Private fund advisers are always anticipating their next U.S. Securities and Exchange Commission (SEC) exam. The SEC’s Division of Examinations (the “Division”) oversees the SEC’s National Exam Program with the goals of improving compliance, preventing fraud, monitoring risk, and informing policy. Each year, the Division publishes its exam priorities to prepare advisers, but the specific application of most rules is open to interpretation. As a result, there’s always a level of uncertainty in designing and implementing a compliance program.
As much preparation as chief compliance officers (CCOs) and general counsels (GCs) put into SEC compliance, an exam and request for information is always stressful. The Division demands real-time data, and even the most prepared firms have a lot of work to do to be able to deliver information quickly.
Fortunately, times are changing. Between the Division’s September 2023 risk alert offering additional guidance and advanced AI-powered technology, firms have more information than ever to prepare for an exam.
What is the purpose of an SEC exam?
The Division conducts exams to assess whether your firm is:
- Conducting business in accordance with applicable federal securities laws and regulations.
- Adhering to the disclosures it made to clients, customers, the general public, and the SEC.
- Implementing and enforcing compliance policies and procedures that are reasonably designed to ensure it is in compliance with relevant legal requirements.
How does the Division choose advisers?
The Division’s selection process is not random. It relies on a dynamic risk-based approach to select a small group of target firms out of 15,000+ registered advisers. The Division specifically notes that it takes a dynamic approach, which means its methodology changes based on current industry practices, market conditions, and investor preferences.
What factors does the Division consider when choosing advisers?
The Division may consider a wide breadth of information, including a firm’s risk characteristics; tips, complaints, or referrals; and criteria relevant to focus areas described in the Division’s annual priorities.
Check out the 2024 Examination Priorities Report.
More specifically, the Division may consider:
- Prior exam observations and conduct.
- Supervisory concerns, such as the disciplinary histories of associated individuals or affiliates.
- Business activities of a firm or its personnel that may create conflicts of interest.
- The length of time since a firm’s registration or last examination.
- Material changes in a firm’s leadership or other personnel.
- Indications that an adviser might be vulnerable to financial or market stresses.
- Reporting by news and media that may involve or impact a firm.
- Data provided by certain third-party data services.
- The disclosure history of a firm.
- Whether a firm has access to client and investor assets and/or presents certain gatekeeper or service provider compliance risks.
For more information about the September 2023 risk alert, read our full article, When will your private equity firm face an SEC exam?
How does the Division conduct an exam?
Step 1 – Scope the examination
The Division will determine the scope of the exam after it selects an adviser. This is another area where it takes a risk-based approach and adapts the exam to the particular firm. In some cases, the Division will examine a firm’s operations broadly, while at other times, it will focus on a specific topic, issue, or risk.
Step 2 – Make contact with the adviser
The Division can pursue announced or unannounced exams. For an announced exam, the Division typically contacts the firm’s CCO or another regulatory professional to inform them of an upcoming on-site or remote exam. Though it’s rare, the Division can arrive on-site unannounced.
Step 3 – Request documents
The Division typically sends a request for documents through a secure email. During an unannounced visit, the Division will provide a request for information and may also perform an initial interview.
The Division gives the adviser a reasonable amount of time to provide the requested information. For an announced on-site visit, the Division will require the information prior to the visit. For remote exams, the adviser typically has one to two weeks to provide the requested information.
At the onset of the exam, the Division will also supply the firm with a copy of Form 1661, which describes the possible uses of the information and documents the firm provides to the Division’s staff.
Step 4 – Schedule meetings with key personnel
The Division typically asks to meet with certain employees, such as the CEO, CCO, CFO, and operations lead, to go over the firm’s operations and the information provided in the documentation. These meetings can be in-person or via telephone or videoconference. During in-person meetings over a few days, the Division staff might ask for a tour of the firm’s offices.
Step 5 – May make supplemental requests for information
Following the initial delivery of documents and meetings, the Division staff might request additional information from the adviser. It might also ask third-party service providers, agents, or custodians for relevant documents or information.
Step 6 – Conduct a preliminary exit conference
During an exit conference, the Division staff can provide a status update on the exam or any outstanding request for information. It might also discuss issues identified at that point in the exam process, giving the adviser the opportunity to discuss the issues and provide additional relevant information, including remedial actions, as necessary.
Step 7 – Provide written notice of exam completion
The Division will send the adviser written notice that it has finished the exam, either with or without findings, or that it requires the adviser to take corrective action.
Typically, the Division sends a deficiency letter, which the adviser must respond to in 30 days. A vast majority of firms receive a deficiency letter following an exam.
Step 8 – May refer the case to an enforcement entity
The Division can refer serious issues to the SEC’s Division of Enforcement or another agency, such as a state or criminal authority.
What documents will the Division request?
You can expect the Division to request documents related to:
- General information regarding your firm’s business and investment activities, such as organizational information, business and operations information, disclosures and filings, and legal and disciplinary information.
- Information regarding your firm’s compliance program, risk management, and internal controls.
- The written policies and procedures your firm has adopted and implemented to address identified risks.
- Information to facilitate testing with respect to advisory trading activities, such as information about the firm’s current and past advisory clients and accounts, portfolio management, brokerage and trading, and conflicts of interest and insider trading policies.
- Information to support the Division’s compliance testing, such as the firm’s financial records, custodial information, and marketing and advertising materials.
For more information, see the Typical Initial Information Examiners Request of Investment Advisers attached to the risk alert.
SEC enforcement actions & penalties
SEC exams are stressful events, given the potential outcomes. Most exams result in deficiency letters requiring a response within 30 days and corrective action within 180 days. In some cases, the Division refers issues to the SEC’s Division of Enforcement, which investigates alleged violations of federal securities laws and oversees civil actions in administrative proceedings and federal courts.
The SEC filed 784 enforcement actions in the 2023 fiscal year, a 3% increase from the prior fiscal year, including 501 original stand-alone actions, an 8% increase from the year before.
The outcome of an enforcement action can be millions in damages, such as a recent SEC action against 16 firms for more than $81 million in combined civil penalties. The SEC charged five broker-dealers, seven dually registered broker-dealers/investment advisers, and four affiliated investment advisers with long-term violations of recordkeeping rules.
How to prepare for an SEC exam
Leading investment advisers find the best way to be prepared for an SEC exam at any time is to build and enforce a proactive compliance program with the help of advanced legal technology.
Monitor & enforce a proactive compliance program
Many firms continue to have reactive compliance programs comprised of spreadsheet-based compendia, decentralized document storage, manual tasks, and heavy (expensive) reliance on outside counsel. Answering questions, finding and producing emails, and reviewing expenses all take a significant amount of time, and worry over non-compliance can keep GCs and CCOs up at night.
The SEC isn’t interested in seeing these types of programs anymore. The Director of the SEC’s Enforcement Division, Gurbir S. Grewal, went so far as to speak about his expectations regarding proactive compliance at the New York City Bar Association’s Compliance Institute 2023. He expects advisers to consider three factors: education, engagement, and execution.
CCOs must educate themselves and the firm’s employees on relevant laws and regulations, as well as any external developments relevant to the business. They need to fully engage with stakeholders across the organization and understand the various business lines in order to design appropriate compliance policies.
During the Stout Summit: Investment Funds and Alternative Assets 2023, Carmen Lawrence, Partner at King & Spalding, noted that smaller firms may begin with “off-the-shelf policies and procedures,” but over time, those should evolve to customized policies and procedures relevant to the firm’s needs.*
Finally, the SEC expects CCOs to fully execute their compliance policies and procedures and monitor the firm’s performance through periodic testing and annual reviews. Far too many advisers have missed a step by not adequately enforcing the firm’s compliance policies.
Adopt purpose-built private fund technology
Private fund lifecycle solutions like Ontra’s Insight enable proactive compliance programs by providing centralized document storage, digital compendia, AI-powered search, multi-stakeholder task workflows, digital Most Favored Nations elections, and other helpful features.
A key functionality of Insight is the ability to quickly respond to the SEC to demonstrate your firm’s compliance with side letter provisions. With a few clicks, you can download an overview of your fund documents and side letters, produce the underlying documents themselves, and generate a list of the general partners’ specific obligations to investors. These exports enable you to supply the Division staff with information about fund and side letter compliance swiftly and start your exam on the right foot.
Leverage mock exams
A proactive compliance program should involve periodic internal reviews of compliance procedures and their effectiveness. These reviews and tests also offer an opportunity to update policies and procedures based on recent changes, such as new regulations, market conditions, or investor obligations.
Additionally, working with a third party to go through a mock exam is an excellent way to test your firm’s procedures, including document collection and delivery.
Stay tuned for new Insight features in 2024
Insight is part of Ontra’s Legal Operating System for private markets. It’s an AI platform for the full private fund lifecycle intended to help your firm modernize and simplify fundraising and compliance processes. Exciting new features are scheduled to be added to Insight this year. Subscribe to Ontra’s updates to be the first to hear about Insight’s latest AI-backed features.
*The organizations referenced in this article have no affiliation with Ontra, and neither Ontra nor such organizations promote or endorse the other’s products or services.
