, PandaDoc is a general-purpose document automation tool, NOT a purpose-built RIA compliance platform — it lacks SEC regulatory intelligence, compliance calendar, IARD integration, and Form CRS auto-generation. The MSP or CCO must build all compliance logic from scratch in PandaDoc templates.
• Capability: Strong document generation and delivery tracking, but the firm loses regulatory-specific features. No automated ADV filing, no regulatory change alerts, no exam prep tools.
• Recommend when: budget is the primary constraint and the firm has a strong outsourced compliance consultant who provides the regulatory intelligence that PandaDoc lacks.