Alaric Compliance Alert: Is Your Firm Ready for a Regulatory Review?
In its 2018 National Exam Program Examination Priorities1, the U.S. Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE) indicated they will focus on matters of importance to retail investors including disclosures of the cost of investments; investment advisers that have yet to be examined; mutual funds and exchange-traded funds (ETFs); cryptocurrency and initial coin offerings (ICOS). Other priorities include compliance and risks in critical market infrastructure clearing agencies, exchanges, transfer agents and alternative trading systems; FINRA and MSRB internal controls, operations and oversight of broker-dealer and municipal advisers. The agency will continue to make cybersecurity enforcement a top priority, and will also review firms for compliance with anti-money laundering rules as applicable. Firms should make sure they are ready for regulatory reviews. Here are steps to help asset managers and funds prepare for regulatory review.
For a routine examination, registrants are usually notified by phone in advance of an exam giving firms time to gather supporting documentation and to prepare the Chief Compliance Officer (CCO) and staff for exam interviews. Following weeks of preparation for their arrival, regulatory examiners will want a general meeting that kicks off the on-site portion of the exam. In this meeting, you should expect to provide an overview of your firm and compliance program. This initial meeting enables the examiner to become familiar with your firm’s structure and governance, key employees, investment strategies, types of clients and operations.
Senior management should conduct a presentation on behalf of your firm and answer general questions about the compliance program. The CCO should then conduct a more detailed presentation of the compliance program. Examiners may look to gauge the dynamic between the CCO and your firm’s leadership, to confirm the expertise and empowerment of the individual designated to manage your compliance program.
The examiners may commence by asking for your professional background, including your education and training and will focus on your responsibilities within the firm. Keep responses brief and to the point. They will then ask questions that are more specific regarding how you perform those responsibilities.
Employees should be prepared to discuss the compliance policies and procedures applicable to the functions that they perform or supervise. For example, investment processes would include the selection of securities/investments, suitability analysis, ongoing due diligence, allocation of investment opportunities, selection and assessment of executing broker-dealers, and portfolio monitoring. You may want to have the CCO prepare employees for this interview and have a brief outline of potential questions to help staff stay on point.
- The examiner will have questions about content provided in your firm’s response to their initial request list. For example, they may request to speak with whomever is the most knowledgeable person to review a particular document on a specific topic. Designate and adequately prepare the right person to respond to the examiners’ interest regarding specific topics.
- Interviewees should answer questions directly, only elaborating when needed. He or she should try not to go off on tangents but, to answer the question fully and honestly so as not to appear to be withholding information. A response that contradicts a document provided to the examiners may impair the smooth progress of the examination.
- There could be mistakes when answering questions. Regulatory examiners realize this, as we are all human. It is customary to go back and restate an answer that may have been incorrect. That said, if someone does not know the answer, you should tell the examiner you will get back to them with a response.
- The examiner will usually ask for backup documentation on certain responses, typically on questions where a hardcopy document is available to confirm. This is normal. Before providing the materials to the examiner, please review them with your CCO.
During the Exam
Examiners will spend a significant amount of time in the designated conference room reading the materials provided and taking notes during interviews and when answering questions. As they continue their exam, additional questions or information requests will arise.
There may be areas in which the examiner feels the information provided has gaps or issues, or topics have not properly been addressed. It is a best practice to address gaps and issues promptly while the examiners are onsite. Doing so may possibly eliminate a comment in the deficiency letter, or the deficiency item could include a mitigating statement that the item was addressed during the exam.
The CCO should request an exit interview to discuss the status of the exam. This provides an opportunity to review open issues that regulators may believe are deficiencies. Examiners might agree to conduct the exit interview on the last day while onsite, and/or they typically schedule an exit interview later, on- or off-site while the exam is ongoing after their onsite visit.
Conclusion of the Exam
After the on-site portion of the exam concludes, examiners may have follow up requests for some time. The firm, coordinated by the CCO, should respond promptly to all requests in the same process as when preparing the initial responses. Commission rules require that exams be completed within six months of an on-site review or within six months of receiving all materials requested, whichever comes later.
An examination can have one of three outcomes, which are not mutually exclusive.2 Reviewers will:
- Issue a letter to the registrant indicating that no deficiencies were identified;
- Issue a letter describing the deficiencies and requiring the registrant to implement appropriate corrective actions, and submitting a written response describing the actions; or
- Refer deficiency matters to other investigatory or enforcement staff of the SEC.
Although there are times when no deficiency may be found, the SEC often issues a deficiency letter. The letter typically outlines background information and citations of the regulations or law, responses to questions asked during the exam, what was reviewed as well as any issues or recommendations identified during the exam. The CCO and registrant will need to provide a written response to the deficiency letter within 30 days, describing either (i) grounds for disputing assertion of the deficiency or (ii) the steps that have or will be taken to remedy the deficiencies and any improvements that will be made.
Is your firm ready for a regulatory examination?
With nearly 300 years of cumulative financial services compliance expertise, Alaric’s team members have managed over 100 regulatory examinations as Chief Compliance Officers. We have also conducted hundreds of onsite regulatory exams; mock SEC audits, focused reviews and other compliance-related consulting projects as seasoned practitioners. Our team of former regulators, lawyers and in-house chief compliance officers can help your firm be audit-ready.