Test Your Skills: Run the Drills

In our recent blog Regulatory Exam Preparation: Audit-Ready Strategies we discussed steps and strategies to prepare for a regulatory examination. Now it’s time to put them to the test.

Document Request Lists

Have you seen a document request list? Knowing what to expect and how to respond to the announcement of an examination will help you to prepare for the real deal.

They say actions speak louder than words. Being able to respond to the initial document request list efficiently, completely, and in an organized fashion may be one of these situations.

Key Items Requested During a SEC/FINRA Examination

    • – Compliance policies & procedures
    • – Testing performed
    • – Risk Assessment
    • – Information on remote oversight processes
    • – Client complaints/correspondences and processes
    • – Records of non-compliance related to the firm’s COE
    • – Valuation information
    • – Information related to controls surrounding Information Processing, Reporting, Privacy
    • – Information related to trading activities
    • – Information related to identification, management of conflicts of interest and Insider Trading
    • – Information related to Advertising and/or Marketing activities
    • – Financial Records
    • – Custody Information
    • – AML

For more in-depth guidance, consider OCIE’s 2020 Common Program Deficiencies Risk Alert which cites issues with:

    • – The Annual Review and Identification of Risks
    • – Implementing/testing procedures
    • – Reviewing Advertising Materials

Can You Deliver?

If given the task to pull a specific period’s risk assessment, sampling of advertising reviews and tests performed to demonstrate the implementation of the firm’s policies –

1. Can you do it?

Everyone wants to answer “yes”, but if you note the observations outlined in the aforementioned Risk Alert, the “staff observed advisers that were unable to demonstrate… and “advisers that did not implement or perform actions required by their written policies and procedures.”

So, it appears that not every firm can…

2. If yes: how long did it take?

Does your process include email queries, SharePoint folders, excel spreadsheets, and a tap on the shoulder of an employee or two?

But what if someone forgot to save something somewhere, or an email was deleted, or the person before you had a code-based filing system that only they could decrypt?

Sounds like what should take a few minutes can lead to hours of work…

Run the Drill

With BasisCode Compliance™, our fully integrated suite was designed with these exercises in mind. Watch this video to see how efficient it is to extract your work and supporting evidence here:


Your firm needs to be prepared to answer requests promptly and professionally. The next step: See in real time how the BasisCode Compliance platform will make your team audit-ready.

Request a Demo