SEC Exam Preparedness: Thriving, Not Surviving
Main Contributors: Gretchen Sturdivan, CSCP Compliance Manager & Creative Director & Elizabeth Cope, CPA, CSCP, CIPM, CEO & Lead Consultant
Background
SEC exams are an inevitable component of a Registered Investment Adviser’s (“RIA”) existence, and we have found that CCOs can reduce the stress associated with a potential exam if they know what to expect. Instead of anxiously waiting without clear expectations or an idea of what you would need to produce for the SEC, this article will provide you with a taste of what you can expect.
What to Expect: Data Request
Every RIA can generally expect to be examined by the SEC every 5-7 years or so; however, this does vary based on a multitude of factors such as the firm size, assets under management, and perceived risk. Not always, but newly registered advisors should be expecting an exam within 18 months of their registration. An RIA could also be part of a random sweep exam or for-cause exam, which can happen at any time. Whenever the SEC comes knocking at your door (usually by phone and email), know that you will generally have a 2 week turnaround for the initial data request. This can put a strain on your whole team and will require all hands-on deck to pause their work and jump in to help. Several individuals are usually involved in gathering the requested data, as the requests will generally involve all aspects of your RIA’s operations.
Once you upload the initial request data, you may receive a second sample request letter with follow up requests based on your initial data uploads and interviews. This could take days, weeks, or even months, depending on the staff you are working with, how many exams they are managing, and the scope of your exam.
SCS Suggests
Take the initial request letter that the SEC provides and turn it right around into an editable Word document that you can use as a cover letter to respond with. While gathering documents, we suggest you use this internal Word version of the request as a workflow tool to keep track of your progress and to delegate tasks to other staff members. You will want to stay organized by having the data file names correspond with the numbered requests in the request letter. Once you have gathered all of the data, provide responses to each request item and reference the document name. This can accompany your data uploads to the SEC, so they have a guide for the document uploads and any responses that did not require data. Alternatively, you can upload documents to the SEC as they become available and have been reviewed internally.
What to Expect: Standard Request Examples
No two SEC request letters are the same from firm to firm or from SEC branch to branch; however, there are a few standard request items that are common to find within. You will almost always find a request for:
an org chart,
copies of your policies and material changes made during the examination period,
copies of your annual review,
current and terminated employee list,
marketing materials,
copies of all agreements and material changes made during the examination period,
outside business activity,
firm financials, and
your brochure supplement.
In addition to documentation that you should already be maintaining, they also ask you to generate data dumps in Excel, which we provide a few examples of below, so you can see the level of detail you would need to produce during the quick turnaround. It’s important to provide the requested information timely; however, if you need an extension, you can work with the SEC to request one.
Client List
In Excel, you will need to produce a current client list that includes some of the following examples. Use one column per request and label clearly using the SEC’s terminology. If the answer to one question is the same for multiple accounts, you also have the option to provide that response in a narrative format, rather than in an Excel column.
the account name, account number, and current balance for each account of the client, as of Month, Date, Year requested;
account inception date;
whether the client is a related person, affiliated person, or a proprietary account;
the type of account (e.g., individual, institution, defined benefit retirement plan, registered fund, or unregistered fund, another adviser);
whether the account is a wrap account;
whether the account is a government entity;
the account custodian;
a list of broker-dealers used to execute trades;
whether or not the adviser has discretionary authority;
whether the adviser, an officer, an employee, or an affiliate acts as trustee, co-trustee, or successor trustee or has full power of attorney for the account;
whether or not advisory fees are paid directly from the client’s custodial account;
whether the firm has custody over the client account (other than through direct billing) and a brief indication of the cause of custody (e.g., trustee relationship, full POA, bill pay, check writing authority, SLOA transfer authority, full custodial account username and password control/access);
whether the account holds any funds managed by, or affiliated with, the firm;
any other services provided to the account by the firm or any of its affiliates outside of the advisory agreement;
for clients obtained during the examination period, if applicable, name(s) of consultant(s) or solicitor(s) related to obtaining the client.
the account’s investment strategy or investment strategy for the account (e.g., global equity, high-yield, aggressive growth, long-short, or statistical arbitrage); and
the name of the account portfolio manager(s).
Securities Holdings/Investment Positions in all Client Portfolios
The SEC will want you to provide a list of all current securities holdings in Excel, as of a certain date they will specify, that includes the following information:
security name;
CUSIP (or other identifier);
name of each client holding an interest;
client account number;
number of shares or principal and/or notional amount held owned by each client;
aggregate number of shares or principal and/or notional amount held;
whether the position is fair valued; and
total market value of the position.
Private Fund Information
If your firm manages private funds, the exam request will most likely include additional information regarding the funds, such as details on direct and indirect fund expenses, all forms of compensation, side letters, fund formation documents, audited financials, and specific information regarding the funds in excel as follows:
Name as shown in organizational documents (as amended);
Domicile (country);
If part of a master/feeder fund structure, full name and domicile of each fund;
Investment strategy and geographic focus, if any;
Number of investors and total assets as of Month, Date, Year requested;
Amount, if any, of Adviser’s equity interest in each fund as of Month, Date, Year requested;
Amount, if any, of Adviser’s affiliated persons’ interest as of Month, Date, Year requested;
Date the fund began accepting unaffiliated investors;
Whether the fund is currently closed to new investors and when it closed;
Amount/value of committed capital as of the final closing;
The current stage of the fund lifecycle (e.g. commitment, investment, liquidation, etc.);
Primary fund counsel; and
Auditor of the fund.
What to Expect: Interviews
You can expect to receive an interview request with key personnel at the firm that will be onsite or online/over the phone. Now that we are fully in 2025 and the intensity of the pandemic has come down, we are seeing an uptick in onsite SEC interviews again.
They can last anywhere from 1 hour to multiple hours. You may have just one interview or multiple interviews. When the SEC reaches out to schedule the interview(s), we suggest requesting an agenda or at least an idea of the areas or topics they plan on covering so you can properly prepare and make sure you have the right people in the interview. They usually use the interview as an opportunity to gain a high-level understanding of your firm, history, the services offered, fees charged, and to identify any potential conflicts of interest.
To prepare, we suggest connecting with your consultant, reading your policies and procedures and disclosure documents, and familiarizing yourself with the documents provided to the SEC, as they usually have specific questions about those documents during the interview process.
What to Expect: Exit Interview & Deficiency Letter
At the conclusion of your exam, the SEC will always provide you with an exit interview. During this interview, they summarize their findings, which you will also find in your deficiency letter, or if they don’t have any findings, they will communicate this fact. During the interview, the staff will often provide other suggestions that do not end up in your deficiency letter. Once you receive your deficiency letter, you will have 30 days to respond with your corrective action. Again, you want to be timely with your response, but if it is complicated and you need more time to determine the corrective action, you can request an extension. Following your response, you may never hear from them again, unless they have some follow-up or specific questions about your responses.
Conclusion
While we cannot guarantee or predict what you will encounter in your firm’s initial request letter from the SEC, we hope this gives you a taste of what you can expect. Though the turnaround feels rapid, ensuring your firm has a healthy culture of compliance will make this lift much easier, as other departments and employees can assist with putting the data and responses together. When you go through an SEC exam, it really is a full firm endeavor and does not solely land on the CCO. We are happy to provide a redacted SEC exam request letter if your firm would like to conduct a table-top exercise for preparedness.