Matt Fizell founded his RIA, Harmony Wealth, in Wisconsin in May. By November — during a client meeting — his phone showed a call from the Wisconsin Department of Financial Institutions. He described feeling "anxious, nervous and stressed" when he saw the caller ID.
Same day: a letter instructing him to upload documents within fifteen days. After submitting, the examiner requested specific notes, invoices, and communications from five randomly chosen clients over the previous twelve months.
His firm was months old. His takeaway: "If you show that you want to do the right thing for your clients, they're probably going to work with you, not against you."
That's the reality for small firms. The examination itself isn't the problem — most exams result in deficiency letters, not enforcement actions. The problem is the weeks of anxiety and scrambling that happen when you're not prepared for one.
The SEC's 2026 examination priorities explicitly call out newly registered advisers and firms that haven't been examined recently. If you registered your RIA in the last few years and haven't been through an exam, you're on a shorter list than you might think.
The numbers: the SEC examines roughly 15% of the registered adviser population annually — approximately 2,385 examinations per year. In fiscal year 2024, the Division of Enforcement pursued over 130 actions against investment advisers.
The NASAA 2023 examination sweep of state-registered advisors found that 72% of the firms examined were one-person operations and 34% were experiencing their first exam. The top deficiencies: registration issues (23%), books and records (17%), supervision and compliance (16%), and contracts (12%).
If you're a solo or small firm, you are the profile that regulators are examining.
You'll receive a letter — typically via email — listing the documents the SEC wants to review before the exam begins. The list is long. Common requests:
The key insight: these documents should already exist. The exam letter is asking you to produce what you should have been maintaining all along. The stress comes when the documents don't exist or don't match your actual practices.
The SEC has increasingly conducted examinations remotely since 2020. Many exams happen entirely over secure document portals, email, and video calls. Some still have an on-site component.
During the review, examiners will:
After the review, you'll receive one of three outcomes:
Most small RIA exams result in a deficiency letter. That's normal. The SEC uses examinations as educational tools for smaller firms — the Division's own guidance frames the program as "promoting compliance, preventing fraud, monitoring risk, and informing policy."
Based on common deficiency findings from SEC risk alerts, NASAA sweep data, and practitioner reports:
The single most cited issue. You bought or drafted a compliance manual when you registered. It's 60–100 pages. You haven't updated it since. Examiners compare what the manual says with how your firm actually operates — and the gaps are obvious.
Fix: Read your manual. Does it describe what your firm does today? If you added a service, changed your fee structure, or started using new technology since the manual was written, it needs updating. Document your annual review with a dated memo — even a one-page summary showing you read it and confirmed it's current.
Nearly 50% of all regulatory examinations note at least one registration deficiency. Common issues: fee schedules that don't match what clients are actually charged, services described in the ADV that the firm no longer offers, missing information about conflicts of interest, and late annual amendments.
Fix: Pull up your Form ADV Part 2A and read it like an examiner. Compare every statement to your current operations. File amendments when anything changes materially — don't wait for the annual filing deadline.
Even solo advisors need a written Code of Ethics. It should cover your personal trading policies, fiduciary obligations, and — if you have employees — their reporting requirements for personal securities transactions. The SEC specifically flags firms for having a Code of Ethics that is "clearly off-the-shelf and not tailored to the firm's actual operations."
Examiners will pull client accounts and check whether fees charged match your ADV and advisory agreement terms. Common issues: not applying fee breakpoints correctly, billing inconsistently on gross vs. net asset values, and not crediting terminated clients for prepaid advisory fees.
Fix: Select 5–10 client accounts and manually verify the fee calculations match your stated methodology. Document the review.
The SEC's December 2025 risk alert focused specifically on testimonial and endorsement deficiencies. If you're using client quotes on your website, promoting third-party ratings, or posting about your services on social media, the Marketing Rule applies. Common issues: missing written agreements with promoters, inadequate disclosures, and third-party ratings used without verifying the methodology.
With the Regulation S-P amendments taking effect June 3, 2026 for smaller firms, examiners are already looking at your cybersecurity posture. You need a written incident response plan, vendor oversight procedures, and documentation of your data protection practices. "We use two-factor authentication" isn't a cybersecurity policy.
The SEC expects organized, retrievable records. Client agreements, correspondence archives, trade records, and compliance documentation should all be accessible within a reasonable timeframe. When an examiner asks for "all communications with Client X over the past 12 months" and you can't produce them within a few days, that's a finding.
Many small firms don't realize they have custody. If you can deduct advisory fees directly from client accounts — which most RIAs can — you have custody under the SEC's definition. Make sure you're meeting the requirements: qualified custodian, account statements delivered directly to clients, and accurate Form ADV Part 1A disclosure of custody status.
If you haven't been examined yet, or if you want to be ready when the letter arrives:
This week:
This month:
Ongoing:
The firms that handle exams well are the ones that maintain their compliance program year-round — not the ones that scramble after receiving the document request. Annual compliance reviews, organized records, and staying current on regulatory changes aren't exam prep. They're the baseline the SEC expects from every registered adviser.
The part most solo advisors struggle with is the last one: staying current on regulatory changes. Between client meetings, portfolio management, and running a business, reading SEC releases and FINRA notices falls to the bottom of the list. And that's where the gap between "I know I should" and "I actually do" creates the most risk.
Pulsio fills that gap. We monitor SEC, FINRA, and federal regulatory sources daily and deliver firm-specific alerts to your inbox every morning — what changed, why it matters to your firm, and what to do. When an examiner asks how you stay current on regulatory changes, you'll have the answer. Start your free trial →
Sources: RIA Intel: Matt Fizell's Exam Story · NASAA 2023 Examination Sweep · SEC 2026 Examination Priorities · SEC FY2024 Enforcement Results · COMPLY: Common RIA Exam Deficiencies · Kitces: SEC Exam Playbook