Receiving a request from a regulator can cause concern and will require a registered investment firm’s attention. However, the receipt of a request from a regulator need not inspire panic.
There are many reasons why a regulator may be requesting information. Understanding some of the purposes behind such requests and engaging in good-faith steps to address the requests may help reduce the adversarial pressures during a regulatory investigation.
Why?
This is how many of the first questions from a firm begin:
- Why are they looking at us?
- Why now?
- Why do they want this specific record?
- Why is the request so broad?
- Why do they want the information so fast?
The regulator may choose not to answer some of these questions. But it is important to know that in the vast majority of cases, a regulator has not pre-determined that there has been a violation. Furthermore, it is also possible that the focus of the investigation related to the request is a third-party. For example, a regulator may direct a request to a custodial brokerage firm in order to verify assets managed by an investment adviser.
Some answers to other “why” questions are based in the common concerns regulators face in connection with requesting information. Consider the fact that a regulator investigating a potentially significant violation wants to ensure that all relevant records are covered by the time period and types of records requested. As a result, the request may appear extremely broad to the firm. Acknowledging this likely purpose behind a broader request may help a firm minimize resulting frustration because the firm can now focus on finding ways to produce relevant information while communicating why the language of a request may not actually further the regulator’s investigation. Other common concerns for a regulator may include:
- Potentially ongoing violations or investor harm that needs to be addressed as efficiently as possible;
- The possible existence of system-wide violations at a firm;
- A customer complaint containing wide-ranging allegations, which must be adequately investigated;
- The regulator is coordinating with other regulators in order to review an industry-wide issue; and
- There is a pending application for registration of an individual or a firm; thus, extended delays in completing the review process impact a person’s ability to conduct business.
Practical Steps
Some simple measures may help your firm better manage the process of responding to regulatory requests.
- Consider contacting the regulator as early as possible. Use this opportunity to attain an understanding of the general and specific purposes associated with the request. Even if you do not receive answers to any of your questions, such a call early in the process will convey the firm’s intention to fully address the request.
- Ensure that terms included in the request are understood clearly. The regulator may be using a term of art that is common in the industry or at certain firms, but might mean something different (or nothing at all) for your firm. In such cases, it may be helpful to contact the requestor to ascertain what certain terms mean to the regulator.
- If extensions for the response deadline appear necessary, be prepared to discuss the reasons in detail. To the extent possible, contact the regulator well before the deadline if an extension is going to be necessary. Such action will most likely minimize the regulator’s concerns with granting an extension.
- Diligently update contact information on file with the regulator, whether it is through CRD/IARD or otherwise. As a result, time-sensitive communications from the regulator (such as requests for information) will be received in the most efficient manner and allow the firm the maximum time to prepare its response.
- Clearly mark or segregate attorney-client communications from other business records.
- Use password-protections and encryption when responding electronically – especially if the response contains personal identifying information such as Social Security numbers, birthdates, etc. It is possible the regulator has available encrypted communication systems for such purposes.
The angst associated with responding to a regulator can be reduced by considering the potential reasons behind the request as well as utilizing some simple communication strategies. As a result, the firm may find the response process to be less burdensome and perhaps even less adversarial.