Email FacebookTwitterMenu burgerClose thin

How to Conduct a Mock Compliance Audit for Your RIA

Byline profile imageWritten by Rebecca Lake, CEPF®
|
Byline profile imageEdited by Marie White, CEPF®
Byline profile imageEdited by Arturo Conde, CEPF®
Published on
Share

Registered investment advisors (RIAs) are subject to examination by the Securities and Exchange Commission (SEC) and/or state regulatory agencies. These exams typically take place every three to five years, and they’re intended to ensure that RIAs consistently meet compliance requirements. And conducting an RIA mock audit can help you feel more prepared when it’s time for the real thing.

SmartAsset’s Advisor Marketing Platform (AMP) offers financial advisors services like client lead generation, automated marketing and more. Learn about SmartAsset AMP today.

RIA Mock Audit Planning Tips

Mock audits help you pinpoint weak spots or gaps in your compliance program, affording you time to address and correct them before your actual SEC or state regulatory examination takes place. The most effective mock exam mirrors the process used by regulatory agencies to assess your firm’s compliance.

Professional audit and compliance firms can assist with a mock exam, and experts may recommend utilizing a third party so you have an objective, non-biased point of view. You can, however, choose to conduct a self-assessment instead if your schedule or budget doesn’t allow for that.

Here’s how to implement an RIA mock audit for your firm.

1. Conduct an Off-Site Review

An off-site review is the first phase of the compliance exam process. The SEC or state regulator sends your firm a request for documentation detailing information about your firm’s operations and business practices, which you’re expected to return promptly.

Here’s how to navigate this phase of your RIA mock audit.

  • Draft a mock request letter to send to your chief compliance officer (COO) with a list of required documents.
  • Have the CCO collect the requested records and submit them to you or to the member of your team who is acting as the mock examiner.
  • Review (or have your assigned mock examiner review) each document to ensure compliance with SEC Rule 204-2, which pertains to recordkeeping, and Rule 206(4)-7, which requires RIAs to have a written compliance policy.

The SEC may allow one to two weeks for you to gather your documents, which is the same time frame you should afford to your CCO. Now, what documents should they be prepared to share? The list can include:

  • Financial statements
  • A copy of your firm’s compliance policy and cyber security policy
  • Organizational charts
  • Client records
  • Records of disciplinary actions taken against employees
  • Documents detailing any changes to existing policies and procedures

These documents should be readily accessible and easy to locate. Some potential compliance red flags to watch for include missing or incomplete documentation, or a failure to maintain records for the period required by SEC rules.

2. Move to the Onsite Exam

Once regulators review your documentation, an onsite exam follows. Onsite visits may be announced or unannounced, and they typically take place within six months of the offsite review.

If you haven’t had an onsite visit yet, consider adding these steps to your mock audit.

  • Schedule an initial meeting with your CCO, acting as the examiner, to discuss the scope and purpose of the exam and what they can expect.
  • Review documents onsite, including copies of the firm’s Form ADV, code of ethics and cyber security policy.
  • Conduct interviews with your CCO and other key staff members to test their compliance knowledge.

Practice interviews can help the actual audit process go more smoothly and take the pressure off your CCO or other key employees who meet with examiners. The interviews are designed to give regulators a better understanding of your firm’s compliance practices and where deficiencies may exist.

It’s difficult to say exactly what an SEC examiner will ask; questions are often based on what they observe during the off-site review and onsite visit. Reviewing SEC exam priorities for the current year can give you an idea of what kind of questions you may encounter.

Sample topics for discussion may include:

Generally, you can expect examiners to be on-site with you and your team for three to five days. Any employees you anticipate being interviewed should be prepped beforehand about what to expect. For instance, you may advise them to ask for clarification of any questions they don’t understand.

3. Prepare a Written Report

The final phase of the SEC exam process is the written report. Examiners draft a report that summarizes everything they observed, both off-site and on-site, and includes any recommendations for issues that require attention or correction.

Once you have drafted this report, review it with your compliance team to discuss how to address areas that require improvement. Use this compliance meeting as an opportunity to brainstorm solutions and move forward, without pointing fingers or laying blame.

RIA Mock Audit FAQs

How Often Does the SEC Audit RIAs?

The SEC typically schedules routine audits of RIA firms every three to five years. These audits are intended to be a comprehensive review of a firm’s adherence to compliance standards. The SEC can also audit RIAs more frequently for cause if there’s reason to believe the firm is violating compliance rules.

Can RIAs Audit Themselves?

RIAs can perform mock audits to prepare for an SEC examination or an examination by state regulators. However, you may find value in outsourcing mock audits to a third party. An RIA compliance firm can offer a mock audit experience that mimics what happens in a real audit and provide valuable expertise and feedback on how to improve your firm’s compliance record.

What Happens If an SEC Audit Finds a Deficiency?

If your audit report mentions one or more deficiencies, the SEC will allow you to correct them. Failure to do so can result in penalties, so if you get a deficiency notice, act quickly and accordingly to address it before a small issue evolves into a big problem.

Bottom Line

An RIA mock audit is intended to be a dry run. As you move through each stage of the audit process, be observant and objective. Acknowledge mistakes or shortcomings, then turn your attention to correcting them so you can pass the real audit with flying colors.

Tips for Growing Your Business

  • Are you spending a lot of time (and money) on marketing, but getting little in return for your efforts? Marketing is often one of the biggest challenges advisors face, but you can overcome it with the right strategy. For example, partnering with an advisor marketing platform could help you gain more traction with your ideal clients. SmartAsset AMP (Advisor Marketing Platform) is a holistic marketing service that financial advisors can use for client lead generation and automated marketing. Sign up for a free demo to explore how SmartAsset AMP can help you expand your practice’s marketing operation. Get started today.
  • Marketing and cybersecurity are increasingly the focus of compliance regulations. If you aren’t up to date on the latest marketing rules regarding recordkeeping and client testimonials, or you don’t have a cybersecurity policy in place, those are two areas you may want to focus on first as you prepare for a mock audit.