No matter how “clean” you think your firm is, or how well you think your compliance program is equipped to prevent, detect and correct potential issues, it can still be nerve-wracking to get a letter or phone call notifying you that the regulators are coming to conduct an examination. That’s true whether your firm will be undergoing its first exam or its twentieth.
Understanding what the regulators are looking for, taking a proactive approach to examination readiness and implementing compliance technology solutions are all things that can help firms not just survive their regulatory examinations, but thrive during the examination process and after the final letters have been issued closing the books on the audit.
Understanding What the Regulators are Looking For
Whether it’s the SEC, FINRA, state regulators, the CFTC or another entity coming to inspect your books and records, you want the entire process to go as easily as possible.
For their part, the regulators want the process to go smoothly too, so they’ve made efforts to be transparent.
- SEC – In addition to its annual letter outlining exam priorities for the coming year, in February 2017, the SEC published a risk alert highlighting the five most common topics and deficiencies identified in examinations of registered investment advisers. These resources can help.
- FINRA – Firms subject to FINRA examinations can review its “What to Expect” document. FINRA also releases an annual examination priorities letter, designed to help guide member firms in assessing the effectiveness of their compliance programs.
Taking a Proactive Approach to Examination Readiness
For firms that want to better prepare for regulatory visits, the first step is to proactively review the regulators’ statements about examination priorities and efforts. Reviewing internal policies and procedures and books and records with those priorities in mind, and implementing changes to address any deficiencies noted during internal audits and exams, can provide confidence for CCOs.
Taking examination preparedness a step further, some firms also choose to conduct their own “mock exams” before they ever receive a real examination notice. Doing so can be an eye-opening exercise, helping firms shore up areas they didn’t realize were potential issues. SEC-regulated entities can create a mock exam request list by reviewing information provided by the Office of Compliance Inspections & Examinations. Some firms also seek out actual examination request letters other firms in their geographical areas have received. These are often available as takeaways from industry compliance conferences, or by networking with compliance personnel in other similarly-positioned companies.
Handling the Examination Itself
There is not a single “right” way to manage a regulatory examination. However, there are several “wrong” ways. You want to send a positive message about your firm – right from the first interaction with the regulators. As basic as it sounds, being organized, responsive and professional can go a long way in setting the stage for a positive experience.
Along the same lines, making everyone in the firm aware that examiners are present, and reminding them of the need to be professional at all times in public areas can help make a positive impression.
It’s a good practice to assign responsibility for coordinating the examination to one key person. In a smaller firm, this will likely be the CCO. In a larger firm, the CCO may find that delegating this responsibility to a compliance director or manager can help free up the CCO to oversee the process without being bogged down by details. If the examiners request an interview with someone else in the firm, the CCO or designee can help that person prepare for the interview so the firm puts its best foot forward.
Generally speaking, firms should provide the regulators with exactly what they’re asking for – no more, and no less. However, firms with dedicated legal counsel usually want a securities attorney to review requests if there is any question about whether a firm should provide certain information.
Finally, it is not uncommon for examiners to have follow-up questions, even after they are no longer on-site. Being responsive and forthcoming, including adhering to response deadlines, is important throughout the examination process.
Compliance Technology Solutions Can Help
To prepare for your firm’s next regulatory exam, begin by taking stock of your ability to compile documentation and run reports of compliance activity. If that process is cumbersome, it may be time to consider implementing a compliance technology solution.
It’s not a question of whether the regulators will come visit your firm; it’s a question of when they’ll come. Implementing compliance tools and systems now can help give you peace of mind knowing your firm is equipped to meet its compliance obligations. Having technology in place also demonstrates to the regulators that you take compliance seriously. Finally, using one primary compliance system also makes preparing for compliance exams and audits much simpler than the process in firms that rely on manual processes or disparate, siloed systems.
While it is unlikely that you will ever actually look forward to the regulators’ visits, you can prepare yourself – and your firm so the process goes as smoothly as possible and causes as little disruption as possible.