Navigating An Audit From The SEC

More Registered Investment Advisor (RIA) firms are being audited than ever before.

Earlier this year, the U.S. Securities and Exchange Commission (SEC) released a report from the Inspector General’s Office of Audits, showing that the percentage of RIAs examined by regulators rose from 10% in 2015 to 16% in 2021. That trend looks to continue upward with the addition of new rules related to marketing and cybersecurity, as well as the focus on Reg BI.

No matter how young or old an RIA business is, at some point or another, every RIA will be examined. In the past, the SEC conducted audits every 13 years on average — with the longest spans for RIA firms that didn’t have additional risk factors, like custody of funds. But in the last five years, audits have been happening more frequently — in some cases, less than 8 years apart. A new firm should expect an exam in the first 18 months of its existence.

Because of its unexpected nature, a regulatory audit can be incredibly stressful — especially for RIA firm CEOs and chief compliance officers. That’s why it’s imperative that RIAs are prepared, at all times. 

According to our compliance specialists, RIAs should follow these three steps to successfully navigate a regulatory audit:

1. Organize everything.

Specifically, any information regarding a firm’s organizational chart, employee trade records, clients, and marketing materials should be meticulously organized. Everything should be able to be located easily and quickly. When given the opportunity to provide an overview of your RIA, make sure it’s rehearsed and concise. The best outline to follow is the SEC’s annual examination priorities. In 2022, private funds, cybersecurity, standards of conduct, ESG investments, and crypto were a few big areas of focus.

2. Prepare to be interviewed.

Management staff, including senior management, CCOs, and compliance teams, should be prepared to answer and address all inquiries. Prior to scheduling the first interview, make sure an internal strategy is established. All teams should be prepared to ask the auditors a few questions about the process, for example: Will the examiner be present during the audit? Since the pandemic, most SEC audits are now conducted virtually or remotely. But onsite and full-scope inspections will likely become common once again. If an onsite inspection is planned, be prepared to give an office tour and hold multiple interviews. 

Once the initial interviews have been completed, always request an exit interview. This is your chance to learn more about any deficiencies found during the audit and to discuss your next plan of action. 

3. Receiving And Responding To A Deficiency Letter

Once the audit has been completed, RIAs may go up to six months before receiving a deficiency letter from the SEC. This letter provides RIAs with a complete look at their firm and reveals any areas of concern found during the audit. It also includes a deadline by which all deficiencies must be addressed. In some cases, the auditor will include details as to how the problem(s) could potentially be fixed, which can aid the firm in working more quickly and effectively toward the right solution. Regardless, RIAs have 30 days to reply.

When deficiencies are found during an audit, more often than not, they can easily be corrected. AdvisorLaw can help your RIA firm analyze, assess, and correct any problems, and we can also assist with annual reviews in the future. Although this process can be intimidating, RIAs should look at this as an opportunity to improve their businesses.

Contact our team of compliance professionals today to learn more about our extensive compliance, which aids hundreds of RIAs, nationwide, through our compliance consulting. If you ever find yourself struggling with an examination or audit, AdvisorLaw can provide expert counsel. Our team of securities attorneys has extensive experience with these types of cases, and we understand how to keep regulators at bay.