How private funds CFOs can prepare for SEC examination

Preparing for an SEC exam requires careful planning and collaboration, particularly on the part of private funds chief financial officers (CFOs) and chief compliance officers (CCOs). While there is growing discussion about a potential decrease in SEC regulation under the new presidential administration in 2025, it’s critical to understand that the SEC’s Division of Examinations operates separately from its Division of Enforcement. The exam team will continue to use its resources to conduct exams and identify deficiencies, even if the volume of referrals to enforcement is generally expected to decrease in certain areas.

Based on 2024 SEC exam results, firms undergoing an exam are highly likely to need to take some form of corrective action. The CFO and CCO play pivotal roles in ensuring their firms are well-prepared for a successful outcome. For more than a decade, I’ve guided private funds CFOs through the intricacies of SEC compliance, with a focus on exam readiness. Whether you're new to the role or a seasoned professional, this article will equip you with the strategies needed to confidently navigate an upcoming SEC exam.

Likelihood of being selected for an examination

If you are a registered investment adviser (RIA), you are much more likely to be subject to an examination:

While the SEC doesn’t publicly disclose its selection criteria for examinations, my experience with past examinations has shown the following factors can raise an adviser’s risk profile:

Current SEC examination priorities New rules adopted by the SEC Whether discretionary vs. non-discretionary advisory services are offered Types of investors Regulatory assets under management, including major changes to it such as large redemptions or significant raises, and fund performance Adviser’s organization Newly registered investment adviser Significant changes to an adviser’s organization, such as ownership or structure Complexity around an adviser with multiple business lines Complexity around several advisers associated with a single entity

Unfortunately, if you’re chosen for an exam, the SEC typically does not disclose the risk factors that led to your firm’s selection. However, you may glean clues from their requests, such as multiple document requests in a particular area or requests for data within a specific period.

Outcomes of an SEC examination

The best possible outcome, a “no further action” letter, is relatively rare. This means that no deficiencies came to the examiner’s attention during the examination, and no further action is required at this time.

It’s more common to receive a deficiency letter, which requires your firm to provide a response acknowledging the deficiency and demonstrating remedial action within 30 days. Once submitted, this type of response is usually sufficient. The SEC will review your firm’s prior history in future exams, so be sure your team is aligned on new and/or corrected processes.

In my experience, deficiency letters are used to notify an adviser of areas that require special attention or remediation. Common deficiencies include insufficient recordkeeping, late filings, inadequate disclosures regarding fees and expenses, calculation and allocation of fees and expenses, timely issuance of audited financials to investors, and deficient policies and procedures related to those areas.

A deficiency letter can also result in referrals to the Division of Enforcement, which may enforce costly penalties “designed to deter future violations, establish accountability from major institutions and order tailored undertakings that provide potential roadmaps for compliance by other firms” or the return of investor funds. During FY24, the SEC ordered $8.2 billion in financial remedies, the highest amount in SEC history. This figure includes $2.1 billion in civil penalties across all firms it examined.

The examination process: Onsite vs. Remote

The SEC continues to conduct exams both onsite and remotely. For routine and sweep exams, I have never seen examiners show up without notice, although it is always a possibility. If you are a newly registered RIA, you can generally expect a remote exam within the first 12–18 months of registering.

During an onsite or remote exam, the SEC will focus on whether advisers have identified and addressed conflicts of interest, provided clients and investors with full and fair disclosure such that they are able to provide informed consent and adopted an effective compliance program.¹

Here’s what you can anticipate during the onsite and remote examination process:

Onsite exam process	Remote exam process
1. Examiner will contact the firm's CCO to provide 1-2 weeks advance notice of when they plan to be onsite to conduct the exam.*	1. Examiner will contact the firm's CCO to inform the CCO the SEC will conduct an exam.
2. Document request will be sent via a secure portal within 24 hours.	2. Document request will be sent via a secure portal within 24 hours.
3. Documents are required to be submitted prior to the SEC onsite. The SEC will request additional documents while onsite.	3. Deadline to submit documents is usually 1-2 weeks.
4. Exam interviews and document reviews onsite typically take place over 3-4 days in the office.	4. Examiner will review all documents remotely and may request supplemental information and telephonic discussions.
5. Examiner will review documents, request supplemental information, and conduct interviews onsite with personnel responsible for the business operations, investment activities, and compliance program, which typically means an interview with the CCO, CFO, operations lead, and founder or CEO. The SEC may also interview junior-level associates to assess the firm's culture and their engagement.	5. Examiner will schedule telephone or video call interviews with personnel responsible for the business operations, investment activities, and compliance program, which typically means an interview with the CCO, CFO, operations lead, and founder or CEO.

*The length of the SEC's advance notice can vary depending on a variety of factors, such as your firm size, the scope and nature of the exam and the regional SEC office. Delays in gathering documents and information could extend the timeline towards completion of the exam.

Examination priorities for 2025

According to the 2025 Examination Priorities Report, private funds will continue to be under heightened scrutiny in the following classic and emerging risk areas:

Classic risk areas	Emerging risk areas
Fiduciary duties Compliance programs Conflicts of interest with respect to third parties and affiliates to provide services Calculation and allocation of fees and expenses (both fund-level and investment-level) and disclosures of fee-related conflicts (SEC has said private fund fees and expenses can be difficult for investors to understand3) Timely delivery of audited financials to investors Disclosure of investment risks Controls around material non-public information (MNPI)	Integration of AI into advisory operations, including portfolio management, trading, marketing and compliance, and disclosures to investors related to these areas Cybersecurity practices Crypto assets and emerging financial technology Digital engagement practices Fund valuation methodology, recordkeeping and reporting Compliance with recently adopted rules including the Marketing Rule, amendments to Form PF, beneficial ownership filings and Form N-PX   Private fund advisers experiencing poor performance and significant withdrawals and/or holding more leverage or difficult-to-value assets

In my experience, the SEC has recently focused on the following 6 risk areas:

1. Fees and expenses

The SEC continues to emphasize that as compensation arrangements continue to grow in complexity, private fund fees and expenses can be difficult for investors to understand, even to the point where decision-making is affected. It has brought enforcement actions as a result of vague fees and expenses and inadequate disclosure of conflicts. Further, it has recently brought enforcement actions against advisers who did not put in place policies and procedures to ensure accurate calculation of fees and expenses pursuant to the terms of the limited partnership agreements (LPAs), which resulted in excess fees charged to investors. Advisers should ensure they provide adequate and transparent disclosures to their investors and be familiar with the specific fees and expenses provisions in fund LPAs to implement robust policies and procedures. A November 2024 SEC outreach webinar reminded advisers that audited financial statements can be a great place to reference for specific disclosures regarding fees and expenses.

2. Material non-public information (MNPI)

I have recently seen an uptick in documents requested and questions asked about the management of MNPI among advisers investing in the public markets, private equity and venture capital. The SEC has recognized that private equity and venture capital advisers have more risk exposure in this area for several reasons. First, they increasingly engage expert network firms and are increasingly involved with portfolio companies, such as participating on these companies’ boards. They may also engage with public companies to look for potential liquidity or for mergers and acquisitions (M&A) for their portfolio companies. Further, when advisers evaluate whether information is material non-public, they should be cognizant of how public markets have reacted recently to certain news. For example, it’s important to consider how a company’s use of AI or M&A with an AI-focused company could cause volatility in stock price. During examinations, it is common for the SEC to issue a broad request for a log of all meetings and communications investment personnel have had with personnel of publicly traded companies. The SEC also requests compliance chaperone logs for expert network calls. It is a good time to review your firm’s policies and procedures as they relate to MNPI and tailor them to your business risks.

3. Valuation

The SEC has increased its focus on advisers who invest in illiquid or difficult-to-value assets, especially in commercial real estate and investments that are more sensitive to the interest rate environment and market volatility. In recent examinations of private equity and venture capital funds, I have seen requests for valuation support on a sample of portfolio companies, such as top holdings across funds or portfolio companies whose valuations have been marked up or down materially over the course of the review period. The SEC will question valuation marks that they perceive as potentially outdated, especially those that have not been reviewed in more than a year. Further, they will be laser-focused on advisers who charge fees and expenses based on valuation rather than committed capital. Lastly, the recent SEC webinar reminded advisers that policies must account for unique components of their business lines and investment strategies.

4. Conflicts of interest

There are several areas the SEC will examine with regard to conflicts of interest. As part of its document request, the SEC will ask for fund governing documents, side letters, disclosure materials, marketing materials and investor communications. It will also request documents related to any principal or cross transactions, services provided to portfolio companies and portfolio company restructurings and follow-on investments. Additionally, it will request a list of compensation paid by the fund and/or portfolio companies to affiliates, advisors and operating partners, as well as participation of affiliates in fund investments. The SEC seeks to review LPA provisions, such as required limited partnership advisory committee (LPAC) and investor approvals, conflict disclosures related to bill back of expenses to the portfolio company or the funds for services provided by affiliates, funds invested in the same portfolio company but at different stages or tiers of the capital structure, investment allocation, use of borrowings and lines of credit, adviser-led secondaries and use of affiliate service providers, to name a few.

5. Digital communication

The SEC continues to focus on the widespread usage of and failure to archive text messages and communications on unapproved channels to conduct business at broker dealers and investment advisers. For the first time, in 2024 standalone investment advisers saw enforcement actions for recordkeeping failures, which in one case resulted in a significant fine and penalty. In this case, the specific details of what records the advisers failed to maintain and were subsequently unable to produce when requested by the SEC were not disclosed. However, advisers are reminded that the SEC books and records rule can be interpreted broadly. They should assess their risks, current policies and procedures, and training to see if there are enhancements to be made here. In many instances I have seen, the SEC is typically first interested in an underlying portfolio investment and requests records relating to that investment. If an adviser is unable to produce the requested information, the SEC may initiate an investigation into the adviser’s recordkeeping policies and procedures. Records may also be subpoenaed in litigation, whether the adviser is a party to it or not.

Advisers may consider using a vendor that offers services to archive or route texts and electronic communications to an archiver. When reviewing potential vendors, advisers should consider their employees’ behaviors and use cases. It remains to be seen if the number of fines and penalties issued under enforcement cases in this area will decrease following any SEC leadership change. The focus on digital communications and recordkeeping requirements can potentially extend to AI queries and AI transcripts. Several enforcement actions have been issued that resulted in significant fines and penalties. In FY24, the resulting penalties totaled nearly $600 million.

6. SEC Marketing Rule and other recently adopted rules

I anticipate the SEC will continue its focus on compliance with the Marketing Rule, especially as it relates to performance advertising, testimonials, endorsements and third-party ratings, substantiation and recordkeeping. There were several enforcement actions in 2024 against advisers who violated hypothetical performance requirements with an inability to substantiate material claims, misleading statements when describing their investment strategy or misleading usage of third-party rankings. The SEC has also updated its Marketing Rule FAQ to further clarify its position on showing net performance at the portfolio investment level and showing net performance on the same methodology and timeline as gross performance, especially in the use of lines of credit or other borrowing. Further, the SEC has adopted several rules designed to increase transparency, such as the updated deadlines for 13D/G filings, the use of Form N-PX for advisers that also file Form 13F and additional trigger event disclosures on Form PF, to name a few. The compliance date for Regulation S-P amendments is December 2025 for larger entities and June 2026 for smaller entities. Advisers’ policies and procedures should be updated to reflect these new requirements.

The SEC will assess whether advisers have appropriately considered the unique risks posed by all these emerging activities since the initial development of their compliance programs.

Best practices to help you prepare for an exam

The added time and expense needed to develop a compliance program can be challenging. In my experience these three best practices are well worth implementing:

1. Ongoing communication with your compliance team

From what I’ve seen in recent years, examinations increasingly focus on firms’ compliance programs. Deficiency letters specifically singled out CCOs for insufficient development and execution of the firm’s compliance program. In addition, firms’ leadership—including the CFO—has been mentioned for not fully supporting the CCO with resources and organizational buy-in around compliance.

Collaboration with your CCO and compliance consultant can bring broader insights to the discussion as your firm develops both the program and effective controls. The SEC emphasizes how critical it is to have participation and input across all business and operations lines.

Questions to ask your compliance team: Which SEC recordkeeping requirements should I be aware of? What can finance and operations do from a compliance standpoint, including any reviews and testing the team should be performing? Are fund documents sufficient in fee and expense disclosures to investors? What kind of processes need to be built out to support compliance monitoring and testing? Have we recently reviewed fund documents to ensure our finance and operations processes align?  What aspects of filings, such as trigger events and information reported, do finance and operations need to be aware of and prepare for? What are best practices we can consider implementing?

In addition, I recommend ongoing communication with your CCO and compliance consultant and establishing routine touchpoints. The more frequently these touchpoints occur, the more likely you’ll have already covered many of the SEC’s questions during an exam.

2. A culture of compliance

Developing a culture of preparation within your firm requires building clear processes and procedures into your compliance program, from the structuring of accounts payable to the valuation of an investment.

The SEC understands that every firm is different, so your program should be tailored to your unique workplace culture. Reduce process complexity as much as possible and do what makes sense to ensure adherence isn’t too difficult.

In the event of an exam, your firm should be able to produce requested documents in a timely manner, articulate your procedures and demonstrate compliance to the SEC.

Questions the SEC will ask: Does your firm have tailored compliance policies and procedures in place? When were policies on fees and expenses and valuation last reviewed and can a redline against the last version be provided? Do the policies and procedures on fees and expenses and valuation capture the current processes related to all funds and the types of investments in fund portfolios? What kind of reviews and testing are performed on specific policies and procedures? Is the required documentation easily accessible by all responsible parties? Do employees have a reasonable understanding of the processes and their roles? Is the leadership team supportive of a sound compliance program? Does your firm's culture uphold the execution of the program?

Your compliance program should remain dynamic and capable of adjusting to evolving factors, such as changing market trends or investor expectations. Perform periodic reviews and testing based on past compliance issues, changes in business activities and regulatory updates.

3. Real-time access to industry updates

Finally, keep up to date with the newest regulatory developments, compliance best practices and enforcement actions. By staying informed, you can proactively collaborate with your compliance team and adjust your financial procedures to maintain compliance.

How to stay informed: Regulatory alerts from the SEC's Divisions of Enforcement and Investment Management Webinars and/or events hosted by private funds CFO groups Industry conferences like PE Insights, Private Equity Forums and Private Funds CFO New York Forum Email alerts from your compliance consultant and/or legal counsel

Working toward a positive outcome

Over the years, I’ve worked with dozens of private funds CFOs and come to understand the constraints on your time and resources. Leveraging the expertise and capacity of your CCO and compliance consultant can help you streamline your SEC examination process and position your firm for the best possible outcome.