So you’ve built your robo-adviser, registered it, hired and licensed personnel, implemented a compliance program, conducted a successful marketing campaign, and (finally) gotten to do what you’ve really wanted to do the whole time – advise clients and manage portfolios. Startup woes seem a thing of the past, and your operation is running smoothly.
Then, one day, you check your email inbox and find a message from the SEC’s Division of Examinations (EXAMS) saying that your firm has been “selected” for examination. Wait, what?
Take a breath. Our next series of posts will walk you through the exam process from start to finish, so that you can be well prepared to ace the test when the SEC inevitably draws your firm’s name.
Why were you picked? An entity may be selected for reasons such as the entity’s risk profile, a tip or complaint, or a review of a particular compliance risk area. Or a firm may just be chosen at random. Unfortunately, you probably won’t ever know why you were picked – the SEC has stated publicly that it generally does not share those reasons with firms under examination.
What are they looking for? Through the exam process, the SEC seeks to test whether you are following applicable laws and rules, adhering to the disclosures you make to clients and your own internal policies, and implementing a compliance program that is reasonably designed to ensure your firm meets applicable requirements. There are several flavors of exams:
- Routine. Routine exams take place periodically (i.e., aren’t triggered by anything particular event) and are designed to test all major areas of your compliance program.
- Sweep. Sweep exams are usually targeted to just one or a few compliance areas that the SEC deems to be of particular risk to the industry as a whole (such as a sweep exam related to cybersecurity conducted in 2015, the results of which are detailed here).
- For Cause. The SEC may examine a firm based on a client or employee complaint or referral; such exams tend to focus on the area raised by the complaint or referral.
Sometimes exams are unannounced. But that’s not the norm. The bulk of exams tend to be announced, so our next few posts will give you a thorough overview of the typical process for an announced exam. We’ll also give you a few practical pointers at each stage.
As illustrated in the above vignette, at the outset of an announced exam, the SEC will usually send you a communication telling you that it’s your turn. That communication normally includes a request list for information and documents that the staff will review before they come onsite. Responding properly to that request list is critical to your exam success, for it’s your opportunity to make a fantastic first impression. So critical, in fact, that it’s worth its own blog post. We invite you to return next time when Josh will show you how to make that initial response shine and put the staff at ease before they even walk through your door.