According to an Investment News article written by Mark Schoeff Jr. and posted on March 11, 2020, the coronavirus pandemic is leading to more investment advisors working remotely. As we know, working from home can increase the compliance risks facing investment advisory firms.
Business Continuity Plans and Working Remotely
Broker-dealers and registered investment advisors (“RIAs”) are required to prepare for any disasters which might disrupt their businesses. Working remotely is an important element of business continuity plans (“BCPs”). Firms’ BCPs should be designed to minimize the impact that catastrophes, such as a pandemic, will have on their clients.
The SEC expects BDs’ and RIAs’ BCPs to be formulated to prepare for widespread disruptions. For example, investment advisors should arrange for alternative work locations in case their primary office becomes unavailable.
Thorough and effective BCPs should ensure that advisors can communicate with clients throughout the disruption. As part of their fiduciary obligations, investment advisors should ensure that clients have access to funds and securities during what may turn out to be an extended business disruption.
In response to the pandemic, FINRA released Regulatory Notice 20-08 on March 9, 2020, and gave this guidance to broker-dealers:
Due to the recent outbreak of coronavirus disease (COVID-19), FINRA reminds member firms to consider pandemic-related business continuity planning, including whether their business continuity plans (BCPs) are sufficiently flexible to address a wide range of possible effects in the event of a pandemic in the United States. Each member firm is also encouraged to review its BCP to consider pandemic preparedness and to review its emergency contacts to ensure that FINRA has a reliable means of contacting the firm.
In its Regulatory Notice, FINRA recognized that remote offices or telework arrangements may raise compliance challenges and offered these recommendations:
FINRA understands that the use of remote offices or telework arrangements during a pandemic may necessitate a member firm to implement other ways to supervise its associated persons who change their work locations or arrangements for the duration of the pandemic. In such cases, FINRA would expect a member firm to establish and maintain a supervisory system that is reasonably designed to supervise the activities of each associated person while working from an alternative or remote location during the pandemic. With respect to oversight obligations, a member firm’s scheduled on-site inspections of branch offices may need to be temporarily postponed during the pandemic, with FINRA understanding that the ability to complete this annual regulatory obligation in 2020 may need to be re-evaluated depending on the duration and severity of the pandemic.
Although RIAs are not subject to FINRA’s regulations, investment advisors and chief compliance officers (“CCOs”) should work diligently to supervise the activities of each associated person who is working remotely.
Lessons learned from the SEC’s Supervision Initiative
To assist with their supervisory efforts, it is helpful for CCOs to look at a Risk Alert published by the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) on July 23, 2019. OCIE’s Supervision Initiative discussed the SEC’s observations in examining investment advisors and found that most of the RIAs examined did not adequately supervise or had not established appropriate standards of business conduct for their supervised persons. Examiners observed that geographically dispersed persons were operating in a self-directed fashion and were not following the RIA’s policies and procedures.
The Risk Alert suggested that RIAs exercise a higher level of supervision over persons with specific disciplinary histories. OCIE determined that expanded oversight is particularly important when individuals work remotely or in branch offices, especially if they have committed disciplinary infractions in the past.
Although the Supervision Initiative focused on oversight practices relating to employees with disciplinary histories, it made a number of recommendations that can be applied to any situation where associated persons are working remotely. CCOs should evaluate these compliance risks in light of the RIA’s business model, as well as other facts and circumstances. Certainly, working remotely as a result of mandates imposed in the wake of the coronavirus involves unique facts and circumstances, especially if the pandemic continues for several months. OCIE’s Supervisory Initiative Risk Alert is available here.
RIAs can also gain guidance by reviewing OCIE’s Risk Alert pertaining to its Multi-Branch Adviser Initiative. This initiative examined investment advisors that operate out of multiple branch offices to determine whether they were compliant with applicable securities laws. OCIE’s Multi-Branch Investment Adviser Risk Alert can be found here.
As the coronavirus threat continues to escalate, it is imperative that CCOs reinforce policies and procedures that apply specifically to employees working remotely. In particular, CCOs should remind supervised persons about the firm’s privacy policies and the importance of zealously guarding clients’ personal information. Associated persons working remotely must archive all email and social media communications with clients and prospects. All advertisements remain subject to the firm’s approval process.
CCOs can dial up their oversight of supervised persons working remotely. They can supervise and review the investment recommendations made to clients by Investment Adviser Representatives (“IARs”) working remotely. This course of action is particularly important if an IAR is inexperienced or has deviated from policies and procedures in the past. CCOs should be able to handle their duties from anywhere using compliance software and other technology.
Firms like Foreside have already warned employees about potential scams and phishing attempts related to the corona virus. Investment advisors should communicate the same warnings to their clients. RIAs should have already implemented policies and procedures to guard against cybersecurity threats.
Although social distancing is recommended to flatten the curve of the coronavirus, investment advisors need to make efforts to maintain the same level of interaction with clients, and CCOs need to make efforts to maintain a heightened level of interaction with the firm’s employees, using all of the technology at their disposal. Training and meetings can occur using videoconferencing, when available. And above all, RIAs and their staff need to interact frequently with clients who may be panicking from the coronavirus and the impact it is having on the stock market.