While an SEC exam may not be top of mind, it should be because the stakes are high. Most people don't realize that approximately 90% of firms examined¹ need to take some action based on the SEC's findings. The private funds Chief Financial Officer (CFO)—in addition to the Chief Compliance Officer (CCO)—has a key role to play in preparing for a successful exam.




Over the past decade, I’ve advised private funds CFOs on various matters related to SEC compliance—especially exam preparation. Whether you're a new private funds CFO or you have years of experience, my article will show you how to be prepared for an SEC exam.

Likelihood of being selected for an examination

If you are an RIA, you are much more likely to be subject to an examination:



While the SEC doesn’t publicly disclose its selection criteria for examinations, my experience with past examinations has shown these factors can raise an adviser’s risk profile:

Current SEC examination priorities New rules adopted by the SEC Whether discretionary vs. non-discretionary advisory services are offered Types of investors Regulatory assets under management, including major changes to it such as large redemptions or significant raises Adviser’s organization Newly registered investment adviser Significant changes to an adviser’s organization such as ownership or structure Complexity around an adviser with multiple business lines Complexity around several advisers associated with a single entity

If you are selected for an exam, the SEC will typically not disclose the risk factors that led to your firm being selected. However, highly targeted requests can provide clues. For example, I’ve had clients receive multiple document requests in a particular area or requests for data within a specific period.

Outcomes of an SEC examination

A “no further action” letter is the best possible outcome. This means that no deficiencies came to the examiner’s attention during the course of the examination, and no further action is required at this time. Unfortunately, this outcome is rare.

A deficiency letter requires your firm to provide a response acknowledging the deficiency and demonstrating remedial action within 30 days. The SEC will review your firm’s prior history in future exams, so be sure your team is aligned on new and/or corrected processes beforehand.

In my experience, deficiency letters are used to notify an adviser of areas that require special attention or remediation. Usually, it will end there if those issues are promptly addressed, and a response letter outlining those actions is submitted. Common deficiencies that I see include insufficient recordkeeping, late filings, inadequate disclosures regarding fees and expenses, calculation and allocation of fees and expenses, timely issuance of audited financials to investors, and deficient policies and procedures related to those areas.

"During FY22, the SEC ordered a record $4.2 billion in penalties."

A deficiency letter can result in referrals to the SEC’s Division of Enforcement—which may lead to penalties or the return of investor funds. Unfortunately, these referrals are on the rise and are costly when they happen. During FY22, the SEC ordered a record $4.2 billion in penalties across all firms it examined. The SEC emphasized that the penalties are “designed to deter future violations, establish accountability from major institutions, and order tailored undertakings that provide potential roadmaps for compliance by other firms.”⁴

The examination process: Onsite vs. Remote

In recent years, the SEC has been conducting exams both onsite and remotely due to a hybrid or even fully remote work model. For routine and sweep exams, I have not seen the SEC show up without notice, although it is always a possibility.

If you are a new registrant, you can generally expect a remote exam within the first 12-18 months of becoming an RIA. The SEC focuses on whether the adviser has identified and addressed conflicts of interest, provided clients and investors with full and fair disclosure such that they are able to provide informed consent, and adopted an effective compliance program.⁵

Here’s what you can anticipate with the onsite and remote examination process:

Onsite exam process	Remote exam process
1. Examiner will contact the firm's CCO to provide 1-2 weeks advance notice.*	1. Examiner will contact the firm's CCO to inform the CCO the SEC will conduct an exam.
2. Document request will be sent via a secure portal within 24 hours.	2. Document request will be sent via a secure portal within 24 hours.
3. Documents are required to be submitted prior to the SEC onsite. The SEC will request additional documents while onsite.	3. Deadline to submit documents is usually 1-2 weeks.
4. Exams typically take place over 3-4 days.	4. Examiner will review all documents remotely and may request supplemental information and telephonic discussions.
5. Examiner will review documents, request supplemental information, and conduct interviews onsite with personnel responsible for the business operations, investment activities, and compliance program, which typically means an interview with the CCO, CFO, operations lead, and founder or CEO. The SEC may also interview junior-level associates to assess the firm's culture and their engagement.	5. Examiner will schedule telephone or video call interviews with personnel responsible for the business operations, investment activities, and compliance program, which typically means an interview with the CCO, CFO, operations lead, and founder or CEO.

*The length of the SEC's advance notice can vary depending on a variety of factors, such as your firm size, the scope and nature of the exam, and the regional SEC office. Delays in gathering documents and information could extend the timeline towards completion of the exam.

Examination priorities for 2023

According to the 2023 Examination Priorities Report, private funds will continue to be under heightened scrutiny in the following classic and emerging risk areas:³

Classic risk areas	Emerging risk areas
Fiduciary duties Compliance programs Conflicts of interest with respect to third parties Calculation and allocation of fees and expenses (SEC has said private fund fees and expenses can be difficult for investors to understand3) Timely delivery of audited financials to investors Disclosure of investment risks Controls around material non-public information (MNPI)	ESG disclosures Cybersecurity practices Policies and procedures for the use of alternative data Crypto assets and emerging financial technology Digital engagement practices Fund valuation methodology, recordkeeping and reporting Compliance with the new Marketing Rule

In my experience, the SEC has focused on the following 5 risk areas:

1. Fees and expenses: The SEC has emphasized that private fund fees and expenses can be difficult for investors to understand, even to the point where decision-making is affected. The SEC has brought enforcement actions as a result of vague fees and expenses and inadequate disclosure of conflicts. Further, the SEC has recently brought enforcement actions against advisers that did not put in place policies and procedures to ensure accurate calculation of fees and expenses pursuant to the terms of the limited partnership agreements (LPAs), which resulted in excess fees charged to investors. Advisers should ensure they provide adequate and transparent disclosures to their investors and be familiar with the specificities of fees and expenses provisions in fund LPAs to implement robust policies and procedures.

2. Crypto and emerging financial technology: The SEC has focused on firm investments in crypto assets, especially due to the market volatility and its skepticism of this asset class. The SEC has recently launched a crypto asset focus exam overlay that asks firms about disclosures provided to clients, a general due diligence on these types of investments. In addition, due to the rise in number of RIAs who provide automated digital investment advice to their clients—also known as “robo-advisers”—the SEC has stated its focus on client suitability, disclosures, and various risks associated with providing advice over digital platforms.²

3. Alternative data and artificial intelligence (AI): I’ve also seen skyrocketing demand for the use of alternative data, such as data gathered from non-traditional sources like social media commentary, credit card transactions, product reviews, satellite imagery, and generative AI to enhance investment research and internal processes. However, the use of alternative data and generative AI can involve potential pitfalls, such as the receipt of MNPI and privacy and confidentiality concerns, to scratch the surface. Noting its impact, Chair Gensler has directed the SEC staff to make recommendations for potential rulemaking on these matters.
   

4. Digital communication: More recently, I have also seen a rise in examination requests around digital engagement practices. For example, the marketing and advertising of investment advisory services, including the general solicitation of private funds, on social platforms are being used increasingly. Financial influencers—or ”finfluencers”—have become popular on YouTube and TikTok, and there are concerns about recommendations made or advice provided by these finfluencers and the ability to provide clear and prominent disclosures in such mediums, among other things. Lastly, the SEC is focused on the widespread usage and failure to archive text messages and communications on unapproved channels to conduct business at broker dealers and investment advisers. A number of enforcement actions have been issued that resulted in significant fines and penalties. In FY22, the resulting penalties were in excess of $1 billion.

5. SEC Marketing Rule: Lastly, the SEC’s new Marketing Rule is a “significant change to a core examination review area” for 2023.⁶ It will be important that advisers ensure compliance in this area, especially as it relates to performance advertising, testimonials, endorsements and third-party ratings, substantiation, and recordkeeping.

In particular, the SEC will assess whether advisers have appropriately considered the unique risks posed by all these emerging activities since the initial development of their compliance programs.

Best practices to help you prepare for an exam

While firms can be challenged by the added time and expense needed to develop a compliance program or a firm’s cultural resistance to bureaucracy, in my experience these three best practices are worth implementing:

1. Ongoing communication with your compliance team

Over the past year, I’ve seen examinations increasingly focused on the compliance program. Deficiency letters have called out CCOs for insufficient development and execution of the firm’s compliance program. In addition, the firm's leadership—including the CFO—have been mentioned for not fully supporting the CCO with resources and organizational buy-in around compliance.

Collaboration with your CCO and compliance consultant can bring broader insights to the discussion as your firm develops both the program and effective controls. The SEC emphasizes how critical it is to have participation and input across all business and operations lines.

Questions to ask your compliance team: Which SEC recordkeeping requirements should I be aware of? What can finance and operations do from a compliance standpoint, including any reviews and testing the team should be performing? Are fund documents sufficient in fee and expense disclosures to investors? What kind of processes need to be built out to support compliance monitoring and testing? Have we recently reviewed fund documents to ensure our finance and operations processes align?  What are best practices we can consider implementing?

In addition, I recommend ongoing communication with your CCO and compliance consultant and establishing routine touchpoints. The more frequent these touchpoints occur, the more likely you’ll have already covered many of the SEC’s questions during an exam.

2. A culture of compliance

You’ll also need to develop a culture of preparation within your firm. This requires building clear processes and procedures into your compliance program—from the structuring of accounts payable to the valuation of an investment.

Keep in mind that the SEC realizes every firm is different, so your program should be tailored to your unique culture. Reduce process complexity as much as possible and do what makes sense for your culture so adherence isn’t too difficult.

In the event of an exam, your firm should be able to produce requested documents in a timely manner, articulate your procedures and demonstrate compliance to the SEC.

Questions the SEC will ask: Does your firm have a tailored compliance policies and procedures in place? Is the required documentation easily accessible by all responsible parties? Do employees have a reasonable understanding of the processes and their roles? Is the leadership team supportive of a sound compliance program? Does your firm's culture uphold the execution of the program?

Your compliance program must be flexible and readily adaptable to change, such as shifting market conditions or investor demand. It should also incorporate periodic reviews and testing based on prior compliance issues, changes in business activities, and regulatory updates.⁶

3. Real-time access to industry updates

Lastly, ensure you stay informed on the latest regulatory updates, compliance best practices and enforcement actions. Armed with the latest information, you can take the initiative with your compliance team as well as adapt and scale your financial procedures to ensure compliance.

How to stay informed: Regulatory alerts from the SEC's Divisions of Enforcement and Investment Management Webinars and/or events hosted by private funds CFO groups Industry conferences like PE Insights, Private Equity Forums, and Private Funds CFO New York Forum Email alerts from your compliance consultant and/or legal counsel

Conclusion

After having worked with dozens of private funds CFOs, I realize there are significant constraints on your time and resources. Tapping into the deep knowledge, capacity and resources of your CCO and compliance consultant will greatly streamline your SEC examination process and help your firm prepare for the best possible outcome. For those of you who will go through an SEC exam in 2023, I hope my article provides help and guidance on how best to be prepared.