Breakdown of OCIE’s COVID-19 Compliance Risks Alert

The SEC’s “Office of Compliance Inspections and Examinations (“OCIE”) issued an Alert today regarding “Select COVID-19 Compliance Risks for Investment Advisers and Broker-Dealers.”

OCIE shared observations regarding six broad categories:

  1. protection of investors’ assets;
  2. supervision of personnel;
  3. practices relating to fees, expenses, and financial transactions;
  4. investment fraud;
  5. business continuity; and
  6. the protection of investor and other sensitive information.

The observations centered on oversight and controls, encouraging enhanced monitoring, additional training, and modifying and enhancing updates to policies and procedures.   A major theme involves risks associated with remote personnel and remote locations, and the need for enhanced security measures. One example is enhancing security and support for facilities, including the integrity of vacated facilities.

The staff reminds firms of the obligation to protect investor personally identifiable information (“PII”), including potential vulnerabilities from videoconferencing while working remotely, use of web-based applications, increased use of personal devices and controls over records and sensitive documents, and remote access when working remotely. The staff encouraged firms to pay particular attention to risks regarding access to systems, as well as taking additional steps to validate the identify of the investor and authenticity of disbursement instructions.

OCIE noted the impact of limited on-site due diligence reviews, communications outside a firm’s systems, market volatility and potential for increased misconduct. Other notable recommendations included:

  • Modifying or enhancing existing policies to reflect current (changed) practices
  • Enhancing monitoring regarding accuracy of fees and expense allocations
  • Reminding investors to contact the firm by telephone about suspicious communications
  • Providing additional training
  • Conducting heightened reviews of access rights and controls
  • Using encryption and multifactor authentication technologies
  • Addressing cyber related issues related to third parties, also operating remotely
  • And encouraging enhanced due diligence related to investment risks during times of crises or uncertainty.

The Risk Alert highlights examples of ways firms may wish to modify or enhance their procedures, enhance supervision and training, and steps to take to enhance protection of client assets and sensitive information.

For additional information, see the SEC Risk Alert or download our free BCP Checklist to do a retrospective on how prepared your firm was for COVID-19.

Subscribe to CSS Blog

CSS frequently publishes blog posts which are written by our team from their observations in the field, at conferences and through experiences with compliance professionals. These posts are designed to further knowledge and share industry best practices. Topics run the gamut, including Form ADV, cybersecurity, MiFID II, position limit monitoring, technology challenges and more. Complete and submit the brief form below to receive notifications when we publish new content.

Latest Content

From One CCO to Another: Don’t Lie to the SEC

Every once in a while, I think it’s important to get back to the basics. Since the adoption of the compliance rules in 2004, the Securities and Exchange Commission staff has repeatedly stated that the intent of the rules were not to hunt CCOs. Great pains have been made to enlist CCOs support in ensuring … Continued

BME Partners with CSS to Strengthen its Regulatory Service Suite

BME to offer financial services firms in Spain and Portugal a multi-regulation reporting platform Partnership brings a unique combination of local market presence and global coverage BME has partnered with Compliance Solutions Strategies (CSS), a leading RegTech platform provider, to offer a global regulatory reporting solution in Spain and Portugal. The combination of BME’s local … Continued

Compliance Solutions Strategies Acquires AMFINE

Combination Creates First Fully End-To-End Compliance Reporting Platform NEW YORK, September 10, 2020 – Compliance Solutions Strategies (“CSS”), a leading RegTech platform providing technology-driven solutions which enable financial services firms to meet mandatory regulatory compliance requirements, today announced the acquisition of AMFINE (“AMFINE”), a provider of SaaS-based regulatory reporting services to European asset managers, asset … Continued