How Prepared Are You for an SEC Examination?

Legal Risk Management Tip

July 2018

Download as a PDF by Clicking Here

SEC examinations are on the rise, and the level of intensity during examinations perhaps has never been greater. From our experience, the length of examinations is increasing, particularly if the staff perceives weaknesses in a compliance program. The need for documentation supporting compliance efforts, coupled with training of employees, is essential to demonstrate. Based on this, firms need to be better prepared than ever before.

This month’s legal tip will walk you through the SEC’s top examination deficiencies and provide you with guidance on how you should prepare. We will then provide you with tips of best practices to consider and share with your team prior to the examination which should help to bring a positive examination experience.

The Purpose of SEC Examinations

The primary purpose of SEC regulatory examinations is to detect whether a violation of federal securities laws has occurred. Among other things, the staff is there to determine whether its registrants have developed sufficient internal controls to detect and prevent compliance program failures. Each year, the SEC provides a list of its top examination priorities, which guide registrants in focusing their compliance efforts. Firms must also consider their top enterprise risks and develop robust policies and procedures around those areas customized to the business. Without a dynamic compliance program, firms undergoing an SEC examination will be faced with scrutiny from the staff, who likely may cite deficiencies in a findings letter.

Commonly Cited Deficiencies

In 2017, the SEC’s National Exam Program ("NEP") published a Risk Alert that identified five of the most frequently cited deficiencies sent to SEC-registered investment advisers. This included deficiencies or weaknesses related to: Rule 206(4)-7 (the "Compliance Rule") under the Investment Advisers Act of 1940 ("Advisers Act"); required regulatory filings; Rule 206(4)-2 under the Advisers Act (the "Custody Rule"); Rule 204A-1 under the Advisers Act (the "Code of Ethics Rule"); and Rule 204-2 under the Advisers Act (the "Books and Records Rule").

Within each of these categories, the SEC provided guidance on what its registrants should consider in reviewing their compliance programs. Considering this guidance, the following questions are designed to help identify whether gaps exist, which will enable you to take appropriate action to address and correct such gaps.

A. Compliance Rule

  1. Is your compliance manual tailored to your business and does it contain written policies and procedures that cover applicable regulatory requirements?
  2. Are you performing annual reviews and testing the adequacy of your policies? Do you have documentation to demonstrate this?
  3. Are you following the firm’s compliance policies and procedures?

B. Regulatory Filings

  1. Does the Form ADV contain disclosures that are inaccurate and require updating? Have you considered omissions of material fact?
  2. Are you making untimely or incorrect filings of Form PF, Form D or Form ADV?

C. Custody Rule

  1. Do you have online access to client accounts due to having client passwords with ability to withdraw funds and securities?
  2. Have you provided independent public accountants conducting surprise examinations with a complete list of all accounts over which you have custody or fail to provide information necessary to timely file accurate Form ADV-Es?
  3. Do you have powers of attorney or standing letters authorizing you to withdraw cash and securities from client accounts or does anyone serve as a trustee or executor for a client?

D. Code of Ethics Rule

  1. Have you accurately identified all access persons?
  2. Does your Code specify review of holdings and transaction reports and specify submission time frames?
  3. Are holdings and transaction reports timely submitted?
  4. Is a summary of the Code provided in Form ADV Part 2A, with information on how to obtain a copy of the Code?

E. Books and Records Rule

  1. Are you aware of what books and records must be maintained (such as trade records, advisory contracts and general ledgers) and for how long?
  2. Have you failed to timely update your books in such areas as fee schedules, client lists and client records?
  3. Are your books and records consistent and not contradictory?

Today’s Hot Examination Topics

In addition to the above-listed rules, there are trending examination focus areas that registrants should pay particular attention to. For purposes of this month’s Risk Management Tip, we will be focusing on three of focus areas: senior investors, disclosures on advisory fees and associated costs and cybersecurity.

Senior Investors – In recent examinations, the staff is providing a definition of senior client, and then asking registrants to provide the percentage of clients whom are seniors, a percentage of the regulatory assets under management attributable to seniors, policies and procedures to address senior issues, policies and procedures related to beneficiary requests, powers of attorney, monitoring and supervising changes to trustees, trusted points of contact and steps to take upon a client’s death. If asked, would you be prepared to produce these documents to the staff during an examination? Would you be able to demonstrate that training is provided by the firm to its employees on senior issues and provide policies on how the firm facilitates the transition of a senior client from actively employed to retired status? These are all areas that the staff expects its registrants whom service senior investors to be able to evidence during an examination.

Disclosures on Advisory Fees and Associated Costs – Last month’s Legal Tip focused on the April 2018 NEP Risk Alert on Advisory Fee and Expense Compliance Issues Identified in Examinations.2 This focus area continues to be at the forefront. In recent examinations, the staff is reviewing advisory practices, policies and procedures and comparing them to advisory agreements and other disclosures provided to clients to see if they align with the fees and expenses actually assessed to clients. Specifically, the staff is asking registrants to describe their billing processes, provide the account value(s) used for calculating advisory fees, demonstrate how they are calculating fees and whether they ever consider "households" for the purposes of offering a breakpoint, provide details relating to how the registrant verifies client invoices/bills for accuracy, and evidence through invoices, custodial statements, billing reports, internal tracking for various time periods what the client was actually billed and how this was reconciled by the firm. As part of this endeavor, the examiners frequently interview sales staff and/or review CRM notes and emails to learn how the firm is communicating to clients about advisory fees and expenses that will be assessed and whether conflicts of interest are adequately disclosed. Are you able to demonstrate these areas, and evidence consistent client messaging regarding fees? Have you conducted training in this area? Are your policies and procedures robust in the above-referenced areas?

Cybersecurity – Because of the increased vulnerabilities associated with cyber environments, it is no surprise that cybersecurity continues to be a hot topic. During recent examinations, the SEC is asking registrants to specify whether they conduct periodic cyber risk assessments to identify cyber threats, vulnerabilities and potential business consequences and to provide findings for each of those areas. For registrants with on-line account access, the staff is inquiring about the parties that manage that services, functionalities provided, authentication required for online access, software employed for detecting anomalous transaction requests and measures taken to protect client PINs. The staff also wants to know whether certain cyber events, such as malware detected on one or more devices, has occurred and the response of the organization. While most firms have developed cybersecurity policies and procedures, are they robust enough and do they address all of these areas? Has an incident response plan been authored and tested?

How frequently are vulnerabilities discussed with the CCO and has such communications led to more robust internal controls?

Use these questions as a checklist when reviewing your policies and procedures and consider training in each of these areas with key employees.

Examination Essentials – How to Prepare for your next SEC Exam

If you are an SEC-registrant, it is inevitable that you will be examined. In preparation, consider these pointers on how to prepare for your next SEC exam

  1. Carefully review the document request list and ask for clarification, when necessary, of the examination team.
  2. Consider prior deficiency letters and be prepared to demonstrate that those deficiencies have been addressed and are no longer an issue.
  3. Make a PowerPoint for the onsite entrance interview. Summarize your business model, highlight your compliance program and also share what services you do not provide.
  4. Alert your employees. Identify who will liaise with the staff and assist pulling all document requests.
  5. Prepare senior managers for onsite interviews. Consider engaging counsel to conduct mock interviews in advance, which will help to set expectations with personnel.
  6. Be responsive, but only address the question or specific request by the staff. When in doubt, contact outside counsel for guidance.
  7. Keep copies and a list of what has been produced for future reference; organization is key.
  8. Be proactive. If a correction is needed, attempt to make that before the exit interview and notify the staff of your progress.
  9. Showcase your firm’s culture of compliance throughout the exam by having strong communications with the staff, timely producing documents and demonstrating the "tone at the top."
  10. Use the exit interview as an opportunity to clarify any misunderstandings on the part of the staff and to explain what remedial actions you have taken or plan to take as a corrective action. Offer explanations and clarifying points as necessary that should be considered by the staff in their findings.

SEC examinations can be overwhelming; but they are necessary and help identify internal control weaknesses that if corrected, can help to protect clients and the integrity of the financial industry. Be proactive in preparing for an exam. Consider these tips and suggestions to help strengthen your internal controls to help lead you towards a successful examination experience.

JLG specializes in SEC examinations. For more information on these and other considerations relating to preparing for SEC examinations, please contact us at [email protected], or (619) 298-2880.

Author: Michelle L. Jacko, Esq., Managing Partner, Jacko Law Group, PC. JLG works extensively with investment advisers, broker-dealers, investment companies, hedge funds, banks and corporate clients on securities and corporate counsel matters.

This article is for information purposes and does not contain or convey tax or legal advice. The information herein should not be relied upon regarding any particular facts or circumstances without first consulting with a lawyer or tax adviser.


For more information, including statistics related to these findings,

see https://www.sec.gov/ocie/Article/risk-alert5-most-frequent-ia-compliance-topics.pdf.

see/News-Room/JUNE2018RMT.pdf.