4 MIN READ
With COVID-19 cases on the rise and restrictions reinstated in many states, regulators have observed recent risks in the industry that bring up new concerns and areas of focus during these anything-but-ordinary times.
Firms have faced many challenges during the pandemic, including managing the office with proper safety restrictions in place, managing how to best conduct client meetings, and, of course, how to handle changing regulations. Add to that some West Coast wildfires, southern hurricanes, and an election year, and you essentially have a dumpster fire of a year. With all that has occurred, it’s easy to put compliance on the sidelines. However, as businesses learn to pivot to adjust to one change after another, regulators continue to conduct exams as usual.
Since March, the SEC and many states have conducted a number of remote examinations to get a feel for how the industry is managing the workplace. Are you breaking out into a sweat just by reading that? Don't sweat it—here are five tips for firms to stay compliant with common deficiencies found during these examinations.
Tip #1: Clear Client Communication
Many firms have changed their normal workplace practices to adjust to COVID-19 restrictions. It is more important now than ever to ensure new changes in practices are clearly communicated not only to staff but also to the most important person in your business: your clients.
As an example, the SEC observed that many firms have adjusted their office hours to allow employees to work from home. However, these amended office hours were not being properly communicated to clients. As a result, clients were still mailing checks to their financial advisor to be deposited into their accounts. Those checks were then left sitting at the offices for days before properly being deposited.
Firms should be clearly communicating with clients to avoid similar situations. In this case, the firm should have informed clients that there may be delays in deposits if sent to the firm’s address. Alternatively, firms can instruct clients to send all deposits directly to their custodian.
Other factors you may need to consider include temporary phone numbers, temporary addresses, and/or adjusted office hours.
Tip #2: Verify, Protect, and Inform
Due to the pandemic, many advisors have received abnormal requests for distributions that are outside of many investors' scheduled cycles. Regulators have seen an increase in cybercrime due to COVID-19 and thus recommend that advisors stay vigilant in verifying clients’ identities. Identity verification is especially critical for requests that are made through email. Take the extra step of calling clients to verify their distribution requests are valid.
It’s an obligation for advisors to protect clients’ personally identifiable information (“PII”). This includes information such as account numbers, SSN, and date of birth. Advisors should take a step back to understand where this information is stored and/or displayed. For example, when conducting a virtual meeting with a client (via Zoom, for example), do you share your screen or send any type of reports via chat? Do those reports have account numbers and did the client give you permission to share that sensitive information with other people in the meeting?
What are your firm’s policies on printing information that has clients’ PII? Do employees have locked filing cabinets to store any paper files they print so those files aren't available to other members of their household to misuse? Do employees shred these documents at home or do they go into the office to shred them on a weekly basis? As CCO, even if you are a solo practitioner, these are procedures you need to have in place while working from home.
Lastly, it’s important to monitor client portfolios and ensure all elements of protection and continuity are in place. Many regulators have issued warnings of an increase in cyber predators, specifically targeting seniors. Although fraud can happen at any age, seniors continue to be a common target for cybercriminals. Seniors tend to be more trusting of others, whether it be someone they meet on the internet or another business professional. Advisors should be proactive and inform clients of any risks they face of being exploited. In addition, firms should have a trusted contact person or durable power of attorney on file for senior clients in the event they fall victim to financial exploitation.
Tip #3: Don’t Forget to Update Your WSP
As operational procedures change, firms should also update their Written Supervisory Procedures (WSP) to reflect those changes. For example, many employees now work remotely. Do firms have policies and procedures in place regarding remote offices? Examples include:
- Printing and shredding client’s PII and other confidential information;
- Oversight for client communication on employee’s personal devices;
- Registration issues (e.g. branch registration requirements);
- Allowing use of public or unsecured wifi; and
- Use of sharing confidential information through unsecure web-based video chat.
Many regulators require an annual compliance program review and these are all great topics to address and tackle to determine if any necessary changes should be reflected in your WSP.
Tip #4: Cyber-Safety First
With most of the world transitioning to web-based communication, there has been a rise in cybercriminal activity including phishing and attempts to access investment accounts. Firms, their personnel, and investors should be wary of these attempts.
It’s recommended that firms properly train employees and/or remind representatives how to identify bogus emails including fraudulent emails coming from regulators. In May of this year, a fake email from what looked like—but was not—FINRA was sent to many firms in an attempt to gain access to users' passwords.
Moreover, firms should have protections in place such as encryption technologies for sending sensitive information over the web, ensuring remote access servers are secure, enhancing system security (such as the use of multi-factor authentication), and assessing the risk of third-party vendors who may also be going through remote staff or operational changes.
Tip #5: Keep Compliance in Mind
In today’s world and with constant technological advances, it seems we are moving at the speed of light. Businesses are always reinventing themselves to keep clients engaged and to keep growth steady. However, what seems like minor changes here and there can have considerable compliance implications.
When making changes to your practice, keep compliance in mind. You may run the risk of not having an important conflict of interest disclosed or having an unregistered office or employee. As a CCO, having quarterly check-ins to review your WSP or consulting with a compliance coach are small tasks that can make a big difference.
About the Author
Terria Heng has spent her career in financial regulatory compliance. She started out as a compliance consultant at a boutique compliance firm located in Beverly Hills, CA, where she assisted breakaway brokers in transitioning from wirehouses to the independent RIA space. Prior to joining XYPN, Terria was a financial examiner at the Texas State Securities Board for 6 years. Terria has extensive knowledge in state compliance examinations, including effectively communicating with regulators, responding to regulatory inquiries, and best practices in practice management. Currently living in Portland, Oregon, Terria enjoys hiking the Columbia Gorge with her dog Kuba or going on long road trips with her partner in their Sprinter van.