Preparing Your RIA for an SEC Examination: Documentation Checklist

An SEC examination notice arrives as a thirty-day clock. Picture the email that opens it on a Monday morning at a small RIA practice: subject line referencing the firm's CRD number, attachment list with a request letter, and the body asking for a documentation pull spanning the past two to five years across categories the firm has rarely had to retrieve in bulk. The thirty days is enough time if the documentation is already structured and retrievable. It is barely enough time if the documentation lives across spreadsheets, email threads, and free-text CRM notes. This piece is the checklist for being in the first category before the email arrives.

Picture also the working surface the firm's compliance officer will live on for the thirty days: a tracking spreadsheet with one row per request item, a folder of pulled artifacts on a shared drive, and a daily standup with the advisor team to chase the items that are not yet retrievable. The shape of the work is consistent across small RIA examinations; the difference between firms is whether the artifacts already exist in retrievable form or have to be reconstructed under deadline.

The categories an examination request typically covers

• Books and records. Per Advisers Act Rule 204-2, the bedrock retention list - financial records, advisory contracts, account statements, communications, performance records, and the documentation that supports each.
• Form ADV consistency. Whether the firm's actual practices match the disclosures in Form ADV Part 2A. This is the highest-rate finding category across small-RIA exams.
• Suitability documentation. Sample meeting records demonstrating the reasonable basis for recommendations made to a defined client population.
• Custody and safeguarding. Documentation of any custody-rule applicability, including SLOA arrangements and surprise audit reports if applicable.
• Marketing rule compliance. Per the SEC's amended Marketing Rule, documentation of any performance advertisement or testimonial used in client communications.
• Cybersecurity and BCP. Written policies, incident logs, and evidence of vendor due diligence.
• Code of ethics. Personal trading reports and the firm's review records.

The retrievability test

Before an examination request arrives, run a retrievability test against each category above. The test is simple: pick a random sample (a single date, a single client, a single account, a single trade) and time how long it takes to produce all the documentation tied to that sample. If retrieval for any one sample takes more than thirty minutes, the documentation structure is not yet examination-ready. The IAA's 2026 industry snapshot put SEC examination cadence for the average mid-sized RIA at roughly one every seven years, which sounds long until the request arrives and the firm realizes the structure does not exist yet.

The meeting-records subset

Meeting records are the documentation category most independent RIA practices struggle with. The retrievability problem is rarely the records themselves - they exist somewhere - but their structural inconsistency. A request for "all meeting records related to the recommendation of [product] across [period]" requires the firm to filter notes by recommendation type, which only works if recommendations are stored in a structured field. Free-text meeting notes do not survive this test cleanly.

The structural fix is to commit, going forward, to a meeting-record format that has recommendations, suitability rationale, alternatives considered, and conflicts disclosed in named fields. Across our pilot cohort, the firms that adopted this structure produced examination-ready meeting records by month four. The retrofit of historical records is rarely worth the time; what matters is that the going-forward corpus is structured.

The 30-minute rule. Pick three random meeting records from the past 18 months. Can you produce - within 30 minutes per record - the full documentation tail (note, follow-up email, profile updates, trade tickets, plan revisions)? Repeat the exercise quarterly. The cadence is the practice that pays off when the examination email arrives.

Form ADV consistency

Per the SEC's small-firm exam findings, the most-flagged category across small RIA examinations is Form ADV inconsistency - what the brochure says the firm does versus what the firm's actual records show. Three patterns to audit annually:

• Fee disclosure consistency. Item 5 of Part 2A versus actual billing records and advisory agreements.
• Service description. Item 4 versus the actual service the engagement letters describe.
• Conflicts disclosure. Items 10 and 11 versus the firm's actual practices around compensation arrangements, affiliated products, and personal trading.

An annual Form ADV reconciliation, with a written attestation from the CCO, is the cleanest defensive artifact for this category.

The pre-examination dry run

Six to twelve months before the next anticipated examination, run a mock examination internally. Pull a request letter pattern from the SEC's published examination-priorities and exam-letter samples, scope it to the firm's size, and treat it as a real request with a thirty-day clock. Track which items take which long to produce. The exercise typically surfaces two or three retrievability gaps per practice, all of which are cheaper to fix in calm weather than under deadline.

The technology angle

Examination readiness is mostly about structure and discipline; the tooling layer matters less than people think. That said, three tooling choices show up consistently in well-prepared firms: a CRM where activity records are the source of truth for meeting documentation, a document management system where artifacts are tagged by client, account, and date, and a documentation AI assistant that produces structured notes the firm can later filter by recommendation type. Across our pilot cohort, the third item compressed the meeting-records subset of examination prep from a multi-week project to a multi-day one.

The shorter version

Examination readiness is not a thirty-day project. It is a structural discipline that runs continuously and shows up easily when an examination notice arrives. The firms that pass examinations cleanly are not the firms with the most documentation; they are the firms whose documentation is structured, retrievable, and consistent with their disclosures. Build for that shape every quarter, and the email subject line referencing the firm's CRD number stops being a thirty-day emergency.

Source notes

• SEC Advisers Act Rule 204-2 recordkeeping requirements.
• SEC Division of Examinations annual examination priorities publications.
• SEC Form ADV Part 2A instructions and item-by-item disclosure expectations.
• SEC Marketing Rule (Rule 206(4)-1) and amended adviser advertising requirements.
• IAA 2026 Investment Adviser Industry Snapshot on examination cadence and findings among independent RIAs.