Tips for SEC Exam Preparedness

Read SEC Exam Tips in PDF Format

Before the SEC comes in:

  1. Disclosure, Disclosure, Disclosure. Make sure it’s adequate and complete. It’s not a cure-all, but it’s your first line of defense. For advisers, this starts with the ADV. Know what it says and make sure its comprehensive.
  2. Be aware that your firm’s performance and marketing could attract SEC attention.
  3. The best way to prepare for an SEC exam is to be very proactive and thoughtful about identifying conflicts and remediating those conflicts with strong policies, procedures and other risk controls.
  4. Be sure that the firm has a strong ethical culture from top to bottom or find another firm! Explain to Senior Management the goal of Compliance and be sure there is support and understanding from everyone in the firm.
  5. Ensure that your Compliance team has adequate resources to comply with securities laws in this changing regulatory environment.
  6. Evaluate the risk assessment process within your compliance structure before the exam. The process should include the following:
    • Business personnel, who have frontline responsibility for managing risk;
    • Independent risk and control personnel (compliance, IT, ethics, risk and control) who must identify critical issues; and
    • Internal audit personnel or third parties, who provide independent verification and assess whether the control environment is operating effectively.
    The SEC has stressed that these three lines of defense, when effectively utilized, protect investors, ensure the integrity of the capital markets, and promote capital formation.
  7. Consistency is key. Ensure that your disclosure documents, your compliance manual and your actual practices and procedures are all consistent and have been updated according to new regulation and best practices put out by the Commission
    • With respect to the firm’s procedures, confirm that all the stated practices are actually being performed, and that you can prove it with backup documentation.
    • Review the results of your annual review, your firm’s website and a recent response to a request for proposal (RFP) or due diligence questionnaire (DDQ).
  8. Review recent headlines and regulatory speeches. Keep up with regulatory developments and update your policies regularly. Attend compliance conferences.
  9. Ensure prior examination findings and internal audit findings are fixed.
  10. Correct known problems or be in the process of correcting them.
  11. Do a test run. Mock audits go a long way in helping you prepare for an exam.
  12. Maintain an exam team that has a SEC response process in place and that can ensure an effective and efficient response the moment you receive a SEC document request letter. Once the exam begins, the team should meet daily, track document requests, update management on the progress of the exam and remind employees that SEC examiners are on-site.
  13. Prepare key personnel that are likely to be interviewed by Staff in the process of the examination by discussing likely topics and ensuring they adequately understand compliance policies and procedures.
  14. Mitigate the possibility of risk of data breaches and results for breaches to firm financials and reputation by performing independent testing of cybersecurity policies in place to protect client data. Work with your internal IT team or outsourced provider to review recent SEC risk alerts regarding cybersecurity and ensure that you have a reasonable cybersecurity policy in place to mitigate cyber breaches and protect your infrastructure with a robust Disaster Recovery and Business Continuity plan.
  15. Train employees regarding what to expect during an examination; how to conduct themselves during an examination and in interviews with SEC staff and impart to them not to take offense if the CCO interrupts during an interview. Remind them to maintain a clean work space and mind common area discussions.
  16. Management, the Board of Directors and the CCO are advised to understand, contain and insure against their liability.
    • Reviewing enforcement cases is a great way to understand where and how the SEC has more success when bringing actions.
    • Understand the insurance coverage currently in place and know if there are other options to enhance the protection.
    • Once you are notified of an Exam:
  17. At the outset, try to maintain one point of contact; assign an examiner liaison and have all requests go through/from that person (typically the CCO).
  18. Get management participation and backing prior to the onset of the exam; include them in the initial meeting with the SEC staff and solidify their ultimate accountability and responsibility with respect to firm compliance and the firm’s conduct during the examination, including responses to SEC staff.
  19. During the opening phase, including initial interviews and tour of the firm’s offices, impress the staff by treating them with courtesy and respect, set the tone, paint a positive picture of the firm, and focus on your risk management and compliance culture.
  20. Discuss with the staff what the protocols will be during the onsite examination. for example, confirm with the SEC that you will have one point-person through whom all requests should filter. Confirm the staff agrees to one or two meetings per day etc.
  21. At the initial meeting with examiners, it is recommended that CCO and senior staff show a PowerPoint that goes over the firm's last risk assessment and which describes the firm and its compliance culture, such as listing firm training and recent compliance conferences you have attended. This is part of the effort to demonstrate that your firm is committed to compliance. This will give a clear understanding of your firm’s practices to the Staff before they begin their examination onsite. This can also help create a “road map” that can steer the Staff towards the parts of your compliance program you believe are stronger and away from those that are not as robust. Consider having this initial meeting by telephone prior to the onsite to prevent unnecessary questions and document production.
  22. Firm staff should answer questions, but not appear standoffish (don’t interject if there is silence after a verbal response, don’t provide more information than necessary, don’t speculate or mislead). 23
  23. Ensure firm staff complies with a “clean desk” policy wherein they do not leave any documents exposed on their desk and make sure that all computers are locked and inaccessible without passwords when employees leave their desks.
  24. Facilities provided to the examiners should be conducive to carry out their functions effectively and in reasonable comfort. Ensure there is reliable and secure access to internet, phone etc. Ensure that examiners do not have access to any internal documents or servers.
  25. Throughout the examination, remain polite, convey mutual respect and establish a productive relationship.
  26. Establish and maintain control of the examination by 1- checking in periodically, 2-asking if anything is outstanding and whether there is anything that requires clarification; and 3-by responding promptly and accurately to requests.
  27. Ensure two people are at all interviews and take notes.
  28. Put yourself in the examiners’ shoes. Ask yourself: “what can I provide to expedite the closing of the examination and to effectively respond to requests so they can do their job?”
  29. If you utilize any third-party service providers (such as email archiving systems or trade management systems), ensure that there is appropriate login information for examiners to access these systems to perform testing.
  30. Consult with counsel and consultants as needed and use your resources. It is important to consider disclosing problems you have internally uncovered. According to the SEC, nothing could be worse than for the SEC to find a problem through an examination or through a tip, complaint or referral that personnel in your organization knew about but tried to conceal.
  31. Keep track of all requests and respond promptly to additional requests for information and documents. Ask that subsequent requests be put in writing for the purposes of tracking and clarity. Number and date them.
  32. Organize information in a manner that corresponds to the information requests and in the format requested. Prepare folders that are labeled and/or provide items in electronic media. Convey the appearance of preparedness.
  33. Consider bate stamping materials or otherwise indicating or tracking when documents were provided to the SEC staff. Consider placing Freedom of Information Act (FOIA) stickers on sensitive materials.
  34. Don't be afraid to discuss examiner document requests. Ask examiners to notify the CCO if they feel they are not getting the information they need.
  35. Follow up on requests that appear burdensome and make sure you are providing what is being requested. Don’t be afraid to attempt negotiations to provide a document that is both responsive to their request and not unduly burdensome to the firm. Seek clarity if there is confusion and offer alternate records if they may be responsive to the examiners’ request.
  36. Never back date or create documents unless the SEC staff has made a request that entails creation of a new document or report. Be candid about corrections that have been made and whether new documents need to be created as well as the time it will take to respond to such a request.
  37. Request an exit interview. If you can make progress in addressing SEC concerns immediately, you may influence the way an exam letter is written as it may address your progress and cooperation. In addition, in some cases you may be able to prevent an enforcement referral.


Get the latest compliance news and insights - delivered weekly. The SEC3 Communique covers all compliance topics. CCO3 focuses on CCO topics.
tip: check both to keep informed!


79 Advisers Self Report and $125 Million Returned to Investors

In line with the OCIE’s National Exam Priorities targeting its examination efforts to prevent harm to retail investors the SEC announced March 11, 2019, that it would be returning $125... read more »

CFTC Releases Exam Priorities

In a first time release, stemming from agency initiatives to improve its relationship with regulated entities, the Commodity Futures Trading Commission (CFTC) recently announced its 2019 Examination Priorities for registrants... read more »

FINRA’S Box of Chocolates

While we know you prefer a box of chocolates today instead of this industry update on compliance, this one is a gift and hence, will not add to your ever-growing... read more »

A Motivated Agency: The SEC Closing the Loop on the Edgar System Cyber Breach

You may recall after Clayton took the helm as Chairman at the SEC, the agency disclosed that it had its own cyber breach and the Edgar system was compromised. Today,... read more »

Examiners Take Reprieve with Gov’t Shut Down, But CCOs Must Carry On

These government shut downs don’t usually go on indefinitely. Before we blink an eye, examiners will be back on the beat. CCOs must stay vigilant. On December 20th the SEC’s Office... read more »

Pre-Dating & Back-Dating are Equally Risky

The SEC today suspended three accountants formerly of BDO USA LLP for improper professional conduct during its 2013 audit of AmTrust Financial Services Inc., an exchange-listed insurance company. According to the... read more »


Chief Compliance Officer Roundtable: Breakfast Briefing - November 8, 2018

When: November 8, 2018 Where: Blank Rome LLP | The Chrysler Building | 405 Lexington Avenue | New York, NY 10174 | 22nd Floor Boardroom | Phone: 212.885.5000 Schedule: 9:00-9:30am - Networking...

Dorsey PF 2018 Symposium

When: September 26, 2018 (8:30 am - 6 pm Where: Dorsey & Whitney LLP | 51 W. 52nd Street | New York, NY 10019 Directions > SEC3’s President, Janaya Moscony will join...

Chief Compliance Officer Roundtable: Breakfast Briefing - June 14, 2018

When: June 14, 2018 Where: Blank Rome LLP | The Chrysler Building | 405 Lexington Avenue | New York, NY 10174 | 22nd Floor Boardroom | Phone: 212.885.5000 Schedule: 9:00-9:30am - Networking...

Webinar: 2018 SEC Exam Priorities & Recent Exam Highlights

Don’t miss the opportunity to meet with us in person to discuss the topics that matter most to you. Tobin S. Cochran, Managing Member/President of Focus 1 Associates, LLC and...

Chief Compliance Officer Roundtable: Breakfast Briefing - February 7, 2018

When: February 7, 2018 Where: Blank Rome LLP | The Chrysler Building | 405 Lexington Avenue | New York, NY 10174 | 22nd Floor Boardroom | Phone: 212.885.5000 Schedule: 9:00-9:30am - Networking...

Upcoming Events - September & October 2017

Upcoming Events Don’t miss the opportunity to meet with us in person to discuss the topics that matter most to you. SEC3 is teaming up with industry experts in NYC to discuss...

May 23, 2017 - Webcast: WannaCry Ransomware: Were You Really Protected or Just L…

When: Tuesday, May 23rd, 2017 | Schedule: 12pm - 1pm EST Who: Paul Caiazzo, CEO and Co-Founder, TruShield Security Solutions Michael Brice, Founder, BW Cyber Services John Lukan, Managing Director, SEC Compliance Consultants, Inc. We...

June 14, 2017 - Compliance Breakfast Briefing

8:30-9:00am - Networking and Continental Breakfast 9:00-10:30am - Program Location: Willkie Farr & Gallagher LLP | 600 Travis Street | Suite 2310 | Houston, TX Barry Barbash from Willkie Farr & Gallagher LLP,...

June 13, 2017 - Compliance Breakfast Briefing

8:30-9:00am - Networking and Continental Breakfast 9:00-10:30am - Program Location: Haynes and Boone, LLP | 2323 Victory Avenue | Suite 700 | Dallas, TX 75219 Validated parking is available in the garage attached...

May 31, 2017 - Chicago

9:00-9:30 a.m - Networking and Continental Breakfast 9:30-11:00 a.m - Program Location: Baker & McKenzie LLP | 300 East Randolph Drive | Suite 5000 | Chicago, IL 60601 Kristin Gonzalez and Jerome Tomas...

May 17, 2017 (NYC WIMF)

This event is by invitation only. Please email to learn more.

May 15, 2017 (NYC Chief Compliance Officer Roundtable)

9:00-9:30am - Networking and Continental Breakfast 9:30-11:00am - Program Location: Blank Rome LLP | The Chrysler Building | 405 Lexington Avenue | New York, NY 10174 | 22nd Floor Boardroom | Phone:...

Webcast: The Most Insidious Cybersecurity Threat Is Also The Least Understood

When: Tuesday, April 25th | Schedule: 12pm - 1pm EST Who: Paul Caiazzo, CEO and Co-Founder, TruShield Security Solutions Michael Brice, Founder, BW Cyber Services John Lukan, Managing Director, SEC Compliance Consultants, Inc. Ransomware, the...

CCO Liability (Part III): Managing Liability Webinar

In this webinar, panelists discuss indemnifications and insurance as potential remedies to address the direct financial risks to a CCO. Attendees will learn: What terms and conditions should Chief Compliance Officers be...

Webinar: CCO Liability (Part III): Managing Liability: Navigating Indemnities an…

When: Tuesday, February 21, 2017 Schedule: 11:00am ET / 10:00am CT / 9:00am MT / 8:00am PT / 7:00am AT Description of Webinar: The National Society of Compliance Professionals is pleased to host...