These are my notes, live from the conference.
One of the best tests is a mock exam. See how you stand up to simulated fire. It’s a good practice to see how people respond under the interview process from a regulator (or mock regulator). How often should you do a third party review? Annually is probably too often. Ever other year can be too much. It’s a good idea to run one after a change in business practices or other major event.
The SEC is asking for a risk inventory as part of the exam process. You should put one together. Of course the SEC will use the risk inventory as a roadmap, so design it accordingly.
Test based on risk. Given the nature of private equity funds, you probably don’t need to run tests on best execution. Maybe you spend more time on valuations. It’s probably a good idea to sit on the valuation committee (I agree, but it’s better to be a non-voting member.)
Documentation is key to testing. You need to be able to hand the SEC a piece of paper if you want to prove that you did it. Of course if you state that there is a problem that needs to be fixed, it should be fixed.
How do you document violations of the compliance manual? (It’s a common question on the SEC document request letters.) You need a log of violations, employee, the policy violated and most importantly, the action taken. The SEC will not be surprised to see violations.
Do you share the testing with clients? Most attendees said they do not share at all. A small percentage are willing to share a summary.
