Annual Surprise Examination

If your SEC-registered investment adviser has “custody” of client funds or securities, you must arrange an annual surprise examination performed by an independent public accountant, with no advance notice to the adviser. The accountant verifies client assets and files Form ADV-E with the SEC within 120 days after the examination date. (17 CFR § 275.206(4)-2)

Key takeaways:

• Custody triggers the requirement; confirm custody status first, then design the exam around what you actually hold or can access. (17 CFR § 275.206(4)-2)
• You must engage an independent public accountant for a surprise exam at least annually, without tipping off the adviser team that could influence testing. (17 CFR § 275.206(4)-2)
• Operational success depends on being able to produce complete, reconciled, and supportable client asset records on demand, plus retaining exam artifacts and the ADV-E filing evidence. (17 CFR § 275.206(4)-2)

The annual surprise examination requirement is a custody-rule control designed to validate that client funds and securities are actually present and properly recorded when an adviser has custody. Your job as CCO or GRC lead is to convert a legal trigger (“custody”) into a repeatable operating model: decide whether the rule applies, select and contract with the right independent public accountant, ensure your books-and-records and reconciliations can withstand an unannounced test, and make sure the accountant files Form ADV-E within the required window. (17 CFR § 275.206(4)-2)

In practice, most implementation issues are not about the exam mechanics; they come from unclear custody determinations, inconsistent asset populations (what accounts are “in scope”), weak position-level support, and confusion about what the accountant can request directly from qualified custodians or other third parties. You want the exam to be boring: clear scope, clean reconciliations, fast evidence production, documented exceptions, and a tight post-exam remediation loop.

This page gives requirement-level guidance you can execute quickly: applicability, step-by-step actions, artifacts to retain, common examiner questions, and a practical execution plan.

Regulatory text

Requirement (excerpt): “An investment adviser with custody must undergo an annual surprise examination by an independent public accountant to verify client funds and securities.” (17 CFR § 275.206(4)-2)

Operator interpretation of what you must do:

1. Determine whether your adviser has custody of client funds or securities, and document the basis for your determination. If you have custody, the surprise exam requirement applies. (17 CFR § 275.206(4)-2)
2. Engage an independent public accountant to perform a surprise examination at least once each year, without prior notice to the adviser. (17 CFR § 275.206(4)-2)
3. Ensure the examination covers all client funds and securities held or controlled by the adviser, not just a subset that is convenient to reconcile. (17 CFR § 275.206(4)-2)
4. Confirm the accountant files Form ADV-E with the SEC within 120 days of the examination date and notifies the SEC of material discrepancies, as required. (17 CFR § 275.206(4)-2)

Plain-English requirement

If your firm can access client assets (or otherwise meets the custody definition), you need a qualified outside accountant to show up unannounced, verify the client asset balances and existence, and then report the results to the SEC via Form ADV‑E on a defined timeline. You are accountable for readiness: accurate records, reconciliations, and cooperation protocols that do not compromise the “surprise” nature of the exam. (17 CFR § 275.206(4)-2)

Who it applies to

Entity types and operational context

• Investment advisers with custody of client funds or securities. (17 CFR § 275.206(4)-2)
• Typical custody-linked operating scenarios include:
  • The adviser (or an affiliate) holds client assets directly or can withdraw/transfer them.
  • The adviser has authority or control that meets the custody definition under the custody rule.

Practical applicability checklist (use this to start)

Create a short memo (one to two pages) that answers:

• Do we have custody under the custody rule? If yes, what activities create custody? (17 CFR § 275.206(4)-2)
• What is the population of client assets “held or controlled” by us that the accountant must test? (17 CFR § 275.206(4)-2)
• Which third parties are involved (qualified custodians, administrators, prime brokers), and what confirmations can the accountant obtain directly?

If your custody conclusion is “no,” retain the analysis and re-test it at least annually and whenever your operating model changes (new account types, new fee arrangements, new authorization). This is a common exam focus even when a surprise exam is not required. (17 CFR § 275.206(4)-2)

What you actually need to do (step-by-step)

1) Lock the scope: custody determination + asset inventory

• Document custody basis (what facts cause custody) and identify the specific accounts/asset types in scope. (17 CFR § 275.206(4)-2)
• Build an in-scope asset register:
  • Account name/number (masked where needed)
  • Custodian/prime broker/administrator
  • Asset type (cash, equities, fixed income, private fund interests, etc.)
  • Who maintains the official books and records for positions and cash
  • How positions and cash are reconciled (system, owner, frequency)

Deliverable: “Custody & Surprise Exam Scope Memo” approved by Compliance.

2) Engage the independent public accountant (and preserve independence)

• Select an independent public accountant with the competence to test your asset types and counterparties. (17 CFR § 275.206(4)-2)
• Contract for:
  • Surprise exam services and expected coordination model (who at the firm is the point of contact)
  • Evidence request and confirmation methods with custodians/third parties
  • Clear responsibility that the accountant will file Form ADV‑E within 120 days after the exam date. (17 CFR § 275.206(4)-2)

Operational note: You can coordinate logistics at a high level, but do not schedule the actual examination date in a way that undermines “surprise.” Keep the internal notification list tight.

3) Build “surprise-ready” books-and-records

Your readiness objective is simple: at any time, you can produce complete support for:

• Client cash balances and movements
• Position holdings and valuations (as applicable)
• Reconciliation between internal records and custodian/administrator records
• Exception logs and follow-up actions

Create an evidence map (table) that lists each evidence item, system of record, data owner, and how quickly it can be produced. The rule requires verification of client funds and securities, so your evidence map should be aligned to those populations. (17 CFR § 275.206(4)-2)

4) Run a pre-exam internal “mock pull”

Without trying to predict the exam date, test your operational ability to produce:

• Latest reconciliations
• Custodian statements or equivalent
• Trade/blotter support for recent activity
• Bank wires/ACH support and approvals for cash movements

Focus on completeness and traceability. Document gaps and fix them. This is where teams typically discover missing approvals, unreconciled breaks, or unclear ownership.

5) Execute the surprise exam support protocol

When the accountant initiates the exam:

• Route requests through a designated exam coordinator (often Compliance or Finance Ops) to prevent evidence sprawl and inconsistent responses.
• Maintain a request log: request, owner, date delivered, format, and any open items.
• Track exceptions and your responses. If you disagree with a proposed finding, document the basis and provide support.

6) Confirm Form ADV‑E filing and post-exam remediation

• Obtain evidence that the accountant filed Form ADV‑E within 120 days of the examination date. (17 CFR § 275.206(4)-2)
• Run a remediation cycle:
  • Classify findings (recordkeeping gap, reconciliation issue, control design issue, third-party dependency)
  • Assign owners and due dates
  • Update written procedures and training where needed

If you run your compliance program in a GRC tool like Daydream, track the surprise exam as a recurring regulatory obligation with linked controls, tasks, and evidence so you can show continuity year over year without rebuilding the audit trail.

Required evidence and artifacts to retain

Keep artifacts in a dedicated “Custody Rule – Surprise Exam” folder with controlled access.

Core artifacts

• Custody determination memo and approvals. (17 CFR § 275.206(4)-2)
• In-scope asset register and change log.
• Engagement letter/contract with the independent public accountant and independence confirmations. (17 CFR § 275.206(4)-2)
• Evidence map and data lineage notes (systems of record, owners).
• Reconciliation files and exception logs supporting client funds and securities. (17 CFR § 275.206(4)-2)
• Accountant request log and your responses (what was provided, when, by whom).
• Exam results communications and management responses.
• Proof of Form ADV‑E filing within 120 days after the exam date. (17 CFR § 275.206(4)-2)

Practical retention tip: Preserve “point-in-time” versions. Surprise exams test what existed on the exam date; re-generated reports later can create disputes if data changed.

Common exam/audit questions and hangups

Expect these questions from SEC exam staff, internal audit, or your external accountant:

• “Show me your custody analysis. What changed since last year?” (17 CFR § 275.206(4)-2)
• “Which accounts are in scope, and why are these excluded?”
• “How do you know the position file is complete relative to the custodian?”
• “Who can move money? Show me approvals and segregation of duties.”
• “Where is the evidence the accountant filed Form ADV‑E on time?” (17 CFR § 275.206(4)-2)
• “How do you address breaks, stale recon items, or unresolved discrepancies?”

Hangup pattern: teams can produce statements, but cannot tie them to internal records (or vice versa). Your reconciliations and exception management are the spine of the program.

Frequent implementation mistakes (and how to avoid them)

1. Unclear custody conclusion.
   Fix: write a custody memo that ties facts to the rule requirement and update it when operations change. (17 CFR § 275.206(4)-2)

2. In-scope population drift.
   Fix: maintain an asset register with ownership and a change log; reconcile it to your client/account master list.

3. Treating the surprise exam like a scheduled annual audit.
   Fix: maintain ongoing readiness and limit internal knowledge of timing. The rule requires the exam be without prior notice to the adviser. (17 CFR § 275.206(4)-2)

4. Weak evidence packaging.
   Fix: standardize report formats, naming conventions, and a request log so you can prove what you gave the accountant and when.

5. Missing ADV‑E proof.
   Fix: make “ADV‑E filing confirmation” an explicit contract deliverable and a compliance closure criterion. (17 CFR § 275.206(4)-2)

Enforcement context and risk implications

No public enforcement cases were provided in the source catalog for this page, so this guidance stays grounded in the rule text and operational expectations. The practical risk is straightforward: if you have custody and cannot evidence a compliant surprise exam (including ADV‑E filing), you face heightened regulatory scrutiny during SEC exams and may be required to remediate control gaps under exam timelines. (17 CFR § 275.206(4)-2)

Practical 30/60/90-day execution plan

Because the rule includes a fixed filing window, your plan should focus on readiness and repeatability rather than “getting it done once.” (17 CFR § 275.206(4)-2)

Days 1–30: Establish scope and accountability

• Complete custody determination memo and get CCO sign-off. (17 CFR § 275.206(4)-2)
• Build in-scope asset register and identify all third parties involved.
• Select/confirm independent public accountant; define ADV‑E filing responsibility in writing. (17 CFR § 275.206(4)-2)
• Stand up a central evidence repository and request log template.

Days 31–60: Harden records and rehearsals

• Document reconciliations and exception workflows for each asset population.
• Run an internal mock pull of the evidence you would provide in a surprise exam.
• Fix gaps: missing approvals, unclear ownership, inconsistent statements, incomplete recon support.

Days 61–90: Operationalize “surprise-ready”

• Finalize exam support playbook (roles, communications, request routing, escalation).
• Train Finance Ops, Client Service, and Compliance on the protocol (what to do when the accountant calls).
• Implement ongoing monitoring: reconciliation completion checks, exception aging reviews, and evidence packaging discipline.
• In Daydream (or your GRC system), set the surprise exam obligation as recurring with required artifacts and an annual control testing record.

Frequently Asked Questions

Does the annual surprise examination apply to every investment adviser?

It applies to an investment adviser that has custody of client funds or securities. Start by documenting your custody determination and the operational facts that support it. (17 CFR § 275.206(4)-2)

What makes the examination “surprise” in practice?

The exam must occur without prior notice to the adviser. You can have an accountant engaged and readiness processes in place, but you should not manage it like a pre-scheduled annual fieldwork event. (17 CFR § 275.206(4)-2)

Who is responsible for filing Form ADV‑E?

The practical expectation in the rule summary is that the independent public accountant files Form ADV‑E with the SEC within 120 days after the examination date. Build this into the engagement letter and track receipt of filing evidence. (17 CFR § 275.206(4)-2)

What assets are in scope for testing?

The examination verifies client funds and securities held or controlled by the adviser. Your best defense is a documented asset population and a clear mapping to custodians, administrators, and internal books-and-records. (17 CFR § 275.206(4)-2)

What evidence do SEC examiners ask for most often related to the surprise exam?

They commonly request your custody analysis, the accountant engagement documentation, reconciliations supporting client funds and securities, and proof that Form ADV‑E was filed within the required timeline. (17 CFR § 275.206(4)-2)

We outsource operations to a third party administrator. Does that remove the requirement?

Outsourcing does not automatically eliminate custody or the need for a surprise exam. You still need a custody determination based on what authority the adviser or its affiliates have over client assets. (17 CFR § 275.206(4)-2)