p19gi2ug7330akm8u41tnde0qd.jpg

7 Things to Do Before an SEC Audit

An advisor's initial instinct when notified of a pending examination may be to worry or be nervous. As with any regulated industry, however, firm examinations will occur -- so we recommend that you take fear out of this process.

Once you receive notification of a regulatory examination, stay calm and follow these seven steps. (Page through to see all the steps, or click here to see them in a single page.) -- Brian Hamburger & Gary D. Davis

Brian Hamburger is president and CEO and Gary D. Davis is program director at MarketCounsel, a compliance consulting firm based in Englewood, N.J.

Image: Bloomberg
p19gi2ug6p1ndg1fmv109tqlo158c6.jpg

1. Notify all your staff.

All staff will play a role within the examination process: Some will be interviewed, some will gather data for the examination and others will assist with continuing daily operations. Set the expectation here that examinations are an “all hands on deck” process.
Also, remind your staff that being examined does not mean you did anything wrong. You work in a regulated industry and will be routinely examined.

Image: iStock
p19gi2ug6qs4316dp1gjh1oq5ci7.jpg

2. Notify essential service providers.

Notify those partners who are essential to your day-to-day operations -- such as custodians, trading and investment research technology vendors and independent managers -- that you will be undergoing a regulatory examination and may call on them to support with books and records requests.

Image: iStock
p19gi2ug6r1lq21k9nsa815jv10ts8.jpg

3. Notify your compliance resource.

If you have engaged an outside compliance resource (i.e. regulatory counsel or compliance consultant) notify them that you have been informed of an examination. Provide the resource with all initial request letters from the regulator.

Then schedule a call with your compliance resource to review the initial request letter for clarity around the data the SEC is requesting and for advice on conducting verbal interviews.

Image: iStock
p19gi2ug6rb1f1ujfi271fb71pkh9.jpg

4. Gather initial data requested.

Gather the data requested from the initial request letter. Remember to answer only the questions the regulator has asked; providing more can cause your firm to lose control of the examination.

Note that the SEC prefers to work with electronic books and records, so the more you have available electronically, the more efficient your data-gathering process will be.

Image: iStock
p19gi2ug6scmn1oegeuaanc2era.jpg

5. Conduct an internal review of the requested data before it is submitted to the regulator.

The regulator will provide you with a due date to provide the initial data requested. (Due dates for limited-scope exams tend to be approximately one week from notification, with two weeks from notification for full-scope exams.)

We recommend two actions here. First, have a review process where two individuals review the data before submission -- with one person generating the data, and the other reviewing the data for accuracy against the initial request.

Additionally, ensure you maintain an electronic version of all data provided to the regulator.

Image: iStock
p19gi2ug6saf91emkikv1fdn1qcmb.jpg

6. Hold a staff preparation meeting.

About a day or two before the examination, we recommend you conduct a staff meeting to help prepare your staff for the examination. You will want to set some ground rules for the team.

First: The chief compliance officer is managing the examination. All requests go to the CCO and all interviews must include the CCO.

Second: Remember there is nothing to fear, and that this is just a part of working in a regulated industry.

Third: Answer only the questions asked by the regulators; do not freely give up more information than requested (either orally or in writing).

Image: iStock
p19gi2ug731n8is3cmd8158tnsdc.jpg

7. Be courteous and controlled.

The examiners have a job to do, are looking for deficiencies and are your guests -- so please be hospitable. You are in control of your examination.

You will lose control, however, by providing more than is asked, providing inaccurate or erroneous information -- or by being unable to prove your high culture of compliance, systems and controls, supervision and policies and procedures.

Read more:
• 5 Things Regulators Want to Know About the Way You Do Business
• 'I Survived an SEC Audit'
• Industry Gears Up for Bloody Fiduciary Battle
• Brokers Beware: New SEC Sweep to Zero-in on Retirement Practices
• SEC Warns Firm Leaders on Cybersecurity Policies

Image: iStock
MORE FROM FINANCIAL PLANNING