When the Compliance Program rule ("Rule")[1] was first enacted by the SEC in 2003, the investment adviser community pondered how it should conduct its annual review. In accordance with the Rule, advisers registered with the SEC are required to "review, no less frequently than annually, the adequacy of the policies and procedures (to ensure compliance with federal securities laws).and the effectiveness of their implementation."[2]

In her 2004 speech, "The New Compliance Rule: An Opportunity for Change," Lori Richards Director of the SEC's Office of Compliance Inspections and Examinations, provided guidance on what advisers should do to ensure that the compliance program is dynamic.

"Compliance staff should continually be asking: Are we detecting problematic conduct with this policy? Based on what we've detected, should we alter our policy? Is there a better way to detect problematic conduct?....Were the actions we took, once problematic conduct was detected, adequate to deter problematic conduct by this individual or others?"[3]

The SEC registered adviser quickly realized that in order to construct and maintain an effective compliance program it would have to:

• Identify and assess the risks of the firm;
• Implement effective policies and procedures; and
• Create policies and procedures that address and allow each risk to be effectively managed. [4]

As the scope of today's SEC examination program focuses heavily on the adviser's compliance program, many advisers have elected to conduct a mock SEC examination. A mock SEC examination helps advisers to identify risks, which helps the firm in its development and testing of its compliance programs.

Should you elect to have a mock SEC examination, what should you expect?

When you have a mock SEC examination, the adviser should be prepared to have intense scrutiny on its business and risk management practices. Among other things, expect initial request for document production before the exam, followed by interviews, reviews of surveillance systems, and more document production during the examiner's visit.

Last month in Board IQ, Mark Goshko of Kirkpatrick, Lockhart Nicholson Graham shared that these reviews achieve important objectives for the adviser. Mock SEC examinations generally consist of the following phases.

"First is a basic documentary review of the written compliance program. The consultant or law firm reviews the compliance program documents, talks with the CCO and provides input as to where shortfalls may be or where improvements can be made."[5]

What we have found is that sometimes CCOs are too close to the adviser and may not be able to identify a deficiency or more often, the CCO has a "dual role" and may not recognize the deficiency. Increasingly firms want an independent look at the compliance program and want assurance that gaps have been identified and addressed and to ensure that nothing has fallen through the cracks.

As the "examiner" reviews and tests the investment adviser's compliance program, here's what to expect.

During the inquiry and identification stage, the examiner will review firm risks and assess the adequacy of the firm's policies and procedures for addressing those risks. The examiner will focus on whether the policy is clearly defined, whether the procedure is currently followed and if the procedure articulates roles and responsibilities for personnel to perform. Concurrently the examiner will evaluate the effectiveness of control procedures, including the type and frequency of supervisory reviews, what records are created by the adviser to track and report the outcomes, and whether escalation procedures exist for exception or outlier results. As part of the risk assessment, the examiner will review past SEC deficiency letters, assess past compliance discrepancies and consider SEC priorities in its examination process. In addition, the examiner will inquire into changes in the firm's business, including new lines of products and services offered, and consider what, if any potential conflicts of interest might exist as a result of this development. If conflicts are identified, the examiner will explore what checks and balances might be needed to address those conflicts. Finally, the examiner will consider changes that occurred in applicable regulations that might necessitate the firm to revise its policies or procedures.

In May 2005, Gene Gohlke provided guidance on the compliance review process. To help advisers further identify and document risks, Gohlke suggested using three compliance tests: Transactional tests, Forensic tests and Periodic tests. [6]

Transactional compliance tests are performed around the time an activity occurs and should be part of the regular compliance system. For example, for soft dollar arrangements, a transactional compliance test would be pre-approval of all soft dollar arrangements prior to the time of execution.

The annual compliance review focuses primarily on the two remaining compliance tests. Periodic compliance tests are performed at appropriate intervals rather than concurrently with each transaction to verify compliance with relevant requirements. For example, for soft dollar arrangements, the examiner may want to periodically review trades with unusually high commissions and obtain a report of which broker-dealers are most frequently used and why.

On the other hand, Forensic compliance tests critically test an activity to determine whether there is a suspicion that the compliance system is being subverted through some means that may be difficult to detect through some other form of testing. For example, with soft dollar arrangements, the examiner may want to review the soft dollar contract to ensure that there are no "adhesion" clauses that would impact the brokerage allocation process. Next, the examiner could review the brokerage allocation process and then listen to telephone calls between the trade desk and the broker-dealer to help ensure there are no "arrangements" that would influence brokerage allocation. Over time, forensic testing helps to identify and detect trends and patterns that could lead the adviser to evidence that misconduct has occurred.

Once testing is completed, the examiner has documents to support the risk assessment process. Periodic and forensic tests, internal audit reports and other surveillance efforts help examiners assess how the adviser identifies, manages and mitigates risks; whether the adviser finds problems as they occur; whether problems are resolved promptly; and if procedures at the business and compliance unit levels are performed in critical areas. Through review of various forms of back-up documentation such as exception reports, compliance checklists and work papers, examiners will provide inputs as to where shortfalls may be or where improvements can be made.

Once the examination is complete, the examiner helps the Adviser to come up with a time table to address any deficiencies noted. To keep the firm on track, we help our clients develop a compliance calendar. By identifying those areas that are most material and complex, those that may take the most time or effort to enhance or that require technology solutions, the examiner consultant can help the client build an effective timeline and calendar the steps necessary to enhance their compliance program. Together they may try to anticipate what changes may be required to your firm's policies and procedures next year. For example, now that the SEC finalized its soft dollar guidance, the adviser may need to update the firm's soft dollar policies and procedures.

Most importantly, a mock SEC examination which focuses on the annual review, among other things, should assist the CCO in identifying firm risk-management needs and potential resources necessary for the firm's compliance program. The adviser may need additional resources to accomplish its compliance objectives. Compliance personnel, outside consultants, development of an internal audit group, technology support and enhanced surveillance efforts may be considered and reported throughout the firm to help ensure that budget dollars are secured for these efforts.

Shustak Frost & Partners, PC performs mock SEC examinations and we invite you to contact us for more information.