Are you prepared for a regulatory examination? Is 2025 the year the SEC or FINRA comes knocking?
In our 2025 U.S. CCO Playbook, we sat down with COMPLY’s Chief Regulatory Services Officer, Jamila Mayfield, to discuss how firms can prepare for regulatory examinations, what plays they should be incorporating now, and what she took away from one of the biggest enforcement focus areas in 2024.
In a past life, you served as an Assistant Regional Director in the SEC’s Division of Examinations, what insights can you offer our readers? Any key pitfalls you saw commonly that could easily be avoided?
There are several actions firms need to take and pay specific attention to when responding to an exam request, prepping for the exam, and so forth:
1. Document, document, document!
Did I say it enough? When it comes to the regulators, it’s all about writing down what you are doing – and then doing what you have written down. Without that documentation, even well-meaning compliance processes might be perceived as haphazard as opposed to strategic and intentional. And while a shift toward an era of deregulation might cause some firms to pull their foot off the gas, I strongly discourage this mentality. Examiners expect you to consistently perform compliance duties with the utmost care for clients, and they will be looking for the documentation to prove this typically within 48-72 hours from their requests.
2. Use technology as an accelerant and not a hinderance
The regulators are hyper-aware of the latest and greatest technology being used by firms, everything from Code of Ethics and personal trading systems to trade monitoring and best execution monitoring capabilities. They expect you to provide your initial and ongoing due diligence documentation performed on any technology you implement. Further, the regulators might ask specific questions on how your technology solutions are performing compliantly and not opening your firm, and more importantly, its clients up to increased risk. Be prepared to show the examiners why you selected your technologies and why the solutions are the best fit, scale, and capability for your firm’s needs.
Additionally, I have seen firms who have asked vendors for a highly specialized solution which the vendor then takes substantial time delivering on. This might appear harmless on the outset – because why wouldn’t you want a customized solution? The issue becomes how demonstrating that firm is conducting business and maintaining compliance in the interim. After all, compliance risks don’t hit pause while technology solutions are being built and implemented! Firms in this situation will need to prove that compliance has not diminished or fallen to the wayside while the firm waits for a solution.
3. Educate the examiners on your business
All too often firms assume the examiners have a full history of their business and compliance practices. I can tell you that this is not always the case. Be ready to educate the examiners during a robust first day presentation and include items like top priorities, fund launches, and other material matters to get examiners comfortable with your firm and how it operates. Proactively telling the story of your firm’s business strategy, operations, and compliance practices sets the tone for a better experience throughout the exam process.
For any firms facing an examination this year, what advice can you offer them?
In preparing for an examination, you should consider the firm’s activities from the last two years. The scope of your examination might go well beyond the current calendar year and could go as far as five years back depending on the risk areas of interest or potential compliance testing that the examiners might want to review.
Given this, you should be prepared to speak to your current state of compliance as well as how it has evolved over time.
To best prepare, firms should be well versed and understand the the Exam Priorities for the past few years and ensure there are thoughtful perspectives around the prioritization of specific compliance concerns evolving regulations.
While we are under a new Presidential Administration, it will take months to feel the full impact of the new SEC Chair and his regulatory agenda. In the interim, examinations will continue. Firms should be prepared to underscore how they have developed their compliance program and what steps they are taking to adjust their program based on new rules and evolving demands.
We are in a period of flux, which means firms need to be responsive to priorities while also being flexible to potential changes under the new administration. Navigating this time of uncertainty with the appropriate balance of compliance activities will be key.
Which enforcement action over the past 6-12 months really made you take pause? What was your learning and what should firms be doing to avoid similar issues?
The extent of the off-channel communications enforcement actions really took me by surprise. I understand the concern and the need to monitor these types of interactions. However, given the rapid pace of change and new communication tools flooding the market, the expectations of expansive monitoring created challenges for firms of all sizes and financial strength.
Nevertheless, the regulators made their stance clear and brought over $600 million in enforcements actions for off-channel communications in 2024. This is a staggering number – especially when you consider that we did not hear reports of these enforcement actions addressing insider trading violations or potential investor harm.
Going forward, we’ve already heard from Commissioner Peirce that enforcement actions will not decrease overall but will be more focused on anti-fraud and investor protection provisions
Why do you think there continue to be compliance issues with some of the more standard rules and regs?
Ultimately, this comes down to firms themselves evolving. As they continue to change in complexity, introducing new product offerings, investment strategies, etc., they are faced with mapping regulatory themes to evolving and dynamic business strategies. To put it bluntly, this can be extremely complex.
Not to mention the fact that the technology underpinning the financial services industry has changed exponentially over the last decade. Looking at that change and then assessing how rules which were enacted 20-30 years ago map to that evolution, has been one of the biggest challenges across firms.
We work with a variety of firms; what similar challenges do you seem them facing? And significant differences? And what “plays” can you offer CCOs at small and large firms for the coming year?
Across the board, I saw firms struggling to keep up the sheer volume of proposed rules and changes coming from the SEC, FINRA, and DOL. In fact, during one of our webinars, we asked the audience how well they were able to keep up and only 15% said they had no challenges.
That number speaks volumes!
And it makes sense, especially given the fact that since 2022, we’ve seen upwards of 50 proposed rules from the SEC alone.
All while firms are scaling business, shifting strategies, and evolving in the market.
For many firms the best advice is this: don’t let compliance fall to the wayside. As you scale, scale your compliance. As you evolve your business strategies, think through the compliance implications. As you enter new jurisdictions, understand what new rules will come into play for your firm.
Many firms grew significantly over the last few years, while we were under a significant regulatory push, and the ones who were successful were taking the time to critically assess the compliance function in conjunction with their growth – whether that meant selecting new vendors after M&A or determining how best to automate certain functions as teams and responsibilities changed. It all comes down to making compliance a priority – which of course, requires a strong culture of compliance.
Download the 2025 U.S. CCO Playbook for additional insights from Jamila, as well as the top 10 plays your firm can put into action today to navigate the evolving regulatory roadmap.