Client Notification and Disclosure Requirements for Custody

To meet the client notification and disclosure requirements for custody requirement, you must send clients written notice identifying the qualified custodian (name, address, and how assets are maintained) promptly when you open a custodial account on their behalf, and again after any changes. If you send adviser-generated statements, include language urging clients to compare them to custodian statements. (17 CFR 275.206(4)-2(a)(2))

Key takeaways:

• Trigger a written custody notice at account opening and on any custodian-info change. (17 CFR 275.206(4)-2(a)(2))
• Standardize the notice content: custodian name, address, and manner of maintenance. (17 CFR 275.206(4)-2(a)(2))
• If you produce statements, add the required “compare to custodian statements” language and retain samples. (17 CFR 275.206(4)-2(a)(2))

This requirement is easy to describe and easy to fail in operations: a client account gets opened (or moved), a custodian changes a legal name/address, or your firm starts sending performance/reporting packets that look like “statements,” and nobody runs a formal client notice workflow. The SEC Custody Rule treats that breakdown as a compliance failure because the notice is a client protection mechanism. The notice tells the client where their assets are held and how, and it reinforces that the custodian’s statements are the authoritative record. (17 CFR 275.206(4)-2(a)(2))

Your goal as a Compliance Officer, CCO, or GRC lead is to make this requirement event-driven and auditable. That means: define the events that trigger notice, lock a template with the required fields, assign who presses “send,” and capture evidence that notice went out promptly. You also need a control for the related disclosure duty that attaches when the adviser sends account statements: you must include language urging comparison to the custodian’s statements. (17 CFR 275.206(4)-2(a)(2))

The rest of this page is a requirement-level playbook you can implement without guesswork, plus the evidence set exam teams routinely ask for.

Requirement: Client Notification and Disclosure Requirements for Custody (SEC Custody Rule)

Plain-English interpretation

If your advisory firm opens a client’s account at a qualified custodian (either in the client’s name or with you acting as agent), you must tell the client in writing who the custodian is, where the custodian is located (address), and how the client’s funds or securities are maintained. You must send that notice promptly when the account is opened, and you must send a new notice after any change to that custodian information. (17 CFR 275.206(4)-2(a)(2))

Separately, if you send account statements to those clients, your statements must include language urging the client to compare your statements to the custodian’s statements. (17 CFR 275.206(4)-2(a)(2))

Who it applies to (entity and operational context)

Applies to:

• Registered investment advisers that open accounts with a qualified custodian on a client’s behalf. (17 CFR 275.206(4)-2(a)(2))

Common operational scenarios where it becomes relevant:

• New client onboarding where the adviser (or a third party acting for the adviser) submits custodial paperwork.
• Adviser opens an account as agent (for example, to facilitate trading authority workflows).
• Custodian migration (account transfer) or platform conversion.
• Custodian merger/rebrand or address change that alters the information previously disclosed.
• Adviser begins sending “statements” (quarterly packets, portal downloads, PDFs) that function like account statements.

Control objective (what “good” looks like)

You can prove, for each in-scope account:

1. A written notice with the required custodian details went to the client promptly at account opening. (17 CFR 275.206(4)-2(a)(2))
2. A written change notice went to the client after any change to custodian name, address, or manner of maintenance. (17 CFR 275.206(4)-2(a)(2))
3. Any adviser-generated statement includes the “compare to custodian statements” language, and you retain samples. (17 CFR 275.206(4)-2(a)(2))

Regulatory text

Rule excerpt (operator-relevant): If you open an account with a qualified custodian on your client’s behalf, either under the client’s name or under your name as agent, you must notify the client in writing of the qualified custodian’s name, address, and the manner in which the funds or securities are maintained, promptly when the account is opened and following any changes to this information. (17 CFR 275.206(4)-2(a)(2))

Operator translation:

• “Open an account” is the trigger event. Build your workflow around the moment the custodian account is actually established (not when paperwork is started).
• “In writing” means you need a durable record of what you sent and when you sent it.
• “Promptly” is an operational standard. Treat it like a timed SLA in your procedures so it does not drift.
• “Following any changes” means you need monitoring and a re-notice workflow, not a one-time onboarding task. (17 CFR 275.206(4)-2(a)(2))

Public enforcement cases

These SEC press releases reflect custody-rule sweeps where notification/control failures were among the issues charged, even when the orders were not limited to notification alone:

• SEC Charges Two Advisory Firms for Custody Rule Violations, One for Form ADV Violations, and Six for Both (2022-156)
• SEC Charges Five Advisory Firms for Custody Rule Violations (2023-168)

How to use this in your risk narrative: Exams and enforcement often treat custody compliance as a package of controls. A weak notification trail can compound other custody findings because it suggests the firm cannot evidence basic client protection steps. (2022-156) (2023-168)

What you actually need to do (step-by-step)

Step 1: Define your “in-scope” population and trigger events

Create a short custody-notice applicability standard your teams can follow:

• In-scope accounts: Any account at a qualified custodian that your firm opens on the client’s behalf, under the client’s name or your name as agent. (17 CFR 275.206(4)-2(a)(2))
• Trigger events (minimum):
  • Account opened (new custodial account established). (17 CFR 275.206(4)-2(a)(2))
  • Change in custodian name, address, or manner of maintenance. (17 CFR 275.206(4)-2(a)(2))

Operational tip: map triggers to systems. Account opening may live in your CRM workflow, custodian portal, onboarding ticketing, or an outsourced operations queue. Pick one system as the “system of record” for the trigger and force all openings through it.

Step 2: Build and lock the notification template

Your template must include, at minimum:

• Qualified custodian name. (17 CFR 275.206(4)-2(a)(2))
• Qualified custodian address. (17 CFR 275.206(4)-2(a)(2))
• Manner in which funds/securities are maintained (for example, held at custodian in the client’s account, and how the account is titled/maintained). (17 CFR 275.206(4)-2(a)(2))

Add practical fields operators need:

• Client name(s) and account identifier (mask if needed).
• Effective date (account opened date or change effective date).
• Contact instructions for accessing custodian statements.

Change-control: treat the template like a controlled compliance document. Record version, owner, and approval.

Step 3: Implement an event-driven send process (with a clear owner)

Design a workflow that answers four questions every time:

1. Who sends it (Ops, Client Service, Compliance, or a managed service)?
2. What channel counts as “in writing” for your program (email, portal message, letter)?
3. When is “promptly” in your procedures (set an internal target and escalation).
4. Where is evidence stored (CRM record, compliance archive, ticket attachment)?

A practical approach most firms can run:

• Onboarding completion triggers a task: “Send Custody Notice.”
• Task cannot close without attaching the final notice and proof of delivery.
• Weekly exception report: accounts opened with no notice attached.

Step 4: Add the “statement comparison” disclosure where required

If your firm sends account statements to clients who are subject to the notice requirement, you must include language urging the client to compare custodian statements with adviser statements. (17 CFR 275.206(4)-2(a)(2))

Operationalize it:

• Identify every output that could be interpreted as an “account statement” (PDF packet, portal statement tab, consolidated report).
• Insert the required comparison language in the footer or disclosure section.
• Preserve immutable samples per statement type and per period.

Step 5: Monitor for changes and re-notify

You need a standing control to catch:

• Custodian mergers/rebrands.
• Address changes.
• Platform conversions that change how assets are maintained or titled.
• Account transfers to a new qualified custodian.

Set up a lightweight “custodian change intake”:

• Ops or vendor management logs custodian change notices.
• Compliance reviews whether the change affects name/address/manner of maintenance.
• If yes, trigger client change notice and capture evidence. (17 CFR 275.206(4)-2(a)(2))

Step 6: Test the control like an examiner would

Run a quarterly sample test:

• Pull a list of new accounts opened in the period.
• Confirm a notice exists, content includes required fields, and send date is prompt relative to opening. (17 CFR 275.206(4)-2(a)(2))
• If adviser statements were sent, confirm the comparison language appears. (17 CFR 275.206(4)-2(a)(2))

Document exceptions, remediation, and recurrence prevention.

Required evidence and artifacts to retain

Maintain an examiner-ready packet:

Policies and procedures

• Written procedure describing triggers (open account; change events), timing expectation (“promptly”), responsible roles, and evidence capture. (17 CFR 275.206(4)-2(a)(2))
• Procedure for adviser-generated statements and required comparison language. (17 CFR 275.206(4)-2(a)(2))

Client-level evidence

• Copy of the custody notice sent for a new account, showing custodian name, address, and manner of maintenance. (17 CFR 275.206(4)-2(a)(2))
• Proof of delivery (email log, portal message log, mail log, or CRM activity record).
• Copies of change notices and proof of delivery. (17 CFR 275.206(4)-2(a)(2))

Statement evidence (if applicable)

• Samples of adviser-generated statements with the comparison language visible. (17 CFR 275.206(4)-2(a)(2))

Oversight and testing

• Exception reports (accounts opened without recorded notice).
• Quarterly/periodic testing worksheet and sign-off.

If you run this in Daydream, keep the evidence set in a single control record: trigger → notice → delivery proof → reviewer sign-off. That structure reduces scramble during exams because the story is linear.

Common exam/audit questions and hangups

Expect questions like:

• “Show me a list of accounts opened during the period and the corresponding client notices.” (17 CFR 275.206(4)-2(a)(2))
• “How do you define ‘promptly,’ and how do you enforce it?”
• “What happens when the custodian changes address or merges? Show a change notice example.” (17 CFR 275.206(4)-2(a)(2))
• “Do you send account statements? Where is the compare-to-custodian language?” (17 CFR 275.206(4)-2(a)(2))
• “Who owns the process, and what is Compliance’s review role?”

Hangups that slow reviews:

• Notice exists but missing “manner of maintenance.”
• Proof of delivery is not retained, or it is not tied to the specific account opening event.
• Teams treat re-notice as optional when the custodian change seems “administrative.” The rule still keys off changes to name/address/manner of maintenance. (17 CFR 275.206(4)-2(a)(2))

Frequent implementation mistakes (and how to avoid them)

Mistake	Why it fails	Avoidance tactic
Notice sent only at onboarding kickoff, before the account is actually opened	The trigger is account opening; pre-work does not prove compliance	Tie the task to “account opened” confirmation from custodian. (17 CFR 275.206(4)-2(a)(2))
Template omits “manner of maintenance”	The rule requires it	Add a required field and block sending if blank. (17 CFR 275.206(4)-2(a)(2))
Statements sent without comparison language	Explicit rule requirement when adviser sends statements	Hard-code the disclosure into every statement format and lock the template. (17 CFR 275.206(4)-2(a)(2))
No control for custodian changes	Re-notice is required after changes	Add a custodian change log and monthly review. (17 CFR 275.206(4)-2(a)(2))
Evidence scattered across inboxes	You cannot reconstruct an audit trail	Centralize evidence in CRM/compliance system with consistent naming.

Enforcement context and risk implications

The SEC has brought custody-rule sweep actions in recent years. While public press releases often summarize broader custody failures, they signal that custody controls remain an exam and enforcement focus area. Weak client notification evidence can aggravate findings because it suggests clients were not clearly informed where assets are held and how to validate statements. (2022-156) (2023-168)

For a CCO, the practical risk is not just the notice itself. It is the pattern: if your firm cannot evidence a basic written disclosure workflow, exam staff may question other custody controls (statement delivery, oversight of third parties, and safeguarding procedures).

Practical 30/60/90-day execution plan

First 30 days (stabilize and stop the bleeding)

• Inventory all ways accounts are opened (internal ops, outsourced teams, third-party onboarding desks).
• Freeze and publish one custody notice template with required fields. (17 CFR 275.206(4)-2(a)(2))
• Implement a mandatory onboarding checklist item: “Custody notice sent + proof attached.”
• Identify all adviser-generated “statements” and insert the comparison language. (17 CFR 275.206(4)-2(a)(2))

By 60 days (make it repeatable and testable)

• Build an exception report: new accounts opened with no notice evidence.
• Document procedures and assign RACI (Responsible, Accountable, Consulted, Informed) for openings and changes. (17 CFR 275.206(4)-2(a)(2))
• Create a custodian change intake and review routine that triggers re-notice. (17 CFR 275.206(4)-2(a)(2))
• Run the first sample test and remediate gaps.

By 90 days (operational maturity)

• Add QA: periodic sampling with documented sign-off.
• Tighten change control on templates and statement formats.
• Train Client Service and Ops on what counts as a “change” and where evidence must be stored. (17 CFR 275.206(4)-2(a)(2))
• If you use Daydream, standardize a control workspace that collects templates, sends, proofs, and testing results in one place for exams.

Frequently Asked Questions

What does “promptly” mean for sending the custody notice?

The rule requires notice “promptly” when the account is opened but does not define a specific number of days. Set an internal standard in procedure, measure against it, and escalate exceptions so you can show consistent practice. (17 CFR 275.206(4)-2(a)(2))

Do we have to notify clients if the custodian’s mailing address changes but everything else stays the same?

Yes, changes to the custodian’s name or address trigger the follow-up notification requirement. Track these changes and re-notify with evidence of delivery. (17 CFR 275.206(4)-2(a)(2))

If the custodian sends statements directly, do we still need the “compare statements” language?

The comparison language requirement applies when you (the adviser) send account statements to clients who are subject to the notice requirement. If you do not send statements, focus on the written custody notice and change notices. (17 CFR 275.206(4)-2(a)(2))

Does a welcome email that mentions the custodian count as the written notice?

It can, if it reliably includes the custodian name, address, and manner of maintenance, is sent promptly upon account opening, and you retain proof of delivery. Most firms prefer a controlled template to avoid missing required fields. (17 CFR 275.206(4)-2(a)(2))

We open accounts through a third party onboarding service. Who is responsible for the notice?

The adviser remains accountable for meeting the requirement. If a third party sends notices, contract for it, test it, and retain the same evidence you would keep if you sent it yourself. (17 CFR 275.206(4)-2(a)(2))

What evidence is most persuasive in an exam?

Examiners typically want the notice content, the send date, and proof of delivery tied to the account opening record, plus samples of adviser statements with comparison language where applicable. Keep these in a single audit trail per account. (17 CFR 275.206(4)-2(a)(2))