<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=378468&amp;fmt=gif">

Our experts partner with compliance teams around the world to provide customizable, user-friendly software solutions designed to simplify every-day compliance processes while ensuring you meet the strictest regulatory standards.

Our system offers a host of benefits and reassurances for compliance leaders, compliance teams and technology specialists.

Automated conflict of interest detection and mitigation helps your compliance teams work better, faster and more effectively. The rigor of our reporting, surveillance, certification and security systems provides complete peace of mind for Chief Compliance Officers and board members.

Helping you to detect and prevent market abuses that could jeopardize your reputation and regulatory compliance. Actively manage insider lists and investigate employee trading in the context of current market activity and events.

Clear deals faster. Centralize deal data. Reduce your risk. Compliance Control Room lets you organize, manage, and monitor your firm's most important information flows from a single platform.

Whether for work or pleasure, it’s a mobile world. And a mobile workforce calls for mobile solutions. Introducing STAR Mobile. With STAR Mobile, employees pre-clear activity and report transactions on-the-go. Supervisors review escalated requests anywhere there’s a cell connection.

Ensure employees’ personal trading and investments comply with all regulatory requirements and company policies.

Ensure employees’ personal investments comply with all regulatory requirements and company policies.

Automatically pre-clear client gifts or entertainment to prevent breaches of anti-bribery regulations.

Avoid regulatory compliance breaches arising from employees’ external business activities.

Save time and resources in safeguarding your business from political conflicts of interest among employees worldwide.

Helping you to actively manage employee trading in the context of market activity and events to guard against insider trading.

Create unlimited projects to easily manage and monitor dynamic lists of employees who have access to insider information.

Compliance Control Room's enterprise-level single platform centralizes all your firm's deal-related activity—letting you manage control room activities more efficiently and effectively.

Increase employee participation. Increase data accuracy. Increase responsiveness. STAR Mobile is a native app that makes compliance simple, easy, and convenient.

blog-banner-image.png

Blog

Preparing For An External Audit: Part Two

The step-by-step of what to expect in an external exam and how best to prepare

Last week in this space, we looked at what an enterprise financial firm might expect to experience in the run-up to an external audit, or, as they're commonly referred to by industry insiders, external exams. We explored what triggers them, what regulators are looking for, and regulatory remits. Today we'll explore process: the step-by-step of what happens in an external exam and how best to prepare.

FOREWARNED IS FOREARMED
"The more organized you are before the SEC ever notifies you, the better." So says Niel Armstrong, CEO and founder of Gordian Compliance Solutions, a boutique consulting firm specializing in regulatory compliance services for financial firms. "You want to have really solid policies and procedures and code of ethics, and a good methodology for maintaining all your books and records in an electronic format. It makes life so much easier." The notification of an exam comes in the form of a document request letter, a request for information that comes to the CCO in the mail, typically asking for about 20 pages of data.

But not all document request letters are created equal. Each one is tailored specifically to the targeted firm, depending on what the regulator sees as that firm's particular risk areas. But the unique nature of these information requests can be used to the targeted firms' advantage. "The document request letter gives insight into what kind of exam it's going to be," says Patrick Dominguez, Director Of Investment Adviser Services for Gordian Compliance Solutions.

The SEC is typically looking at several risk factors, including investment strategy, newly submitted data by the registrant, and consistency of performance. Any of these items may raise a red flag. Again, Dominguez: "Right now, there's a focus on retail investors and cybersecurity. So if any of the request items seem to lean in one direction or the other, you can sometimes discern whether its a routine examination, or whether they're looking at practices they consider to be high risk."

GETTING TO KNOW YOU
Once examiners arrive onsite, the first thing they do is conduct interviews with key personnel, in an attempt to get a handle on who's responsible for what and how business is conducted. These interviews can last anywhere from two to four hours per person. Based on what was sent back to the SEC in the document request letter, examiners may use these conversations to delve deeper into areas of specific interest.

The SEC has, however, been known to not come onsite at all. "Sometimes they stay for two or three days," says Armstrong, "and other times they defer completely. Sometimes they'll send the document request, and tell you right away they're not going to be onsite. It really varies." But even if a regulator does entirely eschew face-to-face interaction, expect that at the very least there will be a phone interview.

Once the interviews are over the CCO will be the primary point of contact with the SEC, as the exam continues and additional documentation or data is requested. That's for investment advisors, though. On the broker-dealer side, the CFO might be involved more. And once examiners start to drill down into specifics, they may want to speak to the traders, to get a better understanding of how they made decisions to trade particular securities.

FINRA can be an entirely different regulatory animal than the SEC. The longest the SEC will be physically present is about a week. FINRA can be onsite for several weeks. Consider setting aside a conference room for them.

THE LONG AND THE SHORT OF IT
Like with any exam, you'll no doubt be anxious to get your results, but don't expect to hear anything anytime soon. "Wait times vary quite a bit," says Armstrong. "Sometimes you hear something back in two months, sometime six. I've seen it go as long as a year." The reasons for delay are mixed. At the SEC, examiners tend to stay for a long time. FINRA has more turnover. As a result, the SEC tends to be more organized in their processes and procedures overall.

There's also been a delay in regulators getting up to speed with all the digital and data-driven change that's come to finance. Part of that delay involves simply not having enough examiners on staff with the necessary technical backgrounds, though the SEC is coming around. "The SEC has started hiring more technical staff," says Dominguez, "people who can audit things like quant strategies and algorithms, and who can look through the more intensive financial data." State regulators, in general lacking the resources of the SEC or FINRA, may offer the longest waits of all.

The good news is, once exam results do finally come in, in the vast majority of cases nothing is found. Sometimes, what the regulators refer to as deficiencies are uncovered, where they suggest ways to do things better. Very rarely, if examiners find something they think is a violation of the law, cases will go to enforcement. What then? "There is an appeals process," says Armstrong. "If the SEC's enforcement division rules against you, you can schedule a hearing and argue against it."

FINAL TAKEAWAYS
Regulators prize a culture of compliance. Make sure everyone knows what their roles are. Document activity exactly as the manual says you should. Ensure your staff has adequate compliance training. Ensure your firm's stated policies and procedures will catch the conflicts of interest, market abuse, or equivalent risk to the business or marketplace they're designed to catch, and then adhere to them. Finally, conduct an annual review of all your policies and procedures and update them as appropriate.

"One of the most common findings to come out of SEC exams," says Dominguez, "is that an investment advisor hasn't conducted an annual review of its compliance program: an honest look at the policies and procedures as written versus the firm's actual advisory business practices. It's basics like this that will position you for a successful external exam, before it ever begins."

StarCompliance is a global leader in financial compliance software solutions. We have more than half a million end users with clients in more than 50 countries. Our products guard against employee conflicts of interest and market abuse, and in the process guard against reputational damage to your firm. Learn more about what StarCompliance can do for you. Book a FREE demo now.

externalaudit_webinarBLOG_CTA (002)

SHARE THIS STORY | |

Search

Follow

Recent Posts

Posts by Topic

see all

Subscribe to Blog