Don't Forget to Share this Post

Examining OCIE's COVID-19 Compliance Risk Alert for Broker-Dealers and Investment Advisers

By Amanda Daly | Tuesday, August 18th, 2020

The Office of Compliance Inspections and Examinations (OCIE) has recently released a risk alert examining COVID-19 compliance risks and considerations for broker-dealers and investment advisors. SEC registrants have been faced with new operational, technological, commercial, and other challenges and issues which has created important regulatory and compliance questions and considerations. In response, OCIE has worked with these registrants to minimize disruptions, specifically to ensure that its work can be conducted in a manner consistent with maintaining normal operations and appropriate health and safety measures. 

Throughout this process, OCIE has identified a number of COVID-19 related issues, risks, and practices relevant to SEC-registered investment advisors and broker dealers. This blog article will share some of the OCIE observations recommendations that fall into the following six categories:

  1. Protection of investors’ assets

  2. Supervision of personnel

  3. Practices relating to fees, expenses, and financial transactions

  4. Investment fraud

  5. Business continuity

  6. The protection of investor and other sensitive information

Protection of investors’ assets

One observation that has been made is that OCIE observed that some firms have modified their normal operating practices regarding collecting and processing investor checks and transfer requests. OCIE encourages firms to review their practices and make adjustments where appropriate. One example adjustment is disclosing to investors that checks or assets mailed to the office location may experience delays in processing if mail isn't being picked up daily.

Supervision of personnel

As an unprecedented number of employees went to a remote workforce due to COVID-19, firms must stay diligent in maintaining their security posture. OCIE encourages firms to closely review and, where appropriate, modify their supervisory and compliance policies and procedures. For example, firms may consider modifying their practices to address managers not being able to oversee their team / interact as diligently when they are working remotely, as well as the fact that communications or transactions may be occuring outside of the firms’ systems due to employees working remote and using personal devices.

Practices relating to fees, expenses, and financial transactions

Some firms have obligations that relate to considering and informing investors about the costs of services and investment products, and the related compensation received by the firms. While these risks exist, the current situation may have increased the potential for misconduct regarding:

  • Recommendations on retirement plan rollovers to individual retirement accounts,

  • Retirement account transfers into advised accounts or investments in products, 

  • Borrowing or taking loans from investors and clients, and

  • Making recommendations that result in higher costs to investors and that generate greater compensation for supervised persons.

Therefore, firms may wish to review their fees and expenses policies and procedures and consider enhancing their compliance monitoring.

Investment fraud

With things like a global pandemic in place, the staff has seen an increase of investment fraud. Firms should be alert and aware of these risks when conducting due diligence on investments. Any firm and or investor who suspect fraud should contact the SEC and report the potential fraud.

Business continuity

Firms should (always!) consider their ability to operate critical business functions during emergency events such as a global pandemic in this case. While being remote due to COVID-19, this may raise compliance issues and other risks that could impact protracted remote operations. These risks include a supervised person may need to take on new or expanded roles in order to maintain business operations or that some firms' security and support for facilities and remote sites may need to be modified or enhanced and that remote location data is protected. 

The protection of investor and other sensitive information

What types of communication are you and your firm using while working remote? Zoom? Microsoft Teams? The staff has observed that many firms are having their employees use videoconferencing and other electronic means to communicate while working remotely. Sure, these communications methods are easy, but what vulnerabilities do they entail? Firms need to ensure that their personal and sensitive information are secure while using these communication methods as well as understand that these communication methods have created vulnerabilities around the potential loss of sensitive information, including personally identifiable information (PII).

cyber bundleInterested in how Eze Castle Integration can assist your firm in times like this?

Contact us today or check out our Cybersecurity Bundle  to help you and your firm identify, protect, and defend against cyber threats. You can also click here to read the full risk alert.

Don't Forget to Share this Post

Related Posts

Q&A Summary of Major Themes and Takeaways from ECI’s Webinar on New SEC Cybersecurity Rules
Webinar Recap: What Financial Firms Need to Know About Upcoming SEC Rules on Cybersecurity, Part 2
Webinar Recap: What Financial Firms Need to Know About Upcoming SEC Rules on Cybersecurity, Part 1
Why Your Firm Needs a Governance, Risk and Compliance (GRC) Program
A Comprehensive Approach to Security Automation
A “Just Right” Approach for Just-in-Time Access Management

How Can Eze Castle Integration help you?Contact us today!

Contact Us