6.5 MIN READ
The notice for an upcoming regulatory examination. It’s the call that an advisor always dreads. It can evoke a certain amount of nerves on its own (especially if it’s your first time!) Double that stress if you are not well organized. Let’s dive into several ways to keep your compliance organized beyond the filing cabinet.
For the most part, in any regulatory examination, the majority of the time spent is during the initial document request and delivery. Previously, auditors would come knocking on financial firm’s doors—in a traditional office—and ask where the firm stores their client’s records. Auditors would then go through each filing cabinet, pulling manila folders full of vital information about each client. The shuffling through paper files kept examiners occupied for the majority of their time spent at a firm’s office.
Today, the majority of advisory firms are completely paperless. The common workplace among advisors has also changed where firms are no longer run solely out of a traditional office, many are run from a home office. Some advisors will rent an ad hoc office space if ever called by a regulator, and others would rather not have the additional expense and let examiners come directly to their residence. Nowadays, it is not uncommon for examiners to show up at your home and sit at whichever table or seat is provided while saying hello to your spouse, kids, and pets. Although these changes make it more convenient for advisors on a day-to-day basis, they can make the examination process a bit more tedious if your files are not well-managed.
Paperless firms require many of the firm’s records to be transferred between computers. To expedite this process, many examiners will provide a list ahead of their visit to begin reviewing documents shortly after the interview (more on that later). For the most part, examiners will provide you a link to a share-filing provider such as ShareFile, Box, or other similar document-sharing service and will wait until you upload the requested documents.
Advisors may find this initial document request extremely overwhelming depending—often depending on the jurisdiction. The SEC and certain states provide a glimpse of common documents they generally ask for but it’s never fully known what will be requested. The contents of the document request will depend on the Division, the discretion of that particular examiner, the advisor’s business practice, and answers provided by the Advisor. In short, you can never be fully prepared or know what an examiner will request, but keeping organized will help ease the stress and make the process that much more efficient.
Keeping compliance organized
The most prevalent advice for keeping compliance organized is to adopt electronic folders and organize them in a way that mirrors what you think the examiners will request. This structure can help both the personnel of the firm and examiners to find client records—it’s a win-win. But folder structure is not the only way to prepare.
Here are 5 tips to be mindful of when preparing for a books and records request by regulators:
Tip 1: Version Control
Advisory firms are required to maintain books and records for a period of 5 years (6 years if you’re in the state of Washington). This means that you are responsible for keeping all versions of past documents for a period of 5 years since the date you last altered them.
Generally, during an examination, there will be a specific examination period that regulators will focus on. For example, you may be asked to provide all versions of your Form ADV from the last fiscal year to year-to-date. Providing various versions of your Form ADV should be easy enough but if you’re looking for past uploads of your Form ADV Part 1 and 2, they are available through the Finra Gateway Portal.
However, keep in mind that it may be harder to produce certain versions of your documents if you’re overriding them. This might be relevant if you are consistently making changes to your Compliance Manual and not archiving the past versions.
Tip: When making changes, remember to turn on ‘Track Changes’ and save it as a new document with dates in the document’s name. Alternatively, when making changes, make a copy of the document, so that you are not overriding the current version.
Let’s dive into Compliance Manual changes a bit more. Firstly, for the majority of jurisdictions, it is required that personnel of the firm attest to receiving the firm’s policies and procedures (a.k.a your Compliance Manual) and some jurisdictions (including the SEC) require this attestation on an annual basis. Annually, the review should include updating your Compliance Manual. This is to ensure that you make the proper amendments to existing or additions to new policies in response to regulatory changes or changes that you have made to your firm.
This does not mean you need to make changes to your Compliance Manual every year if there has been no change in regulation or business practices, but at minimum, there should be a review of the document. The big takeaway is to make sure that as you are updating your documents (especially those that are internal), and that these updates are being maintained and archived to be able to provide to regulators.
We’d recommend following the below steps:
Step 1: Create and Maintain a Compliance Manual
Step 2: Have all personnel (including if you’re a solo firm) sign and date the documents
Step 3: Review your Compliance Manual annually and sign and date annually
Step 4: Archive past versions
Bonus points: Keep track of the changes you made to your Compliance Manual and consider having an annual compliance meeting to discuss the changes with your staff.
Tip 2: Use Shortcuts
For document organization, remember to use functions such as shortcuts to help manage files. For example, most regulators will want to see all executed client agreements. To open up every client file, drag that document to the appropriate folder to send to regulators and upload can be time-consuming. Thus it may be beneficial to create a folder specifically for Client Agreements.
However, you’ll also want to keep in mind that sometimes, regulators will want to review a Client’s entire client folder and will expect the Client Agreement to be in that folder. Thus, the solution….shortcuts. Create a shortcut that will allow you to keep both documents in separate folders but at the same time not have multiple versions of the same document.
Tip 3: Organize and Zip It
When regulators make document requests, they are always in a certain order. For example, the requests will be numbered. To make the process easier for everyone, it’s recommended that you upload the documents in the same manner and title your documents in the same order. Below is an illustrated example:
2. A copy of your most recent Form ADV, Part 2, and any disclosure document given in conjunction with or in lieu of Part 2.
3. Records providing evidence of your offer or delivery of your disclosure brochure or Part 2 of your Form ADV.
How To Name Your Files When Uploading:
2. Form ADV Part 2
3. Form ADV Delivery
This not only keeps the upload organized but also reduces the time spent on examiners trying to filter through your files which will make the entire audit process go by much faster. For No.3 in the above example, since this would include multiple files, advisors should use a folder and name the folder as noted above. You may receive an error when uploading folders when using some file-sharing programs. This can be resolved by zipping/compressing the folder before uploading it to the program.
Tip 4: Keep a Copy
Keep a copy of all documents provided to regulators. Not only are you required to keep those documents, but keeping an organized copy can help you to track down any items if asked follow-up questions later on in the audit process. We’d recommend that you create a folder for all past audits and include them in that folder. These records should include correspondence, documents delivered, as well as the response letter and any attachments to close up the audit.
Tip 5: Practice Makes Perfect
To prepare for these types of audits, it is helpful to test how well you’re able to provide these documents in a timely manner. This can be accomplished in a variety of ways:
- You can keep a books and records log that lists all of the books and records required of you—have a link to where to find those documents;
- You can conduct a mock audit and simulate how you will deliver the documents should one occur;
- You can review prior audits and do a books and records check every year or every other year to make sure that your records are still being maintained in an organized manner. This would help you to ensure those previously requested documents can still be delivered promptly.
Luckily XYPN has a community that loves to share. For members, they can view our forums to read about other members’ experiences with their audits and what was requested via our Compliance Member Forums.
Now….how should firms organize their files? We created a suggested folder organization structure for SEC-registered and State-registered firms.
XYPN’s Compliance Team can always assist firms through regulatory examinations. If you are a member of XYPN, reach out to the compliance team if you need consulting support. Not a member? Check out our Member Benefits to learn more about our robust compliance benefits along with all the rest (there are a ton).
About the Author
Terria Heng has spent her career in financial regulatory compliance. She started out as a compliance consultant at a boutique compliance firm located in Beverly Hills, CA, where she assisted breakaway brokers in transitioning from wirehouses to the independent RIA space. Prior to joining XYPN, Terria was a financial examiner at the Texas State Securities Board for 6 years. Terria has extensive knowledge in state compliance examinations, including effectively communicating with regulators, responding to regulatory inquiries, and best practices in practice management. Currently living in Portland, Oregon, Terria enjoys hiking the Columbia Gorge with her dog Kuba or going on long road trips with her partner in their Sprinter van.