Current Trends in SEC Examinations – What to Expect Before Your Next Visit from the SEC

By:Patrick D. Hayes
From the September 2018 edition of NSCP Currents
Also listen to the audio reading on the NSCP Currents Podcast

Peace of mind isn’t something that comes easily to compliance professionals. Many of us are skeptics and perfectionists by nature. Sometimes even the passage of time can weigh heavily on our psyche, particularly if it’s been more than five years since the SEC last visited your respective firm. As you start to prepare for annual reviews of compliance programs and annual meetings to train and educate employees, here are a few common trends from SEC examinations we’ve seen this year. These observations will help you identify key risk areas affecting your firm, and after incorporating the practical takeaways and relevant recommendations into your programs, ensure your firm puts its best foot forward the next time the SEC comes in to kick the tires.

1. Marketing and Advertising

A stalwart of compliance programs everywhere, the focus of the SEC on marketing and advertising during an examination is as much a guarantee as death and taxes. What has changed (potentially) since your last exam is how the Staff views marketing and advertising, the increased focus on process, and additionally, how advisers have extended the forums in which their marketing and advertising efforts are at risk.

Focus on the process

While the Advertising Rule makes it clear that advertisements include offering advisory services in a “written communication addressed to more than one person,”[1] recent SEC examinations have shown an enhanced focus on the marketing process generally and the antifraud provisions that apply.[2] In short, firms centering their compliance efforts in the marketing review process on only those materials being distributed to more than one client or prospect are doing themselves a disservice, and the SEC will likely take note. To determine whether or not the material needs to be vetted by compliance as part of the marketing review process, firms should ask whether the material is being used to solicit or retain business versus answering a client request or day-to-day servicing of an account. For it to be considered the latter (and typically outside the scope of a compliance advertising review), the purpose and effect of the non-advertising communication must be client service, rather than seeking additional business or retention of current business (like in the case of an RFP from an existing client).[3]

The examination process itself offers another example to further demonstrate the importance of having a robust marketing review process for all relevant content, not just those materials being distributed to more than one person. During an SEC audit, the Staff will typically request all strategy pitchbooks (that surely should have been vetted by compliance), in addition to client materials used in on-on-one presentations associated with a particular strategy. If the content of the one-on-one presentation doesn’t match directly the content of a pitchbook detailing the same
strategy, the examination staff could find the firm has violated the the anti-fraud provisions of the Advisers Act.

Practical Takeaways and Recommendations

  • Prioritize process as much as the SEC does, no matter the nature of the content or marketing type. Regardless of how innocuous the content appears or whether it’s a one-on-one presentation, be sure to follow a consistent process when it comes to your firm’s marketing and advertising. This will help mitigate against inconsistencies in any of your marketing materials and ensure that neither the advertising nor the anti-fraud provisions of the Advisers Act are triggered during your examination.
  • Streamline the additional review that needs to be performed for one-on-one presentations, RFPs, or other similar types of marketing by having pre-approved templates that can be tailored to individual clients and prospects. This keeps the business unit happy and lessens the need for future revisions and approvals outside of those typically reserved for updating performance numbers. It can also help your firm develop a consistent brand and provide a consistent level of service for all of its clients and any related client reporting.

Social Media and Marketing

The integration of social media and business has provided a new forum for registered investment advisers to communicate with clients and advertise their services, and has added an extra layer of complexity for marketing and advertising controls in compliance programs. More than six years from the original National Exam Program (“NEP”) Risk Alert regarding social media,[4] the SEC has made it abundantly clear that social media activity can constitute advertising. As previously discussed by Michael Riedijik in “The High Stakes of Social Media in Financial Services” from the July edition of Currents, advertising on social media poses unique challenges, not just as another form of advertising, but also because of the recordkeeping demands involved.

The focus by the SEC during recent examinations appears to be two-fold: 1) what kind of internal controls does the firm have regarding social media usage (typically designed to prevent or mitigate against conflicts surrounding the advertising and recordkeeping rules); and 2) how is the firm reviewing those controls or testing those controls to ensure compliance? In preparation for the next exam, firms would be wise to tighten up their social media policies and further limit exposure in this area.

Practical Takeaways and Recommendations

  • Remove the ability to receive endorsements on LinkedIn or other social media sites. This is low-hanging fruit for the SEC to accuse your firm of advertising through the use of testimonials, which are strictly prohibited.[5] The easiest and cleanest way to implement this policy is to prohibit both receiving and giving endorsements on any social media platform.
  • Where the direct name of the firm is referenced (reminiscent of other marketing materials advertising the services of your firm), employee social media profiles must include a disclosure that indicates the nature and intent of the employee’s social media page. A common disclosure of this type will prevent against confusion in the reader and further protect your firm. For example: “The information contained on this site is for informational purposes only and should not be considered as investment advice or as a recommendation of any particular strategy or
    investment product. This profile should not be considered as a solicitation for services.”
  • Link the employee’s email address. By linking the email address to any employee profile that directly references the firm, this will typically allow all external messages to the employee’s page to be captured in the firm’s email system. Supplement this practice with continued training for firm employees that any outgoing messages tied to the advisory business must be conducted on the firm’s email system, and the firm should be able to avoid many of the recordkeeping issues tied to employee communications and social media.
  • Foster and ongoing dialogue with those in charge of marketing and perform periodic audits to make sure your firm has identified all the ways in which your firm markets and advertises to clients and prospects, including those instances on social media where the firm (or more likely, its employees) may be inadvertently advertising.

2. Cryptocurrencies

As referenced in the SEC’s 2018 National Exam Priorities regarding Retail Investors,[6] the compliance risks surrounding “Cryptocurrency, Initial Coin Offerings (ICOs), Secondary Market Trading, and Blockchain” continue to represent a growing risk to the Staff. In the release, the SEC stated its areas of focus will include: “whether financial professionals maintain adequate controls and safeguards to protect these assets from theft or misappropriation, and whether financial professionals are providing investors with disclosure about the risks associated with these
investments, including the risk of investment losses, liquidity risks, price volatility, and potential fraud.”

In addition to the stated focus areas above (that concentrate on firms already advising cryptocurrencies and related assets), recent requests from SEC examinations emphasize cryptocurrency issues that could affect firms even before they’ve started advising these assets. Specifically, the SEC examination requests indicate the Staff’s desire to understand the current breadth of advisers (and their affiliates and employees) considering engagement in the asset class and if there are any related long-term plans.

Below are some of the typical questions being asked of advisers during recent SEC examinations:

  • Does the firm provide investment advisory advice regarding investments in crypto-currency, initial coin offerings, distributed ledger technology, blockchain and/or any related products and pooled investment vehicles (collectively, “crypto-assets”)?
  • Is the firm aware of any of its supervised persons managing or recommending crypto-assets through outside business activities?
  • Are there future business plans for the introduction of crypto-assets to the firm’s investment advisory business?
  • Does the firm currently provide or intend to provide investment advisory advice regarding investments in cryptoassets through any affiliates?

Although these questions appear somewhat high-level, it’s important to note that despite the headlines, the vast majority of advisers haven’t dipped their toes in the cryptocurrency water yet.[7] As more and more advisers start to swim, however, it follows that the questions from the SEC will only continue to increase as well.

Practical Takeaways and Recommendations

  • Make sure your employees understand the importance and impact of investing in crypto-assets, particularly in personal accounts that may also be included in the firm’s AUM. Even if an employee is investing in their personal trading account, if that personal account is included in the firm’s RAUM, there’s the potential risk that those securities trigger the firm having provided investment advice regarding the purchase or sale of crypto-assets.
  • Use (and reuse) your resources wisely. As part of the quarterly Code of Ethics and personal trading reviews that take place, many compliance programs will already have the information they need (firm’s trade blotter and employee personal brokerage transaction history) to perform an audit of crypto-assets. Depending on the level of risk at your firm, this review could be upgraded to monthly or downgraded to semi-annually or annually. No matter the frequency, the audit can serve as great evidence to demonstrate your firm is aware of the compliance issues surrounding crypto-assets.

3. Alternative Investments

As the investment industry’s exposure to private markets continues to increase year after year,[8] more and more managers are utilizing an expanding array of private equity and other alternative investments to help diversify client portfolios. But advisers aren’t the only ones picking up on the trend. Requests from recent SEC examinations highlight the Staff’s continued attention on alternative investments and many of the related issues that can affect registered investment advisers of all types. This includes basic inquiries (are the securities held with a qualified custodian; what is the valuation policy associated with the investments; do you charge an advisory fee) to much more robust and nuanced questions (what is the due diligence process for analyzing alternative investments; what type of ongoing due diligence is performed; how are you making suitability determinations). While the depth and breadth of the firm’s response to these questions may differ, they all point to one thing: building a formal process.

Practical Takeaways and Recommendations

  • Formalize and document. Adding another committee meeting isn’t always the answer, but this is one opportunity where having a formal committee can materially add value to the way your firm approaches alternative investments. Furthermore, leverage that committee to develop and implement a formal methodology to define 1) the universe of potential (i.e. suitable) investors; and 2) the due diligence process on the investment and/or manager to determine if the investment is suitable for clients. Some other questions the committee should take
    into consideration include:

    • How are you defining a suitable investor?
    • Can firm employees participate alongside investors?
    • What types of communications are you sending to the potential investors?
    • What is the valuation policy attached to these investments?
    • Are the investments in these assets considered discretionary or non-discretionary?
  • Make sure your disclosures are up to date. Despite their increased exposure in the market, many investors (particularly retail) still lack an understanding of all the risks involved with alternative investments. To encourage a proper dialogue, firms should make sure to demonstrate the risks involved with the investment and whether or not commissions are received, direct investors to review important fund documents, and indicate whether employees may invest alongside clients after the allocations for each client have been filled.

4. Custody

Similar to Marketing and Advertising above, if the SEC is conducting an examination of your firm, you can bet your house they are going to ask questions regarding custody. Despite this long-standing tradition, recent SEC examinations have illustrated some new twists to the more established inquiries into custody. Following the SEC’s three-part guidance released in February 2017,[9] more recent examinations indicate the Staff’s expectation that firms be in compliance with the provisions of that guidance, and in particular with the items focused on clients with Standing Letters of Authorization (“SLOAs”) for third-party transfers and detailed client instructions for first-party transfers. For reference, the release provided no-action relief from the establishment of custody for third-party money movement where certain conditions were met, including one condition for RIAs to maintain a record showing the third-party receiving the money is not an affiliate of the adviser.[10] In order to avoid triggering custody for first-party money movement, the client must provide the custodian with written authorization listing the specific account details (names, numbers, etc.) for the accounts sending and receiving assets.[11]

Practical Takeaways and Recommendations

  • Know exactly why you have custody. More than just knowing that you have custody, the SEC wants to know specifically why you have custody. Don’t be over-inclusive just for the sake of it. To show your firm truly understands the Custody Rule[12] and how it applies to your business, compliance professionals should be just as concerned with including accounts where they have custody as excluding accounts where they don’t have it and they should legitimately be removed because of an exception. If you don’t perform this review and remove unrelated accounts, the SEC can still make the argument that you don’t understand having custody of your clients assets and fault you for not having the proper internal controls.
  • Be sure your policies reflect the February 2017 guidance. On first-party transfers, your firm should make sure it has turned off the adviser’s ability to access the custodian’s first-party transfer authorization for relevant accounts that don’t have the proper documentation. Often times, this task is completed by the IT department or IT service provider at your respective firms who have the ability to access a “security admin portal” or similartype platform. On SLOAs and third-party transfers, be prepared to substantiate the third-party receiving the funds is not an affiliated entity.

5. Other Notes

When it comes to SEC examinations, well-seasoned advisers with established compliance programs should be also ready to explain the compliance testing the firm performs and how it is applied. Is it risk-based? Is there an audit schedule? What does the firm do with the results?

On the other side, Never-Before-Examined (“NBE”) advisers can typically expect a lighter request list, but should be prepared to explain the compliance manual and specifically, the marketing and advertising. An examination of an NBE firm will almost invariably lead to the marketing and advertising, and at a high level, this makes a lot of sense. The SEC is looking to confirm you understand the basic blocking and tackling of compliance, and your marketing and advertising represents the most visible portion of the compliance program.

Legendary musician Willie Nelson has stated, “Once you replace negative thoughts with positive ones, you’ll start having positive results.” The world of compliance often feels like a never-ending grind. But armed with the information and best practices above, firms should feel confident they are heading in the right direction with their respective programs, and more importantly, that they have identified and mitigated some of the key risk areas ahead of their next exam. Let these positive thoughts drive productive change within your firm, and leave you ready to highlight the outstanding compliance program in place the next time you hear from the SEC.


1. Advisers Act Rule 206(4)-1(b).
2. Advisers Act Rule 206. Section 206 of the Advisers Act prohibits misstatements or misleading omissions of material facts and other fraudulent acts and practices in connection
with the conduct of an investment advisory business.
3. Inv. Counsel Ass’n of Am., SEC No-Action Letter (Mar. 1, 2004).
4. National Exam Risk Alert – Investment Adviser Use of Social Media, SEC’s Office of Compliance, Inspections and Examinations (Jan. 4, 2012) (social media posts by an investment adviser or its personnel in the course of the adviser’s business may be subject to Rule 206(4)-1), available at http://www.sec.gov/about/offices/ocie/riskalert-socialmedia.pdf.
5. Advisers Act Rule 206(4)-1(a)(1) (prohibiting advertisements that refer, directly or indirectly, to any testimonial concerning the adviser or any advice, analysis, report or other service rendered by the adviser). Recent SEC enforcement actions against two separate RIAs and related investment adviser representatives from July also demonstrate that testimonials can come in both written or video format, depending on the type of social media post: https://www.sec.gov/enforce/3-18586-90-s.
6. https://www.sec.gov/about/offices/ocie/national-examination-program-priorities-2018.pdf.
7. According to a 2018 Finder.com poll, less than 8% of Americans own cryptocurrencies (https://www.finder.com/why-people-arent-buying-cryptocurrency).
8. https://www.mckinsey.com/industries/private-equity-and-principal-investors/our-insights/the-rise-and-rise-of-private-equity.
9. On February 21, 2017, the SEC’s Division of Investment Management (IM) issued three separate forms of guidance describing certain circumstances in which SEC-registered investment advisers (RIAs) may have custody of client assets for purposes of Advisers Act Rule 206(4)-2 (“Custody Rule”). The additional guidance included an IM Guidance Update on inadvertent custody, an SEC no-action letter regarding standing letters of authorization (“SLOAs”) for third-party transfers, and an FAQ update regarding first-party transfer of assets. https://www.sec.gov/divisions/investment/noaction/2017/investment-adviser-association-022117-206-4.htm.
10. https://www.sec.gov/divisions/investment/noaction/2017/investment-adviser-association-022117-206-4.htm.
11. https://www.sec.gov/divisions/investment/custody_faq_030510.htm.
12. https://www.sec.gov/rules/final/ia-2176.htm.