3 Actionable Tips to Become SEC Examination Ready

Written by Brian Young

Over the summer, we heard rumblings that the SEC was conducting unannounced examinations on RIAs in the Boston area. While we have certainly seen a significant uptick in the examinations of never before examined advisors, none of which have been unannounced. Regardless if it is a routine exam or unannounced, it is best practice for advisors to stay examination ready regardless of location or if registered with the SEC or applicable State(s). As we preach to our clients, make sure you take proactive measures to become “examination ready”. Don’t wait until the SEC or a state level examiner comes knocking at your door!

Here are three (3) actionable tips to consider:

1. Customize your Compliance Program

We see far too many advisors that think they are “plain vanilla” and therefore think they can get by with a generic compliance manual (Wrong!). Most firms do not create their compliance manual from a blank page. They start with a model document to address the broad regulatory structure and industry requirements. Although, a model document is a good starting point, it does not amount to a finished product. RIAs need to know that a one-size-fits-all compliance manual does not exist and no consultant or legal resource knows the firm better than the people actually operating it on a daily basis. The creation of a firm specific compliance manual should include three broad steps:

Review the model document for content and applicability (ask questions).

Customize the model document to be firm specific, which means customize language specific to your business practice and make sure to remove language that is not relevant to your firm. Then operate your firm in a manner that is consistent with your compliance manual.

Regularly review, and update your compliance manual as the dynamics of the business evolve and the regulatory environment changes. A compliance manual should never be considered a final document but a current draft of a “living document”.

Always remember that SEC or State regulators expect there to be evidence to demonstrate that policies and procedures are being implemented. Simply put, if there is no evidence, it did not happen.

2. Complete an annual review of your Policies and Procedures

On an (at least) annual basis, you should complete a review of the adequacy and effectiveness of your compliance program. Ideally, the firm should conduct risk assessments of your compliance program throughout the year to test the risk controls and identify any weaknesses. If any issues are identified, make sure to take corrective action and document, document, document! If you don’t document the steps you have taken, (*in the regulator’s eyes) it never happened!

Related: Cybersecurity Is Now the Biggest Risk Facing Independent RIAs

Keep in mind that an effective compliance program should identify potential risks and mitigation opportunities. If the established controls never identify a risk or a mitigation opportunity, the controls should be evaluated and potentially revised.

3. Organize your Books and Records

During the examination process, the regulators will want to complete a sampling of your books and records. You should make sure that your books and records are maintained in an organized fashion to ensure they can be readily delivered. The examination process typically starts with a document request letter including (but not limited to):

Financial Statements including income statements, balance sheets, and other key accounting records.

Client Records including a full list of current and past client accounts, supporting client agreements, profiles, investment policy statements and trade data.

Communications with existing or prospective clients including emails, advertisements, and social media accounts.

Regulatory filings and other compliance program documents including your ADV 2A/2B, compliance manual, compliance certifications, business continuity plan, code of ethics, and cyber-security policy.