“I’ve read where others have found it helpful to request the SEC provide a written request for any subsequent documents to the initial request list.  Apparently they are prepared for such requests and have form letters on hand for that.  This way you can mate all official requests with documents provided and cross-reference by document control number.”

Thanks to CC in NC.

Key Point:  Do not volunteer information. Stick to the facts and limit your answers to the scope of the question that is being asked. You do not get extra credit for providing additional information when none is called for. In fact, it is that extra bit of information that can sink your entire audit. Case in point . . . during another client audit many years ago, one of the portfolio managers “volunteered” that they always like to keep clients fully invested. It was an offhanded comment made to an examiner around the proverbial water cooler. There was not one place that the firm actually stated that client accounts would be fully invested. Not in the advisory agreement. Not in the disclosure brochure. Not in the marketing material. Nowhere. Of course, there were quite a few client accounts (read: all) that were not fully invested. And the client got absolutely slammed for this in their deficiency letter.

There was a saying during World War II that “Loose Lips Sink Ships.”  Apparently they sink advisory firms during audits as well.

A key part of this process is making certain that every item was assigned to the individual best suited to address that item. One person was assigned the task of compiling the information as it came in. I suggested that he go to Staples (or other such store as I have no endorsement deal with that particular company) and get the giant three-ring binders along with enough tab inserts to cover each item in the request list. I asked that he create a table of contents based on the information request list and, as each piece of information comes in, to place it behind the correct tab. Duh? Obvious to some, not so obvious to others. You would be surprised at the number of advisers that just hand over a sloppy pile of documents. Well, neatness does count. Any hint of sloppiness in the process will just create more skepticism on the part of the examiners. After all, if your firm cannot master putting together a neatly packaged response, how can they master the far more complex aspects of compliance? Besides, you want to make it as easy for the examiners as possible. They have a job to do and there is absolutely no reason to make the process needlessly burdensome for them (or more adversarial).

Tick, tock . . . 8 days until the onsite portion of the audit.

We have 8 days to put the information together.  Tick, tock.

After the initial panic subsided, the consensus among firm personnel was that the firm’s compliance program was rock solid. For some, this seemed like whistling past the graveyard, but as their compliance consultant, I knew that the firm’s compliance program was highly-customized and contained all the required elements (e.g., annual risk assessment, risk matrix, policies and procedures, testing, annual review, etc.). Still, no one can pretend that this is not an anxiety-inducing situation. Everybody in this business knows that the SEC always, always finds something amiss.

Over the next few days I will pass along the highlights of what they are looking for, how we are approaching the SEC’s various requests and, once the audit begins, I will give you a first-hand account of the experience. I won’t hold anything back – except, of course, for anything that would give away the identity of the client or compromise the firm’ssituation in any way – so you will get both the good and the bad.

Stay tuned . . .

Onsite Exam

• Typically take one to four weeks;
• Consists of initial and subsequent document requests;
• There is an introductory presentation;
• Interviews are conducted as follows:
  • Examiners question key personnel from each department to get a better understanding of the business and gauge employees’ awareness of compliance policies; and
  • Examiners may interview lower-level staff, particularly those involved with handling of client assets and client communications.

Desk/Correspondence Exam

• Desk exams generally comprise a letter along with one or more phone-based interviews.

Remarks at the Compliance Outreach Program, Carlo di Florio, Director of the SEC’s Office of Compliance Inspections & Examinations, January 31, 2012.

- internal systems,

- material changes in business activities such as lines of business or investment strategies,

- changes in key personnel,

- outside business activities of the firm or its personnel,

- regulatory history of the firm or its personnel,

- anomalies in key metrics such as fees and performance,

- disclosures compared to peers or to previous periods, and

- possible financial stress or weaknesses.

In its efforts to identify high-risk areas, the SEC’s Office of Compliance Inspections and Examinations may rely on NAP results, other SEC divisions, other regulators, and external information sources on other types of firms. The Commission will use that data for top-down and bottom-up assessments to pinpoint firms with higher-risk profiles. With that knowledge in hand, the SEC will perform pre-exam work and due diligence for focused document requests and interviews that target higher-risk firms for actual exams. During the examinations, the SEC will want evidence of the existence and effectiveness of an adviser’s process for identifying, assessing, and addressing potential conflicts of interests.

Risk areas that might be considered during an SEC exam regarding private equity could include:

- the fund strategy,

- disclosures to investors around fees,

- product diversity,

- fund lifecycles,

- the adequacy of compliance procedures, and

- management’s attitude toward compliance and the exam process.