Are you ready for an SEC Exam?
If you are SEC registered and have yet to receive an exam, you better prepare.
For months the SEC has alluded to its focus on "never-before examined advisers".On February 20, 2014, despite tight resources at the SEC, they formally issued a letter to Firm Owners and Chief Compliance Officers.
"Our [SEC] records indicate your firm is a registered investment adviser that has never been examined by the Office of Compliance Inspections and Examinations (“OCIE”) within the United States Securities and Exchange Commission (“Commission”)." [See SEC Letter dated February 20, 2014.]
So, we have established they are coming. Now we are left with "when" and are you ready?
As a compliance consultant, I can attest that the SEC has been active. We have been neck deep in supporting advisor exams throughout the fall and coming into 2014. However, it is quite doubtful that they will get to all NBE Advisers in 2014, but your firm must prepare as if your turn is imminent.
The SEC has disclosed two approaches towards these examinations, including: a risk assessment reviews and focused reviews.
Risk-Assessment Reviews are broader examinations that cover your entire compliance program. These reviews will focus on the effectiveness of your overall compliance program in preventing, detecting and correcting violations of the securities laws. In these examinations, the SEC will examine your overall business model and ensure you not only have the policies and procedures in place, but that your firm adheres to these policies consistently. The SEC will focus on your documentation and its consistency. [Note: If you can prove you completed a task or action, it did not happen in the eyes of the regulators. So please maintain proper documentation of business and compliance activities.]
Focused Reviews will target specific areas of your business model, including the Compliance Program, Filings/Disclosures, Marketing, Portfolio Management, and Safety of Client Assets. While these items may sound focused, they are both broad and inherent in most aspects of your enterprise risk and compliance. If the SEC finds some areas of weakness, they are very likely to continue into a deeper examination. In addition, the SEC recently announced their 2014 Priorities, which may yield some additional insights into the topics for Focused Reviews.
So how do you prepare?
There is no single answer to this question, but certainly taking no action has a certain end result. Here are some suggestions:
- Risk Inventory. Start with developing a risk matrix that identifies all the business and compliance processes of your firm. Rank each items for their level of risk, impact, frequency and other parameters. The outcome of this activity should be a sortable list of your risk areas that can serve as the basis to formulate priorities.
- Review Action Plan. Develop a reasonable and continuous action plan to review the target areas on your risk assessment. [Note: you will want to cover all areas of your business over time.]
- Document. Document. Document. It is imperative that you document the details of your reviews. If you find areas of material weakness, you may want to consult your compliance or legal partners before committing the issues to writing. However the key takeaway is that you must be able to demonstrate [through evidence] that you perform these reviews of your firm. The approach towards documentation is not defined by the regulations, but it must sufficient to demonstrate the effectiveness of the control environment.
- Leverage your Team. Compliance has largely been left on the shoulders of the Chief Compliance Officer. An effective compliance program contemplates a "culture of compliance". Leaving the risk management to the CCO is not an effective way to manage risk and it naturally results in a low return on your investment. Integrating risk management into your organization brings accountability to all supervised persons of your firm and creates a stronger risk environment.
- Seek External Support. If you have areas of your compliance program that require immediate attention or you are not sure how to get started, it is often best to engage external compliance resources. Mock examinations, structured compliance programs and targeted support are some of the options that are available.
Best of luck in your preparation