SEC Risk Alert demystifies exam focus

September’s Risk Alert gives some useful insights into how the SEC chooses which firms to examine and which topics to focus on in those examinations. If you operate a US-regulated business, it’s essential reading to understand how likely you are to appear on the SEC’s radar. The teacher is essentially revealing what will be in the test.

While every firm can expect to be examined at some point, the SEC acknowledges in last week’s alert that its risk-based approach makes some firms more likely to be examined than others. While it’s generally known the SEC takes risk factors into account in an examination, it’s good to see the specific details being shared.

Understanding the selection process

Some of the reasons the SEC may select an adviser to examine are based on that organization’s risk characteristics, specific complaints, tips or referrals from other regulators about the organization, or the staff’s interest in a particular compliance risk area and that firm’s involvement. Each year, the SEC releases its annual examination priorities, which are vital to review and address the areas to which you’re exposed. This will help you prepare for any potential examination and show that you are compliant. And given the severity of the consequences of a bad exam it is definitely worth paying attention.

There are also firm-specific risk factors that determine when an organization may be reviewed, such as:

  • prior examination observations
  • supervisory concerns, such as disciplinary history
  • tips, complaints, or referrals from other regulators
  • business activities of the firm that create conflicts, such as outside business activities
  • the length of time since last examination
  • material changes in firm leadership
  • indications that the firm may be vulnerable to financial or market stress
  • news and media reports on a firm
  • third-party data
  • firm disclosure history and previous examination outcome
  • whether the firm has access to client/investor assets.

The examination process – what to look out for

Once your firm has been selected for examination, the SEC then selects the exam’s area of focus. While often similar information is requested in all exams, the Commission may request specific data related to particular areas of interest. Generally, examinations include reviewing an adviser’s operations, disclosures, conflicts and compliance practices related to certain key areas like custody, valuation, portfolio management, fees and expenses, and brokerage and best execution.

Once the SEC has determined the scope of the exam, they will send you a request list asking for specific information for you to review. The Risk Alert contained an example of one of these request lists that is worth carefully reviewing to make sure you will be able to produce those documents when they are requested.

From our experience working within the SEC we know that at the end of an exam each firm is assigned two different risk ratings. The first is a compliance risk rating that focuses on the effectiveness of the firm’s compliance program. The second is an inherent risk rating that focuses on the overall risk of the organization. Although these are kept very high level and are relatively subjective, they play a key factor in the examination schedule that the SEC will determine for your firm.

This is the main reason why it is so important to pay attention to the Commission’s examination priorities each year when those are published and address them inside your organization to make sure you are meeting your compliance obligations.

How we can help

Our team of compliance specialists include former SEC examiners who understand exactly what is required and can help you determine what might be coming down the line. Our tailored mock exams assess both the investment and operational aspects of your firm, including controls and adherence to compliance policies and procedures, so everyone knows what to expect, are prepared for interviews and can confidently navigate document production and forensic testing.