Patty P. Tehrani, Esq.
Founder, Policy Patty Toolkit and author of the CCO Toolkit Series 1.0
It’s not unusual to come into the office and get either a call or letter from a regulator that they are launching an unexpected review of your firm on some issue or another. If you’re the General Counsel or Compliance Officer (CCO), coordinating the exam will most likely fall to you. The question is whether you’re ready for an unexpected examination.
I know regulatory examinations can be stressful but without a defined process even more so. I’ve lived through exams managed without a process and those guided by one and not surprisingly having a process inevitably garnered better results. Below I share some practical tips to help you develop an examinations process or improve one that you already have.
Outline of Regulatory Examination Process
1: Consider General Rules.
First, some general tips for preparing for and conducting any regulatory examination:
- Lead – Designate a point person to lead the exam and make sure everyone involved with the exam knows who this person is.
- Always Act Professionally – Advise employees working with you on any exam to maintain their professionalism and to always keep their cool during any interaction with examiners.
- Remind those who are being interviewed to:
- be honest;
- answer the questions asked and not to volunteer additional information; and
- be patient as examiners will ask and may re-ask questions more than once.
- Employees – Prepare your employees for the examination by letting them know the basics such as:
- Scope – what is going to be reviewed (area, function, issue, etc.);
- Dates – when the examination starts, ends and, if applicable, when examiners will be on-site;
- Names – names of the examiners;
- Where – location of the examiners – will they be on-site, off-site, at specific offices; and
- How – publish any general and specific guidelines you want employees to follow regarding key processes (for example, providing responses and documents).
- Project Planning – Consider using a project plan and if possible a project manager to help manage the examination process.
- Record Retention Guidelines – Define guidelines on how records will be kept about the examination (factor in your recordkeeping requirements).
- Open Issues – If you have time in advance of the exam see if you can close out any issues/deficiencies cited via risk assessments, compliance tests, or audits.
- Responses – Supply the information requested on a timely basis on what you can and don’t be hesitant to ask for clarification or more time on what you’re unsure of or can’t by the stated date.
- Tracking – Track document requests using a spreadsheet or software/system to facilitate timely responses but to also prevent duplication or conflicting submissions, as well as a roadmap for future exams.
- Automated Reg Exam Process – Consider investing in a technology solution that can help you manage your regulatory exams.
- Remind those who are being interviewed to:
Keeping these tips in mind, below is an outline of key measures to consider in preparation for a regulatory examination. Use these along with the General Tips noted above to help define or improve your examination process.
2: Get ready for the exam.
- Start with the examination notice to determine what you need to plan for (if anything is unclear, seek clarification from the relevant exam contact as soon as possible).
- Identify the team that will help with the examination including designating a lead (see above) to help manage your examination.
- Schedule time in advance and regularly if needed with:
- Team members to go over the basics (see earlier).
- Management to go over the details about the examination.
- Based on the letter, determine individuals that will be interviewed, and schedule time to prepare them for the types of questions the examiners may be interested in asking.
- See if you can identify any hot buttons (potential problem areas) from the notice.
- Work with your stakeholders to compile the information requested and submit these to the examiners by the noted deadline.
- Consider preparing a short presentation for the examiners to introduce your organization to them.
2: Coordinate Exam.
- Coordinate the examination:
- If the exam involves an on-site review, provide the examination team (once you know who they are) with access to facilities, working area, systems, etc.).
- Have the key personnel available for interviews and if possible have someone sit in to take notes, document any takeaways, and help as needed.
- Provide any outstanding information or additionally requested information by the deadline identified by the examiners.
3: Determine issues/findings.
- Conduct an exit meeting to go over the examiners’ preliminary findings.
- Based on the exit meeting or separate discussions see what you can remediate or provide a response in contravention of the findings.
- Upon receipt of the deficiency letter, address it immediately and with a high priority.
- Make sure to review your response in advance with Team Members and any relevant parties assigned responsibility for the issue(s).
- Confirm the feasibility of any remediation measures and target dates before submission.
- Submit a response to the examiner’s post-exam letter by the given deadline.
4: Fix the identified deficiencies and issues.
- Prepare a plan to remediate the agreed upon/noted deficiencies and gaps.
- If plausible, you may want to do an internal debriefing to develop a course of action to any other areas that while not flagged by the examiners may need to be improved.
- Track progress until completion.
- Report on completed remediation measures to make sure your deficiencies have been addressed appropriately and on a timely basis (you may need to submit a follow-up report to the regulators advising them of the closed-out items).
5: Maintain Records and Processes
- Keep records of the regulatory exam for recordkeeping and to help with future requests.
- Close out project plans with completed measures
- Update your examination processes with any measures deemed more efficient or those deleted for ineffectiveness.
You now have some tips and recommended measures to help you with planned or unexpected regulatory exams. While exams can be stressful and a strain on your resources affecting other priorities, it is critical that they are coordinated properly. An effective and documented process will make the coordination of your exams easier and help your organization have more confidence leading into and conducting exams.