Five Warning Signs of An SEC Audit

Document Sample
Five Warning Signs of An SEC Audit Powered By Docstoc
					                  NatioNal CompliaNCe
                  S e rv i c e S
                                                                                                    Five Warning Signs of an SEC Audit

Five Warning Signs of an SEC Audit
Know the Red Flags and Save Your Firm Endless Grief
by Rita G. Dew, National Compliance Services

Merely mentioning the words “compliance exam” is enough to
frighten the owners of registered investment advisory firms and                              Why you should care about
                                                                                             an SEC audit
their compliance officers. Discussing the exam process can trigger
nightmares of compliance deficiencies, regulatory fines, disciplinary                        All registered investment
action, and worse. It is imperative that registered investment adviser                       advisers are subject to
(“RIA”) principals take steps now to avoid the prospect of facing                            compliance audits by the SEC
a compliance exam and not being prepared. If you have made a                                 and/or state.
reasonable effort to fulfill your compliance obligations, a routine SEC                      If warranted, an audit can trigger
or state exam should be relatively painless. But how do you know that                        an investigation that can include
your firm is making a reasonable effort to avoid compliance problems?                        employees and clients.
Appointing a knowledgeable compliance officer is just the first step. The                    If the audit does not go well
key to avoiding regulatory nightmares is to recognize the compliance                         your firm may be fined, sued or
red flags and warning signs and to take corrective actions before you                        shut down.
start your day with a knock on the door followed by these words:

      Good morning. We are from the SEC/State and are here to
      conduct a compliance exam of your investment advisory firm.   

Warning Sign 1: Errors and Omissions in Your Registration Documents
Two of the most common compliance deficiencies for state- and SEC-registered investment advisers are
inconsistencies between the parts of the firm’s Form ADV and failures to amend its regulatory profile in a
timely manner.

Start today and conduct a comprehensive review of your firm’s Form ADV. This review should cover all
components of this complex document:

      •	 Part	1A	 	      	       	     	       	                       •	 Part	1B	(for	state-regulated	firms)
      •	 Part	2A	 	      	       	     	       	                       •	 Part	2B
      •	 Appendix	1	(for	wrap	program	sponsors)

NCS | 355 NE 5th Ave, Suite 4 | Delray Beach, Florida 33483 P (561) 330-7645 F (561) 330-7648 E    u
                                                                                                    Five Warning Signs of an SEC Audit

Make sure every statement is current at all times and that every word is consistent with reality—and that
all documents agree with each other. Discrepancies will raise red flags as well as questions in any event.

Eliminate any outdated or fictitious academic and professional designations from all biographical
forms and disclose everything you are required to disclose. Some of the most common deficiencies
resulting in enforcement action involved failure to disclose material information, including conflicts of
interest and misleading registration filings.

Assets Under Management

Never exaggerate your assets under management (“AUM”) for marketing purposes or round it down for
regulatory convenience, and make sure you know what qualifies when calculating AUM.

As	of	2011,	RIAs	must	disclose	regulatory	assets	under	management	on	their	Form	ADV.	This	includes	
all securities portfolios for which continuous and regular supervisory or management services are
provided, including family or proprietary assets, assets of foreign clients, and assets managed on a pro
bono basis or on which normal compensation is otherwise waived.

Do not deduct any outstanding loans, securities purchased on margin, or other accrued liabilities. The
SEC’s rationale is that it does not matter if a client has borrowed money to purchase a portion of the
regulatory assets under management. All calculations are on a gross basis.

Number and Type of Clients

While	large	RIAs	are	allowed	to	report	an	approximate	number	here,	those	with	under	100	clients	still	
need to provide an exact count.

All RIAs must answer questions regarding the types of clients they serve (now including business
development companies, other investment advisers, and insurance companies) and report the approximate
percentage of regulatory assets under management that can be attributed to each broad class.

The regulators also require an approximation of how many of a firm’s clients are not U.S. citizens.

Remain Current

Should this review reveal that you need to update any or all your forms, submit the revised paperwork
to all applicable regulatory authorities promptly.

From that point, whenever any aspect of your business practices change, make sure your disclosure
statements change to reflect it.

Remember, while most RIAs are only required to update their Form ADV once a year as part of their
annual updating amendment, this is only a minimum and not optimal practice.

Your real responsibility is to get and remain current on an ongoing basis. Doing so will help minimize
the odds the SEC or state regulators will need to address this very common area of deficient compliance.


NCS | 355 NE 5th Ave, Suite 4 | Delray Beach, Florida 33483 P (561) 330-7645 F (561) 330-7648 E   u
                                                                                                    Five Warning Signs of an SEC Audit

Warning	Sign	2:	You	Have	Not	Addressed	Prior	Exam	Findings	  
Unless this is your very first audit, the regulator will already have a file on your firm that incorporates
previous findings and recommendations.

Few registered investment advisers will conduct their affairs so flagrantly that they immediately incur
enforcement actions.

In most cases, the firm will receive a deficiency letter outlining violations and a certain time frame to
correct the violations and make a good faith effort to implement policies and procedures to address the
issues raised.

However,	enforcement	actions	become	far	more	likely	if	an	RIA	fails	to	correct	problems	uncovered	during	
previous exams.

Work to address all observed deficiencies before you start thinking about your next audit. While your
hard work may only result in another deficiency letter, the goal here is to ensure that all of the regulator’s
concerns are new ones.

It should be a priority for RIAs to be able to demonstrate that they are taking all previously noted deficiencies
seriously—without backsliding or delay—to sincerely promote a culture of compliance.

Compliance officers should also draw parallels from previous regulator concerns to deduce new potential
problem areas as their firms’ operational footprint changes. If, for example, your firm has a history of lax
client data security on desktop computers, make sure to put a comprehensive solution in place before
adding mobile or tablet devices to the mix.

Update your compliance manual with observed deficiencies and the concrete steps taken to address
new rules as well as old grievances. Examiners will not be impressed by a manual that fails to reflect an
RIA’s business and any outstanding issues or appears to have been compiled from out-of-date boilerplate.

Since the regulators keep their own careful records, never yield to the temptation to falsify documents.
Backdating documents in order to present the illusion of retroactive compliance has created problems for
firm after firm.

If the compliance officer uncovers evidence that files have been altered, all documents need to be examined
immediately to gauge the extent of the problem and the limits of the corrupted historical record.

The examiners do not expect to see that you have had perfect procedures in place since Day One. They
know that your firm’s business is evolving and so your compliance manual will have to evolve with it.

They also know exactly what they have previously communicated to regulated firms and when those
communications took place. Trying to impress the examiners by backdating the process only raises questions
about how serious personnel are about their regulatory responsibilities and what they may be trying to hide.


NCS | 355 NE 5th Ave, Suite 4 | Delray Beach, Florida 33483 P (561) 330-7645 F (561) 330-7648 E   u
                                                                                                    Five Warning Signs of an SEC Audit

Warning	Sign	3:	You	Are	Not	Properly	Registered	Where	You	Do	Business
It is crucial that every RIA satisfy all registration requirements for all applicable federal and state regulators.

The Dodd-Frank reforms create a new category of advisory firms referred to as “mid-sized advisers” and
shift primary responsibility for their regulatory oversight to the states. Mid-sized advisers are defined as
those	firms	with	assets	under	management	that	range	from	$25	million	to	$100	million.	

By this point, all mid-sized advisers should have switched to state oversight and withdrawn their SEC
registration unless:

      •	 The	 state	 in	 which	 they	 maintain	 their	 primary	 office	 does	 not	 conduct	 adviser	 examinations	
         (Wyoming, New York).
      •	 They	operate	in	a	large	number	of	states	simultaneously.
      •	 They	can	rely	on	a	separate	exemption	for	SEC	registration.

The	SEC	has	also	set	up	a	buffer	zone—currently	between	$90	million	and	$110	million—to	alleviate	the	
need to switch frequently between SEC and state registration as the value of a given firm’s assets under
management fluctuate.

However,	newly	formed	RIAs	that	are	required	to	register	in	15	or	more	states	or	that	expect	to	have	at	
least	$100	million	in	assets	under	management	within	120	days	of	their	registration	approval	should	
register with the SEC at the outset.

Multi-State Advisers

Under the new rules, all firms who are required to register as an investment adviser with 15 or more
states must register with the SEC instead, while those who stop doing business in as many states must
revert to state-by-state registration.

Advisers are only required to assess their eligibility for SEC registration once a year. This will mitigate the
frequency with which an RIA will have to switch between federal and state registration to reflect shifting
operations and client mix during the year.

Exemptions Abound

Pension consultants	that	provide	investment	advice	to	plans	with	assets	exceeding	$200	million	may	
remain SEC-registered.

Family offices with fewer than fifteen clients now need to register unless they are wholly owned by
“family” clients—related within ten generations—and neither provide investment advice nor advertise
themselves to anyone else.


NCS | 355 NE 5th Ave, Suite 4 | Delray Beach, Florida 33483 P (561) 330-7645 F (561) 330-7648 E   u
                                                                                                    Five Warning Signs of an SEC Audit

Investment advisers may generally also maintain up to five out-of-state clients per jurisdiction.
However,	Texas	and	Louisiana	still	require	advisers	to	register	in-state	before	providing	or	offering	to	
provide advisory services to any clients.

Institutional clients are a complicated topic, with some states allowing a certain number and type of
exemptions here and others drawing a hard line at zero.

Because state requirements vary and are complicated, advisers should not solicit clients in any state
unless they have reviewed these exemptions.

This may mean letting clients go when they change primary residences or passing them on to properly
registered colleagues who can legally serve them.  

Warning	Sign	4:	Client	Complaints	and	Lack	of	Supervision
The	SEC	and	state	examiners	will	ask	to	see	all	“client	complaints”	you	have	received.	How	do	you	know	
what qualifies? And how do you prove you handled them properly?

A complaint is generally defined as “any statement (whether delivered in writing, orally, or electronically)
of a client or any person acting on behalf of a client alleging a grievance involving the activities of those
persons under the control of the RIA in connection with the management of the client’s account.”

Establishing a system for dealing with client accounts from inception and maintaining robust
documentation throughout the client relationship goes a long way in responding to a client complaint.

At a minimum, RIAs should take the following steps:

      •	 Establish	a	procedure	to	track	complaints
      •	 Implement	a	policy	requiring	prompt	reporting	of	complaints	by	advisers	and	associated	
         persons to the chief compliance officer
      •	 Investigate	all	written	and	oral	complaints
      •	 Consult	with	counsel	and	the	firm’s	errors	and	omissions	carrier	before	discussing	a	
         resolution to the complaint
      •	 With	approval	of	counsel	or	the	chief	compliance	officer,	keep	the	person	making	the	complaint	
         apprised of the progress of the investigation
      •	 Notify	the	person	making	the	complaint	regarding	the	adviser’s	decision	and	proposed	
         course of action
      •	 Maintain	originals	of	communications	sent	or	received	relating	to	the	complaint	

Identifying a “Complaint”

When clients are anxious about the market or the volatility of their portfolios, it is often difficult to
determine whether these negative remarks should be construed as a complaint.


NCS | 355 NE 5th Ave, Suite 4 | Delray Beach, Florida 33483 P (561) 330-7645 F (561) 330-7648 E   u
                                                                                                    Five Warning Signs of an SEC Audit

To determine if a letter or unpleasant conversation represents a complaint, the chief compliance officer
should be notified immediately. Once he or she receives it, the first priority is determining whether the
client blames the firm or any individual affiliated with it for bad advice or incorrect investment decisions.

If	so,	prompt	action	must	be	taken.	Ignoring	customer	complaints	is	never	an	option	for	an	RIA.	Putting	
complaints on the back burner can also exacerbate a bad situation.

An RIA is required to maintain a separate file for all client complaints at its principal place of business.
The file should include the following information:

      •	 Who	filed	the	complaint
      •	 The	date	it	was	received
      •	 The	name	of	each	adviser	representative	who	worked	on	the	client’s	account
      •	 A	description	of	the	situation	that	led	to	the	complaint
      •	 Copies	of	all	correspondence	relating	to	the	complaint	
      •	 A	written	report	summarizing	the	action	taken	in	response	to	the	complaint

The examiner will want to see this file as well as documentation of supervisory review and, ultimately,
how each issue was resolved.

Beyond case-by-case conflict resolution, policies and procedures should spell out an RIA’s record-
keeping obligations regarding any interaction that can be construed as a “complaint” from an existing
or former client.

Warning	Sign	5:	Your	Compliance	Officer	is	Not	Knowledgeable	About	
the	Securities	Laws
The SEC and state regulators have been anything but secretive about their compliance priorities. Alerts
and revised guidelines are regularly published and it is the compliance officer’s responsibility to monitor
official publications for updates.

At a minimum, the compliance officer needs to be sure your firm can pass five key tests:

      •	 Registration	
      •	 Books	and	records	
      •	 Supervision	
      •	 Advertising
      •	 Unethical	business	practices

Registration revolves around the Form ADV and all other regulatory filings. Deficiencies here often
relate to inconsistencies between filings as well as simple failures to submit or amend data on time. To
pass this test, your compliance officer should conduct a comprehensive review of your client base, at
least annually, to determine if registration for the firm or individuals is required in any jurisdiction where


NCS | 355 NE 5th Ave, Suite 4 | Delray Beach, Florida 33483 P (561) 330-7645 F (561) 330-7648 E   u
                                                                                                    Five Warning Signs of an SEC Audit

you maintain clients. As discussed above, you should also submit all required paperwork in all relevant
jurisdictions on time, and submit amendments as necessary.

Books and records that RIAs must maintain are quite specific. Deficiencies tend to revolve around
incomplete documentation of client suitability as well as infrastructure-related issues like secure
archiving, off-site backup, advertising, and account privacy. RIAs also owe it to their clients to have a
disaster recovery plan on file.

Examiners have also uncovered missing or incomplete client contracts, so make sure that every client’s
file is complete and presents no obvious gaps.

Supervision red flags include weak or nonexistent procedures, incomplete monitoring of employee
trades, and failures to keep a close eye on branch offices and other remote locations.

The compliance manual must be up to date and tailored to a firm’s specific activities rather than being
an off-the-shelf boilerplate document. And its contents must be enforced.

Regulators are increasingly holding chief compliance officers personally responsible for lapses that
occur under their oversight, so your chief compliance officer must have the power to discipline repeat
offenders and not simply note problems as they occur.

Advertising includes all aspects of the way a firm represents itself to the investing public, including
websites, correspondence, Facebook posts, Twitter messages, brochures, and business cards. Examples
of all such documents and communications must be retained and filed for examiners to review.

In the case of social media, this will probably entail having a robust technology solution in place to
capture messages. Remember, even a seemingly innocent “like” or “+1” can be considered a prohibited
testimonial, so stay up to date with developments in this space and err on the side of caution.

Check all performance claims especially stringently and preserve all necessary documentation.

And make sure all advertising materials agree with each other and with your Form ADV and other filings.
Even if the examiner fails to notice a discrepancy, an aggrieved client’s attorney will definitely comb
your materials for misstatements and will highlight their findings if a dispute goes to litigation.

Unethical business practices covers a wide range of regulatory hot spots, but the major ones boil
down to disclosure, conflicts of interest, avoiding liability, and serving as a borrower or lender for clients.
Ultimately, compliance here means being able to document that you respect your fiduciary responsibility
and at a minimum do not overstep the bounds of discretionary authority or suitability.

All risks, services, fees, and conflicts of interest should be disclosed in plain English. Keep a detailed
record of due diligence activities to prevent claims that your firm favored certain products simply to
boost potential performance or its income. Conduct a firm-wide risk assessment and file the results.


NCS | 355 NE 5th Ave, Suite 4 | Delray Beach, Florida 33483 P (561) 330-7645 F (561) 330-7648 E   u
                                                                                                    Five Warning Signs of an SEC Audit

Checklist	of	Best	Practices
Securities regulators believe that robust policies and procedures can help RIAs avoid deficiencies. This is
the basis of what most advisers consider “compliance,” but rather than being simply handed down from
on high, these policies and procedures require constant review and, when necessary, revision.

All advisers are required to review and revise their Form ADV at least once a year to ensure that it reflects
current and accurate information about their firm and its associated persons.

In addition, the North American Securities Administrators Association (NASAA) recommends the following
best practices as instrumental in developing and maintaining effective policies and procedures:

      •	 Review	and	update	all	client	contracts
      •	 Create	and	maintain	all	required	books	and	records,	including	financial	documentation
      •	 Back	up	electronic	data	and	take	steps	to	protect	records
      •	 Document	any	instances	where	checks	were	forwarded
      •	 Create	and	maintain	client	profiles
      •	 Draft	a	customized	written	compliance	and	supervisory	procedures	manual,	including	a	
         business continuity plan
      •	 Formulate	and	distribute	a	privacy	policy	initially	and	annually
      •	 Maintain	accurate	financial	statements	and	purchase	a	surety	bond	if	required
      •	 Calculate	fees	accurately	and	in	accordance	with	clients’	advisory	contracts	and	the	firm’s	Form	ADV
      •	 Review	all	advertisements,	including	website	and	performance	advertising,	for	accuracy	and	to	
         ensure that no content is false or misleading
      •	 Implement	appropriate	custody	safeguards	if	they	apply
      •	 If	applicable,	review	all	solicitor	agreements,	disclosure	documents,	and	your	delivery	process

If any of the common audit red flags discussed in this document raise concern, now is the time to seek
help before it is too late.

RIAs are often afraid to correct mistakes in their compliance programs because they perceive this process
as an admission of guilt that will reflect poorly on them the next time the examiners come calling.

In reality, acknowledging lapses and taking corrective action without outside prompting demonstrates
to regulators that the firm understands its compliance obligations and is committed to implementing a
culture of compliance.

If you are not sure where you need to make changes or how to make them, we can help you identify and
correct compliance weaknesses and get a clean bill of health before the examiners arrive.  


NCS | 355 NE 5th Ave, Suite 4 | Delray Beach, Florida 33483 P (561) 330-7645 F (561) 330-7648 E   u
                                                                                                                   Five Warning Signs of an SEC Audit

About the Author  
                       Rita G. Dew is the founder and president of National Compliance Services, Inc. (NCS),
                       a compliance consulting firm formed to assist state and federally registered investment
                       advisers, hedge funds, mutual funds, and broker dealers nationwide. Ms. Dew is also the
                       managing	partner	of	The	Law	Offices	of	Rita	G.	Dew,	P.A.	The	focus	of	her	legal	practice	
                       is on investment management and representing investment advisers and broker dealers
                       on issues dealing with corporate and securities law in the financial markets.

This publication provides general information about securities regulation and is designed to help
readers address their specific compliance requirements. It should not be construed as, and does not
constitute, legal advice on any specific matter. Your chief compliance officer should review your firm’s
internal compliance system in conjunction with this article as a self-analysis of your firm’s operations
and policies and take needed proactive measures to address your compliance requirements.

National Compliance Services’ consultants advise clients on the full spectrum of regulatory and
compliance issues confronting registered investment advisers. For more information about the issues
contained in this publication or to discuss how any of these concerns might impact your firm, please

          Chad Jones
          561.330.7645	ext.	210		

For more information about National Compliance Services, Inc. and its products and services, please
visit us online at
©	2012	National	Compliance	Services,	Inc.	All	Rights	Reserved.	Any	reproduction	all	or	in	part	is	strictly	prohibited	without	prior	written	consent.


NCS | 355 NE 5th Ave, Suite 4 | Delray Beach, Florida 33483 P (561) 330-7645 F (561) 330-7648 E                          u

Shared By:
Description: Five Warning Signs of An SEC Audit published by Rita G. Dew, National Compliance Services