Compliance program hygiene
Key Issues and Industry Standards

SEC exam priorities
- Information Security and Operational Resiliency: The SEC has emphasized cybersecurity and overall resilience by broadening the scope and enhancing existing regulatory requirements through statements and proposed rules.
- Marketing Rule: On April 18th, the SEC issued a risk alert regarding the SEC Marketing Rule. The staff highlighted recent deficiencies uncovered through a recent series of sweep examinations as well process as well as a handful of enforcement settlements. Among the topics of discussion were implementation of policies and procedures for use of hypothetical performance, material misstatements and omissions, and books and records.
- Gen AI and Emerging Technology: The SEC is cracking down on companies making false claims about AI technology. Chair Gary Gensler stresses the need for accurate disclosure, especially regarding the use of artificial intelligence. Violators are being investigated and warned by the SEC. The SEC highlights the risk of investor excitement and false claims associated with new technologies like AI.
- Anti-Money Laundering Programs: Examining broker-dealers and certain registered investment companies to evaluate the adequacy of their tailored AML programs, independent testing, SAR filing obligations, OFAC sanctions monitoring, and customer identification programs, to effectively mitigate money laundering and terrorist financing risks.
- T + 1: Aims to promote efficiency in the settlement cycle for securities transactions, with a focus on shortening the time between trade execution and settlement. SEC issued an examination risk alert highlighting specific T+1=related concerns for IAs, such as allocations.
- Off-Channel Communications: Off-channel communications pose an emerging risk in market participants’ examinations, as the SEC remains committed to safeguarding investors and maintaining market integrity.
Mock exams – why now?
Mock exams have historically proven to be a beneficial tool for preparing for and successfully navigating real-world regulatory inquiries. In today’s landscape marked by significant, macroeconomic, geopolitical, and technological changes, coupled with increased regulatory oversight, readiness for examinations and inquiries is now a critical aspect of effectively managing heightened supervision, including:
1
Enhancing Compliance and Risk Mitigation
- Serve as proactive measures to promoted compliance with regulatory standards
- Identify weaknesses or gaps in compliance processes and procedures, thereby mitigating risks and preventing protentional instances of non-compliance
2
Risk Monitoring and Informed Policy Decisions
- Allows regulators to monitor and assess risk levels associated with various market participants, including investment advisers
- By identifying and addressing risk areas through mock exams, regulators can make informed policy decisions, ensuring regulatory frameworks remain robust and adaptable to market changes
3
Utilizing a Risk-Based Approach
- Provide valuable insight into the compliance posture of market participants
- Aid in the prioritization of regulatory actions and resource allocation, enhancing regulatory effectiveness and efficiency
The value of conducting mock exams
As the SEC and NFA intensify the frequency and rigor of their examinations, investment advisers must prioritize preparation to sidestep potential penalties and sanctions. Mock compliance exams stand out as a highly effective preparatory strategy. Here is why:
Each mock exam is customized to address the specific risks and challenges your firm faces, ensuring targeted assessment and mitigation strategies are in place.
These exams evaluate the quality of your team's responses to regulator-style interviews and information requests. This process enhances preparedness and boosts confidence during actual examinations.
Mock exams keep your firm ahead of regulatory changes and the evolving priorities of the SEC and NFA. This forward-looking approach helps understand the impact on your business model, facilitating proactive adjustments to compliance practices.
Mock exams are instrumental in detecting compliance gaps or deficiencies. They provide actionable insights that help strengthen your compliance program and mitigate regulatory risks.
Fulfill regulatory requirements under Rule 206(4)-7 by obtaining an independent assessment of the operating effectiveness of your compliance program. This not only identifies strengths but also pinpoints areas for enhancement.
Mock Exam Process Timeline
Depending on the agreed-upon scope of the mock examination and the size and complexity of your organization, the exercise can range between 2 and 3 weeks for small to medium size firms and between 4 and 7 weeks for medium to large firms. Recommendation for the phased approach:
1
Pre-mock Exam
- Risk Assessment: Conduct a high-level risk assessment of the firms’ Compliance, Governance, Risk, and Control for advisory & fund activities, using information from requests and interviews, incorporating recent SEC and NFA guidance, enforcement learnings, and prevailing industry practices
2
Mock Exam Kick-Off
- Information Request: Issue a preliminary request letter akin to an SEC and NFA Exam to assess response quality and promptness. Review the business’ framework, offerings, marketing, filings, and policies to identify high-risk areas
3
Fieldwork
- Interview and Inquiry: SEC and NFA Examination style interviews with a range of the firms’ personnel
- Deep dive reviews of selected topics
- Deeper dive review design: Design review procedures to perform a deep dive review of the agreed upon focus areas
4
Reporting
- Drafting: Draft preliminary findings and observations and obtain the firms’ input to ensure factual accuracy
- Communication of observations and recommendations: Prepare observation and recommendation outlines and conduct workshop sessions to discuss review results
- Final Summary Report: Deliver a final report outlining the scope, review procedures, results of assessments and tests, and any recommendations
5
Response and Remediation
Findings and Recommendations: Make recommendations regarding risks or deficiencies identified in the mock exam and further we can rank the deficiencies in order of priority.
Implementation: Assist with planning and/or implementing remediation in response to report observations.
Points of contact
SEC and NFA examiners tend to interview personnel from across the 3 lines of defense. The Mock exam would include interviews with the following key points of contact:
PRIMARY: Chief Compliance Officer: Or highest-ranking compliance expert
- Ensures compliance with laws and policies
- Handles correspondence with regulatory agencies
- Manages compliance programs
Risk Manager: Head of Risk or Head of First Line Business Control would also be acceptable
- Identifies and mitigates risks
- Develops risk management strategies
- Communicates risk-related information to stakeholders
1st Line/Business: Portfolio manager, trader, or other high-ranking business employee
- Oversees trading activities
- Executes trades
- Manages positions and risks
- Ensures compliance with regulations and internal policies
Middle Office / Operations: Middle office, Operations, or even Tech employees that can explain how systems and processes come together
- Supports front and back-office teams
- Reconciles trading activities
- Manages settlements
- Maintains trade records
- Fund administration
Dive into our thinking:
Explore more
Popular category topics
Meet our team


