How to Take the Headache Out of Compliance Audits
BY Leila Shaver
Compliance audits are an important part of the financial advisory industry, but let’s be honest: They’re a real pain for RIAs and other firms. The audit process is usually long and intense, and auditors almost always find some issues that advisors need to fix. Not to mention, depending on the size of your firm and where you’re located, you could face multiple audits from different regulatory bodies at any given time.
It can be downright painful if you don’t have a plan. Unfortunately, many firms don’t have a strong audit policy in place, and that just makes things worse. Let’s review what the compliance audit process entails, where firms usually go wrong and how you can best prepare for your next assessment.
Know the audit timeline
Whether you’re dealing with the Financial Industry Regulatory Authority (FINRA) or the Securities and Exchange Commission (SEC), audit processes move pretty quickly. Firms typically receive two weeks’ notice to produce the necessary documentation and prepare for an on-site audit — and the clock starts ticking as soon as you get a notification. That doesn’t leave much time to get all of your ducks in a row, especially for firms that haven’t diligently documented and recorded every client interaction and transaction from the last couple of years.
To complicate things further, there’s no set audit schedule to plan around. FINRA, the SEC and state-level agencies might audit some firms every few years, while other RIAs can go more than a decade without getting audited.
Firms also have to consider the specific circumstances of their audit and why regulatory bodies decided to assess their organization at that time. If FINRA or the SEC received a complaint about a firm, the audit will probe much deeper, require more documentation and offer less time to prepare, compared with a routine assessment.
You never know when your next audit will happen or what it might cover. That just makes it even more important to always have a response plan ready to go.
Avoid these common audit mistakes
Compliance audits are incredibly stressful, and you don’t have a ton of time to get ready, so it’s no wonder that so many firms manage to make some pretty massive missteps during the process. These are the most common audit mistakes that firms should avoid:
Neglecting compliance knowledge gaps
Institutional knowledge is a pretty universal problem for compliance departments, even at large firms. Employees often don’t have the experience or skills needed to effectively manage compliance demands and keep up with the latest FINRA and SEC guidelines. Without ongoing training, compliance teams will always fall behind the curve and feel unprepared for a probing audit.
Another related issue is the fact that compliance teams are often pretty small. It’s extremely difficult to compile the required documentation for an audit in a short amount of time when you only have a handful of employees on the case. Regulatory technology (RegTech) can be a major asset for overwhelmed compliance teams. These platforms monitor compliance requirements and timelines, track reporting needs, send out alerts and even flag repeat offenders within the firm. RegTech makes life easier for your compliance specialists and helps your firm stay in the SEC’s good graces.
Waiting to correct deficiencies
In many cases, audits don’t tell firms anything they didn’t already know. RIAs usually understand what their deficiencies are, they just haven’t corrected them (for a variety of reasons). Proactively fixing those issues before an auditor arrives in person can go a long way toward avoiding any penalties or follow-up action. Even if you can’t completely address the problem, being able to show some progress lets auditors know you take the matter seriously and are working to make it better.
Missing a day-of audit plan
Some firms will do the necessary prep work to get their documentation in order, but they won’t have a detailed plan for the actual day of the audit. That can leave them scrambling when auditors arrive, trying to figure out who is going to be the firm’s point of contact, how to respond to questions and even what room they’ll use for the Q&A session. A lack of preparation not only reflects poorly on the organization, but it can also lead to employees misspeaking, giving auditors inaccurate information and digging themselves into an even bigger hole.
Next step? Putting a plan together.