The keys to a stress-free SEC inspection

Being prepared, having a robust compliance program and co-operating with the SEC are all crucial elements to successfully managing an examination

Private equity firms have been required to register with the Securities and Exchange Commission (SEC) since 2012. To check firms are doing what they should be, the regulator launched an exam process through the Office of Compliance Inspections and Examinations at the end of 2012 and is now in regular inspection mode.

The main purpose of SEC examination is to determine whether a firm is in compliance with federal securities laws, is adhering to the disclosures provided to limited partners, and is maintaining an appropriate compliance program.

Regulatory oversight of private equity firms has been on the rise, whether it has come from the SEC or other bodies: according to the 2016 Global Private Equity Fund and Investor Survey by EY in co-operation with sister publication Private Equity International, the percentage of fund managers who said that their firms had been subject to exams or audits in the past two years has risen to 44 percent in 2015 from 41 percent in 2014, a significant increase from 28 percent in 2013.

More specifically, the SEC’s initial target was to hit about 10 percent of all firms with inspections. This rate looks set to rise as the regulator has asked for 127 additional examiners as part of its 2017 budget request, although this has yet to be approved.

The best way to handle an SEC exam is to be prepared and to know what to expect, say experts.

Here’s how the exam typically goes, according to the founding principal of Cipperman Compliance Services, Todd Cipperman: A private equity firm receives a notice from the SEC in the mail, including a request for documents. The request itself can be several dozens of pages long, and the bulk of the information it asks for usually includes specific data. The firm has up to two weeks to provide the information before the SEC comes to the firm’s offices, although it can ask for some information – such as an overview of the firm – within 24 to 48 hours.

When the regulator comes to the offices, there will be between two and four examiners who can stay on site on a full-time basis for one to two weeks if all goes well, or up to a few months if they find inconsistencies. Firms should have dedicated space for the examiners, Cipperman notes. “They ask about documents, they interview personnel,” he says. “If it’s a desk audit, there’s no visit, but generally speaking they come.”
The best way to prepare for the exam is to start by creating a robust compliance program, and one of the first steps in building a strong program is to have a chief compliance officer (CCO), either internally or outsourced.

The CCO should make sure the compliance program is familiar to all employees and being applied throughout the firm. The CCO will also be key in answering most of the SEC’s questions but they will not be the only one interacting with the regulator during the inspection.

“You need a state of the art compliance program ready to be able to respond to an inspection,” Cipperman says. He also recommends firms keep their lawyers apprised, since the SEC’s enforcement division is usually involved in the exam. “Although you’re not in litigation, you should be chugging along those lines.”

He notes that an inspection can be highly stressful and is a lot more in depth than due diligence with LPs. “It’s much closer to an IRS audit,” he says.

It might be stating the obvious, but the easiest way to deal with the inspection is to not panic, answer the SEC’s requests truthfully and completely, and, if necessary, tell the inspectors the answer to a specific request is not known or will be provided at a later stage.

It is also good practice is to start addressing issues identified by the regulator before the exam is over.

In total, the exam can last three to six months from start to finish. The results usually come in the form of comment letter issued by the SEC.

There are typically three outcomes. The first is that the SEC has no comment. The second is that the inspection finds issues, which the firm typically has 30 days to address, with the expectation that the problems will have disappeared by the next exam. In these two cases, the SEC is normally transparent and the content of the final letter is no surprise to the firm.

Thirdly, the SEC can refer a case to its enforcement division, although the firm does not usually know about that until it hears from the enforcement division and a separate process starts.

Bronwyn Bailey, vice-president of research at the Private Equity Growth Capital Council, recommends that firms take review their compliance programmes once a year, which she says many firms already do.

“Most compliance consultants will help firms conduct a mock exam,” she says. “It’s recommended that firms also test their documentation policies every year. The more organised a firm is, the less painful the SEC exam will be.”

In the early years, the SEC was learning about the industry and identifying the main topics. But as it has become better versed in the intricacies of the private equity world, it is conducting longer, more in depth and substantive examinations that are focusing on the sensitive issues identified during those initial years.

“There’s been an evolution,” says Bailey. “At the onset of the presence exams, the examiners seemed to be trying to get an overall understanding of private equity and a sense of the key issues. After the presence exam period, the SEC now publicizes their priorities for upcoming exams, such as cybersecurity and disclosure to investors. ”

The SEC has also begun to put out regular guidance notes on topics to which it pays particular attention, such as fees and expenses, conflicts of interest, co-investments, with a special focus on transparency surrounding disclosure of special agreements with LPs, and cybersecurity.

Although the SEC has become more specific in the areas it scrutinises, having a culture of compliance is still at the center of the inspection. “Firms should show there’s a strong culture of compliance starting at the top and present in all aspects of the business,” Bailey says.