There are three documents all advisors must have to prepare for an SEC exam, Giachetti said.

“My clients sail through” SEC exams, Tom Giachetti says.

In a packed room Thursday morning at the TD Ameritrade Institutional national conference, Giachetti shared some of the steps advisors should take if they want to do the same.

“This administration hates your business,” he began, noting that SEC Commissioner Mary Jo White has “hired 125 lawyers” in her own image as a successful prosecuting U.S. attorney. “She’s hired some really good people,” he said. He counseled his RIA audience that the newly pugnacious “SEC doesn’t say ‘try better’ any more; you are responsible” for adhering to SEC rules and regulations.

What areas are SEC examiners focusing on these days?

Giachetti, chairman of the securities practice group at the law firm Stark & Stark, began by talking about cybersecurity. “The SEC is putting the onus on you,” he said, for showing not only that you have a cybersecurity policy, but that your external vendors do as well.

“Is your firewall secure? He asked, and “who has access to your firm’s offices? Does anyone have ingress or egress” to your offices?

While joking that he’s “not a big fan of a clean-desk policy,” he suggested that putting client documents under lock and key each night would be prudent. “Don’t assume your office cleaners or security people aren’t smart. They all have cell phones, which have cameras, which take pictures!”

Is there an SEC rule to encrypt documents and emails? “It depends,” he said, “if you’ve got identifying numbers — like a tax return with Social Security numbers.” If so, not encrypting could be an identity theft issue. Commission examiners are also “really coming down” on advisors’ need to protect client passwords.

Wrap fee programs are also subject to heightened scrutiny by SEC examiners, he reported, along with asset-based pricing. The SEC will also ask you to “show me your due diligence” on private investment funds and separately managed accounts.

SEC examiners are “getting into the weeds,” he said, primarily wanting to know about custody, “if a client’s money is where it’s supposed to be,” and that you are protecting clients’ identity. While some examiners are asking about a firm’s succession planning, he said bluntly that there is “no legal requirement” to have one, but “the SEC doesn’t care.” There are three documents all advisors must have to prepare for an SEC exam, said Giachetti, who writes the monthly Compliance Coach column for Investment Advisor magazine. The three are a written risk assessment, covering all of the firm’s branches and employees; a calendarized checklist for all new clients (and new employees) that is customized to fit your own business; and the annual chief compliance officer’s review.

Performing a mock audit before the examiners arrive is a good policy, he said, though you should have a lawyer do it, “so it’s privileged.” The SEC is “looking hard at fee consistency” at RIA firms, and while a firm can charge more or less depending on the assets managed at the firm, “you can discriminate, but you need clear disclosure” of said discrimination.

Finally, Giachetti recommended that advisors review their errors and omissions insurance policies, “make sure you’re covered,” he said, but also “go to the exclusions pages” to see what isn’t covered.

— Check out Giachetti’s latest column, Don’t Be Complacent About Compliance, on ThinkAdvisor.