SEC Examination Priorities for 2013: Translated into Plain English

Posted on

On February 21, 1878, the first telephone book was issued in New Haven, Connecticut. On the same date in 1925, the New Yorker published its first issue. And on the same date in 2013, the SEC published its examination priorities for the year.1 Some have called it the literary trifecta of the millennium. Most readers of sound mind, however, are more likely to rank the SEC’s examination priorities about as exciting as a phone book and about as stuffy as the New Yorker.

Be that as it may, there are still important takeaways that every registered investment adviser would do well to incorporate into his or her compliance program. In the spirit of the SEC’s push to write rules, disclosure documents, and guidance in plain English (see the initiative at, I have attempted to translate some of the exam priorities accordingly and interpret what the SEC is really saying to RIAs (in the “voice” of the SEC).

Fraud Detection and Prevention

Please, please, please, don’t do what Bernie Madoff did. It makes us (the SEC) look really bad and, more importantly, it doesn’t engender trust in the financial services industry. We use highly sophisticated qualitative and quantitative tools to analyze and assess RIAs and other registrants, and we are constantly on the lookout for fraudulent or unethical business practices. Put the interests of your clients first, and always act pursuant to your fiduciary duty as an investment adviser. You, as the RIA, are responsible for setting up a system to prevent and detect fraud in your firm. (If the SEC asked you what you do to prevent and detect fraud, how would you answer? More importantly, how would you prove your answer with documentation?)

Corporate Governance and Enterprise Risk Management

We expect you to assess the risks facing your RIA and correlate those risks to your corporate governance framework. More specifically, we want you to account for and manage your firm’s financial, legal, compliance, operational, and reputational risk. Risk management should not be conducted in a silo, but should instead incorporate everyone in the organization from the top down.

Are you a firm that could be affected by climate-related events (think Hurricane Sandy in 2012, the tornado outbreak in 2011, or the Loma Prieta earthquake in 1989)? If so, you’d better take a hard look at your business continuity plan. If your operational processes require a lot of manual calculations subject to human error, consider doing a spot audit of certain calculations. Each RIA will be subject to different risks, and it is important to customize mitigation efforts accordingly. And, as always, document your risk assessment and mitigation efforts.

Conflicts of Interest

Disclose any potential or actual conflicts of interest to your clients, and mitigate conflicts to the extent feasible. Disclosure of conflicts is usually communicated to clients in Form ADV Part 2, advisory contracts, or some combination thereof. Conflicts usually arise whenever an RIA receives a financial incentive to recommend a certain product or service to a client, regardless of whether that product or service is in clients’ best interests.

A non-exhaustive list of examples includes:

  • recommending securities transactions be cleared through an affiliated broker-dealer
  • recommending the purchase of a loaded or commissioned security whereby the RIA would indirectly benefit from or receive part of that load or commission
  • recommending a service provider, such as a money manager or custodian that sponsors events, provides research, or otherwise confers monetary or non-monetary compensation to the RIA.

Importantly, a conflict of interest is not inherently wrong or prohibited; the client simply needs to be apprised that a potential conflict may exist and consent to it.


Ignorance is no excuse. If you don’t know how your information technology systems work, what data security mechanisms are afforded to your clients, or how to recover your clients’ data in the event of an outage, hire or retain somebody who does. We are planning to examine certain firms specifically to review the robustness of their technological framework, especially as it relates to a firm’s business continuity and disaster-recovery plans. Locking the door behind you simply isn’t good enough.

Safety of Assets

Although this priority is primarily geared toward firms that assume custodial responsibility for client assets, there are important implications that apply even to RIAs that do not. The recently amended custody rule (Section 206(4)-2) within the Investment Advisers Act of 1940 (the “Act”) provides the operative guidance, and you should review its provisions to ensure you don’t inadvertently take custody of client assets, even temporarily.

And, as our recent examination findings have indicated, firms are routinely screwing up the custodial requirements (see, for example, Review this rule in the context of how you process client checks, cash, security certificates, or otherwise have the ability to control or direct client assets. Did you know, for example, that you may be considered to have custody over a client’s account if you serve as trustee for that client’s account?

It is your duty as a fiduciary to protect client assets from loss or theft, even if you don’t take custody of client assets as defined in the rule. As part of our examination process, don’t be surprised if we verify client assets with the applicable custodian or directly with the clients themselves.

Compensation Arrangements and Payments for Distribution in Guise

As previously mentioned, disclose compensation arrangements to your clients that may involve solicitation or referral fees, client servicing fees, revenue sharing, shareholder servicing, conference support, or other soft- or hard-dollar payments received by or sent to third parties. Clients deserve to know where your motivations lie and should understand what benefits you are receiving or conferring, and from or to whom.

Oversight of these payments should come from not only the RIA’s personnel, but from mutual fund boards as applicable. More specifically, we are looking for wolves in sheep’s clothing—the payment or receipt of distribution fees in disguise, which is essentially a faux 12b-1 program that may not be in compliance with the correlative section in the Investment Company Act of 1940.

Marketing and Performance

All marketing materials that contain performance information must be in line with Section 206(4)-1 of the Act and the seminal Clover Capital SEC Staff No-Action Letter,2 which impose very specific requirements upon investment advisers as relates to performance advertising.

We even specify what type and size font is to be used for disclosures! The accuracy of performance information is just as important as how that performance is displayed, footnoted, and explained. Hypothetical and back-tested performance is particularly susceptible to our scrutiny. Importantly, don’t forget how broadly we define advertising in Section 206(4)-1; generally speaking, an advertisement is considered any written communication to more than one person.

New Registrants

If you are one of the 2,000 or so investment advisers that registered with the SEC for the first time since early 2012, expect us to have a meaningful presence at your firm. This particularly will be the case if you are an adviser to a hedge fund or private equity fund that has not previously been registered, regulated, or examined by us. We want to make sure our relationship gets started on the right foot, so don’t try to pull the wool over our eyes on our first date. In other words, prove that you are truly committed to us by establishing a robust compliance program, embracing your fiduciary duty, and generally adhering to the myriad rules and regulations to which you are now subject. Unlike the world of human relationships, the more committed to us you are, the fewer “dates” we are likely to have. And I think we both can agree that’s a good thing.

Dually-Registered Investment Advisers and Broker-Dealers

It is more efficient for us to kill two birds with one stone. And by the two birds we mean an affiliated broker-dealer and investment adviser, and by stone we mean exam.

For investment advisers that are either affiliated with or dually registered as broker-dealers, don’t be surprised if the examination request list incorporates facets of both sides of the overall enterprise.3 At issue is the potential for conflicts of interest, especially when recommending brokerage or advisory accounts to clients, and how such conflicts are disclosed. It is admittedly challenging to determine which “hat” an investment professional is wearing in any given scenario, but the client must ultimately understand exactly what entities are providing services to him or her and in what capacity.

There have been recent rumblings regarding a uniform fiduciary standard for broker-dealers and investment advisers in the news, and the brokerage and advisory worlds have been colliding for some time. Bottom line: clients are rarely able to distinguish between the fiduciary and non-fiduciary standard and how it affects the advice they are given or the products they are being sold.


The SEC certainly has its hands full and must efficiently use its limited resources to fulfill its mission to protect investors, maintain fair, orderly, and efficient markets, and facilitate capital formation. To accomplish this daunting task, the SEC has adopted a risk-based examination framework that guides its National Examination Program. The 2013 exam priorities letter is a helpful inside look into this framework, and is worth careful review by RIAs registered at the federal and state level.


  1. See
  2. See
  3. See, for example, the second half of the SEC’s 2013 exam priorities or the 2013 FINRA examination priorities:

* * *

This article originally appeared in the June 2013 issue of the Journal of Financial Planning.