Preparing for an SEC Exam
Questions to Ask YourselfGeneral
1. Have we appointed someone to serve as the primary contact with the SEC staff (often this is performed by the CCO)?
2. Is senior management familiar with the compliance program,
3. Is senior management prepared to be interviewed by the SEC exam staff who will ask to speak with them regarding the firm’s compliance program and compliance culture?
4. Can senior management effectively communicate the firm’s “tone at the top” with respect to compliance?
5. Have we reviewed a current copy of the SEC’s examination request list so that we know what they may ask for, and can be prepared when they do? See a recent New York Regional Office request list here: http://www.acacompliancegroup.com/news-and-events/?p=121.
1. Do we have a compliance manual that has been tailored to our business (not just an off-the-shelf manual that has been left unmodified)?
2. Is our compliance program based on a risk assessment of our business? 3. Have we documented the results of our risk assessment?
4. Have we mapped controls to the risks identified in order to mitigate those risks?
5. Have we implemented all of the policies and procedures that are contained in our compliance manual?
6. Are all policies and procedures contained in our compliance manual relevant to our business? 7. Have we performed an annual compliance review and documented the results?
9. Have we reviewed the impact of recent rule changes and legislation in order to determine its impact on our firm?
10. Have we addressed any issues or weaknesses found as a result of the annual review? 11. Have we addressed any issues or weaknesses that were identified in our last SEC exam?
12. Have we reviewed and evaluated key third party service providers? Have we documented these reviews?
13. Have we held firm-wide compliance training during the year, and have we documented the agenda and maintained a list of attendees?
14. Do we have a process in place to supervise remote employees and remote office locations? Does the CCO visit remote office locations at least annually?
Personal Trading and Code of Ethics
1. Do we review all access person’s personal securities transactions as required by Rule 204A-1? 2. Have all personal securities transaction reports been submitted within 30 days of the end of
each calendar quarter?
3. Do personal securities transaction reports require all of the elements that are required by the rule?
4. Does someone review the trades of the reviewer?
5. Have we collected all initial holdings reports within 10 days of an employee becoming an access person?
6. Have we collected all annual holdings reports as required by Rule 204A-1?
7. Have we collected a written acknowledgement of the receipt of the Code of Ethics from all supervised persons?
8. Does our Code of Ethics require compliance with the federal securities laws?
9. Does our Code of Ethics require employees to report violations of the Code to the CCO? 10. Have we adopted and implemented policies and procedures designed to prevent insider
12. Have we assessed our operations to determine where an employee might be exposed to material, non-public information?
13. Have we trained all employees on what they should do if they come in contact with material, non-public information?
14. Have we adopted a policy with respect to giving and receiving gifts and entertainment? Registration and Filings
1. Is our ADV filing current and accurate (Parts 1, 2A, and 2B)? 2. Have we made all required IARD filings?
3. Do we regularly review our business for changes that may require an interim ADV amendment to be filed?
4. Have we delivered Part 2A within 120 days of our fiscal year end?
5. Have there been any changes to investment advisory personnel that require delivery of an updated Part 2B?
6. Have we filed Forms 13F, 13D, 13G, or 13H, if applicable?
7. If we are a “large trader” as defined in Rule 13h-1, have we obtained our large filer number? 8. With respect to the electronic delivery of disclosure documents, have we complied with the
requirements of Release IA-1562 regarding notice, access, and evidence of delivery? Marketing
1. Is performance information accurate?
2. Do we have supporting documentation for all performance returns shown?
3. Do performance marketing pieces include all required disclosures (eg, the Clover no-action letters)?
4. Can we demonstrate that all marketing materials are reviewed and approved prior to use? 5. Can we substantiate all claims made in marketing materials?
6. Are marketing materials free of superlative statements and unsupportable claims?
7. Have we reviewed our marketing materials for the presence of testimonials or past specific recommendations?
8. If we use examples of past recommendations, are we in compliance with the provisions of the TCW and Franklin no-action letters?
9. Do marketing materials comply with all SEC no-action letters? 10. Do we have a policy governing the use of social media?
11. If we present gross performance, do we also present net performance returns at least as prominently as the gross returns?
12. If we use hypothetical, model or backtested performance, have we disclosed the methodology employed to obtain the results portrayed? In addition, have we disclosed the limitations inherent in calculating such returns, eg that they are not based on actual trading? Have we made all other disclosures that are required by the Clover no-action letter?
13. If we include a client list, have we gotten permission from each client to use their name in our marketing? In addition, have we disclosed that the accounts were not selected using
performance based criteria and that we do not know whether the clients approve or disapprove of our services? See Cambiar Investors and Denver Investment Advisors no-action letters for requirements relating to the use of client lists in marketing materials.
14. If we use solicitors, are all solicitation fees paid pursuant to a written agreement with the solicitor?
15. Does the written solicitation agreement contain all required elements contained in Rule 206(4)-3?
16. Does the solicitor provide referred clients with our Form ADV and its own separate solicitor’s disclosure document?
17. Does the separate solicitor’s disclosure document contain all required provisions found in Rule 206(4)-3?
18. Do we receive a signed, written acknowledgement from each solicited client that they have received our ADV as well as the separate solicitor’s disclosure document?
19. Have we made a bona fide effort to determine whether the solicitor has complied with the solicitation agreement?
1. Have we adopted policies and procedures governing fair valuation?
2. Have we adopted a methodology for determining the fair value of any security that requires fair valuation?
4. Are we documenting those tests?
5. Do we have policies and procedures regarding the valuation of illiquid assets?
6. Do we have policies that require that we monitor for circumstances that may necessitate the use of fair value pricing?
7. Have we established criteria for determining when market quotations are not reliable for a particular security?
8. Do we review our clients’ holdings for stale prices?
9. Do we perform a reasonableness check on daily price changes? 10. Do we have a valuation committee, and if so, do we keep minutes? Brokerage and Execution
1. Do we periodically and systematically review clients’ transactions for best execution? 2. Do we document our best execution review?
3. Do we have a best execution committee, and if so, do we keep minutes?
4. Do we periodically review services and prices available from other broker-dealers and compare them to the broker-dealers we are currently using?
5. Have we accurately disclosed our brokerage arrangements?
6. Do our soft dollar arrangements that fall within the safe harbor of Section 28(e)?
7. Have we performed an analysis on our soft dollar products to determine whether any of them are mixed use?
8. Have we documented our determination of the percent of each mixed use product that is paid for with soft dollars?
9. Have we disclosed our soft dollar practices, and all conflicts associated with soft dollars? 10. Have we disclosed the impact of directed brokerage on our ability to obtain best execution for
those clients who choose to direct brokerage? Trading
2. Do we document the resolution of all trade errors?
3. Do we have a system in place for monitoring client guidelines and restrictions? 4. Can we demonstrate that this system is effective?
5. Have we compared the client investment restrictions in our system with the restrictions recorded in the client files?
6. Have we reviewed client holdings for consistency with client investment restrictions (a client with a no tobacco restriction should not hold a tobacco stock)?
7. Do we block or bunch client trades?
8. If so, do we have allocation procedures for partial fills?
9. Does our allocation procedure treat all clients fairly over time? 10. Have we accurately disclosed our allocation procedures?
11. Do all clients pay average price and average commission on block trades?
12. Do we have a procedure for fairly allocating limited investment opportunities among eligible accounts?
13. Have we reviewed our trading to determine if we are defined as a large trader under Rule 13h-1?
14. Do we have policies and procedures for complying with FINRA rules 5130 and 5131 with respect to investments in IPOs?
Books and Records
1. Do we maintain all required books and records, and do we retain them for the required time periods?
2. Are we able to reproduce an accurate and legible copy of all electronic records? 3. Are we able to retrieve documents stored off-site in a timely manner?
4. Do we capture all required electronic communications, such as email, text messages, and Bloomberg mail?
1. Have we documented our assessment of each client’s investment objectives, risk tolerance, and financial situation?
2. Can we demonstrate that the investments we make for clients are suitable for those clients? 3. Have we performed due diligence on any sub-advisors and investment products used? 4. Have we documented our due diligence process?
5. Are we in compliance with our internal risk management procedures? 6. Are we managing clients’ accounts in accordance with our disclosures?
7. For advisors that manage ERISA plans or funds with ERISA plan assets, have we reviewed the ERISA Section 408(b)(2) disclosure requirements?
8. Have we made the ERISA Section 408(b)(2) disclosures, if applicable? Proxy Voting
1. Do we vote client proxies?
2. Have we disclosed our policy with respect to voting client proxies?
3. If we vote client proxies, do we disclose how clients can get a record of how we voted their proxies?
4. In our proxy voting policies, have we addressed how we will handle conflicts of interest in the proxy voting process?
5. Do we retain records of all proxy votes?
6. If we use a proxy voting service, do we provide continuing oversight of their voting activities? 7. Have we adopted a policy with respect to client participation in class action lawsuits?
8. Have we disclosed our class action lawsuit participation policy? Pay-to-Play Rule
1. Have we adopted policies and procedures to comply with Rule 206(4)-5? 2. Do we track employee political contributions?
3. Have we considered requiring employees to pre-clear their political contributions? 4. Have we reviewed employee political contributions in order to determine whether any
prohibited contributions have been made?
5. Do we ask about political contributions prior to hiring a covered associate? Custody
1. Are all client assets held with a qualified custodian?
2. Do we have custody of client assets (including due to serving as General Partner to a Limited Partnership, or as an executor or trustee)?
3. Do we have a policy for returning client funds that are inadvertently received?
4. Do we have a reasonable basis for believing that clients receive account statements from their custodians at least quarterly?
5. For advisors that manage private funds – do we rely on audited financial statements to satisfy the requirements of the custody rule?
6. If so, do we send out the audited financial statements within 120 days of the fund’s fiscal year end?
7. Do we perform a reconciliation of client assets per the custodian with client assets per our portfolio management system on at least a monthly basis?
2. Do we have Massachusetts natural person clients that make us subject to the Massachusetts privacy law?
3. Do we use secure methods of transmitting sensitive client data?
4. Do we have policies regarding client information in our office such as a policy prohibiting leaving sensitive client data unattended, and a policy requiring sensitive client data to be locked in filing cabinets?
Business Continuity and Disaster Recovery
1. Have we adopted a business continuity plan? 2. Have we tested our business continuity plan?
3. Was the test a full scale test and was it documented? 4. How often do we back up our data and where is it stored?
5. Do all employees know what to do in the event of an emergency or office closure? 6. Do we have a plan for a possible long-term dislocation?
7. Does our business continuity plan address the loss or unavailability of key personnel, including, but not limited to, a transition plan?
Questions for Hedge Fund Advisors
1. Have we filed our annual Form D amendment?
2. Have we updated our subscription agreements to reflect the new accredited investor and qualified client standards?
3. Have we adopted procedures for compliance with FINRA Rules 5130 and 5131, including annual negative consent?
4. Have we considered the impact of the CFTC’s recent repeal of Rule 4.13(a)(4), including the possibility of being required to register as a CPO?
5. Have we considered how the elimination of the general solicitation provision by the JOBS Act will impact our marketing?
6. Have we noted the increase to the dollar amount thresholds for charging performance fees to clients under Rule 205-3?
7. Are we required to file Form PF?
a. Do we manage private funds with at least $150 million in regulatory assets under management?
b. Have we determined our filing frequency (varies based on type and size of fund)? c. Have we determined what type of fund we manage based on the rule’s definitions? d. Have we assessed what information we will need to file the form?
Once the SEC Calls
1. Have we prepared our staff for the possibility of being interviewed by the SEC?
2. Have we reviewed with our staff what they should and should not say when they are being interviewed by the SEC?
3. Have we reminded all staff that they need to review the compliance policies and procedures that are relevant to their job so that they are confident during an SEC exam interview? 4. Do we have space for the examiners to work while they are here?
5. Have we reminded our staff to guard their conversations when they are near the location that the examiners are working?