Auditors may show up on your doorstep one morning unannounced.However it is likely that you will be provided with a few days notice, and be furnished a request for documents via fax.
If you are affiliated with a Broker/Dealer as a Registered Representative, one of the very first things you should do is notify your compliance department of the impending visit.(Even if the audit is to examine your outside/independent RIA.)Work with your BD compliance people through the resolution of the audit.
If you have been diligent in watching compliance prior to the audit, things should go relatively smoothly. If you have not prepared in advance for the inevitable exam, then a few days notice will not be of much help.You should already be doing an annual check-up of your operations.The Compliance Programs Rule requires an annual review of your policies and procedures (Written Supervisory Procedures).Confirm that your Form ADV, Advisory Agreement, and Written Supervisory Procedures are current based on changes in your operations or new regulatory developments.Once a year (or every other year) perform a mock audit (before the regulators get there themselves).This can be a self-audit, or you can bring in a compliance consultant.
In advance of any audit, everyone in your office should know who the point person is for the inevitable day that the regulators will show up.But the point person may not be there on the day of a surprise audit. Allow for this contingency with a back-up point person.Most auditors will conduct the audit anyway when they show up, whether “you” are there or not.
When the auditors arrive, they will present their business card and immediately identify themselves to the person at front.(Perhaps only one or two may show for a routine spot check.)They will ask for either the principal by name or for “the person in charge of compliance.”
There is no need to be fearful, however tact must be used at all times.The receptionist should ask the auditor to have a seat in the front lobby.In smaller firms, I suggest that the receptionist does not call the compliance principal on the intercom; rather to walk back to the principal’s office to announce the auditor.In this way the principal can give the receptionist some quick instructions away from earshot of the auditor.In larger firms, the receptionist will not be able to leave the switchboard, and the principal will have other staff that he can call on for immediate needs.
The receptionist will give the auditor’s card to the principal.Make note of which regulator and which division the card indicates:
- FINRA:securities brokerage
- SEC:investment advisor (sometimes may be securities brokerage)
- State Dept Corporations:securities, investment advisor, insurance, or general corporate matters
When the principal greets the auditor, escort the auditor to a conference room (or other out-of-the-way room with no working papers around).You want the auditor to work in quiet, and away from the day-to-day operations.The working room should be comfortable; well lit and ventilated.
The audit starts with the “entrance interview.”The auditors will want to talk with management (the compliance principal).The principal can invite other responsible staff into the entrance interview, especially when the staff has more day-to-day hands-on experience with the compliance files and procedures.It is OK to demonstrate that you work as a team, however management should not appear detached from their supervisory responsibilities.In fact, a current focus of audits is the “tone at the top.” (The auditors will also be reviewing how much of your budget has been allocated to compliance resources – staffing, print information, outside consultants).
The auditor will give an introductory speech, possibly hand out current regulatory releases, and ask some preliminary questions about the operation.This interview is a very important step.This meeting will set the tone for the exam.Be respectful, friendly, and confident, yet humble.The auditor will then provide the principal with a checklist of items requested for review.
Although you may not get a direct answer, try to find out if the audit is “routine” (your number was up) or if it is “for cause” (a complaint or other matter).You may also find out if the audit is being conducted as part of a “sweep” wherein the intent of the audit is to focus on a “hot issue” (e.g., soft dollars) across the securities industry as a whole.Even during a routine audit you may find that instead of a comprehensive examination, the auditors will select one or more areas for review.
Don’t be afraid to ask clarifying questions!(No, you don’t want them to start educating you on compliance issues you should already know.)If you don’t understand a request, it’s better to ask than to not be able to respond properly.Don’t feel like you have to produce something for every item on the audit checklist.Some things just won’t apply to your operations.Again, ask for clarity if you don’t recognize a document request.Maybe you have it and call it something else, or maybe you can confirm that it is not applicable in your case.
BEFORE retrieving any files, for multiple-business entities, clarify directly with the auditor exactly which entity is being audited so that files relating ONLY to that entity are provided.It is important not to give more than what is asked for, but do provide everything that is asked for.If asked for Rep licensing files, provide the whole file; but if just asked for U-4s or a list of Reps, only provide that.Once you provide information that is not requested, you are opening way for a more extensive audit.
You may inquire how long the auditor anticipates staying so that you may adjust your schedule.They can usually give you a good guess, barring the discovery of items that may cause a more extensive audit.The more available you are during the day to respond to requests, the faster the audit will go.So it’s a good idea to cancel appointments for the day – especially any activities outside the office.
Auditors will make a judgement if the firm is organized within the first 10 minutes of their visit.This is based on factors such as calmness of staff and ability to produce the correct papers and files with no hesitations.If the firm appears organized, the auditor will be more likely to scan the documents.If you appear unorganized (nervous and can’t find files), you are more likely to receive the fine tooth comb treatment.
It is therefore imperative that you know what to expect from an audit, how to treat the auditor, and know what files are needed and how to organize them.
The auditors have already done homework on you by reviewing results of prior regulatory exams (SEC, FINRA, and state securities division).They have inspected the enforcement databases and know if you’ve been naughty or nice.Therefore, when asked, do not be evasive about negative information about the firm or employees that is in the public domain or previous inspection reports. They may request to view previous inspection reports that should be in your files.Show them the deficiency (exam summary) letters and responses you have made.
Some auditors ask to look directly into client filing cabinets to pick some client files at random.Without appearing secretive, try to avoid letting the auditor have access to your file drawers.Rather offer to bring files to the auditor.Allow the auditors to feel they are in control of the audit, while you maintain control.To satisfy the auditors need for a random sampling of client files, offer a computer list of client names (you should always have this available on computer!), and then let the auditor pick names at random from the list.
When the principal leaves the room to retrieve the requested items, obtain the easiest items first and give those to the auditors to get them busy.(In fact, based on the advance document request if provided, many documents should already be available at the start of the audit.)Don’t let the auditors sit around wasting time (getting them angry and/or free time to start wandering around the office).Then, staff assistance may be needed to pull together other documents and files quickly and quietly, but have staff give these to the principal away from the room where the auditor is.The items like client files may need a quick glance or straightening prior to giving to the auditor.This is not the time to do a major overhaul of your files or to try to hide anything.The way to have a clean audit is to be prepared at all times.Keep the documents coming in to the auditors until you have checked off everything on the list (or determined which items are not applicable).Then, you can go back to attending to business (albeit remaining available), while the auditors go about their business.
If you select a point person (liaison) other than the principal, pick carefully.This person should not only know exactly where all files are kept, but have an excellent understanding of the compliance requirements.
Keep track of original documents provided to the auditors, and make sure to get all original documents back.The auditors will probably want copies of certain papers to take with them.Try to provide the copies yourself whenever possible so that you are aware what the auditor is taking.If you prepare a special list for the auditors, such as a list of reps and supervisors, always keep a copy of what you give them.
It is common for the auditor to want access to your computer to scan e-mails.Make sure you have an archival system that is searchable.E-mails are part of your books and records requirements that need to be maintained for the proper length of time.
While lighthearted conversation and humor may help ease the tension, keep conversation levels low.What may seem to be an innocent comment may strike a chord with the auditor.
Auditors are human beings.When they are aware that you understand the regulations and are trying to comply, I have seen them bend over backwards to help remedy a situation and not write up a deficiency.When they don’t feel that you have a proper “appreciation” for the regulations, they will make an issue out of something that you may have otherwise been able to resolve.
While the regulators may not hold “exit interviews” in every examination, it is a general practice to do so. These meetings can be very useful to give you a sense of what the auditor is thinking and the initial findings.The interviews can be beneficial to both parties to provide an opportunity to clear up misimpressions and provide additional information to the auditor.
It is not uncommon for the auditor to suspect wrongdoing in instances where you can explain why you are actually in compliance.Make sure you are on top of your facts – and you may be able to avoid a ding in your exam summary letter.If you were caught making a mistake, you may be able to show that it was a single occurrence and unintentional.The event may likely show up in the exam summary letter, but perhaps without harsh admonition.
If the auditors are ready to leave without an exit interview — request one!Hopefully your request will be granted.Note that the discussions are only preliminary findings, because much of the exam work and analysis is performed once the auditors return to their office.
You may be able to get an estimated timetable for the receipt of your inspection report called the exam summary letter (commonly referred to as the “deficiency letter”).In some cases (instead of the exam summary letter) you may get a “no finding letter” (no deficiencies found), or in rare cases a referral to the enforcement division if egregious violations were uncovered.If you do not receive any response within 90 days you should call to see if the file was closed without comment (sometimes the regulators rather be silent than put a no finding letter in writing), if your report was lost in the mail (you are responsible if you do not respond to your exam summary letter), or if your file is still under review (this could spell bad news if it is not wrapped up in 90 days).
It is common for auditors to call the office with follow-up questions after the exam has concluded, but prior to issuing the exam summary letter.Be responsive and attempt to clarify and resolve the issues informally on the hopes that some of the items do not show up in the letter.
Use the time after the auditor leaves and prior to your exam summary letter to begin correcting some of the items that were discussed, that are quick and easy to resolve.There may be some updates that you need to make immediately to your Form ADV, Agreement, Written Supervisory Procedures, and other documents, so that new clients are in receipt of corrected documents – but be aware that more updates will be likely after you receive the exam summary letter.So be cautious about sending updated documents to existing clients until you have the benefit of the full exam summary letter.If you plan on engaging The Consortium to assist you and responding to the exam summary letter, call as soon as the auditors leave so I can block work time for you.
Don’t feel bad if you do get back an exam summary letter with only one, two, or three minor deficiencies.They do not feel they have done their job if they can’t come up with a few issues that need correction.It is also not uncommon to get back a 15-page exam summary letter with lots of “small stuff.”So don’t get defensive and overreact.All you need to do is submit a letter stating the corrective action you have taken, or steps you will undertake to correct the items.It’s even okay to disagree with the deficiencies noted, but this takes careful crafting of your wording.(You need to demonstrate by citing the rules why you feel that you were in compliance.)If you don’t hear back from your response, then they have accepted your explanations. If they don’t agree with your course of action, then they will write back making another request.
An area of concern for auditors is repeat offenses.Once you have stated corrective actions you will take – DO IT!During the next audit, you already know what the first things are that they will be looking for.