In our last episode Don’t Panic, Josh walked through how to respond to an initial examination letter, including a handy checklist of items that roboadvisors should always have in good order. But what if your existing practices don’t cover all the examination letter requests? Do not fret. No examiner is expecting perfection. More important is understanding the examination objective to determine the appropriate response.
Here are five questions your organization will want to answer before responding to the exam:
1) Is this a routine examination?
The SEC will prioritize “newly” registered investment advisers for examination. This is standard operating procedure- you are not being singled out. Thus, by definition, a review of a previously unexamined roboadvisor is “routine”. Typically, this review will be conducted within the first year or two. Even if there are no on-site visits (halted during COVID), expect a telephonic and/or video interview of managers in addition to the written requests. In 2020, the Division examined 15% of all investment advisors.
For “sweep” exams, regulators are surveying similarly-situated RIAs for specific topics or practices. For example, one Division sweep exam on cybersecurity looked like this: SEC Sample Letter. As we’ve stated before, the motivation and focus of many such examinations are often right in the Division of Examinations (“EXAM’s”) annual disclosure of exam priorities. For 2021, they were: Priorities.
In exams for “cause”, you can often intuit topics of interest from the examiners’ questions themselves. Regulators’ policies differ on whether they will disclose why they are asking what they ask. In most instances, however, proactively calling EXAMS is a fruitful use to time before responding.
2) How long should I expect the exam to take?
Settle in. This is not a quick process. But being prepared and timely responding to examiners will help move things and make business disruption as painless as possible (a relative term, I know). Following an initial interview, on-site visit (if required), and receipt of all requested documentation, the SEC has 180 days to complete its exam.
3) Do we have history of regulatory issues or deficiencies?
One of the first things an examiner will check is previously identified risks in your business model. Prior deficiency letters? Expect examiners to make a bee line for such topics. Know the issues, and how compliance responded and documented them, cold. And if there are clear outstanding issues or complaints, don’t hide the ball or mislead.
Beyond the obvious obligations to report problems or complaints, assume examiners already know or will soon discover these meddlesome facts, and have shared the same with other regulators. That said, carefully consider exam questions and answer what is asked. Rushing to answer can open misleading topics and unnecessary doors.
4) Are we doing what we say we do?
Step two for any examiner will be to look at your ADV. Check to make sure that your ADV, advisory agreements, fee disclosures, brochures and other documents match your exam replies AND one another. If there have been updates, explain that- but be prepared with books and records to demonstrate how compliance policies are reviewed and when they changed.
5) Are there recent Division pronouncements for RIAs?
Advisers have an obligation to keep abreast of applicable laws. EXAMS regularly publishes guidance, and has focused on digital advisers for a few years now. For example, EXAMS provided recent guidance on wrap fee program violations found in RIA exams: Wrap Fee Risk Alert. Examiners will routinely ask about priority topics, testing whether your compliance staff keeps up with the rules.
Having experienced staff and counsel who know how to answer these questions, and keeping up with rule changes, is crucial to successfully navigating an examination. In our next post, Craig will discuss what happens once exam requests have been supplied.