In a perfect world, your preparation for a regulatory exam would begin no later than the first day your firm is open for business. Every adviser registered under Section 203 of the Investment Company Act of 1940 (the ’40 Act) is required to make and keep accurate books and records relating to its investment advisory business.
Getting an early start at establishing an organized system for managing and maintaining your document retention policy will not only help your firm adhere to a regulatory requirement, but also simplify the process when the federal or state regulators first knock on your door. While the regulators will generally provide you with an initial document request list before coming onsite for an exam, the regulators have been known to conduct exams without giving advance notice.
How the Process Begins
When applied to the U.S. Securities and Exchange Commission (“SEC”), the SEC will often provide an initial notification of an upcoming exam by referencing that it is conducting an examination of risk factors pursuant to Section 204 of the ’40 Act. If the exam notice is accompanied by an initial document request list or deficiency letter you will be given approximately one to two weeks to produce the requested books and records. If you didn’t receive advance notice, you will still be given a reasonable amount of time (usually 24 – 48 hours) to provide all requested information.
You’ll need to provide any requested documents promptly. Often, the examination period covers a span of approximately two years, so you will be requested to produce documents in place during that entire period. To efficiently process the material assembled for review, you may be asked to label the information so that it corresponds to the item number in the SEC’s request list and provide the requested information in electronic format.
What the SEC Wants to See
A voluntary document request related to an SEC exam usually includes, but is not limited to:
- A copy of your compliance policies and procedures, as well as details about your risk assessment program and any risk assessment reports have been prepared thus far;
- Your cybersecurity and business continuity plan;
- A copy of your most recent financial statements;
- Organizational diagrams of adviser and affiliates, detailing ownership, control relationships, and any changes in ownership; and/or
- Any threatened or pending litigation, customer complaints or other issues that have occurred during the examination period.
The team at Jacko Law Group, PC (“JLG”) is seeing a considerable increase in the number of advisers undergoing regulatory exams; a trend likely to continue. Effective compliance programs with a strong Code of Ethics are diligent about keeping accurate books and records. It helps immeasurably to have everything in place when the SEC comes calling so you can focus on other aspects of the exam and not experience the nightmare of having to produce documents on the fly.
Your document retention policy should include maintaining complete files when dealing with employees and outside contractors. But you should not provide regulators with any more or any less information than they request. If you provide more information than requested, you might unnecessarily be opening the door for additional questions.
If you provide less information, you can expect a second request.
How to Improve Document Retention
Compliance departments that develop a clearly defined document retention policy can benefit in terms of cost effectiveness and peace of mind. It is far more expensive to look for documents from previous years than it is to maintain books records by following established policy. A well-executed document retention policy shows regulators your organization abides by state and federal compliance standards.
At JLG, we can greatly assist by conducting mock exams on a periodic basis to help your firm assess its document retention and overall readiness. To begin the process, we will provide your firm with a potential regulatory exam initial document request list, perform in-person interviews, and assess internal systems and controls. Most importantly, at the conclusion of our review, JLG will prepare a written report identifying areas where you firm lacks key information and/or may be vulnerable during a regulatory examination.
Such written report allows our team to take proactive steps by identifying areas of risk in order to enhance or create policies and procedures that effectively address and manage those risks on your behalf. Our attorneys and team of professionals will customize their reviews to evaluate all those aspects of your business that are subject to regulatory compliance.
As provided above, at the conclusion of the process, we provide our findings to your designated team members, which includes a list of key concerns, recommended actions, to advance compliance program efforts. Subsequently, JLG will work closely with you and your team members to develop a compliance calendar that prioritizes action items and includes a timeline for implementing enhanced controls. Contact us today to schedule a consultation.