Recently, the U.S. Securities and Exchange Commission (SEC) has been showing up unannounced at registered investment advisors’ (RIA) offices to conduct surprise investigations in order to:
- Better understand how an RIA operates on an everyday basis.
- Avoid allowing the RIA to “clean up” its compliance program and records after receiving notice of an impending SEC exam and a document request letter.
Since many RIAs believe they would flunk an SEC exam1 and their senior executives question whether their firm can satisfy SEC examiners’ expectations, this new tactic is causing understandable concern among RIAs.
Overall, the SEC has been ramping up the frequency of its examinations in the last few years – in 2011, it conducted exams on 8% of RIAs; in 2017, it conducted exams on 13% (1,614 firms).
In 2016, of the 1,477 firms audited:
- 72% resulted in a deficiency
- 27% resulted in a “significant finding”
- 9% were referred to enforcement2
RIAs are particularly anxious about these exams since they often lack a clear understanding of the SEC’s exam priorities. Though the SEC has not released its 2018 priorities list, it stated that it would focus on the following in 2017, among others: protecting retail investors (including a focus on “robo-advising” and wrap fee programs); identifying potential exploitation of senior investors; RIAs’ compliance with SEC Regulation Systems Compliance and Integrity (SCI) and anti-money laundering rules; FINRA operations and regulatory programs; and cybersecurity.3
How should an RIA prepare for a surprise or a scheduled SEC exam?
Conducting an “SEC mock exam,” during which internal staff or a third party simulates the type of exam the SEC would administer, can help ensure that you’re as prepared as possible. Specifically, a mock exam should identify:
- Potential weaknesses in compliance programs and controls.
- Appropriate steps your firm should take to enhance those controls and update policies and procedures.
Specific steps to prepare:
- Review any recent SEC exam request letters and confirm that you can produce the required documents and data. Are your records readily accessible? Can you prepare requested reports promptly in the format requested? Do you have the personnel and/or expertise to understand SEC information requests and “SEC hot buttons?”
- Review any prior SEC communications, including SEC exam deficiency letters and the steps you said you took orwould take to address the deficiencies. If you did not address one, do so now.
- Review your current business model, including any changes in businesses, products, operations, and personnel, against your current controls, policies, and procedures. Do your policies and procedures accurately reflect your business and control structure?
- Assess the ability of all your employees to prepare for and respond to an SEC exam and the examiners. Educate your employees about proper ways to respond both orally and in written form.
- Determine the project management tools your firm has to appropriately manage a multiple–month SEC exam withmultiple data requests. How will you track the responsive materials provided to the SEC and the multiple follow-up document requests? Develop a tracking matrix and ensure you have the ability to “Bates Stamp” your responsive documents.
- Assess the expertise your firm has to work with the SEC during your exam, and draft appropriate responses toSEC recommendations and observations.
- In order to avoid potentially negative consequences, consider hiring an expert to partner with and manage yourSEC exam to a successful and minimally–invasive conclusion. An expert compliance consultant, such as Northern Lights Compliance Services, LLC (NLCS), can manage a mock SEC exam, prepare assessment results, and partner with you to enhance your compliance program and controls, including your policies and procedures.
1) Gap Found in Managers’ Confidence in Compliance Programs – Survey, Rick Baert, August 11, 2017