Regulatory Exam Preparation: Audit-Ready Strategies

When was the last time your firm underwent an SEC regulatory examination? Chances are, it has been some time, and your next exam experience is likely to look a bit different.

We often talk about the importance of designing a compliance program that enables your audit readiness, but what does it mean to prep for an SEC exam?

Regulatory Exams: Understand the Types

Whether you are brand new to the industry or a seasoned shop, it is important to know the types of regulatory exams you might encounter.


The SEC Welcome Wagon awaits.  If you have recently registered with the SEC, or have never been examined before, you should expect to have your first regulatory exam within 18 months.

    • – These examinations are designed to introduce your firm to the SEC, and to demonstrate that you have established a culture of compliance as of day 1.

For Cause

Not a Welcome Wagon! Someone (an investor or employee) has filed a complaint, referral or tipped off the SEC, sparking regulatory scrutiny.

    • – The examinations are typically very specific and take an extensive look at a specific area of the business and program.

Limited Scope

Limited scope reviews may be conducted to ensure compliance with a specific topic or issue. They are often driven by new rules or a specific area of risk.

Risk Based or Routine

Don’t think you’re necessarily in the clear if you have not met the criteria for any of the categories listed! Risk Based or Routine examinations are still conducted roughly every 3-5 years.

    • – Assess whether your business model and prior regulatory history increases your odds of examination.
    • – To determine your audit risk, follow the SEC’s examination priorities, review the amount of time since your last examination and its results.

In 2020, the SEC conducted nearly 3,000 examinations, resulting in:

Examination Process: Know What’s Coming

As important as understanding the SEC exam type you may experience is knowing what the actual process looks like. The way examinations take place has changed a bit following the global health pandemic but, even in a virtual setting, the opportunity to maintain protocol persists. Here’s what to expect:

  1. Notification: The initial notification of the intent to examine typically occurs via a telephone call.
  2. Document Request List: Following the initial notification of an SEC examination, expect to receive a formal email communication to include a document request list to be supplied to the SEC by a specified date.
  3. Zoom/In-Person Review: This initial introduction is designed to familiarize the examiners with your business because, up until now, they largely only know what has been publicly disclosed.
  4. Review/Testing: Based upon the pre-audit materials reviewed, the SEC exam team may have follow-up questions, or wish to further explore certain areas of the business.
  5. Exit Interview: How’d you do? This exit interview should give you a general understanding of any key findings, concerns, or aspects of the program that you may expect the SEC to request further detail about following the review.
  6. Deficiency Notice/Summary of Findings: At the conclusion of the exam, the SEC will supply your firm with its summary of findings and/or deficiency notice. Keep in mind, in many cases, these comments are designed to demonstrate how your compliance program can be strengthened.
  7. How to Respond: if you need to respond to the SEC, it is important to take care in how you do so! If you have indicated that you will be making changes to your operations and/or compliance program because of this review, they will expect to see evidence of such enhancement.

Regulatory Focus: Stay Informed

In recent years the SEC, EXAMS, and FINRA have all made great progress in enhancing their communications with the industry to help compliance professionals keep tabs on key areas of vulnerability. Communications include:

As a result, they expect that firms review these resources, and make sure that their programs adequately address the expressed concerns.

For example: If the SEC issues a risk alert citing a top deficiency amongst advisors relates to allocation of fees and expenses… review your practices! They will ask about it at your next examination.

Training Focus: Educate Your Staff

As a CCO, you may know what to expect from a regulatory exam, but does your fresh-out-of-college portfolio manager?

Take the time to educate your staff about:

    • The Process
    • Types of questions they may be asked
    • Firm’s policies and procedures

You may consider coaching your staff on interview best practices so that they may become comfortable with the types of topics they may be expected to discuss during an exam.

Pro Tip: “No” is a complete sentence.

SEC Audit Prep: Perform Your Own Fire Drills

Practice makes perfect, so running your own mock exam mini drills can only aid a firm’s audit-readiness and strengthen the compliance program.  To get started you might consider:

    • – Reviewing sample document request lists, and running through the exercise of collecting and preparing records for delivery from your systems
    • – Preparing the firm’s introductory overview and rehearsing it with key personnel
    • – Retaining the support of an independent third party to conduct a mock examination or staff training

Each of these exercises may offer insight into areas of your program which could be strengthened and offer you a blueprint on where to consider budget allocation and reallocation in your next cycle.

Stay in the Know: Join a Network

Compliance as a profession has come a long way in the past 15+ years. Compliance professionals have found a variety of networking opportunities and peer driven resources which allow them to share their experiences and help shape best practices with their industry peers.

Consider becoming involved in regional roundtable discussions, attending industry conferences, and subscribing to industry and vendor authored blogs to stay informed on industry trends and hot topics.  You may start with these:

Your Risk: Mitigated

The bottom line: Be proactive with managing your compliance program because the implications of a check-the-box approach are far too costly.



To learn more about how the BasisCode Compliance suite can enable your firm’s audit-readiness, request your demo today.