The SEC issued a risk alert for investment advisors and broker-dealers on August 12th with respect to COVID-19. In the risk alert, OCIE (Office of Compliance Inspections and Examinations) shared a number of observations and recommendations with registrants to help them address new operational, technological, and other challenges and issues that have resulted from COVID-19.
Protection of Investor Assets
OCIE is encouraging firms to review their practices to ensure that client assets are protected.
- Advisors may want to update their policies and procedures regarding the collection and processing of client checks and transfer requests and to consider disclosing to clients these changes. For example, firms may want to disclose to clients that checks mailed to the advisor’s office may experience delays in processing until personnel are able to access the mail or deliveries at that location.
- Advisors may also want to review and make necessary changes to their policies and procedures regarding disbursements to investors, including where clients are taking unusual or unscheduled withdrawals from their accounts. Firms may want to consider implementing additional steps to validate the identity of the client and the validity of disbursement instructions, particularly COVID-19 related distributions from client’s retirement accounts.
- Advisors may want to consider recommending that each client have a trusted contact person in place, particularly if the client is over the age of 62.
Supervision of Personnel
As more and more employees work from home, firms should closely review and modify, as necessary, their supervisory policies and procedures.
- Advisors should determine whether policies and procedures are adequate with respect to the ability of supervisors to oversee and monitor employees working remotely.
- Firms should review policies and procedures regarding employees’ communications and whether business-related communications or transactions are occurring outside of the firm’s systems.
Business Continuity
Firms should be considering their ability to operate critical business functions during emergency events.
- One specific risk relates to employees taking on new or expanded roles in order to maintain business operations. Such new roles may increase certain risks or introduce additional conflicts of interest.
- Advisors should consider whether security and support for facilities and remote sites may need to be enhanced or modified.
Protection of Sensitive Information
The requirement of employees to use videoconferencing and other electronic means to communicate while working remotely introduces vulnerabilities regarding the potential loss of sensitive information.
- Firms should consider providing employees additional trainings and reminders related to phishing, sharing information over unsecure remote systems, the encryption of documents and use of password protected systems, and the destruction of physical records at remote locations.
- Advisors should also review personnel access rights and controls as employees take on new or expanded roles in order to maintain business operations.
Click here to see the complete Risk Alert from OCIE.
For more information about how your firm can help ensure that its policies and procedures are adequate in light of COVID-19, please contact NCA Compliance.
Hayley Nelson is the President and Principal Consultant of NCA Compliance, Inc., a compliance consulting firm providing a wide range of customized compliance solutions for investment advisors. Ms. Nelson previously worked for the Securities and Exchange Commission and a large investment manager in New York.