TAB 01 · EXAMINATION READINESSCOMPLY GROUP

Your Next Examination
Is Already Scheduled.

Unprepared firms receive an average of 11.4 examination findings. Our clients average 0.8.

Former SEC, FINRA, and OCC examiners who rebuild your policies, disclosures, and audit trails from the inside — in 90 days.

Get Your Readiness Assessment
90days

Average engagement

340+

Examinations navigated

0citations

For clients who completed the program

Scroll to review case files
Our team includes:
8Former SEC Examiners
5Former FINRA Staff
4Former OCC Supervisors
12Compliance Attorneys
✓ All cleared for NDA-protected engagements
TAB 02

Which situation sounds familiar?

FINRA / SEC

Broker-Dealer

HIGH

"First FINRA cycle examination approaching. Written supervisory procedures last updated in 2019."

See how we resolved this

SEC

Fintech / RIA

URGENT

"Series B closed. Lead investor requires SOC 2 Type II and an updated ADV Part 2 before board meeting."

See how we resolved this

OCC / FinCEN

Regional Bank

CRITICAL

"Merger pending regulatory approval. Acquiring institution's BSA/AML program incompatible with target's procedures."

See how we resolved this
TAB 03Case File 001

A $400M RIA. 14 advisors. Zero written cybersecurity policies. SEC exam in 11 weeks.

Entity Type

Registered Investment Adviser

Regulator

SEC — Division of Examinations

Timeline

11 weeks to examination

A registered investment adviser managing $400M AUM across 14 advisors received an SEC examination notice. An internal review revealed the firm had never adopted a written cybersecurity policy, its Form ADV Part 2 hadn't been updated since 2021, and three advisors were operating without current outside business activity disclosures on file.

AREASEVERITYFINDING (PRE-ENGAGE)REMEDIATED STATEDAYS

Cybersecurity

CRITICAL

No written cybersecurity policy. No incident response plan. No vendor due diligence documentation.

Reg S-P compliant cybersecurity program adopted. Incident response plan tested and documented. All third-party vendors assessed and agreements updated.

14days

Form ADV Part 2

HIGH

Brochure last updated 2021. Fee schedule materially changed. Three new services not disclosed.

ADV Part 2A/2B fully revised. Annual amendment filed. Delivery records updated for all 847 clients.

7days

Outside Business Activities

HIGH

3 of 14 advisors have undisclosed OBAs. No annual attestation process in place.

OBA disclosure forms collected for all advisors. Annual attestation policy implemented. FINRA disclosures reconciled.

5days

Books & Records

MODERATE

Email archiving vendor not SEC Rule 17a-4 compliant. 14-month gap in archived records.

WORM-compliant archiving solution deployed. Historical records restored from backup. Retention schedule documented.

18days

Supervisory Procedures

MODERATE

WSP manual references repealed rules. No evidence of annual review or attestation.

WSP manual fully rewritten to current regulatory standards. Annual review process established with calendar reminders.

10days

EXAMINATION OUTCOME

Zero deficiency citations. Examination closed without further action.

STEP 1 OF 3 · READINESS ASSESSMENT

What type of entity are you?

TAB 04Case File 002

A fintech processing $2.1B in payments annually. Series B closed Tuesday. SOC 2 audit scheduled in 90 days.

Entity Type

Fintech / Money Services Business

Regulator

SEC + FinCEN + State Regulators (4 states)

Timeline

90 days to SOC 2 audit

A payments fintech closed a $47M Series B round. Lead institutional investor required SOC 2 Type II readiness attestation before the next board meeting — 90 days out. The firm's existing compliance program had been written by a single in-house attorney with no regulatory examination experience. Four state money transmitter licenses were due for renewal within the same window.

AREASEVERITYFINDING (PRE-ENGAGE)REMEDIATED STATEDAYS

SOC 2 Readiness

CRITICAL

No formal information security policies. No access control reviews. No vendor management program. SOC 2 audit would fail on Trust Service Criteria Day 1.

Full SOC 2 Type II control environment built. 47 controls documented and evidenced. Pre-audit gap assessment passed with zero high-risk findings.

45days

AML Program

CRITICAL

BSA/AML program not updated since 2022. No independent testing completed. Customer risk rating model undocumented.

AML program rebuilt to current FinCEN guidance. Risk-based customer due diligence model documented. Independent testing completed and report filed.

30days

MTL Renewals (4 states)

HIGH

TX and FL licenses expired 60 days prior. NY and CA renewals not initiated. Surety bond amounts insufficient for current transaction volume.

All four renewals submitted with updated financials. Bond amounts increased. State examiner inquiries responded to in writing within required deadlines.

21days

Privacy Program

HIGH

Privacy policy references GDPR but firm has no EU operations. CCPA compliance undocumented. No data subject request process.

Privacy policy rewritten to reflect actual data practices. CCPA compliance program implemented. DSR intake and response workflow documented.

12days

Investor Disclosures

MODERATE

Series B investor deck contained forward-looking statements without safe harbor language. No regulatory risk disclosures.

Investor materials reviewed and updated. Regulatory risk section added. Outside securities counsel sign-off obtained.

5days

EXAMINATION OUTCOME

SOC 2 Type II opinion issued. All four MTL renewals approved. Board presentation delivered on schedule.

TAB 05Case File 003

A 9-entity holding company. Three broker-dealer subsidiaries. One OCC examination letter covering all of them simultaneously.

Entity Type

Bank Holding Company (Multi-Entity)

Regulator

OCC + FinCEN + OFAC + CFPB

Timeline

7 weeks to OCC examination

A regional bank holding company with three broker-dealer subsidiaries and two trust companies received a coordinated OCC examination notice. The entities had been operating under inconsistent BSA/AML programs following a 2022 merger that was never fully integrated at the compliance level. The examination scope included BSA/AML, OFAC sanctions screening, fiduciary controls, and the recently enacted Section 1071 small business data collection requirements.

AREASEVERITYFINDING (PRE-ENGAGE)REMEDIATED STATEDAYS

BSA/AML Program Consolidation

CRITICAL

Three entities operating under three incompatible AML programs. Transaction monitoring thresholds inconsistent. No consolidated suspicious activity reporting process.

Single enterprise-wide BSA/AML program adopted. Unified transaction monitoring thresholds established. Consolidated SAR filing process with single BSA Officer designation.

28days

OFAC Sanctions Screening

CRITICAL

Two subsidiaries using outdated OFAC list (47 days stale). No automated screening for wire transfers above $5,000. No documentation of screening results.

Real-time OFAC screening integrated into wire transfer workflow. All entities on same SDN list update schedule. Screening result documentation policy implemented.

10days

Section 1071 Readiness

HIGH

No data collection infrastructure for small business lending demographic data. CFPB compliance date missed for institutions of this asset size.

Section 1071 data fields mapped to loan origination system. Collection procedures drafted. Compliance date extension request filed and approved.

35days

Fiduciary Controls (Trust Cos.)

HIGH

Investment policy statements for 23 trust accounts not reviewed in 3+ years. Annual account reviews not documented. Fee disclosure conflicts unresolved.

All 23 IPS documents reviewed and updated. Annual review calendar established. Fee disclosure conflicts identified and resolved with beneficiary notification.

20days

Audit Trail Integrity

MODERATE

Post-merger system migration created gaps in transaction audit trail for Q3–Q4 2023. No remediation documentation exists.

Historical audit trail gaps documented and explained in examination response. Remediation memo drafted and signed by Chief Compliance Officer.

8days

Customer Risk Ratings

MODERATE

High-risk customer segment (MSBs) not flagged consistently across entities. Enhanced due diligence not applied uniformly.

Unified customer risk rating methodology deployed across all entities. MSB segment re-screened. EDD documentation completed for 47 accounts.

15days

EXAMINATION OUTCOME

Examination closed with two Matters Requiring Attention — both resolved within 60 days. No Formal Agreement, no MOU, no civil money penalty.

TAB 06 · THE TEAM

We were the examiners.
Now we sit on your side.

Our team spent a combined 87 years inside the regulatory agencies that will examine you. We know the examination protocols, the internal scoring criteria, and exactly which gaps generate findings — because we wrote the guidance that identifies them.

Professional woman in navy blazer with confident expression in office setting

Margaret Holloway

14 years

Former SEC Branch Chief

Division of Examinations, NY Regional Office

RIA & broker-dealer examinations, books & records, cybersecurity

Professional man in dark suit with serious expression in conference room

James Okafor

11 years

Former FINRA Principal Examiner

Member Supervision, Chicago District

Broker-dealer supervision, suitability, AML, net capital

Professional woman with glasses and light blazer reviewing documents at desk

Carol Stavros

9 years

Former OCC Bank Examiner

Large Bank Supervision, Midwest District

BSA/AML, OFAC compliance, fiduciary controls, Section 1071

TAB 07 · NEXT STEP

The examination clock
is already running.

Every day without a current written supervisory procedure, an updated Form ADV, or a documented cybersecurity policy is a day closer to a deficiency citation. Our team has 90 days. Let's start the clock on your terms.

Get Your Readiness Assessment
🔒NDA signed before first call
No retainer until scope is agreed
Response within 1 business day