The RIA’s Guide to Compliance Testing

Policies Aren’t Enough — The SEC Wants Proof 

Regulators don’t just want to know if you tested – they want to see what you found, what you fixed, and how your program evolved.

You’ve built the policies. You’ve set the procedures. But in 2025, that’s just the starting line. 

Today’s SEC examiners want to see how your firm detects risks, tests controls, and learns from what’s found — not just once a year, but continuously. And for firms with limited resources, that can feel overwhelming. 

This guide gives you a practical roadmap to: 

• Focus your testing efforts on areas examiners care about most — like personal trading, portfolio oversight, and marketing review
• Connect findings to your risk assessment and use that to inform your compliance policy updates 
• Document what matters without spinning your wheels
• Turn your annual review into a reflection of strategic oversight — not a scramble

You don’t need more policies. You need a testing process that shows your program works — because that’s what regulators are looking for.