The Most Common Outcomes from an SEC Examination

Compliance officers and senior management tend to express relief once the U.S. Securities and Exchange Commission’s (“SEC”) Division of Examinations (“EXAMS”) ends its preliminary exit interview of their firm. Even if you’ve provided all requested documentation and answered all questions confidently, sometimes the most excruciating part of the exam process begins once SEC staff walks out your door.

It’s the waiting game.

Section 4E of the Securities Exchange Act of 1934 requires SEC staff to complete compliance examinations within 180 days from the latter occurrence of one of two specified events. Specifically, Section 4E (b)(1) provides that not later than 180 days after the date on which Commission staff completes the onsite portion of its compliance examination or receives all records requested from the entity being examined or inspected (whichever is later), SEC staff must provide the registrant with written notification indicating that the examination has concluded without findings, has concluded with findings, which may result in the staff requesting corrective actions by the registrant. It also is possible that the staff will refer the matter to the Division of Enforcement for further investigation.

Each of the possible written notification outcomes triggers an onset of new responsibilities.

The “No Findings” Letter

The best possible outcome is written confirmation that EXAMS has completed its review of the registrant and did not find deficiencies during the examination process. But it’s important to keep in mind that only about 5% of firms receive this type of response from the SEC.

The “No Findings” letter, however, will not state that your firm has received a clean bill of health. It will state that the exam did not find anything that requires further action by your firm at this time. 

Even if you get the perfect exam letter, you’re not done. Even though “No Findings” letters may not cite any specific shortcomings or violations, it is important for registrants to keep evolving their compliance program, keeping sharply focused on protecting investors and fulfilling duties of loyalty and care. Your compliance efforts must evolve every day, just like the market.

The Deficiency Letter 

This is far and away from the most likely outcome. More than 90% of firms examined by the SEC receive a deficiency letter that describes any alleged deficiencies that may include violations of laws and rules and/or weakness of internal controls. The SEC issued 2,000 deficiency letters in its most recent fiscal year

Although regulations provide the SEC 180 days to respond, EXAMS’ goal is to provide registrants with timely written notification of any potential deficiencies within 90 days of completing an exam. Registrants typically are given 30 days to respond in writing with any corrective actions they are taking in response to the staff’s findings.

In our experience, the majority of SEC deficiency letters result in a Rule 206 finding as it relates to the Investment Advisers Act of 1940, meaning the EXAMS has uncovered one or more examples of negligence or inadequate controls within the compliance program framework. For example, common finding firms receive is that they have failed to provide adequate disclosure to investors or failed to have a robust policy and procedures for a particular area.

Implementing a dynamic compliance program helps to avoid and mitigate compliance risks. Rule 206(4)-7 under the Investment Advisers Act of 1940, better known as the Compliance Program Rule, requires RIAs to have written policies and procedures to prevent violation of securities laws, to designate a competent Chief Compliance Officer, and to test, no less than annually, policies and procedures to ensure that they are effective. State-registered investment advisers should conduct a similar review in an effort to make their policies and procedures more effective.

If the deficiency letter cites numerous violations, it’s the SEC’s way of saying your compliance program requires attention; and likely, the registrant has not done forensic testing of its internal control system. Most recently, our team at Jacko Law Group, PC (“JLG”) has come across several examples where a firm’s advisory fees and expenses, retirement programs, cybersecurity, and custody have been areas of interest for the Staff.

Avoiding a Referral to the Division of Enforcement 

When you receive a deficiency letter, the SEC starts its 30-day response meter. If you don’t do enough to satisfy regulators by the end of this period, there’s a potential that EXAMS will refer the matter to the SEC’s Division of Enforcement. It’s clearly not the preferable outcome.

You may not agree with all the EXAMS’ findings in a deficiency letter, but you should let staff know you take all the findings very seriously. It’s an opportunity to nurture and enhance a culture of compliance. 

Preparing for and responding to regulatory exams by the SEC, the Financial Industry Regulatory Authority (“FINRA”), or the state can be overwhelming. JLG has established a Quick Response Team that has extensive experience in handling regulatory examinations and can assist you with:

  • Guidance on what to expect and how to prepare for the onsite examination
  • Mock interviews with and training of personnel
  • Liaising with regulators on complex issues, document requests, and production
  • Review of books and records prior to submission
  • Representation before and during the onsite examination, and
  • Responding to regulatory deficiency letters

Contact our law office today at (619) 298-2880 or visit us online at to find out how we can help.

Leave a Reply

Your email address will not be published. Required fields are marked *