The exam is finally over! If your advisory firm has been undergoing an SEC examination, you’ve probably been waiting a long time to utter those words. Well, time to get back to business, right? Not so fast. As our series on SEC examinations has detailed, this is a long process. And if your firm received a deficiency letter, the process is even longer. This is not just in reference to the time it takes to respond to the deficiency letter. No, even more important than the response you provided to the SEC is the remedial action you now need to take to resolve any deficiencies the examination highlighted.
Where to start? Well, for one, address the issues you promised to in your response letter. This seems too simple, but, believe it or not, this is a problem for some advisory firms. As Marc previously pointed out, one of, if not the first thing that will be reviewed on your next examination, is how your firm remedied previous deficiencies. Likely the last thing you want to do is consider another examination so soon. However, you really don’t want to find yourself in the position of explaining of a reoccurring deficiency. So, let’s discuss how to remedy those deficiencies.
If your firm was cited for a deficiency related to a particular compliance policy or procedure be sure to implement the changes to bring the policy or procedure into compliance. This remedy will likely require multiple steps. You may need to update the text of the policy in question. Once you are confident that the text of the policy reflects compliance with the applicable regulation, review your corresponding procedure related to the policy and update any controls that are needed. It’s one thing to have a compliance manual that contains all necessary policies. But those policies will curry no favor with your regulator if your procedures, in practice, don’t match the words in your manual. Remember, systems and processes are your friends. If you are remedying a deficient compliance procedure, make sure, as much as possible, that the revisions you make allow the procedure to be easily conducted and repeatable.
For example, let’s say your firm was cited for deficiencies related to misleading advertising. Your response to the SEC deficiency letter outlined additional controls that would be implemented to prevent future violations. You review your compliance policy on advertising and determine it is complaint. You next review your procedure related to advertising review and revise it to implement the additional controls you laid out in your response letter. However, in practice, these additional controls translate into added reviews of your marketing materials by your Chief Compliance Officer, who already has an overfilled schedule. Moreover, your Marketing Officer still isn’t clear on what materials do or do not need to be reviewed. This is a recipe for a deficiency on a future exam and ever worse, a recurring deficiency.
As this example has shown, don’t simply take the words you wrote in your responses to the deficiency letter and paste them into your compliance policies and procedures. Take this as an opportunity to holistically review your compliance program. You just experienced an examination. Take an inventory of what went well and what could be improved, even if it didn’t manifest a deficiency. Use this experience to establish or improve upon processes that will enhance your compliance program. As in the example above, consider if you have appropriate resources. Determine if all members of your firm are adequately trained on your policies. And, if you conclude that the additional resources or trainings are needed, consider proactively consulting your legal or compliance professional.
We hope you’ve found this series on SEC examinations helpful. Please check back next time when Marc concludes this topic by discussing mock exams.