This is a guest blog post from RIA in a Box, originally seen on their blog. For more information on Smarsh and RIA in a Box, click here.

Whether the RIA compliance examination is announced or unannounced, when the auditors arrive at your investment advisory firm’s office, you should expect a diligent and detailed regulatory review. Proper preparation for an investment adviser regulatory examination begins long before the auditor arrives in your RIA firm’s office. If your firm performs and documents risk assessments, compliance tests and conducts a firm-wide review annually, you shouldn’t expect too many surprises.  As the Chief Compliance Officer (CCO) of your registered investment adviser (RIA) firm, preparation for this inevitable review starts with you.

As RIA compliance consultants, we recommend that you designate a point person and make sure everyone in the office knows who this person is. The point person is normally the CCO and the person in charge of compliance in the office but may also be various assigned staff members to various RIA compliance procedures.  This person will be the one in direct contact with the auditors.

Some of other best practices you may want to consider during your firm’s RIA compliance examination include:

1. Give the auditors a comfortable place to work.  It’s always a good idea to have a conference room or office available that is away from the everyday activities. Show the RIA examiner(s) where the coffee and restrooms are located, but don’t be offended if they refuse even a cup of coffee.
2. Perhaps prepare a a brief 5 minute introduction of your firm for the auditors; introducing your firm persons and identifying the services offered. This should match the information found in your RIA firm’s Form ADV 2A and 2B regulatory filings. It’s a nice introduction by you to the auditors to show your firm’s preparation and respect for the regulatory audit process. This is also the time to emphasis your firm’s commitment to a “Culture of Compliance” which sets the proper tone for the balance of the audit. Keep in mind that the auditors will likely already know a lot of this information but will want to hear how you describe your firm.
3. In an optional entrance interview, the auditors will typically discuss why they are there and begin to ask preliminary questions about your RIA firm. This may also be the time when the examiners present their checklist used to conduct the exam if you haven’t received a document request when the audit was announced. Be ready, able and willing to assist the auditors with their requests for additional information or documents.
4. Have a system in place to retrieve requested items. The auditor will request numerous documents throughout the audit and will likely ask for copies to take back to their office. If you store all your documents electronically consider creating a separate online electronic folder that the auditors can access, etc. These request should go through your “point person”. Remember to make copies of, or keep a listing of, all documents the auditors ask to take. If you’re using paper files, it is good practice to remove the entire file from the file cabinet, and take it back to where the auditors are working.
5. Once the regulators are finished with the in-office portion of the audit, they will normally speak with you before they leave. This is called an exit interview and may consist of the auditors’ findings and should give you an idea of what you can expect on a follow-up deficiency letter.  Sometimes, you can clear up any potential deficiencies with brief explanations during this interview.
6. SEC Rule 204-2 requires SEC-registered RIA firms to maintain and keep current the following records listed below. State regulators will generally use the same list with some slight additions depending on your jurisdiction. The auditors will typically review these items in detail and compare them with your updated disclosure documents and current practice.

Records generally required for investment adviser firms:

• Receipts and Disbursements Journals
• General and Auxiliary Ledgers
• Order Memoranda
• Bank Records
• Bills and Statements
• Financial Statements
• Written Communications and Agreements (including electronic transmissions)
• List of Discretionary Accounts
• Advertising
• Personal Transactions of Representatives and Principals
• Client Records:
  • Powers Granted by Clients
  • Disclosure Statements
  • Solicitors’ Disclosure Statements
  • Performance Claims
  • Customer Information Forms and Suitability Information
  • Written Supervisory Procedures

Records generally required of investment advisory firms who have custody of clients’ assets:

• Journals of Securities Transactions and Movements
• Separate Client Ledgers
• Copies of Confirmations
• Record by Security Showing Each Client’s Interest and Location Thereof

Records generally required of RIA firms that manage clients’ assets:

(Note: these records are required to be maintained in an easily accessible place for a period of five years from the end of the fiscal year during which the last entry was made and, for the first two years, the records must be maintained in the investment adviser’s principal office.)

• Client Purchases and Sales History
• Current Client Securities Positions

Investment advisory firms are subject to periodic, sometimes unannounced audits by investment adviser regulators.  The purpose of an audit is to determine compliance with the regulator’s licensing, books and records, and anti-fraud requirements.

Once the regulators are finished with the in-office portion of the audit, they will normally speak with you before they leave. This is called an exit interview and may consist of the auditors’ findings and should give you an idea of what you can expect on a follow-up deficiency letter.  Sometimes, you can clear up any potential deficiencies with brief explanations during this interview.

In the 2013 North American Securities Administrators Asscoation (NASAA) Exam sweeps report, a survey of recent compliance examinations conducted by RIA state regulators, the top five RIA compliance deficiencies noted in audits were:

1. Books and Records Deficiencies (Missing Contracts and Suitability Documentation)
2. Registration Issues (Mismatched ADV Part 1 and Part 2 Filings, Fee Structure Problems)
3. Contract Deficiencies (Not Signed, Improper Fees, Hedge Clauses)
4. Brochure and Privacy Policy Delivery Deficiencies (No Annual Deliver of ADV 2A and Privacy Statement)
5. Advertising (Testimonial, Misleading Statements, Subjective Statements)

It’s not feasible to become RIA regulatory audit ready overnight and it takes more than just establishing a compliance program at your RIA firm to be compliant. An RIA regulatory audit experience will be a much more pleasant one when you are properly prepared.