COVID-19 Brings Risks – and we aren’t talking Health Risks

Advisers registered with the SEC have faced several challenges through the Coronavirus pandemic. These have come operationally, technologically, commercially, and so on. The OCIE has put forth great efforts to continue operating as normal through this time and has worked to ensure that advisers could work in normal operational procedures without major disruptions. The OCIE has also been working with advisers to determine the impacts of COVID-19.

The SEC has put together some information around some of these areas of concern that could be cause for heightened risk:

(1) Protection of investors’ assets –

As the RIA, you are responsible for the safety of investors’ assets and to guard against theft, loss, and misappropriation. During the pandemic, the SEC has found that some firms have modified their normal operating practices around collecting and processing investor checks and transfer requests. OCIE encourages Firms to review their practices and make appropriate adjustments in situations where investors mail checks to Firms and Firms are not picking up their mail daily. Firms may want to update their supervisory and compliance policies and procedures to reflect any adjustments made and to consider disclosing to investors that checks or assets mailed to the location may experience delays in processing until personnel are able to access the mail or deliveries at that office location.

Firms are also encouraged to review and make any necessary changes to their policies and procedures around disbursements to investors, including where investors are taking unusual or unscheduled withdrawals from their accounts. There should be some extra steps in place to confirm identity of the investor and that the request is authentic. Also, recommend to seniors/vulnerable adults that they have a trusted contact person in place.

(2) Supervision of personnel –

The RIA has a duty to monitor the activities and operations of its employees and should be amended as necessary to reflect the current work environment. As firms are working remotely and dealing with market volatility and other similar issues, they should be closely reviewing and modifying their supervisory and compliance policies and procedures.

You should be paying attention to and modifying policies in regards to supervisors and employee relationship (level of oversight and interaction remotely), supervised persons making securities recommendations in market sectors that have experienced greater volatility or may have higher risks for fraud, any impacts related to limited on-site due diligence reviews and other resource constraints, remote oversight of trading, due diligence during onboarding process, and communications or transactions occurring outside of the Firms’ systems because of remote working.

(3) Practices relating to fees, expenses, and financial transactions –

The recent market volatility and the resulting impact on investor assets and the related fees collected by Firms may have increased financial pressures on Firms and their personnel to compensate for lost revenue. This can lead to misconduct related to financial conflicts of interest such as biased recommendations, borrowing from investors, or making higher cost recommendations. This can also lead to misconduct related to fees and expenses such as advisory fee calculation errors, inaccurate calculation of tiered fees, and failure to return prepaid fees on termed accounts.

You should review your fees and expenses policies and procedures and consider enhancing compliance monitoring in these areas mentioned above.

(4) Investment fraud –

During uncertain times comes a heightened risk of investment fraud through fraudulent offerings. Firms should be aware of these risks when conducting due diligence on investments and in determining that the investments are in the best interest of investors. Firms and investors who suspect fraud should contact the SEC and report the potential fraud.

(5) Business continuity –

Your business plan should always consider emergency situations. Due to the pandemic, many Firms have shifted to predominantly operating from remote sites, and these transitions may create compliance issues and other risks that could impact lengthy remote operations. Firms may need to modify supervisory and compliance policies and procedures and security and support for facilities and remote sites may need to be modified or enhanced.

(6) The protection of investor and other sensitive information –

It is the Firm’s duty to protect investors’ personally identifiable information. The SEC has seen that many require use of videoconferencing and other electronic means to communicate while working remotely. While these communication methods have allowed Firms to continue their operations, these practices can lead to vulnerabilities around sensitive information and more opportunities for fraudulent activities and phishing.

Consider enhancing your identity protection practices, providing employees with additional trainings on cybersecurity, conducting more reviews of employees access rights, using validated encryption technologies, confirming remote access servers are secured, using multifactor authentication, and handling any new or additional cyber-related issues related to third parties.

If you need some help taking a deeper dive into your policies and procedures, we are here for you. The time is now to make sure this is all squared away before you are under scrutiny. Contact us today to get started.