Executive Summary
For SEC-registered financial advisors, the prospect of an upcoming examination by the SEC can be a source of high anxiety. This is especially the case with newly registered advisors or formerly state-registered advisors who recently became SEC-registered since they may be uncertain about how the examination process will work, what elements of the firm the SEC will dig into, or what information the advisor will need to provide to the examiners. Even firms with robust compliance programs that do a good job following their required policies and procedures can struggle with examinations if they don't have the information that examiners will ask for readily available.
Thankfully, the SEC has published guidance that details the information typically requested during a first-time examination, as well as the questions examiners are most likely to ask the advisory firm, in the form of a Risk Alert titled "Observations from Examinations of Newly-Registered Advisors". Effectively, then, they've given out a 'cheat sheet' for the exam, from which advisors can glean information that can help them prepare for the inevitable phone call from the SEC initiating their next examination.
At a high level, the exam process typically kicks off with a phone call from the SEC examiner, followed by a secure email detailing the information being requested from the advisor. Advisors generally have about 2 weeks to collect the information for the specified examination period (which, for newly registered advisors, typically stretches back to the effective date of their initial SEC registration). Next, as detailed in the Risk Alert, the list of requested information tends to be similar for most advisors undergoing their first SEC examination and comprises various types of information.
First, the SEC will request information on the firm itself, including organizational charts, employee roles and responsibilities, financial statements, and/or any legal action against the firm that is pending or settled. Next, they'll want information on the firm's clients (including the number and types of clients served), client accounts (including Regulatory Assets Under Management and other assets managed such as "Assets Under Advisement"), and services (including the types of advisory services provided, authority to trade in client accounts, and use of third-party providers like custodians and subadvisors).
At the core of the examination, though, is a review of the firm's compliance policies and procedures and code of ethics, including not just a copy of the 'paper' compliance manual but also how the practices and controls the firm puts into place ensure it adheres to its compliance program. Which means the firm will need to provide records of holdings and transactions for each of its clients (which may require some training and practice for employees to be able to quickly pull the needed data from the firm's custodian), as well as archived client communications and any advertisements produced by the firm.
The key point is that even though the volume of information requested for an SEC examination may be large, advisors will be able to predict a large proportion of what that requested information will be since the SEC has given those details in its Risk Alert. Which ultimately helps advisors better prepare for an eventual examination by putting the systems in place to easily archive and submit information to examiners – and to reduce the chances of extended back-and-forth questions with regulators, so the firm and its advisors can get back to normal business!
In academia, the specific content of an upcoming exam is kept under lock and key by the proctoring teacher until it is presented to students on the day of the exam. Students are expected to have studied the subject matter and class material with such thoroughness that – without knowing the exact questions that will be asked in advance – they can accurately respond to whatever the teacher throws their way.
A student who surreptitiously obtains an advance copy of the questions to be asked in an upcoming exam is viewed as a cheater, as it gives such student an unfair advantage compared to other students who do not have the same ability to shortcut the exam with rote memorization and regurgitation.
With respect to its new investment adviser registrants and the exams to which they are subject, the SEC takes a bit of a different approach. In March of 2023, the SEC's Division of Examinations essentially published the exam questions it will initially ask of newly registered advisers during their first exams. This publication took the form of a Risk Alert entitled "Observations from Examinations of Newly-Registered Advisers".
While the Risk Alert does indeed cover the Exam Staff's observations from examinations of newly registered advisers (i.e., how advisers are failing certain exam elements), I'd argue that the introductory section of the Risk Alert entitled "Examination Scope" is actually where SEC registrants can glean the most value.
What follows is a list and analysis of each exam question that the Risk Alert states will likely be included in the actual information request list initially sent to advisers being examined for the first time by the SEC. Advisers whose cards have yet to be drawn by SEC Exam Staff would do well to use what follows as a study guide/dry run of sorts, as the Risk Alert's exam content list very closely tracks reality for most such advisers in my experience.
Typical Exam Initiation
Before delving into the actual exam questions, let's briefly walk through the typical exam initiation experience (the word "typical" has been emphasized here, as exam initiation may vary based on the particular SEC examiner or exam manager, whether the exam is being initiated for cause or due to a tip/complaint, etc.).
First contact by the SEC examiner will typically be made by phone to the contact information listed for the Chief Compliance Officer in Form ADV Part 1A, Item 1.J, with the examiner verbally announcing the commencement of an exam of the adviser. For advisory firms that haven't done so in a while, it's worth confirming that the contact information listed for its Chief Compliance Officer in Form ADV Part 1A, Item 1.J is accurate (particularly the listed phone number and email address) lest it cause any initial delays or hiccups in the exam's commencement.
To verify that the caller is actually employed by the SEC (and that the call is not a phishing attempt), advisers can call the SEC's "Personnel Locator" at (202) 551-6000, the Examination Hotline at (202) 551-EXAM (3926), or contact the SEC Regional Office whose jurisdiction they fall under. There are 11 SEC Regional Offices (soon to be 10, due to the closure of the Salt Lake City Regional Office later this year), and registrants are generally assigned to a Regional Office based on geographic proximity. (If you happen to fall under the Boston Regional Office's jurisdiction, the government-assigned abbreviation for such Regional Office is "BRO"... so call your bro to verify the identity of the purported examiner. Sorry, couldn't resist.)
What follows after the exam announcement via phone will be a secure email from the examiner with at least 3 PDF attachments. For advisers who have never emailed with the SEC before, they'll need to set up an account with their secure email system (ZixMail) in order to access the email's contents and attachments. They may also have to set up an account with a separate secure file transfer system (Kiteworks) used to transmit large volumes of attachments, but the examiner will send invitations to both at the inception of the exam.
The 3 PDF attachments typically included in the examiner's first email are:
- The Examination Brochure (SEC Form 2389), titled "Information for Entities Subject to Examination or Inspection by the Securities and Exchange Commission";
- Supplemental Information for Entities Directed to Supply Information to the Commission Other Than Pursuant to Commission Subpoena (SEC Form 1661); and
- The Information Request Letter.
The Examination Brochure includes information about the exam process and the methods the Exam Staff employs for resolving issues identified during exams. It is worth a read to set the stage for the overall exam experience from start to finish, to understand what to expect (and what not to expect), and to keep track of important time frames to bear in mind (particularly with respect to the ultimate conclusion of the exam).
The Supplemental Information document references confidential treatment request procedures under the Freedom of Information Act, describes the SEC's authority to require advisers to supply information to it and the consequences of not supplying such information, and explains how the SEC will use the information the adviser supplies to it.
The most important PDF attachment is the Information Request Letter, discussed in detail in the following sections.
The Information Request Letter – Mechanics
The Information Request Letter includes not only the itemized list of information to be compiled by the adviser and supplied to the examiner, but also the following important pieces of information:
- The date by which the requested information is to be provided (generally within approximately 2 weeks). If an adviser is unable to produce all the requested information by the response deadline, the information that the adviser can produce by the response deadline should still be submitted along with an advance request to reasonably extend the response deadline for the remaining items. In other words, the adviser should not hold back the entirety of its responses simply because it will not be able to submit everything in its entirety by the deadline.
As the Examination Brochure states: "The Commission expects that in most circumstances records should be available to staff within 24 hours; however, the staff typically provides a longer period of time to produce records. The staff will grant requests for reasonable extensions of time, where appropriate." It's also not uncommon for the Information Request Letter to instruct advisers to submit documents "on a rolling basis (as available)".
- The "examination period" (i.e., the date range applicable to the requested information). The examination period is often overlooked and not always readily apparent when quickly perusing the Information Request Letter, but it is crucial to understand the temporal boundaries of the information being requested. At least in my experience, and assuming the adviser is first examined by the SEC within the first year or 2 after SEC registration is deemed effective, the first date of the examination period usually coincides with the adviser's initial SEC registration effective date.
It's also worth noting that advisers are under a general obligation to notify the examiner of material events or activities that technically occur after the examination period, but while the examination is still ongoing, that would result in material information that would be responsive to a request. For example, if a client initiates litigation against an adviser after the examination period but while the examination is still ongoing and the adviser initially responded "N/A" to a request item that asked about any ongoing litigation involving the adviser, the adviser is generally expected to notify the examiner accordingly.
- How the requested information is to be transmitted to the examiner (i.e., via ZixMail and Kiteworks). Do not submit any sensitive or nonpublic information to the examiner via unsecured means (like unencrypted email outside of ZixMail or Kiteworks). Doing so at least tacitly signals to the examiner that the adviser failed to carefully read the Information Request Letter, and – worse yet – that it doesn’t appreciate its information security and information protection obligations to clients.
- How to label and organize the requested information such that it corresponds to the item number in the request list (and to indicate "N/A" with an explanation for information requests that are inapplicable). We generally recommend that an adviser's initial response to the Information Request Letter be comprised of a cover letter that includes an enumerated list of responses matching the enumerated list in the Information Request Letter, along with a list of corresponding attachments with file names that include the request number to which they are to be associated. For example, the cover letter may state, "1. Please see the attachment entitled '1. Organization Chart.pdf'". The cover letter is effectively a table of contents in this regard. If needed, the cover letter can also be used to provide additional context, explanation, or descriptions of the referenced attachments, or to simply provide a narrative response to a request item if an attachment is not warranted.
When possible, it is best to submit electronic files in a format that is searchable and sortable by the examiner. For example, if requested to produce a list of investment positions by client, it is best to compile such information in an Excel spreadsheet as opposed to an image-based non-OCR PDF file that doesn't have scannable text. This facilitates the examiner's ability to filter, sort, and search through the supplied information more readily.
- The contact information for the examiner and the exam manager. The listed examiner will generally be the adviser's day-to-day point person who is spearheading the exam, reviewing responses, asking follow-up questions or requesting additional information, and conducting the informational interview (more on the informational interview below). It's also common for an exam manager to be assigned to the exam who will oversee and participate in the exam process.
- Defined terms. Defined terms are vitally important to understand, as the manner in which a term is defined can alter how an adviser responds to a particular information request. If an adviser encounters a vague or unfamiliar term, it is highly advisable to seek clarification from the examiner as opposed to simply guessing what such a term means.
- How to assert privilege claims for information withheld (e.g., due to attorney-client privilege). To the extent that an adviser engaged legal counsel during the examination period or otherwise in connection with certain information requests, the adviser may be able to withhold certain documents or communications that would otherwise be responsive to an information request by asserting that such documents and communications are subject to attorney-client privilege. If an adviser wishes to assert attorney-client privilege over any documents or communications, it will need to provide a "privilege log" that identifies the document or communication that is being withheld, and sufficient information to support the privilege claim.
Bear in mind that privilege claims can only be justifiably applied in limited circumstances. Just because an adviser copies its attorney on its trade order memoranda doesn't mean that it can withhold its client transaction history from the examiner. Said another way, an adviser generally can't assert attorney-client privilege with respect to records it is required to maintain under the Recordkeeping Rule under the Investment Advisers Act of 1940.
At least in my experience, justifiable assertions of attorney-client privilege most commonly arise if legal counsel was engaged to undertake a mock SEC exam during the examination period. Since the Advisers Act and the rules thereunder do not specifically require advisers to undergo mock SEC exams or maintain any corresponding records thereto, an adviser that retains an attorney to render legal advice through the course of performing a mock SEC exam can generally claim that the legal advice related to such mock exam (such as the findings or deficiencies uncovered during such mock exam) may be withheld from the SEC and protected under attorney-client privilege. There are pros and cons to such an assertion (at least from an optics perspective), but it is an assertion that can be made nonetheless.
Importantly, the records documenting an adviser's annual compliance review generally may not be withheld by asserting a privilege claim – even if legal counsel was engaged to undertake such annual compliance review on behalf of the adviser – as such records are required by Rule 206(4)-7 of the Advisers Act.
The Information Request Letter – Information Requested
Turning back to the Risk Alert itself, the following is a list of what the SEC's Division of Examinations publicly signals will likely be requested in an adviser's first Information Request Letter. I've added commentary and tips for each item along the way.
General Information – The Adviser's Business And Operations
- Organizational charts. This request should not be terribly challenging and essentially requires the adviser to supply a list of entities controlling, controlled by, or under common control with the adviser (e.g., affiliates, parent companies, or subsidiaries).
- Documentation to support eligibility for SEC registration. An adviser should look to its "SEC Registration" response to Form ADV Part 1A, Item 2.A. if it is not sure about the basis upon which it is eligible for SEC registration. For example, a "large advisory firm" with regulatory assets under management of at least $100 million can refer to the Excel spreadsheet that has been provided in response to the later information request regarding client holdings and the aggregate assets under management reflected in such Excel spreadsheet. A "multi-state adviser" can supply a list of the states in which it would otherwise be required to register (by virtue of the adviser's physical presence or number of clients in such states). Basically, the SEC just wants to confirm the adviser is justifiably registered with the SEC and should not instead be registered with one or more state securities authorities.
- Information about ownership and control of the adviser and its affiliates. An adviser's response to this information request should match what is already disclosed in Form ADV Part 1A, Schedule A with respect to the adviser itself (albeit with more detail about specific ownership percentages). To the extent the adviser has any affiliates (generally entities controlling, controlled by, or under common control with the adviser), owners and their respective ownership percentages should be identified as well.
Remember that certain affiliates are required to be disclosed in Form ADV Part 1A, Item 7 ("Financial Industry Affiliations") and – especially to the extent such affiliates create conflicts of interest with the adviser – should be discussed in Form ADV Part 2A, Item 10 (“Other Financial Industry Activities & Affiliations”).
- Information about current and former advisory personnel, such as the reasons for departure for former personnel (if available) and the roles, responsibilities, and physical locations of current personnel. This response can take the form of a simple personnel roster of sorts, including the specific information requested about each individual. To the extent an individual was terminated during the examination period, a brief explanation of why the individual was terminated should suffice.
If the individual was an investment adviser representative, ensure the "reason for departure" does not contradict what may have been listed in the departed individual's Form U5 (Uniform Termination Notice for Securities Industry Registration). The advisory personnel's physical locations are of interest so as to assess whether personnel are geographically dispersed (or perhaps working remotely). If so, advisers should review the SEC's November 2020 Risk Alert, "Observations from OCIE's Examinations of Investment Advisers: Supervision, Compliance and Multiple Branch Offices" to appreciate the SEC's expectations with respect to oversight and supervision of such geographically dispersed personnel.
- Financial information, including the balance sheet, trial balance, and income statement. The financial statement information request will typically ask for financial statements that include the specific reporting period(s) being examined, but advisers should also be prepared to supply the requested financial statements as of the end of the most recent fiscal year and current year to date.
Advisers would do well to ensure they can readily produce such financial statements well in advance of an exam and not be beholden to the availability of a third-party accountant or bookkeeper (especially if the exam happens to commence during tax season when accountants and bookkeepers are otherwise occupied).
Not being able to produce requested financial statements in a timely fashion simply because the adviser can't get a response from their CPA is not a great look. Also – though not explicitly stated in the Risk Alert – advisers should be prepared to supply a general ledger.
- Information about any threatened, pending, or settled litigation or arbitration involving the adviser or any of its supervised persons. Carefully review and consider the wording in this information request, as it is intentionally broad so as to capture "threatened, pending, or settled" litigation or arbitration against both the adviser itself and its supervised persons. What constitutes "threatened" litigation or arbitration is a facts-and-circumstances analysis, but an adviser should consult with counsel about demand letters, cease and desists, or other similar nastygrams it may have received from a potential plaintiff that have not yet materialized into actual litigation or arbitration.
Also be on the lookout for potentially limiting language in the information request that excludes litigation or arbitration that does not relate to the adviser's business or a supervised person's association with the adviser (e.g., a supervised person's litigation with his homeowners' association likely isn't intended to be swept into this information request). Finally, be mindful of attorney-client privilege claims that may apply.
Demographic And Other Specific Data Regarding Advisory Client Accounts
- Advisory services provided, such as portfolio management, financial planning, and/or bundled wrap fee arrangements. When responding to this information request, ensure that responses track what is already disclosed in Form ADV Part 2A, Item 4 (Advisory Business); Form CRS, Item 2 (Relationships and Services); and the description of services in client advisory agreements. Examiners are justifiably on the hunt for discrepancies or inconsistencies among disclosure documents, client agreements, and actual practices, so be sure not to inadvertently paint a picture of the services provided that differs from what is reflected in writing elsewhere or in actual practice.
- Types of client accounts serviced, such as individual, defined benefit retirement plan, registered fund, or private fund. An adviser's response to this information request should align with its response to Form ADV Part 1A, Item 5.D. (Information About Your Advisory Business – Clients); Form ADV Part 2A, Item 7 (Types of Clients); and Form CRS, Item 2 (Relationships and Services). To different extents, all such items elicit responses regarding the types of clients the adviser serves. Again, consistency and alignment are key.
- Advisory authority to trade in the account, such as whether the adviser has discretionary authority. Discretionary trading authority should be explicitly granted to an adviser by a client through an adviser’s advisory agreement, a copy of which will also typically be requested as part of the exam. Limited powers of attorney included within custodian forms (that authorize a custodian to act upon trading instructions received from an adviser) should not contradict the trading authority granted in the same client’s advisory agreement. The amount of discretionary regulatory assets under management is also reflected in aggregate in Form ADV Part 1A, Item 5.F.(2)(a) and Form ADV Part 2A, Item 4.E. ("If you manage client assets, disclose the amount of client assets you manage on a discretionary basis and the amount of client assets you manage on a non-discretionary basis. Disclose the date "as of" which you calculated the amounts.").
Once again, there should be alignment among the discretionary or non-discretionary trading authority granted in a client's advisory agreement, Form ADV reporting, and an adviser's actual practices.
- Advisory personnel servicing and overseeing the account. Any supervised person who formulates advice for a client and has direct client contact, as well as any supervised person who has discretionary authority over a client's assets (even if the supervised person has no direct client contact) is required to have a Form ADV Part 2B brochure supplement that is delivered to such client. Thus, advisers should ensure that their responses regarding account servicing and oversight by advisory personnel align with the Form ADV Part 2B brochure supplements maintained and delivered to clients.
Note that SEC-registered advisers are not required to file Form ADV Part 2B brochure supplements (unlike state-registered advisers), but they are still subject to the recordkeeping and client delivery requirements found in the Form ADV Part 2 General Instructions.
- Assets under management advised by the firm. Advisers are required to calculate and report their "regulatory assets under management" in Form ADV Part 1A, Item 5.D. and Item 5.F.(2). Advisers are also required to report the "amount of client assets you manage" in Form ADV Part 2A, Item 4.E. The ADV Part 1 and ADV Part 2A instructions may appear to require identical reporting at first blush, but the inclusion of the word "regulatory" before "assets under management" in Form ADV Part 1 is the key differentiator.
Regulatory Assets Under Management (or "RAUM") is a very specifically defined term, and instructions for calculating RAUM can be found on page 19 of the Form ADV General Instructions. In brief, RAUM is generally comprised of securities portfolios for which an adviser provides continuous and regular supervisory or management services. RAUM is perhaps the most common basis upon which an adviser may be eligible for SEC registration and is also commonly cited by advisers in marketing material to show off their size and ostensible success. SEC examiners thus focus on the veracity of an adviser's RAUM calculation to expose any fudged numbers or misleading claims.
The Form ADV Part 2 General Instructions state the following:
Your method for computing the amount of "client assets you manage" can be different from the method for computing "regulatory assets under management" required for Item 5.F in Part 1A. However, if you choose to use a different method to compute "client assets you manage," you must keep documentation describing the method you use.
If an adviser wants to report "assets under care", "assets under administration", "assets under advisement", or a similar derivation of RAUM, it should have supporting documentation and calculation to provide that such reporting was not simply pulled out of thin air.
The bottom line is that RAUM, client assets managed, marketing material, and the documentation supporting such calculations (as derived from a custodian or portfolio accounting software) should all tie out.
- Third-party service providers, such as custodians, administrators, and auditors. Be prepared to provide signed agreements with service providers and to demonstrate some form of initial and ongoing due diligence of such service providers (especially those that provide products or services to clients like custodians, sub-advisers, financial planning software, performance reporting software, etc.).
The most important aspect of a third-party service provider relationship, however, is whether such relationship presents any conflicts of interest that warrant disclosure in Form ADV Part 2, Form CRS, or elsewhere. As a fiduciary, advisers have an obligation to make full and fair disclosure of conflicts of interest that could affect the advisory relationship with clients, including sufficiently specific facts so that clients can give informed consent to such conflicts.
This is a dead horse that I will continue to beat for so long as I am in the industry: Always. Disclose. Conflicts. Of. Interest. Not doing so will yield a more challenging and protracted exam experience at best, and an SEC enforcement action at worst.
Retention or recommendation of affiliated service providers, revenue sharing arrangements with third-party product or service providers, receipt of material gifts or entertainment from third-party product or service providers, dual-hatted advisors that are also licensed to sell securities or insurance on commission… all arrangements create financial incentives worthy of sufficient disclosure.
- Investment strategies, such as global equity, high-yield, aggressive growth, long-short, or statistical arbitrage. An adviser's methods of analysis and investment strategies (including associated risk of loss) should be described in Form ADV Part 2A, Item 8, and should align with an adviser's marketing materials and the composition of actual client portfolios. Here, the SEC examiner is likely trying to understand how relatively simple or complex the adviser's investment strategy is, and whether any overly complex investment strategies are generally appropriate for an adviser's clientele.
While I personally have not experienced an examiner that played Monday-morning quarterback with respect to the allocation or trading decisions made in a client's portfolio, advisers should still review client portfolio allocations and transaction histories to ensure they pass the smell test. Also be prepared to assign/categorize each portfolio into an investment strategy category for exam reporting purposes.
The Risk Alert concludes this section by telegraphing that SEC examiners will often request documents supporting the adviser's representations, such as copies of select contracts, agreements, or third-party account statements. In other words, advisers should be prepared to prove the claims they make to examiners. As the old regulatory adage goes: If it isn't in writing, it never happened.
The Adviser's Compliance Program, Risk Management Practices And Framework, And Internal Controls
Written compliance policies and procedures and the adviser's code of ethics. If an adviser is not asked to produce its compliance manual and code of ethics during an SEC exam, hell will also have frozen over. I don't often make guarantees, but this one is a slam dunk. The content of a proper compliance manual and code of ethics could be the subject of its own dedicated article, but for now I'll offer the following best practices:
- Remember the Goldilocks principle: a compliance manual and code of ethics should neither be so short that it fails to address the Federal securities laws to which the adviser is subject, nor so long that it includes redundant, inapplicable, or overly verbose narratives that obscure comprehension.
- Make it your own: customize the compliance manual and code of ethics such that it doesn't reek of an ill-fitting, hand-me-down template. Don't sponsor or participate in a wrap fee program? Delete the wrap fee program section. Use client testimonials? Ensure the compliance manual doesn't prohibit it. Accept custody of client assets such that require the firm to undergo an annual surprise custody exam? Describe custody practices and the retention of an independent public accountant. And for the love of God, scrub the compliance manual and code of ethics for any "[placeholders]" or "[INSERT FIRM NAME HERE]" references.
- Review at least annually: Only an annual compliance review is required by Rule 206(4)-7, but interim reviews and updates should be triggered by changes to the services offered, personnel changes, new rules or best practices, types of clients served, etc. A compliance manual and code of ethics should be a living and breathing document that doesn't simply get rubber-stamped by the CCO on an annual basis. Be prepared to supply documents supporting your bona fide annual compliance reviews as part of the exam.
- Distribute to supervised persons early and often: Supervised persons should receive the compliance manual and code of ethics shortly after their hiring, any time it is materially updated, and at least annually. To evidence delivery, consider having all supervised persons sign an acknowledgment of receipt, understanding, and agreement to comply. Examiners will also expect personnel to be routinely trained on the compliance manual and code of ethics to facilitate such understanding and compliance.
Information To Facilitate The Testing For Regulatory Compliance
Portfolio management and trading activities, such as a record of specific information for all advisory clients' securities holdings and transactions. As referenced earlier, be prepared to export a variety of information in Excel format about clients, accounts, and client portfolio composition, including position holding and transaction information. Such information should likely be readily available from an adviser's online custodian platform or portfolio accounting software, but will likely require a bit of customization to meet the information request's formatting requirements.
It's best to do a 'dry run' and test one's ability to find, export, and customize such client holding and transaction information so as to not be scrambling when staring down the barrel of a rapidly approaching response deadline.
Communication Used By The Adviser To Inform Or Solicit New And Existing Clients
Disclosure documents and advertising, such as pamphlets, social media, mass mailings, websites, and blogs. It's no secret that the SEC has been focused on advisers' compliance with the Marketing Rule as overhauled in late 2020 – especially with respect to an adviser's use of testimonials/endorsements and hypothetical performance. But examiners will also be on the lookout for advertisements that are misleading, unsubstantiated, unfair, or unbalanced.
The first step to successfully responding to this information request is to have a complete inventory of what advertisements were actually disseminated during the examination period to begin with.
The second step is to fully appreciate what actually constitutes an "advertisement" under the Marketing Rule, as it can encompass websites, blogs, newsletters, social media posts, webinars, and a variety of other content.
Lastly, advisers should strongly consider performing simple Google searches of their firm and their supervised persons (ideally before an exam if even initiated) to see what pops up and perform any needed 'housekeeping'.
The Information Interview
In each initial SEC examination I've been a part of, the examiner and exam manager hosted an informational interview shortly after the initial information request responses were received. This informational interview is often via videoconference or telephone, but may also be in person now that COVID-19 era restrictions are no more. During the informational interview, the examiner and exam manager ask questions to illuminate their insight into the adviser's business, operations, investment activities, and compliance program.
The informational interview also serves as an opportunity to gauge the "tone at the top and culture of compliance." As the Risk Alert plainly states, "These assessments can be important factors in the staff's review of the effectiveness of the adviser's compliance program."
With respect to informational interviews, my recommendations are generally as follows:
- Answer the questions posed in a truthful, accurate, and complete fashion. It can be tempting to ramble on and provide narrative descriptions of related or ancillary topics to the questions posed, but it is more helpful to stick to the questions as they are asked.
- Don't be afraid to ask questions if it's difficult to understand what the examiner is requesting, as sometimes the examiner may use terminology that is unfamiliar or vague.
- During verbal conversations, don't make guesses when responding to questions. It is perfectly acceptable to say something along the lines of "I don't have that information immediately at hand, but I'd be happy to research this further and confirm my response so I can be sure to get you the most accurate and complete response possible."
- If any of the document/information requests are extremely cumbersome or voluminous, gently describe the overly extensive nature of their request and suggest alternative ways to produce the requested documentation/information that can provide the examiner with the functional equivalent of what may be sought.
- Organization and timely responses go a long way, as these implicitly convey the adviser's professional nature and that they take their exam seriously. Sloppy, disorganized responses implicitly convey larger disorganization within the firm that could be interpreted to mean compliance is also sloppy and disorganized.
- If there will be multiple adviser participants in the same informational interview (e.g., such as the CCO and the CEO), collaboratively review the information request letter and responses thereto ahead of time, as well as any thorny issues that may be broached on the call. Ideally, the left hand and the right hand will be in sync, and neither will be surprised by the off-the-cuff verbal response of the other. Regardless of which personnel participate in an informational interview, the CCO should participate in all such informational interviews (and should generally be the point person for all information requests and responses thereto).
This is by no means a comprehensive guide to how all initial SEC exams will ultimately shake out, as each exam will inherently take a different path as determined by the adviser's business practices, compliance competence, preparedness, and the rabbit holes that an examiner decides to explore. But if the staff of the SEC Division of Examinations itself publishes its own framework and scope – as it did with the Risk Alert that has been the subject of this article – advisers should perk up and take notes, because it's not often that an examinee is provided with the contents of an exam in advance!