%2010.svg){kind=logo}
Table Of Contents
SEC exam preparation for investment advisors is not an event — it is a continuous discipline. Yet most registered investment advisors (RIAs) treat examination readiness as a fire drill: scrambling to pull documentation when a notice letter arrives rather than maintaining a compliance program built to withstand scrutiny at any moment.
In September 2023, the SEC's Division of Examinations published a Risk Alert identifying widespread deficiencies in RIA compliance programs — including inadequate annual reviews, missing written supervisory procedures, and failure to document custody arrangements. The same patterns that surfaced in 2023 continue to appear in 2025 and 2026 examination cycles. Understanding what examiners look for — and structuring your program accordingly — is the most reliable path to a favorable outcome.
This guide covers how the SEC selects firms for examination, what examiners review, what documents they request, the most common deficiency findings, and a step-by-step framework for building and maintaining examination readiness.
How the SEC Selects Investment Advisors for Examination
The Division of Examinations uses a risk-based selection model. Firms are not chosen at random; selection is driven by a combination of data analytics, tip referrals, and thematic sweep priorities. Understanding the selection criteria is the first step in any exam preparation strategy.
| Selection Trigger | Description |
|---|---|
| Length of time since last exam | Newly registered firms and those not examined in 3+ years receive higher priority |
| Tips and referrals | Investor complaints, whistleblower tips, or interagency referrals can trigger cause exams |
| Annual update filings | Significant changes in Form ADV (new services, custody, AUM growth) flag for review |
| Thematic sweep priorities | SEC publishes annual examination priorities — AI, cybersecurity, and ESG are current areas |
| Market risk signals | Firms operating in stressed asset classes or with concentrated strategies |
| Registration anomalies | Incomplete disclosures, disciplinary history, or affiliated entity concerns |
Firms that have not been examined in five or more years should treat examination as overdue and structure their compliance program as if a notice could arrive any quarter.
What the SEC Examines at Investment Advisory Firms
The Division of Examinations conducts broad reviews across six core areas at most RIAs. Firms with specific risk factors — custody of assets, discretionary authority, or complex fee structures — receive deeper scrutiny in those areas.
Fiduciary Duty and Conflicts of Interest
Examiners assess whether advisors act in clients' best interests and disclose all material conflicts. This includes compensation arrangements, revenue sharing, affiliated service providers, and proprietary product recommendations.
Fees and Expenses
Fee billing accuracy is a consistent examination focus. Examiners trace advisory fee calculations against client agreements, verify fee offsets are applied correctly, and look for billing on terminated accounts or excluded assets.
Compliance Program (Rule 206(4)-7)
Every RIA registered with the SEC must maintain a written compliance program reasonably designed to prevent violations of the Advisers Act. Examiners review the written policies and procedures, documentation of the most recent annual review, and evidence that the CCO has authority to implement and enforce the program.
Custody
If a firm has custody of client assets — even inadvertently through standing letters of authorization (SLOAs) or physical possession — it must satisfy surprise examination, qualified custodian, and account statement requirements. Custody deficiencies remain one of the most frequently cited findings.
Advertising and Marketing
Under the updated Marketing Rule (effective November 2022), examiners review performance advertising, testimonials, endorsements, and third-party ratings for compliance with the new framework.
Artificial Intelligence and Technology
The Division has increasingly identified AI-assisted investment advice as an examination priority. Examiners will assess whether AI tools used in investment decision-making or client communications are disclosed, supervised, and consistent with fiduciary obligations.
What Examiners Request: The Standard Document List
When the SEC sends an examination notice, it typically includes a document request (also called an "information request" or IDR). While specific requests vary by exam type, the following documents are requested in virtually every examination:
- Form ADV Part 1, Part 2A, and 2B (current and prior year versions)
- Written compliance policies and procedures manual
- Most recent annual review report with date of completion
- Client list with account types, AUM, and fee structures
- Fee billing records and calculations for a sample of client accounts
- Sample client agreements (investment advisory agreements and any amendments)
- Trade blotter and order management records for the examination period
- Marketing materials, website content, and any performance presentations
- Custody documentation — qualified custodian account statements, surprise exam reports
- Cybersecurity and data governance policies
- Business continuity and disaster recovery plan
Firms that maintain organized, version-controlled compliance documentation can typically respond to initial IDRs within the 2–3 week window provided. Firms that store compliance records in email threads, unsorted shared drives, or the CCO's memory cannot.
Common Exam Findings: Patterns That Repeat Year After Year
The SEC publishes examination deficiency letters (when required by law or policy) and issues periodic Risk Alerts aggregating common findings across firms. The most frequently cited deficiencies across recent examination cycles follow a recognizable pattern:
- Annual review not conducted or not documented. Rule 206(4)-7 requires an annual review of the adequacy of the compliance program. Examiners routinely find that reviews were either skipped entirely or conducted but never memorialized in writing with a date and finding summary.
- Written policies that don't match actual practices. Firms copy template compliance manuals without customizing them to reflect how the firm actually operates. When examiners compare the written procedures to observed practices, discrepancies become deficiency findings.
- Inadequate conflict of interest disclosure. Material conflicts that are described vaguely in Form ADV Part 2 — or not disclosed at all — are a persistent issue, particularly for dual registrants and firms with affiliated broker-dealers or insurance agencies.
- Fee billing errors. Overcharging clients (even unintentionally) through incorrect AUM calculations, improper billing frequencies, or failure to apply fee offsets is one of the most common findings to result in required client reimbursement.
- Custody arrangements not identified. Firms that hold standing letters of authorization, act as trustee for client accounts, or have the ability to deduct fees directly often fail to recognize that these activities constitute custody under the Advisers Act.
- Marketing Rule noncompliance. Performance presentations that use non-GIPS-compliant methodology, testimonials without required disclosures, or third-party ratings without date and criteria disclosure are common findings since the November 2022 implementation deadline.
How to Build an Exam-Ready Compliance Program: A Practical Framework
Examination readiness is the byproduct of a well-designed, consistently executed compliance program — not a separate project. The following six-step framework focuses on maintaining the foundational elements examiners assess in every examination.
Step 1: Conduct and document the annual review before year-end.
Rule 206(4)-7's annual review requirement is not optional. Schedule the review before December 31 each year. Document it with a written memo that includes the date, the scope of areas reviewed, findings identified, and any program changes implemented in response. A one-page summary is sufficient if it covers these elements.
Step 2: Audit your Form ADV annually and update within 90 days of any material change.
Form ADV is the primary disclosure document examiners rely on. Review every section — not just the parts that changed — each year during the annual amendment. Pay particular attention to conflicts of interest disclosures, custody representations, and the description of your advisory services.
Step 3: Reconcile fee billing quarterly.
Do not wait for an exam to discover a billing error. Implement a quarterly reconciliation process that compares fee invoices to client agreements, confirms AUM values used for billing, and reviews whether terminated accounts were removed from billing cycles promptly.
Step 4: Customize your compliance manual to your actual operations.
A compliance manual must reflect how your firm actually operates. If your manual references a trading desk you don't have or an ESG screen you discontinued, it creates inconsistencies examiners will flag. Review and update the manual whenever your business model, services, or personnel change materially.
Step 5: Map your custody exposure and confirm your custodial arrangements.
Work through a custody analysis annually. Identify every account relationship in which the firm or its personnel have authority to access, transfer, or deduct from client assets. Confirm that qualified custodians are sending account statements directly to clients. Verify your surprise examination schedule if applicable.
Step 6: Maintain an organized, searchable compliance document library.
Examiners expect to receive requested documents promptly. Build a compliance file structure — physical or digital — organized by regulatory area and examination period. Include version history for policies and procedures, and maintain copies of all client agreements, marketing materials, and annual review documentation for a minimum of five years.
The Bottom Line
SEC exam preparation for investment advisors ultimately comes down to one question: does your compliance program reflect your actual business, and can you prove it? Firms that treat compliance documentation as a continuous operational discipline — rather than a pre-exam project — consistently produce better examination outcomes.
StratiFi helps RIAs maintain the portfolio-level compliance monitoring and documentation infrastructure that supports examination readiness as an ongoing state rather than a reactive sprint. If your firm is preparing for an upcoming examination or building out a more defensible compliance program, we'd be glad to show you how our platform supports that process.
Frequently Asked Questions
What is the typical length of an SEC examination?
Most routine SEC examinations of investment advisors take between 60 and 120 days from the initial document request to the deficiency letter (if any) or closure. Cause examinations related to specific complaints or referrals can take longer.
How much notice does the SEC give before an examination?
The SEC typically provides 2–3 weeks of advance notice for routine examinations through a written notice letter accompanied by an initial document request. Surprise examinations — typically reserved for custody reviews — may arrive with no advance notice.
What is the difference between a routine exam and a cause exam?
A routine exam is part of the Division's risk-based examination cycle. A cause exam is triggered by a specific event — an investor complaint, whistleblower referral, or tip from another regulator. Cause exams are typically more targeted and can lead to formal investigation referrals.
Does an SEC examination always result in deficiency findings?
No. Some examinations close with no action, meaning the Division found no material deficiencies. However, the SEC does not publicly publish a list of firms that received no-action closures, so there is limited visibility into how frequently this occurs.
What is a deficiency letter and what should we do if we receive one?
A deficiency letter (formally called a "deficiency letter" or "letter of deficiency") outlines the specific violations or weaknesses identified during an examination. Firms are typically given 30 days to respond with a remediation plan. Legal counsel should be involved in drafting the response.
What triggers a custody examination?
The SEC's Division of Examinations may conduct a custody-specific examination when a firm's Form ADV representations about custody are inconsistent with observed practices, when a firm fails to respond to the surprise examination requirement, or when a referral suggests potential unauthorized access to client assets.
How often does the SEC examine registered investment advisors?
The Division of Examinations aims to examine all registered advisors on a regular basis, but resource constraints mean many firms are examined once every 10+ years. Firms that have never been examined, recently registered, or recently grown significantly in AUM receive higher priority in the selection process.
Related Reading
- SEC Exam Priorities 2026: What RIAs Need to Know and Do Now — A deep dive into the specific areas the SEC's Division of Examinations has flagged for 2026, including AI, cybersecurity, and AML requirements.
- Rule 206(4)-7 Annual Review Requirements: A Practical Guide for RIAs — A step-by-step walkthrough of how to conduct and document your annual compliance program review under Rule 206(4)-7.