The Office of Compliance Inspections and Examinations released a new risk alert last week on COVID-19 compliance risks for broker-dealers and investment advisers. OCIE broke the concerns into six categories:
- protection of investors’ assets;
- supervision of personnel;
- practices relating to fees, expenses, and financial transactions;
- investment fraud;
- business continuity; and
- the protection of investor and other sensitive information.
On first impression, that looks like a typical list of things that OCIE is concerned about and that fund managers should be concerned about, with or without trying to deal with COVID. OCIE did a good job of looking at these typical issues through the lens of disruptions caused by the COVID pandemic and fewer (or no) people in the office.
As for the protection of investor assets, OCIE wants firms to make sure someone is checking the mail for correspondence from investors. There has been a rise in phishing attacks, so firms should take additional steps to verify instructions from clients or investors.
Obviously, supervision has become more difficult as workers are now spread between the office and home. A lot of compliance comes from walking around the hallways.
As to fees, OCIE raises the issue that firms are facing financial pressure and may push fees to generate revenue.
There was a wave of fraud from companies purporting to have COVID cures and to be able to supple COVID fighting materials like PPE. Don’t sell them to your clients.
I assume most firms had some form of business continuity plan in place. I would guess that very few specifically addressed what to do during a pandemic. Office fires, people getting hit by a bus, power failures are all in the plan. Pandemics? Less likely.
Protecting personal information is just as important, regardless of where people are working. If you have someone working at home with PII, maybe they need a shredder for documents. Watch for phishing attacks. The usual.
Read all the details in the alert.
Sources: