A Simple Guide To SEC Audit Preparation In 2019

A lot can happen in seven years. Seven years ago, the US had only just emerged from financial crisis, the London whale blew his spout, Mark Zuckerberg had a memorable first date on Wall Street with Morgan Stanley, and the Gagnam Style video exploded all over the internet.

compliance officers

By U.S. Government [Public domain], via Wikimedia Commons

Seven years is also the typical interval between SEC audits for hedge funds. And over the past seven years, technology has transformed everything, particularly for investment funds; the methods for trading, managing portfolios, and conducting research have all dramatically changed. There are new and better ways to connect to the outside world than ever before—platforms like LinkedIn, Telegram, Facebook, Catalant and Upwork have made information and people much easier to access.

Get The Full Ray Dalio Series in PDF

Get the entire 10-part series on Ray Dalio in PDF. Save it to your desktop, read it on your tablet, or email to your colleagues

Q3 hedge fund letters, conference, scoops etc

But if you’re the compliance officer of an institutional investment firm, your job responsibilities are the same. Just as before, you are charged with continually monitoring the behavior of your investment team colleagues. You still must maintain a code of ethics and compliance manual, onboard new hires and provide annual training sessions, and—the biggest lift—document your team’s adherence to policy.

In today’s world, information has never been easier to gather for investors—and it’s never been harder to track for compliance officers. These parallel trends mean that compliance officers have a lot more to worry about. They have to be tracking their analysts’ conversations on LinkedIn, Facebook, Catalant, or any of the other online channels—and the SEC will demand nothing less.

Here are a few things that every compliance officers can do to prepare for SEC’s knock on the door in today’s quickly changing environment.

Log everything. Yes, everything.

Document, document, document—and then organize. By monitoring all emails, messages and notes passing in and out of the firm, and then logging each conversation in a standardized, coherent way, you’re creating a pristine record of all of the research that is informing investment decisions. The SEC’s “Books and Records Rule”—Rule 204-2—enumerates exactly what books and records need to be “true, accurate and current.” Make sure you know what you need to be tracking, and do it diligently.

Trust but verify with the traditional expert networks.

The expert networks provide the service of maintaining some of the research-related logs the SEC asks for—but that doesn’t mean that there’s not a significant amount of human error going on in those 1,000+ person plus organizations of 20-somethings. For example, the traditional expert networks will screen experts before they speak with investment colleagues by asking if they’ve worked at a public company in the past six months—and if the expert says no, they’ll be cleared for research. But it’s not unheard of for a compliance officer to go on LinkedIn to see that, actually, the expert is still employed by the public company—and therefore is out of bounds. Compliance officers have a duty to check public information to make sure that it’s correct, even if expert networks are supposed to do it for them. New research tools that integrate with these platforms can serve to mitigate this risk.

Practice makes perfect. Do mock audits every year.

There’s no better way to be prepared than to pretend you’re getting audited every year, not every seven. Firms can hire independent auditors, which will pretend to be the SEC and take you through the standard auditing process. They’ll provide feedback on client policies and diligence record-keeping.

Hire right-and train rigorously.

In the end, you’re only as good as the ethics of the people you hire to observe the policies of your firm, as well as the training programs  that reinforce those policies. A good policy is to  re-train your employees every year on compliance procedures, to keep the information fresh. Every employee should know that anything untoward should be brought to your firm’s compliance officer or general counsel immediately. If there are issues to be dealt with, you’re the front line of defense. A good tactic is to use interactive training sessions with outside speakers, or to quiz your researchers on any new changes on compliance rules relevant for their work.

In the end, technology is only getting more and more advanced—as connectivity improves, these problems will only become more complex. But that doesn’t mean that the benefits of technology are limited to researchers. New software, such as Atrium, HelloSign, and Dropbox, have made it easier for compliance officers to manage the workflow and storage of compliance-related information and to enforce internal policies. Who knows what the next seven years will bring—but at least you’ll be prepared with these best practices.


About the Author

Gunnar Gregory is the founder and CEO of Vancery, a platform that connects investment professionals with industry experts. He is a former public markets investor, and a former Goldman Sachs M&A banker. He is also an advisor to several other new ventures and a real estate investor.



About the Author

Gunnar Gregory
Gunnar Gregory is the founder and CEO of Vancery, a platform that connects investment professionals with industry experts. He is a former public markets investor, and a former Goldman Sachs M&A banker. He is also an advisor to several other new ventures and a real estate investor.