No matter how smoothly your firm operates or how diligent your compliance team is, the prospect of an SEC examination strikes fear, stress and anxiety into investment advisers and registered investment companies. Because regulations are constantly in flux, it’s difficult to fully gauge how your compliance policies and procedures stand up to the requirements. For some firms, the first real test of their compliance program’s effectiveness happens during an SEC examination. Unfortunately for those firms, about 75 percent of exams over the past five years have found deficiencies within a firm’s compliance program. As the SEC’s National Examination Program continues to ramp up, waiting or operating on the fringes will no longer be an option.
The likelihood of your business coming under investigation continues to increase year over year as the SEC improves its efficiencies. They have specifically focused on investment advisers — 10 percent of registered advisers were examined back in 2014, with plans of increasing that number to 13 percent of registered investment advisers. This uptick in examinations, combined with the consequences of an inadequate review, means firms need to develop a plan of action to prepare their staff for the inevitable.
The good news is, even though SEC examinations are stressful events for all parties, they are an exam you can prepare for. To understand how to prepare for an SEC examination, you first need to understand the basics, such as what kinds of examinations there are, what the SEC is looking to uncover, who conducts exams and what types of events typically trigger exams.
Who Conducts an SEC Examination?
The Office of Compliance Inspections and Examinations (OCIE) conducts SEC examinations nationwide to protect investors and ensure market integrity. The OCIE accomplishes these goals through risk-focused strategies which improve compliance, prevent fraud, monitor risk and inform future policy. To accurately carry out their mission across the broad spectrum of financial services, the OCIE is organized into offices based on the organizations they examine. For instance, some divisions focus on investment advisers, broker-dealers, clearance and settlement agencies.
Along with conducting examinations, the OCIE identifies and creates guidance around the most significant risks in the industry. In 2018, the OCIE has identified its priorities as:
- Areas important to retail investors, including those saving for retirement
- Market infrastructure compliance and risks
- Financial Industry Regulatory Authority and Municipal Securities Rulemaking Board
- Anti-money laundering programs
What Types of SEC Examinations Are There?
The general purposes of an SEC examination are to gather an understanding of the firm’s operations, assess the effectiveness of your compliance program and review the procedures and controls surrounding the production of documents. However, not all SEC exams target the same kind of information to draw those conclusions. The types of audit the SEC conducts can trigger investigators to inspect different elements of your business. There are three basic types of exams your business could encounter:
- Routine — These examinations or inspections take place periodically to determine if your compliance procedures are in accordance with regulations. Routine SEC exams will be holistic and broad in scope to give the SEC as much information as possible regarding your firm.
- For cause — An investor or employee tip, complaint or referral can trigger these examinations. For-cause SEC exams often focus on the area around the tip or complaint, but can also involve a more extensive inspection.
- Sweep – These examinations focus on an industry-wide compliance risk area. The SEC often performs sweep examinations with little to no notice and target a specific area of your practice.
Because the SEC considers its examination program to be risk-based, there are a variety of reasons your firm could be audited, including a statutory mandate, an entity’s risk profile, tip, complaint, referral or review of a critical compliance risk area.
The Evolution of SEC Examinations
Although the “Advisers Act” regulating investment advisers dates back to 1940, SEC examinations have continued to grow with the times concerning documentation requested and risk areas inspected. In recent years, the OCIE has placed a focus on technology issues and cybersecurity around firms.
Depending upon the tenure of the examination, the OCIE may conduct the exam on an unannounced or announced basis. For announced inspections, investigators will likely send a letter notifying the firm of its examination, along with outlining the requested documentation and how that documentation should be formatted. If you are on the receiving end of an unannounced inspection, it’s particularly helpful to know what sort of documents you should provide to ensure your team has easy access.
Generally, the core information SEC examiners request will serve multiple purposes. Examiners will request general information to gain an understanding of the firm’s business and activities. SEC examiners also aim to understand the compliance risks firms have identified to see how a firm reacts to risk. Other areas that information focuses on will depend on the situation, but may include transactional documents, prior testing results and actions and specific risk area information. The types of information examiners could request vary by exam. However, many investigations request these standard pieces.
- General information — Organizational structure, client contracts and agreements, fee schedules and payments received, powers of attorney, disclosure documentation and other service provider information
- Compliance program and risk management information — Policies, procedures, tests performed, internal audits, client complaints, valuations, information processing, reporting and protection
- Advisory trading testing information — Trade blotter, client advisory information, portfolio management, brokerage arrangements, conflicts of interest
- Specific compliance area testing — Advertising and marketing materials, financial records, custodial information and anti-money laundering procedures
Often, the examiners will visit the premises of the firm to conduct their examination work. This visit allows investigators to learn more about an entity’s location risks and internal processes and gain an understanding of a firm’s compliance culture by interacting with employees. As the examination continues, SEC personnel may request additional documentation, ask clarifying questions and interview key employees. Many inspections create heightened tension and stress levels around an office, but there are steps you can take to prepare for your SEC exam.
Steps You Can Take to Prepare for an SEC Examination
Like any exam, your firm can take actionable measures to prepare for an SEC exam. It’s always better to be proactive in your preparation, because examinations can occur without warning, and there can be harsh consequences for non-compliance. The major actions you can take today to begin your preparations include strategizing for an SEC examination, conducting a mock SEC audit, preparing your staff for the experience and understanding how to manage the interview process as a whole.
1. Strategize for an SEC examination
One of the keys to preparing for any exam is to understand what you are being tested on. Some of the most common compliance deficiencies revolve around the strategic goals of compliance programs. Consider the primary purpose of the exam is to ensure your procedures and policies are consistent with current regulations. Thus, the first step you can take is to review your policies and procedures to conduct a risk assessment.
Has anything about your business changed since your compliance manual was created, or have new regulations taken effect since your last revision? These questions can identify new risks your previous policies and procedures may not have accounted for. When considering other areas of risk, your firm should review any prior examination letters or decisions, internal or external reviews and reexamine any customer complaints. These areas allow your team to tailor your compliance program to the specific risks inherent in your business activities.
By evaluating where your policies and procedures currently stand, you’ll be able to enact a roadmap to improve your program. These self-evaluations should include key decision-makers such as your C-level executives to foster a culture of compliance. This tone at the top will trickle down throughout your organization and keep employees aware of the legal landscape you’re operating in, along with the potential ramifications of non-compliance. By infusing compliance into your culture, your employees will naturally be more prepared to speak with SEC examiners and exude a degree of comfort with regulations.
It takes time to tailor your compliance program and develop a culture of compliance. That’s why your organization should build these practices into your operations and conduct self-assessments periodically to improve continually. SEC examiners investigate how your firm reacts to risk. Therefore, documenting periodic reviews will highlight to examiners the proactiveness of your policies and procedures.
2. Conduct a mock SEC exam
Don’t overlook the importance of SEC mock exam questions, which provide your firm an opportunity to undergo the real-world stresses of an examination without the real-world implications. You can conduct mock examinations in-house, or if you are unsure how to take a mock SEC exam, many third-party providers offer these services. Mock audits provide an opportunity to review your policies and procedures against current regulatory requirements, while giving your employees a taste of what a real examination might be like.
Mock audits allow for growth among your personnel and compliance policies and procedures. Your staff will have the opportunity to refresh their memories regarding key policies and regulatory procedures under a “stress” test, and you will be able to evaluate your compliance policies against current regulations. This practice run allows your personnel to gain some comfort in knowing what an exam would feel like and gives you time to rewrite and enact policies and procedures that weren’t consistent with SEC standards. Finding gaps in your compliance program doesn’t by itself mean your firm is failing. However, gaps allow you to further develop your program by training in specific problem areas to increase your firm’s competencies.
3. Prep your staff on what to expect:
Mock SEC audits give your employees a safe testing ground to understand what an SEC examination would look and feel like. Because your policies and procedures won’t be the only thing under examination, you’ll want to make your employees aware of the basics of an exam. All employees should be mindful of when the exam will occur, how long it will last and where the SEC examiners are located in the office, if onsite. It’s also a smart idea to go over basic office protocols and standards regarding safety, confidentiality and security of information, documents, conversations and premises.
Some employees will need to undergo further preparations, since examiners may interview key employees of your firm. Chief compliance officers tend to be the most involved members of your team, but examiners may interview any employee who plays a role in your procedures, including IT, operations, finance and your legal department. Some common SEC examination interview questions will test the acumen of your employees responsible for business risk areas. You should ensure the employee being interviewed is the most knowledgeable regarding your policies, procedures and internal controls for each particular area. Your mock SEO exam should include practice interviews to prepare your personnel for what the SEC examiners may ask.
4. Manage the examination process from day one
From the moment SEC examiners enter your business, they will be evaluating your policies, procedures, personnel and premises. Because this spotlight is on your business, you’ll want to establish a good first impression with the investigative team. Many firms prepare an initial presentation for the examiners to allow them to get to know your business. These presentations usually cover items like the makeup of the organization, the products and services offered, the affiliates you work with, the internal controls your team currently has in place and the culture of compliance instilled within your organization.
At this initial presentation, you should also arm the SEC staff with any documents or files they may have requested to conduct the examination. It’s in your best interest to make the examiner’s process more manageable, so arrange records in the requested order and make sure to label them clearly. Documentation review provides examiners a bird’s-eye view into the effectiveness of how your firm’s compliance policies and procedures integrate with your daily workflows and processes.
If you feel your process is unique or unclear to an outsider, you may want to write a memo describing how an internal control works within your daily flow. As you supplement examiners with additional documentation, be sure to make duplicates for your records so you can go back to reference information after the examination or share information with your outside counsel.
After your initial presentation, the examiners will likely want to conduct their initial interview. Here, you should continue to take charge of your examination and establish the ground rules for the course of the investigation. Common items you will want to discuss and explain are as follows:
- Who is your firm’s primary contact for the examiners regarding policies, procedures and document production
- When the examiners will conduct interviews, so you can adequately staff your business during these periods
- Who needs to be present during interviews
- How long the examiners plan to be operating at your office
One of the major points organizations often overlook when it comes to examination expectations is that you need to remember to advocate for your firm and compliance program. Defending your position doesn’t mean confronting SEC staff and driving a wedge between the examiners and your personnel. Instead, advocating your view could look like explaining why you have implemented a particular process, or demonstrating how an examiner has misinterpreted a specific policy. Supporting your position can be a delicate process and is best left to primary points of contact like your chief compliance officer or other C-level employees. If you feel there is an issue between you and the examiners, you can request to meet with a senior examiner to further advocate your position.
Begin Your Preparation for an SEC Examination Now
Often, the best defense is a good offense. Some steps your firm can take in preparation before an SEC exam include strategizing, simulating the process with a mock exam, preparing your staff for what to expect and learning how to manage the examination process from the outset.
Take steps now to ensure peace of mind in the future. At Vigilant Compliance, LLC, we provide comprehensive regulatory solutions to a diverse range of financial firms. Request a proposal to speak with a professional about how we can help your team prepare for a potential SEC examination.
Modified: November 7, 2018