SEC exam preparation for investment advisors is not an event — it is a continuous discipline. Yet most registered investment advisors (RIAs) treat examination readiness as a fire drill: scrambling to pull documentation when a notice letter arrives rather than maintaining a compliance program built to withstand scrutiny at any moment.
In September 2023, the SEC's Division of Examinations published a Risk Alert identifying widespread deficiencies in RIA compliance programs — including inadequate annual reviews, missing written supervisory procedures, and failure to document custody arrangements. The same patterns that surfaced in 2023 continue to appear in 2025 and 2026 examination cycles. Understanding what examiners look for — and structuring your program accordingly — is the most reliable path to a favorable outcome.
This guide covers how the SEC selects firms for examination, what examiners review, what documents they request, the most common deficiency findings, and a step-by-step framework for building and maintaining examination readiness.
The Division of Examinations uses a risk-based selection model. Firms are not chosen at random; selection is driven by a combination of data analytics, tip referrals, and thematic sweep priorities. Understanding the selection criteria is the first step in any exam preparation strategy.
| Selection Trigger | Description |
|---|---|
| Length of time since last exam | Newly registered firms and those not examined in 3+ years receive higher priority |
| Tips and referrals | Investor complaints, whistleblower tips, or interagency referrals can trigger cause exams |
| Annual update filings | Significant changes in Form ADV (new services, custody, AUM growth) flag for review |
| Thematic sweep priorities | SEC publishes annual examination priorities — AI, cybersecurity, and ESG are current areas |
| Market risk signals | Firms operating in stressed asset classes or with concentrated strategies |
| Registration anomalies | Incomplete disclosures, disciplinary history, or affiliated entity concerns |
Firms that have not been examined in five or more years should treat examination as overdue and structure their compliance program as if a notice could arrive any quarter.
The Division of Examinations conducts broad reviews across six core areas at most RIAs. Firms with specific risk factors — custody of assets, discretionary authority, or complex fee structures — receive deeper scrutiny in those areas.
Fiduciary Duty and Conflicts of Interest
Examiners assess whether advisors act in clients' best interests and disclose all material conflicts. This includes compensation arrangements, revenue sharing, affiliated service providers, and proprietary product recommendations.
Fees and Expenses
Fee billing accuracy is a consistent examination focus. Examiners trace advisory fee calculations against client agreements, verify fee offsets are applied correctly, and look for billing on terminated accounts or excluded assets.
Compliance Program (Rule 206(4)-7)
Every RIA registered with the SEC must maintain a written compliance program reasonably designed to prevent violations of the Advisers Act. Examiners review the written policies and procedures, documentation of the most recent annual review, and evidence that the CCO has authority to implement and enforce the program.
Custody
If a firm has custody of client assets — even inadvertently through standing letters of authorization (SLOAs) or physical possession — it must satisfy surprise examination, qualified custodian, and account statement requirements. Custody deficiencies remain one of the most frequently cited findings.
Advertising and Marketing
Under the updated Marketing Rule (effective November 2022), examiners review performance advertising, testimonials, endorsements, and third-party ratings for compliance with the new framework.
Artificial Intelligence and Technology
The Division has increasingly identified AI-assisted investment advice as an examination priority. Examiners will assess whether AI tools used in investment decision-making or client communications are disclosed, supervised, and consistent with fiduciary obligations.
When the SEC sends an examination notice, it typically includes a document request (also called an "information request" or IDR). While specific requests vary by exam type, the following documents are requested in virtually every examination:
Firms that maintain organized, version-controlled compliance documentation can typically respond to initial IDRs within the 2–3 week window provided. Firms that store compliance records in email threads, unsorted shared drives, or the CCO's memory cannot.
The SEC publishes examination deficiency letters (when required by law or policy) and issues periodic Risk Alerts aggregating common findings across firms. The most frequently cited deficiencies across recent examination cycles follow a recognizable pattern:
Examination readiness is the byproduct of a well-designed, consistently executed compliance program — not a separate project. The following six-step framework focuses on maintaining the foundational elements examiners assess in every examination.
Step 1: Conduct and document the annual review before year-end.
Rule 206(4)-7's annual review requirement is not optional. Schedule the review before December 31 each year. Document it with a written memo that includes the date, the scope of areas reviewed, findings identified, and any program changes implemented in response. A one-page summary is sufficient if it covers these elements.
Step 2: Audit your Form ADV annually and update within 90 days of any material change.
Form ADV is the primary disclosure document examiners rely on. Review every section — not just the parts that changed — each year during the annual amendment. Pay particular attention to conflicts of interest disclosures, custody representations, and the description of your advisory services.
Step 3: Reconcile fee billing quarterly.
Do not wait for an exam to discover a billing error. Implement a quarterly reconciliation process that compares fee invoices to client agreements, confirms AUM values used for billing, and reviews whether terminated accounts were removed from billing cycles promptly.
Step 4: Customize your compliance manual to your actual operations.
A compliance manual must reflect how your firm actually operates. If your manual references a trading desk you don't have or an ESG screen you discontinued, it creates inconsistencies examiners will flag. Review and update the manual whenever your business model, services, or personnel change materially.
Step 5: Map your custody exposure and confirm your custodial arrangements.
Work through a custody analysis annually. Identify every account relationship in which the firm or its personnel have authority to access, transfer, or deduct from client assets. Confirm that qualified custodians are sending account statements directly to clients. Verify your surprise examination schedule if applicable.
Step 6: Maintain an organized, searchable compliance document library.
Examiners expect to receive requested documents promptly. Build a compliance file structure — physical or digital — organized by regulatory area and examination period. Include version history for policies and procedures, and maintain copies of all client agreements, marketing materials, and annual review documentation for a minimum of five years.
SEC exam preparation for investment advisors ultimately comes down to one question: does your compliance program reflect your actual business, and can you prove it? Firms that treat compliance documentation as a continuous operational discipline — rather than a pre-exam project — consistently produce better examination outcomes.
StratiFi helps RIAs maintain the portfolio-level compliance monitoring and documentation infrastructure that supports examination readiness as an ongoing state rather than a reactive sprint. If your firm is preparing for an upcoming examination or building out a more defensible compliance program, we'd be glad to show you how our platform supports that process.
What is the typical length of an SEC examination?
Most routine SEC examinations of investment advisors take between 60 and 120 days from the initial document request to the deficiency letter (if any) or closure. Cause examinations related to specific complaints or referrals can take longer.
How much notice does the SEC give before an examination?
The SEC typically provides 2–3 weeks of advance notice for routine examinations through a written notice letter accompanied by an initial document request. Surprise examinations — typically reserved for custody reviews — may arrive with no advance notice.
What is the difference between a routine exam and a cause exam?
A routine exam is part of the Division's risk-based examination cycle. A cause exam is triggered by a specific event — an investor complaint, whistleblower referral, or tip from another regulator. Cause exams are typically more targeted and can lead to formal investigation referrals.
Does an SEC examination always result in deficiency findings?
No. Some examinations close with no action, meaning the Division found no material deficiencies. However, the SEC does not publicly publish a list of firms that received no-action closures, so there is limited visibility into how frequently this occurs.
What is a deficiency letter and what should we do if we receive one?
A deficiency letter (formally called a "deficiency letter" or "letter of deficiency") outlines the specific violations or weaknesses identified during an examination. Firms are typically given 30 days to respond with a remediation plan. Legal counsel should be involved in drafting the response.
What triggers a custody examination?
The SEC's Division of Examinations may conduct a custody-specific examination when a firm's Form ADV representations about custody are inconsistent with observed practices, when a firm fails to respond to the surprise examination requirement, or when a referral suggests potential unauthorized access to client assets.
How often does the SEC examine registered investment advisors?
The Division of Examinations aims to examine all registered advisors on a regular basis, but resource constraints mean many firms are examined once every 10+ years. Firms that have never been examined, recently registered, or recently grown significantly in AUM receive higher priority in the selection process.